We believe we are compliant with all of the portions of the 21 CFR Part 11 that apply to our software. For example, within our system you have the option to enable Electronic Signature(see image below) which will force any user in the system to Login to confirm their identity using two ‘distinct’ forms of authentication(user name and password) as required by the CFR when completing a route or approving any activity and record all of this activity for reporting. Every approval is traceable to the user who provided their recommendation by ID when it was provided, down to the second, as well as for each participant. Multiple recommendations each require the same authorization activity for each transaction. All approvals provided result in the printed name of the approving authority being placed on each document along with the date it was provided per the requirements.
We also believe 21 CFR Part 11 is mostly about network security and operating system access that do NOT apply to software applications housed on any network or computer system governed by an operating system. We are of the opinion that your operating system should require that you change your network password every X number of days, not each of your software programs, especially if you are using our Windows Authentication option in conjunction with Windows Single Sign-On features. We believe any attempts to access your system with malicious intent should be blocked and recorded by your network security, not by each of your software programs.
We regularly monitor changes to the 21 CFR Part 11 requirements and have subscribed to receive notifications when changes are signed into law and when they take effect.
If you have any specific questions about how our software meets the requirements or if the requirements are even applicable to our software, we would be happy to respond.
