21 CFR Part 11 Compliance Checklist

Yes/
Ref. Question No/N.A. Comments Recommended Customer Actions
5. 11.10 (b) Is the system capable Yes Measured weight values and if applicable calculated and statistical values Each organization must develop controlled, documented
Cubis ® MCA - Compliance with 21 CF Part 11 of producing accurate are collected in a print queue and can be printed using a laboratory printer procedures for compliance with this requirement.
and complete copies of or a standard network printer.
electronic records on paper? It’s the customer’s responsibility to set print profiles for tasks.
Overview Yes/No/N.A. Task settings, alibi memory and audit trail as complementary records can be For each weighing task two print profiles can be set.
Is the system a Closed System, where system access is controlled by the persons who are responsible for the content of the electronic records that are on the system? Yes exported to e.g. USB and printed on a standard printer.
Is the system an Open System, where system access is not controlled by the persons who are responsible for the content of the electronic records that are on the system? No
(e.g. a service provider controls and maintains access of the contents of the system, etc.). It’s in the customer’s responsibility to set print profiles for tasks. For each
weighing task two print profiles can be set.
Does the system use an ID/ password combination? Yes
6. 11.10 (b) Is the system capable of Yes Measured weight values and if applicable calculated and statistical values Each organization must develop controlled, documented
Does the system use tokens? No
producing accurate and are collected in a print queue and can be stored as pdf, csv or Excel files to a procedures for compliance with this requirement.
Does the system use biometrics? No complete copies of records USB drive or an FTP/FTPS/SMB server.
in electronic form for It is the customer’s responsibility to set print profiles for tasks.
Yes/ inspection, review and Task settings, alibi memory and audit trail as complementary records can be
Ref. Question No/N.A. Comments Recommended Customer Actions copying by the FDA? exported as pdf file to a USB drive or an FTP/FTPS/SMB server. It’s recommended to use time controlled actions to
u Subpart B – Electronic Records automatically export the alibi memory and audit trail at set
11.10 Controls for Closed Systems intervals.
1. 11.10 (a) Is the application validated? Yes Sartorius has structurally validated the Cubis II MCA software (firmware and
QApp packages). 7. 11.10 (c) Are records protected Yes Measured weight values and if applicable calculated and statistical values Each organization must develop controlled, documented
2. 11.10 (a) Does the validation Yes The Cubis II MCA software allows customers to be compliant with 21 CFR The customer must buy the pharma software package QP 1 with against intentional or are collected in a print queue and can be stored as pdf, csv or Excel files to a procedures for compliance with this requirement.
documentation show that Part 11, but compliance can only occur if the QApp package pharma (QP2) the balance. accidental modification USB drive or an FTP/FTPS/SMB server. It’s in the customer’s responsibility to set print profiles for tasks.
Part 11 requirements is licensed and the applications user management, electronic signature and or deletion? Can all the
have been met and are audit trail are used. Validation documentation is available for examination archived data be accurately Task settings, alibi memory and audit trail as complementary records can be It’s recommended to use time controlled actions to
functioning correctly? during an audit of the Sartorius quality system for product development. retrieved after system exported as pdf file to a USB drive or an FTP/FTPS/SMB server. automatically export the alibi memory and audit trail at set
upgrades? intervals.
3. 11.10 (a) Is it possible to discern Yes To avoid invalid entries the software displays a guidance to the user how to Limit the access to the settings menu to selected users (by
invalid or altered records? enter values and the range of allowed values (depending upon the weighing default only the administrator has access to the settings menu). 8. 11.10 (c) Are the records readily Yes The audit trail and alibi memory cannot be modified or deleted by the The customer should specify the retention period (in accordance
module), checks if entries are within permissible limits and if mandatory retrievable throughput their customer. with the auditor) and responsibilities for ensuring data is
entries are complete. retention period? retained securely for those periods.
The audit trail and the alibi memory are organized in ring buffers. Before
Modifications to system settings are limited to user roles with appropriate data is overwritten the customer gets a message and is advised to create a By setting the print profiles and time controlled actions
rights. System settings also include the user management and password backup. properly the customer can archive all necessary data for audits
settings. All modifications are recorded in the system audit trail. as printout and/or electronic records.
Experimental data can be printed on paper or stored in electronic form.
