待测样品中待测样品检测方案(工作站及软件)

thermoscientific Using Chromeleon 7 Chromatography Data Systemto Comply with 21 CFR Part 11 Author Shaun Quinn， Marketing ManagerInformatics and ChromatographySoftware， Thermo Fisher Scientific Keywords Electronic Records， Electronic Signatures， 21 CFR Part 11， compliance， validation， enterprise CDS， GMP， GLP， data integrity Summary 21 CFR Part 11 established requirements to ensure that electronic recordsand electronic signatures are trustworthy， reliable and equivalent substitutesfor paper records and traditional handwritten signatures. Commonly known asPart 11， it requires Food and Drug Administration (FDA)-regulated industries，including medical device manufacturers， drug makers， biotech companiesand biologics developers， to have validation documentation and implementcontrols such as audit trails and electronic signatures. The requirementsapply to software and systems involved in processing electronic data that arerequired to be maintained by or used to demonstrate compliance with FDApredicate rules. Compliance with regulatory requirements is critical for a business. It is oftenregarded as something that can add significant cost to the company but withthe acquisition of a chromatography data system (CDS) that provides all of thenecessary functionality built-in to one package， that is easy to use， the effortrequired to achieve compliance with 21 CFR Part 11 is significantly reduced. Table of Contents I n tr o d u c ti o n 2 Part 11-Electronic records； electronic signatures 3 Subpart A-General provisions 3 $ 1 1 . 1 S c o p e 3 $ 1 1 . 2 I m p le m e n t at i o n 5 S 11.3 Definitions 6 S u bp a r t B - El e c t ro n i c r e c or d s 9 $ 11.10 Controls for closed systems 9 $ 11.30 Controls for open systems 24 $ 11.50 Signature manifestations 24 $ 11.70 Signature/record linking 28 Subpart C-Electronic signatures 29 S 11.100 General requirements 29 $ 11.200 Electronic signature components and controls 31 31 $ 11.300 Controls for identification codes/passwordsResources 32 Introduction The Electronic Records and Signatures Rule， known as 21 CFR Part 11， was established by the U.S. Food and DrugAdministration (FDA) in order to define requirements for the use of electronic documents in lieu of paper records. Thelaw， published in the Federal Register on March 20， 1997 and in effect since August 20， 1997， specifies the systemelements， controls， and procedures that are necessary to ensure the integrity and trustworthiness of electronically-stored records. Compliance requires both procedural controls and administrative controls， such as Standard Operating Procedures(SOPs)， training， administration to be put in place by the user， in addition to the technical controls and elements thatthe system can offer. Therefore no product alone can fully meet the regulatory requirements. However， productswith integrated functions that support 21 CFR Part 11 requirements can significantly ease the task of achieving andmaintaining full compliance with the law. Part 11 has a total of 19 requirements. Some of them are specific to Part 11， others are more generic requirementsof some or all FDA regulations. This document lists all 19 requirements but highlights and focuses on sections of21 CFR Part 11 that are relevant to the Thermo ScientificChromeleon7 Chromatography Data System (CDS)and describes in detail how it facilitates compliance with the requirements. Part 11-Electronic records； electronic signatures Subpart A-General provisions S 11.1 Scope a) The regulations in this part set forth the criteria under which the agency considers electronic records，electronic signatures， and handwritten signatures executed to electronic records to be trustworthy， reliable，and generally equivalent to paper records and handwritten signatures executed on paper. b) This part applies to records in electronic form that are created， modified， maintained， archived， retrieved，or transmitted， under any records requirements set forth in agency regulations. c) Where electronic signatures and their associated electronic records meet the requirements of this part， theagency will consider the electronic signatures to be equivalent to full handwritten signatures， initials， and othergeneral signings as required by agency regulations， unless specifically excepted by regulation(s) effective onor after August 20， 1997. d) Electronic records that meet the requirements of this part may be used in lieu of paper records，in accordance with S 11.2， unless paper records are specifically required. e) Computer systems (including hardware and software)， controls， and attendant documentation maintainedunder this part shall be readily available for， and subject to， FDA inspections. Chromeleon CDS is a system that falls within the scope of 21 CFR Part 11. It has been designed to fully meet therequirements of 21 CFR part 