21 CFR Part 11 Compliance Matrix - QbD1200

Temporarily not available for purchase.

For your TOC analysis needs, please consider the ANATEL PAT700. Click here for more information.


21 CFR Part 11
Section Number

21 CFR Part 11 text

QbD1200 Compliance

QbD1200 Implementation

Customer Responsibilities

NOTE: The QbD1200 is designed as a system that generates persistent data. The data is permanently stored in a secured database, and cannot be accessed, edited or deleted by instrument users. The QbD1200 TOC analyzer includes technical controls to help support customer’s compliance with 21 CFR Part 11.

11.10

Employ controls to ensure the authenticity, integrity…of the electronic record.

Yes

Security controls and audit trail functionality are employed to ensure the authenticity and integrity of instrument operation, calibration verification, validation, and system suitability results.

Only authorized users are able to access areas of the system that generate data, set configurations, and access reports. All data events, setup changes, and security events are recorded in an audit trail.

Customer is responsible for administering user accounts in the system and configuring the permissions for each account.

11.10 (a)

Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.

Yes

A validation package is available for the instrument that includes IQ, OQ and PQ protocols.

11.10 (b)

The ability to generate accurate and complete copies of records in both human readable form and electronic form for inspection, review and copying by the agency.

Yes

The QbD1200 permanently stores all data in a secure database. Reports can be generated. QbD1200 can output these reports as hard copies through an attached printer, or export as either .CSV or .PDF files, or transfer over network as a .PDF file.

Customer is responsible for any and all permanent storage and reproduction of data and other related records transferred by the QbD1200 to a chosen data acquisition system. This includes hard copy printouts directly from the instrument.

11.10 (c)

Protection of records to enable their accurate and ready retrieval throughout the records retention period.

Yes

The QbD1200 provides a data archive function that allows the copy of the secure database to a flash drive for record retention. The database is not accessible outside of the analyzer.

Customer shall implement backup and archiving procedures to protect data and related records throughout the records retention period.

11.10 (d)

Limiting system access to authorized individuals.

Yes

System access is restricted to individuals that are defined as valid users by the system.

There are two account types: administrators and operators.

Administrators can manage other user accounts and all users can only access areas where the account has privileges.

Customer is responsible for administering user accounts in the system and configuring the permissions for each account.

11.10 (e)

Use of secure, computer generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify or delete electronic records.

Record changes shall not obscure previously recorded Information.

Yes

Electronic records cannot be accessed, modified or deleted by the user as they are stored in a secured database and the raw measurement data is encrypted.

The QbD1200 provides an audit trail to record changes relating to instrument setup, qualification, security events, and data generation. The audit trail is protected and cannot be altered by users

Customer must have the proper administrative and procedural controls in place to ensure data integrity where the final data is stored.

Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.

Yes

The audit trail is permanently stored in the instrument. An audit log report can be created and exported as hard copy, .CSV or .PDF files.

Customer must have the proper administrative and procedural controls in place to download and retain audit trail information as necessary.

11.10 (f)

Use of operational system checks to enforce permitted sequencing of steps and events as appropriate.

Yes

The QbD1200 requires entry of a user’s password to access controlled functions including instrument setup, qualification routines, performing measurements, and report creation.

Customer must have the proper administrative and procedural controls in place to define authorized users and control of passwords.

11.10 (g)

Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.

Yes

The QbD1200 requires entry of a user’s password to access controlled functions including instrument setup, qualification routines, performing measurements, and report creation.

Customer must have the proper administrative and procedural controls in place to define authorized users and control of passwords.

11.10 (h)

Use of device checks to determine, as appropriate, the validity of the source of data input or operational instruction

N/A

 

Customer must establish SOPs to comply with this control if necessary

11.10 (i)

Determine that persons who develop, maintain, or use electronic record/signature systems have the education, training and experience to perform their assigned tasks.

N/A

Customer shall establish SOPs to comply with this procedural control. Hach can provide training to users in the operation of the instrument to help comply with this requirement.

11.10 (j)

Use of appropriate controls over system documentation including:

Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance.

Revision and change control procedures to maintain an audit trail that documents timesequenced development and modification of systems documentation

N/A

 

Customer shall establish SOPs to comply with this procedural control. Hach can provide training to users in the operation of the instrument to help comply with this requirement.

11.10 (k)

Limiting system access to authorized individuals.

N/A

System access is restricted to individuals that are defined as valid users by the system.

There are two account types: administrators and operators.

Administrators can manage other user accounts and all users can only access areas where the account has privileges.

Customer is responsible for administering user accounts in the system and configuring the permissions for each account.

11.10 (j)

Use of appropriate controls over system documentation including:

Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance.

Revision and change control procedures to maintain an audit trail that documents timesequenced development and modification of systems documentation

N/A

 

Customer shall establish SOPs to comply with this procedural control. Hach can provide training to users in the operation of the instrument to help comply with this requirement.

11.10 (k)

Limiting system access to authorized individuals.

N/A

System access is restricted to individuals that are defined as valid users by the system.

There are two account types: administrators and operators.

Administrators can manage other user accounts and all users can only access areas where the account has privileges.

Customer is responsible for administering user accounts in the system and configuring the permissions for each account.

11.30

Controls for open systems

N/A

The QbD1200 is a closed system.

 

11.50

Signature Manifestations

N/A

The customer is responsible for generating a secure electronic signature protocol.

11.200(a)(1)

Electronic signatures that are not based on biometrics shall:

Employ at least two distinct identification components such as an identification code and password.

Yes

The QbD1200 generates persistent data stored in a secured database. Users are authorized by employing a unique ID and password for signing of electronic signatures. Only authorized users are able to access areas of the system that generate data, set configurations, and access reports.

 

11.200 (a)(1)(i)

When an individual executes a series of signings during a single, continuous period of controlled access, the first signing shall be executed using all electronic components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, the individual.

Yes

The QbD1200 generates persistent data stored in a secured database. Users are authorized by employing a unique ID and password for signing of electronic signatures. (see 11.200(a)(1)).

Once a user is authenticated, the period of access is controlled by an autologoff feature that will end the period of access if system control is not is too infrequent

 

Helpful Links