Electronic records are stored with MD5 checksum. The system will detect Before a weighing task is shut down and unsaved data collected in the print It’s in the customer’s responsibility to print and archive
manipulations by deviations in the MD5 sum. queue is deleted the user gets a safety query. experimental data.
4. 11.10 (b) Is it possible to view the Yes Settings and modification of settings are recorded in the audit trail. The
entire contents of electronic audit trail can be filtered and sorted for review.
records?
System information, messages and warnings are recorded in the Status
Center message archive.

Weighing results are documented in the alibi memory. The alibi memory can
be filtered by date or ID.
 Yes/ Yes/
Ref. Question No/N.A. Comments Recommended Customer Actions Ref. Question No/N.A. Comments Recommended Customer Actions
9. 11.10 (d) Is the system access limited No The user management is part of the system settings and the access is limited For locally administrated users the customer needs to organize 15. 11.10 (f) If the sequence of system Yes The balance offers to create tasks for different weighing applications. The If a weight value is acquired accidently the user can mark the
to authorized individuals? to user roles with appropriate rights. In the user management user roles and the users and the user rights. steps or events is important, users without the permission to create or modify tasks are not allowed value as invalid and enter a reason for the invalidation.
rights, local password rules and password settings are configured. is this enforced by the to modify the basic settings of weighing tasks and can only execute the
For balances connected to an LDAP server users and user system (e.g. as would be the process. In the weighing task the user is guided by instructive texts and icons
Alternatively the balance can be connected to a local LDAP server. User roles, rights are administrated by the IT department of the company/ case in a process control through the workflow.
rights and passwords are then administrated by the LDAP system. institute. system)?
16. 11.10 (g) Does the system ensure that Yes In the user management user profiles and role rights are configured. The role If the access is administrated locally the customer needs to
The creation/inactivation of users and assigned role settings are recorded in only authorized individuals rights are a list of functions a user is allowed to perform with the system. define user profiles and educate administrative staff in the
the audit trail. can use the system, usage and configuration of user profiles.
Failed login attempts are recorded in the audit trail and depending upon the electronically sign records, Furthermore in the settings menu the local password rules (length, minimum
system settings after the maximum number of failed attempts is reached the access the operation, or length, validity period, reuse, automatic logout time after inactivity, Alternatively the balance can be connected to the company’s/
next login attempt is blocked for a set time or the user is inactivated. computer system input or maximum retries of password entries and action after maximum failed institute’s LDAP server. Then the customer needs to work with
10. 11.10 (e) Is there a secure, computer Yes All actions and entries that create electronic records are tracked with output device, alter a record, password entries) are defined. the IT department for the configuration of user profiles.
generated, time stamp audit username, date & time stamp traceable to UTC and for some actions or perform other operations?
trail that records the date with reason entered by the user in the audit trail. The created records are By the unique combination of user profile and password the access is limited
and time of operator entries grouped into categories depending upon which function is affected. E.g. the to authorized personnel and restricted to granted role rights.
and actions that create, modification of system- and task settings, the installation of tasks and the
modify, or delete electronic uninstallation of tasks is tracked. The audit trail function cannot be switched To sign electronic records the user must enter his password. Failed attempts
records? off and the system doesn’t allow to modify or delete records. to sign electronics records are recorded in the audit trail.
17. 11.10 (h) If it is a requirement of the N.A. The Cubis II MCA balance is a stand-alone system and don’t need external
Accidently acquired weight values can be set to invalid by the user and a system that input data or input. If the balance is connected to external systems or databases the
reason be entered. The invalidation and reason are recorded in the audit instructions can only come integrity of exchanged files is checked using MD5 checksum files. Connected
trail. It’s not possible for users to delete acquired weight values. from certain input devices devices must be configured and enabled in the balance system settings.
11. 11.10 (e) Upon making a change N.A, The system doesn’t allow to modify electronic records. All electronic records (e.g. terminals) does the
to an electronic record, are exported with MD5 checksum to prevent data corruption. system check the validity of
is previously recorded the source of any data or
information still available instructions received?
(i.e. not obscured by the 18. 11.10 (i) Is there documental training, Yes Sartorius offers the installation and IQ/OQ for Cubis II MCA balances. In the Each organization must develop controlled, documented
change)? including on the job training IQ/OQ protocol the list of trained personnel is document and signed by the procedures for compliance with this requirement.