11 Electronic Records and Electronic Signatures. Chromeleon CDS provides featuresthat allow users to implement controls in accordance with their interpretation that fulfill the requirements for the entirelife cycle of the electronic records. The electronic records of Chromeleon CDS are described in Section S 11.3 Definitions of this document， whichdiscusses their creation， modification， maintenance， archiving， and retrieval. Transmission of electronic records toagencies is discussed in Section S 11.2 Implementation. With each Chromeleon CDS shipment， Thermo Fisher Scientific provides detailed user documentation， certificates ofsoftware validation， and support documentation for on-site system validation. Thermo Fisher Scientific stores copies of all versions of its software documentation and source code in multiplesecure locations， including a fireproof vault. Documentation includes product requirements， product specifications，design specifications， project schedules， test plans， test results， and validation documentation. All of these documentsare produced for every release in accordance with the Thermo Fisher Scientific Design Control Procedure， which hasbeen registered to ISO 9001 and is periodically audited. All Thermo Fisher Scientific documents and source code areavailable for inspection by FDA at Thermo Fisher Scientific facilities. To be prepared for a possible FDA inspection， customers need to retain the following documents at their facilities： ·Certificate of Software Validation (Figure 1)， which is included on the distribution media with the software. · Completed Installation Qualification records (blank forms and procedures for the hardware installation are availablefrom Thermo Fisher Scientific； the software automatically performs software IQ tests to verify that program files arecorrectly installed， and stores the results on the system； software installation qualification procedures and protocolscan also be obtained from Thermo Fisher Scientific representatives). ·Operational Qualification and Performance Qualification records for the systems and methodologies used(Chromeleon CDS includes utilities and report forms that help laboratories standardize and automate the softwareand hardware OQ and hardware PQ tests). ·Site-specific standard operating procedures for security and records management. Figure 1. Thermo Fisher Scientific includes an electronic copy of the Certificate of Validation on the software distribution media. S 11.2 Implementation a) For records required to be maintained but not submitted to the agency， persons may use electronic recordsin lieu of paper records or electronic signatures in lieu of traditional signatures， in whole or in part， providedthat the requirements of this part are met. b) For records submitted to the agency， persons may use electronic records in lieu of paper records orelectronic signatures in lieu of traditional signatures， in whole or in part， provided that： 1) The requirements of this part are met； and 2) The document or parts of a document to be submitted have been identified in public docketNo.92S-0251 as being the type of submission the agency accepts in electronic form. Thisdocket will identify specifically what types of documents or parts of documents are acceptable forsubmission in electronic form without paper records and the agency receiving unit(s) (e.g.， specificcenter， office， division， branch) to which such submissions may be made. Documents to agencyreceiving unit(s) not specified in the public docket will not be considered as official if they aresubmitted in electronic form； paper forms of such documents will be considered as official andmust accompany any electronic records. Persons are expected to consult with the intended agency receiving unit for details on how (e.g.， methodof transmission， media， file formats， and technical protocols) and whether to proceed with the electronicsubmission. Chromeleon CDS produces electronic reports， which are protected together with their raw data， as described inSection S 11.3 Definitions. Chromeleon CDS users can easily export copies of electronic records in PortableDocument Format (PDF) for submission to agency units， in accordance with FDA guidelines. The PDF files faithfullypreserve the contents and formatting of the Chromeleon CDS reports， (Figure 2 reference error) including fields listingthe people who electronically signed the records. Figure 2： The Chromeleon CDS reports can be exported as PDF files for convenient submission of results to regulatory agencies， and multiple other formats such as XLS files for convenient collation with other tabular data. S 11.3 Definitions a) The definitions and interpretations of terms contained in section 201 of the act apply to those terms whenused in this part. b) The following definitions of terms also apply to this part： 1) Act means the Federal Food， Drug， and Cosmetic Act (secs. 201-903 (21 U.S.C. 321-393). 