User guide describing the features provided in the Spraytec '97 RTSizer software to aid technical compliance to 21 CFR Part 11.
This document provides details on how to use the 21 CFR Part 11 features provided for the Malvern Spraytec laser diffraction system.
In order to allow physical control over access to the more sensitive features of the software, such as the security system, this information is not incorporated in the online help or the printed manuals
The intended readership is the system administrator. This is defined as the person responsible for the security and 21 CFR compliance of the instrument. Some knowledge of the Windows™ operating system is assumed and some familiarity with the instrument software is also assumed.
It is assumed that the software has been installed in accordance with the guidance provided by the Software Update Notification document contained on the software CD-ROM and that the 21CFR11 feature key (Part Number CPS0028) has been installed using the Tools-Install Feature Key menu option within the RTSizer software. The features described here relate to RTSizer software v5.60, although most of the advice is applicable to v5.4x and v5.5x as well. Details of software updates can be found in the Software Update Notification document.
The configuration settings of the Electronic Records and Electronic signatures can be found under the Tools-ER/ES Settings menu options. This allows users to configure options.
The PDF file output directory is the location where reports generated at the end of a measurement will be stored. It is recommended that these reports be held on a centralized file server in order to comply with the 21 CFR Part 11 regulations about data preservation. Administrators can also select whether users can edit the filename of the PDF file when a report is produced or whether this should be automatically specified by the date and time of the measurements included in the report. Automatic specification of the file name is the default option.
In order to ensure that the person operating the system is the person identified by the access control system, it is possible to configure the software to monitor the system usage. If the software remains idle for longer than a period specified, the user will be logged out. To enable this feature, check the option on the Configure ER/ES options screen and configure the Timeout period.
Note: If a continuous-mode measurement is being performed it will remain active when the user is logged out due to lack of activity. The user will have to login again to stop the measurement.
It is possible to configure the security system such that the last username is recalled by the system when a logon is attempted. As default this is disabled in order to retain the confidentiality of the username as well as the password for each user.
The Audit Trail file output directory is the location where the Audit Trail files will be stored. It is recommended that these reports be held on a centralized file server in order to comply with the 21 CFR Part 11 regulations relating to data preservation.
It is possible to control the approximate size of an audit trail file by specifying how often a new file is created. The period depends upon the usage of the system and the typical number of auditable events that occur in a day. This can only be assessed by the user from experience of using the system. Typical practice is to start a new audit file weekly and observe the number of events audited over that period.
After the specified period has passed, the application will automatically begin a new audit trail file. The new file name will be recorded in the previous file in order to maintain a continuous audit trail.
The configuration for the security system can be found under the Tools-Security-Configure Security menu option (Figure 2). The security system is similar to the Windows™ operating system security and should be familiar to most advanced users.
|
The security configuration view provides a list of the users configured within the security system (top pane) and the groups to which users can be assigned (bottom pane). The Username and Full Name of each user is supplied along with a brief description of the role that user has. For each group, a group description is specified in order allow Administrators to assess the capabilities of each group.
The Group Setup process defines a set of access rights that may be granted to member users. An access right allows or prohibits use of a specific feature of the software. The access rights available within the Spraytec software are detailed in Appendix 1.
New groups are specified using the User-New Group menu option. Existing groups can be configured by double-clicking on the group name within the Security Configuration window. Both actions cause the Group Properties dialogue box to appear (Figure 3). Within this the following can be configured:
|
Once suitable groups have been defined, the next step is to add the users to the system. New users are specified using the User-New User menu option. Existing users can be configured by double-clicking on the user name within the Security Configuration window. Both actions cause the User Properties dialogue box to appear. Within this the following can be configured:
Users can be added to groups in one of two ways.
In the User Properties window (Figure 4), pressing the Groups… button will list the groups available for the user to join (Figure 5). Selecting a group from the right-hand list and pressing the Add button will include the user in the selected group. Selecting a group from the left hand list and clicking the Remove button will remove a user from a given group. Where users are members of more than one group it should be noted that if a permission is granted in one group it will override any denial of the same permission in another group. In this way, users have the sum of all the permissions in the groups they belong to.
|
It is also possible to add users to groups from the Group Properties screen (Figure 3) using the Add and Remove buttons. Clicking Add will cause the User Selection dialogue to appear. This will enable users to be multiply selected and added to the group. Removal of a user from a group is achieved by selected the user within the Members section of Group Properties window and then clicking the Remove button.
Note: It is important to ensure that every user is a member of at least one group in order to allow them access to the Spraytec system's capabilities.
The security settings are accessed from the Options menu of the security screen (figure 6). From within this menu, the password storage and account lockout features of the security system can be configured. The security system can also be activated. This is described below.
|
It is possible to force users to change their passwords after a period of time has elapsed. Once the password has expired, users will be prompted to confirm their existing passwords and then specify a new one. In conjunction with the password uniqueness option, this can force users to regularly review their passwords.
This facility should be used with caution. If users are forced to change their passwords too frequently, it is common for them to forget them or worse to write them down, thereby defeating the original purpose of the security system.
It is possible to specify the minimum length for a password. As a rule of thumb, the shorter a password is, the easier it is to guess. However, if it is too long, users will not be able to remember their passwords. 6 characters is generally a good compromise.
The system is able to remember a user's last n passwords. Each time a user is required to change passwords, the new password can be checked against this history to ensure that fresh passwords are used.
It is recommended that if this feature is used, the size of the password history should be between 3 and 6 passwords. Any fewer and users will not have to review their passwords. More will force users to choose unfamiliar passwords and will increase the possibility of passwords being written down.
The software is set up to monitor each user's attempts to log in. If the user fails to enter the correct user identifier and password combination, the software will record this. The system can then be configured to deny future access to the software if too many unsuccessful attempts have been made to access the user's account.