12. 11.10 (e) Is an electronic record’s Yes The audit trail is organized in a ring buffer and cannot be modified or By setting a time controlled action the audit trail is for users, developers, IT customer.
audit trail retrievable deleted by any user. Before the maximum storage capacity is reached and automatically exported at set intervals. Furthermore the audit support staff? It is the customer’s responsibility to train users and support
throughout the record’s records are overwritten the user gets a message. trail can be exported at any time to a connected USB drive. staff in the operation and administration of the Cubis II MCA
retention period? balance.
13. 11.10 (e) Is the audit trail available Yes The audit trail can be exported in PDF format to USB at any time. The PDF 19. 11.10 (j) Is there a written policy N.A. The customer is responsible for a written policy concerning the
for review and copying by file can be printed using a standard office printer. that makes individuals fully correct usage of electronic signatures.
the FDA? accountable and responsible
14. 11.10 (e) Can selected portions of Yes The audit trail can be filtered by categories and sorted by ID, timestamp or for actions initiated under
the audit trial be viewed user. List of records are exported as PDF files using the selected categories their electronic signature
and printed or saved by and used filters and can be printed using a normal office printer. 20. 11.10 (k) Is the distribution of, access N.A. The Sartorius Service can enter data on maintenances and device Each organization must develop controlled, documented
inspectors to, and use of systems qualification (contact details, maintenance contract, next maintenance, procedures for compliance with this requirement.
operations and maintenance warning date, maintenance cycle, device qualification) at the balance.
documentation controlled? It is the customer’s responsibility to administrate these
documents.
 Yes/ Yes/
Ref. Question No/N.A. Comments Recommended Customer Actions Ref. Question No/N.A. Comments Recommended Customer Actions
21. 11.10 (k) Is access to “sensitive” N.A. On the balance only users with the right to access the settings menu can Each organization must develop controlled, documented 29. 11.50 Are date and time stamps Yes Date and time stamps are the local date and time at the location where the By connecting the balance to an NTP server the balance
systems documentation view, sort or export the alibi memory or audit trail. procedures for compliance with this requirement. derived in a consistent signature was executed. The local time recorded in the audit trail is traceable automatically receives the correct time and date settings at set
restricted e.g., net security way in order to be able to to UTC time. intervals.
documentation, system reconstruct the sequence of
access documentation? events?
22. 11.10 (k) Is there a formal change N.A. Sartorius tracks the version number of software elements and operating Each organization must develop controlled, documented 30. 11.50 Is the above information Yes The user must have licensed the audit trail function. Then the system creates Each organization must develop controlled, documented
control procedure for instructions. Each change at the balance is recorded in the audit trail. procedures for compliance with this requirement. subject to the same controls electronic records for events as listed above. procedures for compliance with this requirement.
system documentation that Version control is an important part of the IQ/OQ documentation. as electronic records? (Audit
maintains a time sequenced Every change made to the system must be documented in the IQ/OQ It is the customer’s responsibility to define a change trail, access control, etc.)
audit trail for those changes documentation, e.g. firmware and QApp Center updates. control procedure for the Cubis II MCA configuration and 31. 11.70 Are changes to electronic N.A. Electronic signatures cannot be changed.
made by the pharmaceutical documentation. signatures included in the
organization? audit trail?
Yes/ 32. 11.70 Do the printed name, Yes The user name, date, time and meaning are displayed and printed in human
Ref. Question No/N.A. Comments Recommended Customer Actions date, time and electronic readable form which each electronic signature (the Cubis MCA II only allows
u 11.30 Controls for Open Systems signature meaning appear in to create records.
every human readable form
23. 11.30 What controls ensure record N.A. The Cubis II MCA balance is a closed system
of the electronic record)
authenticity, integrity, and
(e.g. all screens and printed
confidentially?
reports).
24. 11.30 Is data encrypted? N.A. The Cubis II MCA balance is a closed system
Yes/
25. 11.30 Are digital signatures used? N.A. The Cubis II MCA balance is a closed system Ref. Question No/N.A. Comments Recommended Customer Actions
Yes/ u 11.70 Signature/Record Linking
Ref. Question No/N.A. Comments Recommended Customer Actions
33. 11.70 Are signatures linked to their Yes Each electronic signature is linked to a specific record and the record is
u 11.50 Signature Manifestations respective electronic records saved with MD5 checksum. If electronic signatures are changed, deleted or
26. 11.50 Do signed electronic records Yes In the electronic record the user name, date and time of signing are saved. Sartorius assumes that the audit trail is not reviewed at to ensure that they cannot transferred the manipulation will be detected by a mismatch in the MD5
contain the following Electronic records are created and signed by the user who started the the instrument but the audit trail and alibi memory data be cut, copied or otherwise checksum.
related information? weighing task. is exported and externally reviewed and approved. It is the transferred by ordinary
• The printed name of the customer’s responsibility to perform audit trail review and means for the purpose of
signer approval in an appropriate way. falsification?