2) Agency means the Food and Drug Administration. 3) Biometrics means a method of verifying an individual's identity based on measurement of the individual'sphysical feature(s) or repeatable action(s) where those features and/or actions are both unique to thatindividual and measurable. 4) Closed system means an environment in which system access is controlled by persons who areresponsible for the content of electronic records that are on the system. 5) Digital signature means an electronic signature based upon cryptographic methods of originatorauthentication， computed by using a set of rules and a set of parameters such that the identity of thesigner and the integrity of the data can be verified. 6) Electronic record means any combination of text， graphics， data， audio， pictorial or other informationrepresentation in digital form， that is created， modified， maintained， archived， retrieved or distributed bya computer system. 7) Electronic signature means a computer data compilation of any symbol or series of symbols executed，adopted， or authorized by an individual to be the legally binding equivalent of the individual'shandwritten signature. 8) Handwritten signature means the scripted name or legal mark of an individual handwritten by that individualand executed or adopted with the present intention to authenticate a writing in a permanent form. The actof signing with a writing or marking instrument such as a pen or stylus is preserved. The scripted name orlegal mark， while conventionally applied to paper， may also be applied to other devices that capture thename or mark. 9) Open system means an environment in which system access is not controlled by persons who areresponsible for the content of electronic records that are on the system. Chromeleon CDS is normally implemented in a closed-system environment， where persons responsible for the recordscontrol access to the system. These persons include system administrators， who set up and maintain user accounts，plus any other persons (such as laboratory managers) who are granted roles with relevant privileges to control accessto locations where Chromeleon CDS data are stored. Chromeleon CDS has its own security system (Figure 3)， whichsupplements the security systems of the chosen operating system and relational database management software， byproviding control over specific chromatography-related resources and operations， in addition to files and records. Figure 3： The Chromeleon CDS Administration Console where user’s security settings such as complex passwords can be defined. Digital signatures are implemented in Chromeleon CDS as described in Sections S 11.50Signature manifestations， S 11.100 General requirements， and $ 11.200 Electronic signaturecomponents and controls. With respect to 21 CFR Part 11， the primary electronic records in Chromeleon CDS are the injection sequences.Each sequence has all of the information pertaining to the analysis of a set of samples (Figure 4). A typical sample setincludes calibration standards， check standards， blank injections， and unknowns. Included with each sequence arethe following items： ·Injection information (injection names， injection IDs， sequence information， method assignments， correction factors，comments， injection， sequence and component custom variables， custom formulas) ·Method information (instrument control methods， processing methods， spectral libraries) · Detector data (chromatograms， diode-array data sets， spectra) ·Report templates (report template files) ·Electronic reports with signatures · Audit trails (instrument audit trails， data audit trails， electronic signature information) charlie： Power User ICH Linearity 号 FilterChromeleonLocal 中-WIN-DVCM70RA12C0 WIN-DVCM7SQLDV口Data 口GPC-0ICH 口Accuracy 一Intermediate PrecisionLinearity ICH Linearty ICH Linearity-2 电1 LOD LOQ Repeatability二Robustness 一Specificity 口MSData MSData 120914_WM_ST Calibration and LOD TestMS demo 2 MS Export 1 Site A 一Site B由Spectra Run Finished Submit Save Studio PrintUp3--Insert RowFill DownLockYFiltering Grouping # UV_VIS_1 Name Type Position Volume [u 一 8888888 1 Linearity 1 Calibration Standard B47 100.000 2 Linearity 1 Calibration Standard B42 100.000 3 Linearity 1 Calibration Standard B43 100.000 4 Linearity 2 Calibration Standard B44 100.000 5 Linearity 2 Calibration Standard B45 100.000 6 Linearity2 Calibration Standard B46 100.000 7 南Linearity 3 Calibration Standard B47 100.000 8 Linearity 3 Calibration Standard B48 100.000 9 Linearity 3 Calibration Standard BB1 100.000 10 Linearity 4 Calibration Standard BB2 100.000 11 Linearity 4 Calibration Standard BB3 100.000 12 Linearity 4 Calibration Standard BB4 100.000 Name Type Date Modified Comment 100.000 Instruments ICH Linearity Processing Method 5/11/2017 