21 CFR Part 11 Compliance

21 CFR Part 11 Compliance

The following section outlines how TraceableLIVE® complies to the 21 CFR Part 11 standard:

• Does the System restrict access to authorized users?

  Yes - Username and Password is required.

• Does the System employ at least two distinct identification components for operator identification (typically an identification code which uniquely identifies the owner and password known only by the owner)?

  Yes - Username and Password is required.

• Does the System enforce unique user IDs?

  Yes - Unique username is enforced.

• Are shared or generic user accounts prohibited from use?

  Yes - Each user required unique username.

• Is the System configured to use different levels of role-based user permissions?

  Yes - Admin , User.

• Does the System expire passwords after a defined period and force them to be reset?

  Yes - 90 Days.

• Does the System enforce password complexity rules?

  Yes - Password must contain at least 8 characters, one uppercase, one lowercase, one numeric and one special character.

• Does the System lock the user account after a maximum of 5 incorrect password attempts?

  Yes - Lockout is applied.

• Does the System prevent, detect, and report in an immediate manner any attempts at unauthorized System access?

  Yes - System sends email to admin.

• Does the System lock the user session after a defined period of inactivity?

  Yes - 24 Hours.

• Does the System have an enabled audit trail to record creation, modification or deletion of data which does not obscure the data?

  Yes - Data Historian.

• Does the System prevent the audit trail from being disabled by non-admin users?

  Yes - Audit trail cannot be disabled.

• Are audit trail entries protected from modification or deletion?

  Yes - Audit trail cannot be modified or delete.

• Does the System audit trail record the user who made the change, when, what was changed to/from and the type of change?

  Yes - Audit trail captures the old value and new value.

• Does the System require for a reason when making a change?

  Yes - On certain fields.

• Is the System audit trail available in a human-readable format?

  Yes - Audit Trail is human-readable.

• Is the System able to generate accurate and complete copies of records in both printed and electronic format?

  Yes - CSV and PDF.

• Where the System raw data is defined as paper does the record represent an exact and complete copy of the original data (including metadata)?

  N/A - System does not store any paper data.

• Where the System raw data is defined as a hybrid of paper an electronic records, is there a link between the paper and electronic records?

  N/A - System does not store any paper data.