• The date and time of 34. 11.70 If handwritten signatures N.A. In electronic records no handwritten signatures can be executed. The Cubis II MCA balance offers different print formats for
signing are executed to electronic Handwritten signatures may be executed to a printed report and such a reports. In principle any report can be signed by handwritten
• The meaning of the records, are the handwritten report by its metadata is traceable to the original electronic record. signatures but to print a complete dataset incl. metadata the
signing (such as create, signatures linked to the GLP print incl. all data is the best option.
approval, review, electronic record?
responsibility)
35. 11.70 If the electronic record N.A. Electronic records cannot be changed.
27. 11.50 Is the above information Yes The electronic signature is displayed and printed with user name, date and is changed, is the signer
shown on displayed and time of signing in reports. prompted to re-sign (via
printed copies of the either manual procedures
electronic record? (SOP) or technical means)?
28. 11.50 Are date and time stamps Yes Date and time are automatically added to electronic records. By connecting the balance to an NTP server the balance
applied automatically (vs. automatically receives the correct time and date settings at set
being keyed in by the user) intervals.
 Yes/ Yes/
Ref. Question No/N.A. Comments Recommended Customer Actions Ref. Question No/N.A. Comments Recommended Customer Actions
36. 11.70 Are the electronic signatures Yes Electronic signatures are part of electronic reports and create an entry in 42. 11.100 Can additional certification or testimony be supplied Each organization must submit their written intent to
linked (via technology, the audit trail. The Cubis II MCA balance doesn’t allow to modify electronic (c) (2) to show that an electronic signature is the legally comply with this requirement.
not procedures) to their records or the audit trail. binding equivalent of the signer’s handwritten
corresponding electronic signature?
records to ensure that Yes/
the signature cannot be Ref. Question No/N.A. Comments Recommended Customer Actions
excised, copied, or otherwise
transferred to falsify an u 11.200 Electronic Signature Components and Controls
electronic record by ordinary 43. 11.200 Is the electronic signature made up of at least two Yes An electronic signature comprises if a unique user name and The user management and electronic signature must be
means? (a) (1) (i) components, such as an identification code and a password. The user has to log on with password to start licensed and activated. Furthermore the user must have
Yes/ password, or an ID card and password? tasks and sign electronic reports. set a password to sign reports.
Ref. Question No/N.A. Comments Recommended Customer Actions 44. 11.200 When several signings are made during a continuous Yes The user has to select their unique user name and to log on
Subpart C – Electronic Signatures (a) (1) session, is the password executed at each signing to the balance with his password. For each signing process
u
11.100 General requirements (ii) (Note: Both components must be executed at the the user must enter his password again.
first signing of a session)?
37. 11.100 Are electronic signatures Yes Electronic signatures are signed with the user name. The Cubis II MCA If the user accounts at the Cubis II MCA balance are controlled
(a) unique to an individual? balance does not allow to create user accounts with identical names. by a local LDAP system it’s in the customer’s responsibility not 45. 11.200 If signings are not made in a continuous session, N.A. An automatic log off after a selected time of inactivity can It is the customer’s responsibility to correctly configure
to allow group accounts (accounts used from more than one (a) (1) are both components of the electronic signature be configured. By the automatic log off the current session the automatic log off function to avoid endless
individual to access network or local resources). Furthermore it (ii) executed with each signing? is closed and is not continued if user logs in again. sessions. The time of inactivity until automatic log off
must be regulated that users do not make password available must be selected.
to other internal or external individuals. 46. 11.200 Are non-biometric signatures only used by their N.A. Each organization must develop controlled,
38. 11.100 Each electronic signature N.A. The user name is unique and cannot be assigned to anyone else. Each organization must develop controlled, documented (a) (2) genuine owners (e.g. by procedures or training documented procedures for compliance with this
(a) shall be unique to one procedures for compliance with this requirement. reinforcing that non-biometric electronic signatures requirement.