5：30：23 PM +01：00 Injector Linearity Data ICH Linearity View Settings 5/11/20175：30：23 PM +01：00 ICH Linearity Electronic Report 5/11/2017 6：17：02 PM +01：00 eWorkflows Method_Validation Report Template 5/11/2017 5：30：23 PM +01：00 VitaminE Instrument Method 5/11/20175：30：23 PM+01：00 Associated Items Custom Sequence Varables (0) Figure 4. Sequences， represented by two vials in the Data category，are the Chromeleon CDS primary electronic records. Each sequenceincludes all details of the analysis of a sample set. Chromeleon CDS calculates results dynamically， so reports update instantly as new data are included or methodsettings are modified. This dynamic updating prevents inconsistencies between the settings and the reported data.Modifications are only permitted prior to the application of electronic signatures， and audit trails keep track of all of themodifications， as described under Section S 11.10 Controls for closed systems. When the operator is satisfied with the results， they can submit them for approval， which begins the electronicsignoff process (discussed in Section $ 11.50 Signature manifestations). Before the operator's electronic signature isapplied， all of the source data and settings required to produce the report are automatically locked， and a hash codeis calculated using the report contents， the operator's identification， and the current date and time. The operator ispresented with an electronic representation of the finished report， and is then prompted to enter his or her signaturepassword. Upon entry of the password， an unalterable copy of the report is stored， along with the hash code neededto verify its authenticity. Asimilar process is followed by the reviewer (if any) and the approver (if any) of the submittedreport. If anyone finds a need to make changes to the source data or report， the signatures must first be removed byan appropriate authority. Chromeleon CDS can also generate backup files of the electronic records cited in 21 CFR Part 11， for data recoveryand/or archiving purposes. Contents of backup files cannot be accessed outside of Chromeleon CDS； the contents ofan export must be restored into the system before they can be read. The Chromeleon CDS audit trail keeps track ofall export and import operations. Subpart B-Electronic Records S 11.10 Controls for closed systems Persons who use closed systems to create， modify， maintain， or transmit electronic records shall employprocedures and controls designed to ensure the authenticity， integrity， and， when appropriate， the confidentialityof electronic records， and to ensure that the signer cannot readily repudiate the signed record as not genuine.Such procedures and controls shall include the following： a) Validation of systems to ensure accuracy， reliability， consistent intended performance， and the ability todiscern invalid or altered records. Validation of chromatography systems generally includes installation qualification (IQ) and operational qualification (OQ)of instruments and software， as well as ongoing performance qualification (PQ). Thermo Fisher Scientific offers a widerange of validation services， ranging from on-site tests performed by Thermo Fisher Scientific service technicians toautomated routines built into the software. Chromeleon CDS features integrated tools for validating the performanceof the chromatography data system as well as the instruments used with it. A simple menu command runs theChromeleon CDS IQ (Figure 5)， which checks all system files and generates a detailed report. Figure 5. The Chromeleon CDS integrated validation tools， such as the Software Installation Qualification， standardize and automatevalidation tests. Another command runs the Chromeleon CDS OQ， which generates reports using a standard data set to verify thatthe output is reproducible. IQ， OQ and PQ of the entire system are easily performed using the Chromeleon CDSqualification wizards which automate the setup of sequences and generation of reports for qualification tests. Theyinclude checks for many important instrument parameters like gradient and flow precision， detector linearity， noiseand drift and injector linearity (Figure 6). Figure 6. The Chromeleon CDS Performance Qualification reports provide detailed analysis of the performance of eachcomponent of the chromatography system. In addition to simplifying the task of performing IQ， OQ and PQ tests， these tools ensure that all users perform thequalification tests consistently and in compliance with SOPs. Consistency of system and method performance can be automatically monitored during sample analysis via SystemSuitability tests. A wizard makes it easy to select common peak quality and reproducibility tests， or configure anynumber of custom tests using almost any reportable formula (Figure 7). Tests can be done on one or more individualinjections， or