It is possible to specify the number of unsuccessful attempts allowed before users are locked out. This count will be reset after a specified period of time to allow for genuine users forgetting their passwords. If users exceed the allowed number of attempts, the software can either lock them out of the system for the specified period or require the intervention of another user with Administrator privileges to unlock their accounts.
If the username has an icon with a padlock next to it within the Security Configuration screen (figure 2), that user is locked out and the administrator should establish the reason for this before unlocking the account to re-admit a bona-fide user.
By default, the security system is disabled in order to allow free access to the software. The administrator of the system should configure the users and groups before enabling the security system.
Once the users and groups are configured, the security system can be enabled using the check box at the bottom of the Security Settings screen (figure 6). This is accessed from the Options menu within the Security Configure window (Figure 2).
Enabling the security system is an irreversible process when the software has been set-up in 21 CFR 11 mode. This prevents the system security being switched off again and therefore prevents possible unauthorized access to the system.
The Spraytec RTSizer software records key system events in the system audit trail. This audit trail provides a record of the software opening and closing, security events such as logging in and out of the system, and file events such as creation, deletion and editing of measurement records. The audit trail can be viewed using the Tools-Security-Audit Trail menu option, displaying the Audit trail View. This displays all of the events stored in the current audit trail file, including the time that the event occurred, the ID of the user involved in each event and a brief description.
Audit trails can be viewed and exported using the File menu within the audit trail view.
Use the File‑Open menu to view audit trail files other than the currently active.
Use the File‑Export menu option to export the audit trail file contents to an ASCII file for review and printing.
It is possible for users to enter comments into the audit trail apart from those automatically produced for key system events. This is done using the Tools-Security-Add Audit Trail Entry menu option.
The Spraytec RTSizer does not directly support electronic signatures. The application will integrate with the Adobe Acrobat © package and allow reports to be created as Portable Document Format (otherwise known as PDF) files using the File-Print to PDF menu option. These report files are held in the Acrobat Results folder specified in the ER/ES Settings. The file name for these report pages will depend on the type of printout being produced. However, it will contain the *.pcl or *.dat measurement file name along with the date and time range covered by the data stored in the file. The username, time and date of printing and the 21CFR11 mode status (either enabled or disabled) is displayed in the footer of each report page.
Once reports have been generated, the Adobe Acrobat package can be used to electronically sign them using either the Adobe Self-Sign technology or a third party digital signature solution such as VeriSign™. The Adobe Acrobat Self-Sign solution is fully compliant with 21 CFR Part 11. The Adobe Knowledge base document 323231 details the compliance. It can be found at http://www.adobe.com/support/techdocs/1a546.htm (If the document is not displayed, use the number 323231 as the search clue on the Adobe web site to find it).
Appendix 1 - Security Permissions The Key security permission which can be set for different Groups within the Spraytec software are details below. | |
|---|---|
Permission | Description |
Access the Calibration and Imaging Window | Allows users to create new optical models. This feature should be restricted to advanced users. |
Access the Reference Noise Window | Allows users to measure the electronic background. This feature is required for routine measurements. |
Access the System Controller Window | Allow users to configure the address for the Spraytec data acquisition card. |
Create a Particle Size Distribution window | Allow users to create *.dat files for single points on the measurement time history. This should be enabled for those users making routine measurements. |
Delete time History Records | Allow users to delete records from the active time history file. This feature should be restricted to advanced users. |
Edit Background and Noise Measurement Duration | Allows users to set the noise and background measurement times. This feature should be restricted to advanced users. |
Edit Flash Mode Measurement Settings | Allows users to set up flash mode measurements. This should only be enabled for those users required to develop methods. Disabling this option will only allow users to load previously defined methods. |
Edit maximum time history database size | Allows the maximum size of a *.pcl file to be defined. This option is always disabled in 21CFR11 mode. |
Edit Process Variable Definitions | Allows users to edit the PCV variable definitions. These are the 6 parameters that are calculated for each point in the time history and can be exported. This feature should only be enabled for those users required to develop methods. Disabling this option will only allow users to load previously defined PCV definition sets. |
Edit Reduction Control Settings | Allows users to edit the data acceptance criteria and select previously calculated optical models. This should only be enabled for those users required to develop methods. Disabling this option will only allow users to load previously defined Reduction Control Settings files. |
Edit Security Settings | Allows users to configure the security system. This should only be enabled for system administrators. |
Edit Tag Notes | Allows users to enter measurement details in the Tag dialogue box. This should be enabled for those users making routine measurements. |
Edit ER/ES Settings | Allows users to configure the ER/ES system settings. This should only be enabled for system administrators. |
Edit the "Standard Average" setting | Allows users to specify whether "Standard Averages" are reported rather than concentration-weighted averages. This should only be enabled for those users required to develop methods. |
Edit time-History display settings | Allows users to specify the time history display, including settings such as the axis ranges and plot colors. |
Edit Time History Update Period | Allows users to change the measurement-reporting rate for continuous-mode measurements. This should only be enabled for those users required to develop methods. |
Edit Time History or PSD measurements | Allow users to edit records in order to change the measurement details and analysis settings. This feature should be restricted to advanced users. |
Make a Background Measurement | Allows users to measure the background light scattering pattern prior to making a measurement. This feature is required for routine measurements. |
Make Continuous-mode Measurements | Allows users to measurement continuous sprays. Access to this option will depend on the application being developed. |
Make a Flash-mode Measurement | Allows users to measurement pulsed sprays. Access to this option will depend on the application being developed. |
View Audit trail | Allows users to view audit trails. This feature should be restricted to advanced users or system administrators. |