individual and shall not be are not “loaned” to co-workers or supervisors for
reused by, or reassigned to, If users leave the lab the system administrator can inactivate overrides)?
anyone else? the user. 47. 11.200 Would an attempt to falsify an electronic signature N.A. Password entries are encrypted by asterisks, they are never Each organization must develop controlled,
39. 11.100 Is the identity of an N.A. Before the electronic signature is assigned to an electronic record the user (a) (3) require the collaboration of at least two individuals? displayed in human readable form. documented procedures for compliance with this
(b) individual verified before must enter his password to authorize the signing process. requirement.
an electronic signature is 48. 11.200 Are biometric electronic signatures designed to N.A. The Cubis II MCA does not use biometric electronic
allocated? (b) ensure that they can be used only their genuine- signatures.
40. 11.100 Is there a procedure N.A. owners?
(b) for reissuing forgotten Yes/
passwords that verifies the Ref. Question No/N.A. Comments Recommended Customer Actions
requestor’s identity? u 11.300 Controls for Identification Codes/Passwords
41. 11.100 Has certification of the Each organization must develop controlled, documented 49. 11.300 Are controls in place to maintain the uniqueness Yes If new user account are created the Cubis II MCA checks if If using LDAP it’s the customer’s responsibility to
(c) (1) intent to use electronic procedures for compliance with this requirement. (a) of each combined identification code and the user name is already in use. It is not possible to create a ensure that user accounts are unique and to prevent
signatures been submitted password, such hat no individual can have the same user accounts with identical names. the reuse of user names if a user leaves the company.
to the agency in paper combination of identification code and password? In the local password settings the rules for the reuse of The customer must define procedures for the definition
form with a traditional passwords can be set. of unique user names or password reuse.
handwritten signature?
50. 11.300 Are procedures in place to ensure that the validity N.A. Each organization must develop controlled,
(b) of identification codes are periodically checked? documented procedures for compliance with this
requirement.
 Yes/
Ref. Question No/N.A. Comments Recommended Customer Actions
51. 11.300 Do passwords periodically expire and need to be Yes In the local password settings the validity period of password If using LDAP it’s the customer’s responsibility to
(b) revised? can be set. ensure that passwords have a limited period of validity.
52. 11.300 Is there a procedure for recalling identifications N.A. Users can be inactivated/reactivated by the administrator. Each organization must develop controlled,
(b) codes and passwords if a person leaves or is documented procedures for compliance with this
transferred? requirement.
53. 11.300 Is there a procedure for electronically disabling an N.A. Users can be inactivated/reactivated by the administrator. In Each organization must develop controlled,
(b) identification code or a password if it potentially the local password settings the validity period of password documented procedures for compliance with this
comprised or lost? can be set. The user password can be modified at any time if requirement.
necessary.
54. 11.300 Is a SOP in place directing action to be taken to N.A. Each organization must develop controlled,
(c) electronically deauthorize lost, stolen, missing, documented procedures for compliance with this
or otherwise potentially compromised tokens, requirement.
cards, and other devices used to carry or generate
electronic signature components
55. 11.300 Does this SOP contain procedures for managing N.A. The Cubis II MCA balance does not accept tokens/cards.
(c) and controlling temporary or permanent token/card
replacements?
56. 11.300 Is there a procedure for detecting attempts of Yes After an invalid login attempt an immediate message is It is the customer’s responsibility to set the access
(d) unauthorized use and for informing security? displayed and a record is created in the audit trail. management rules appropriately and to control if
The number of maximum retries and the action if the e.g. user accounts have been inactivated after the
maximum number of allowed failed login attempts is maximum number of allowed login attempts were
reached can be configured at the Cubis II MCA balance in exceeded.
access management rule management menu. If using LDAP it is the customer’s responsibility
to define the action of the system at attempts of
The Cubis II MCA balance does not inform the system unauthorized use and the information procedure.
administrator but instead the system administrator defines
the action of the software if the maximum number of login
attempts is exceeded.
57. 11.300 Are there procedures covering the initial and N.A. The Cubis II MCA balance does not accept tokens/cards.
(a) periodic testing of devices, such as tokens or
cards that bear or generate identification code or
password information?
58. 11.300 Does the testing include checks for proper N.A. The Cubis II MCA balance does not accept tokens/cards.
(b) functioning, performance degradation, and possible
unauthorized alterations?