span across multiple injections. Figure 7. Any combination of System Suitability tests can be defined for any method to verify system performanceduring sample analyses. The Chromeleon CDS Data Audit Trail (discussed in detail in Section S 11.10 Controls for closed systems). Suchprocedures and controls shall include the following： (e)， tracks all changes made within the application to all dataobjects， the Audit Trail details for each event， the corresponding date and time， name of object， affected dataobject， object version number， operator identification， type of change， and comments. In the Chromeleon CDSreports， any peak that has been manually integrated is automatically flagged and clearly indicated (Figure 8). Figure 8. Chromeleon CDS clearly indicates when a peak’s integration has been modified. Data corruptions due to defects or failure of storage devices or media， or to deliberate attempts to modify records，are detected and reported by Chromeleon CDS in its Station audit trail (Figure 9). In addition， using the ‘Verifyan Electronic Report'feature of Chromeleon CDS， signed records can be checked to ensure they are free ofunauthorized modifications (see Section $ 11.70 Signature/record linking). Figure 9. Audit Trail filtered to show raw data file integrity check failures that are captured in Station Audit Trail. b) The ability to generate accurate and complete copies of records in both human readable and electronic formsuitable for inspection，review， and copying by the agency. Persons should contact the agency if there are anyquestions regarding the ability of the agency to perform such review and copying of the electronic records. Chromeleon CDS provides complete functionality for locating and viewing the electronic records on the system，andfor generating complete， accurate paper and electronic copies for agency submissions. Printed copies include time/date stamps to facilitate traceability of paper documents. Electronic copies are produced in Portable DocumentFormat (PDF) as per agency guidelines， as discussed in Section S 11.2 Implementations. All formats can also have aunique watermark to ensure authenticity and clearly identify the originating source. c) Protection of records to enable their accurate and ready retrieval throughout the records retention period. Chromeleon CDS provides several layers of protection to ensure that accurate records can be readily retrieved.The foundation for record protection is a secure operating system that provides positive user tracking and preventsunauthorized access to computers and files. Thermo Fisher Scientific recommends the use of Microsoft@ Windows@ 7or Windows 10， with the NTFS file system. The next layer of protection is a combination of controlled Windows services and a secure relational databaseplatform， which ensures that even those users who have access to files at the operating system level cannot reador modify records through means outside the secured application. Thermo Fisher Scientific recommends the use ofOracle@ Database 12c and/or Microsoft SQL Server 2014 as the relational database platform for secured， multi-userenvironments. Beyond the protections afforded by the operating system and database platform， Chromeleon CDS provides acomprehensive， chromatography-oriented security system that controls access to data， described further in SectionS 11.10 Controls for closed systems (d). This ensures that only authorized users are able to access records and makechanges； any such changes are tracked by computer-generated audit trails， as described in Section S 11.10 Controlsfor closed systems (e). Records can be electronically signed， which simultaneously locks them and documents the signing authority， asdescribed in Section S 11.50 Signature manifestations. Modifying items that have not been signed off can either beallowed or disallowed by the system administrator. If modifications are allowed， the Data Audit Trail tracks changesand retains details for all versions thus providing the user with a means to reconstruct and revert back to priorversions. Modifying signed-off items is not allowed. Chromeleon CDS facilitates long-term record storage (archiving) through its built-in file transfer and restore tools(Figure 10). When a file transfer of data is created， all relevant raw data， corresponding methods， sequence data，report formats， and audit trails are included. Figure 10. The Chromeleon CDS integrated Send to and Import from utilities facilitate long-term storage of electronic records， whileensuring security and completeness of the records. d) Limiting system access to authorized individuals. The Chromeleon CDS advanced security system supports an unlimited number of security levels and is designed tofit the chromatography workflow.Over 160 different privileges can be allocated as appropriate to an unlimited numberof different Roles (Figure 11). A Role is a collection of user privileges that define what the users that have this Roleare allowed to do in Chromeleon CDS (for example， Lab Managers would typically be granted privileges to modifyintegration， whereas Operators might only have privileges to create and run sequences). Two Roles would thereforebe created to differentiate between the different tasks. Users can be a member of several roles and choose a Roleat logon. The privileges are not cumulative therefore a user is only permitted to perform the actions that have beenassigned to the Role they logon with. These allow detailed definitions of privileges for different user groups and allowthe same user to perform multiple Roles in a controlled manner. charlie Figure 11. The Chromeleon CDS comprehensive， chromatography specific security system gives the SystemAdministrator detailed control over each user's access and privileges for instruments and data. In addition to Roles， Chromeleon CDS supports Access Groups. These areused to control access to different instruments and data objects. Accesscontrols can restrict individual users， groups of users， user by Role and canalso restrict specific privileges that a user has been assigned by the Roles.For example，a Lab Manager in Quality Control may have privileges to accessand modify analysis data for released products， but can be denied access todata on new compounds being generated by the Discovery group. The LabManager might also have access to view and operate all instruments in alllaboratories but could be prevented from interrupting a running instrument inthe Discovery Group. Once the Access Groups have been created， access tospecific data vaults， folders， and/or instruments can be controlled by settingproperties for the respective item (Figure 12). Users are only allowed to seethe items to which they have been granted access， providing an additionallevel of security for sensitive data. Folders and individual injections or groups of injections can also be lockedto prevent modification of their contents； privileges for locking and unlockingcan be separately granted to different Roles， as appropriate. Electronicallysigned records are automatically locked， as discussed in Section $ 11.50Signature manifestations. Figure 12. Chromeleon CDS controlsaccess to data vaults， individual foldersand instruments.Users who are notmembers of an Access Group assigned to anitem cannot access or even see the item. Figure 13. Users are identified by User Name， Full Name， and Job Titlethroughout the software and User Names are unique for every user. The Chromeleon CDS security system provides the user management capabilities most often requested by systemadministrators： ·No user identities are shared and every user is identified by User Name， Full Name， and Job Title throughout thesoftware (Figure 13) ·Password controls - such as minimum password length， password complexity and uniqueness requirements，andpassword age limits -can be enforced · User and password audit trails are automatically maintained (Figure 14) ·Users can be automatically locked out after a pre-set number of login failures (Figure 15) ·Client sessions can be automatically locked after a specified period of inactivity (Figure 16). Report国Show ChangesErom5/13/2017 rIo5/15/2017 Y FilteringGrouping License Manager (WIN-CMDC) SchedulerGlobal Policies User Database 3 Chromeleon Userscharlie (Charlie Chromeleon) cmadmin (Chromeleon Administrator)inewton (Isaac Newton) 8jmaxwell (James Clerk Maxwell)jsmith (Jane Smith) 白 Instrument Controller (Instrument Controller)Scheduler (Scheduler)Access GroupsRoles Full AccessPower User 叟OperatorCM Administrator eWorkflow Tags星Audit Trail 0-0Domain ResourcesLocal Machine Date/Time Operator Operation Computer Name 5/14/2017 11：29：27 AM +01：00 imaxwell Changed WIN-CMDC 5/14/2017 11：14：04 AM +01：00 charlie 33Created Access Group WIN10-CM7 5/14/2017 11：14：23 AM+01：00 charlie 88Created Access Group WIN10-CM7 5/14/2017 11：28：57 AM+01：00 imaxwell Changed User Database Policies WIN-CMDC 5/14/2017 10：49：34 AM+01：00 charlie Logon WIN10-CM7 5/14/2017 10：54：02 AM +01：00 charlie -ogon WIN10-CM7 5/14/2017 11：15：41 AM +01：00 charlie Logon WIN10-CM7 5/14/2017 11：22：27 AM +01：00 charlie Logon Password Verification Failed WIN10-CM7 5/14/2017 11：22：31 AM +01：00 charlie Logon Password Verification Failed WIN10-CM7 5/14/201711：22：37 AM +01：00 charlie Logon Password Verified WIN10-CM7 5/14/2017 11：23：15 AM +01：00 charlie Logoff WIN10-CM7 5/14/2017 11：24：11 AM+01：00 ismith Logon WIN-DV 5/14/2017 11：28：32 AM +01：00 imaxwell Logon WIN-CMDC 5/14/201711：29：59 AM +01：00 imaxwell Logoff WIN-CMDC 5/13/2017 12：18：11 AM+01：00 Instrument Controller Sequence End WIN10-CM7 5/13/2017 12：18：12 AM +01：00 Instrument Controller Sequence Start WIN10-CM7 5/13/201712：27：51 AM +01：00 Instrument Controller Sequence End WIN10-CM7 5/1 This time is from a time zone that is 1 hour ahead of Coordinated Universal Time (UTC)， and in line with your local time (including any daylight savings time adjustments that may apply).5/1I1n your local time zone， this corresponds to 5/13/2017 12：27：54 AM. N10-CM7 5/1 N10-CM7 110-CM7 5/13/2017 12：49：33 AM +01：00 Instrument ControllerSequence End WIN10-CM7 Audit Trail charlie Figure 14. User and password history logs are automatically maintained， including a tooltip which providesadditional information about time zone offset and how it translates to local machine date time. User Database Policies charlie ： Figure 15. Users can be automatically locked out after a pre-set number of login failures including ability to notifySystem Administrators by email when accounts are locked. Figure 16. The administrator can set an inactivity timeout policy to help ensure that unauthorized people do not gainaccess to the system in the event that an authorized user fails to log out before stepping away from a client station. e) Use of secure， computer-generated， time-stamped audit trails to independently record the date and time ofoperator entries and actions that create， modify， or delete electronic records. Record changes shall notobscure previously recorded information. Such audit trail documentation shall be retained for a period at leastas long as that required for the subject electronic records and shall be available for agency review and copying. Chromeleon CDS automatically tracks all operator entries and actions that create， modify， or delete electronic records.It does this by maintaining two types of secure， computer-generated， time-stamped audit trails： Instrument andData audit trails. Both audit trails record the time and date of each event， along with the identification of the operatorinvolved. Changes to records add new entries to the audit trails， such that previously recorded information is notobscured， and the system administrator has fine control over who is allowed to make changes to data and audittrails. An Instrument audit trail is automatically created and maintained for each instrument. Each Instrument audit trailcompletely documents all events associated with data acquisition and instrument control， including： ·Users connecting to instruments， whether for control or simply to monitor activity， ·Sequence starts and stops， ·Control commands sent to instruments from an instrument control program or a direct user action， ·Responses received from instruments， including any status messages， warnings， or errors， ·Instrument configuration changes. Any instrument’s daily audit trail can be reviewed (Figure 17) and all events are fully searchable by filtering using‘find as you type' text entry or can be grouped together. Events pertaining to a particular sequence can also beviewed in real time during instrument operation (Figure 18)， or included as a report object (Figure 19). This detaileddocumentation not only helps with 21 CFR 11 compliance， it also improves productivity by eliminating the need formanual logging of events and by providing the operators with useful information for keeping track of their work andtroubleshooting any analysis problems that might occur. Figure 17. Chromeleon CDS automatically maintains a complete log of each instrument's daily activities. Figure 18. System log events that pertain to the current sequence can be viewed in real time duringsample analysis. Figure 19. The System Log events for a sequence can be included in the report along with the analyticalresults， providing full traceability. The Data Audit Trail keeps detailed records of all changes made to data objects and electronic records in aChromeleon CDS Data Vault. It documents the creation of sequences and related data - including injection entries，instrument methods， processing methods， view settings and report templates - as well as all modifications madeafter the analysis. (Post-run modifications include changes to sequence entries， methods and reports； manualbaseline adjustments； and any relocation， archiving， or deletion of data.) The recording of the Data Audit Trail can be enabled by the Chromeleon CDS System Administrator for anychromatography Data Vault. Audit trails are easily accessible by simply right-clicking on an item and selecting {ShowData Audit Trail} from the context menu (Figure 20). Authorized users can view the Data Audit Trail at any desired levelof the information hierarchy： individual objects (injection， instrument method， processing method， report template， andso on)， directory folder， or entire Data Vault. All events are fully searchable and Chromeleon CDS provides the operatorwith different search tools consisting of grouping events together and filtering using ‘find as you type'text entry . Figure 20. The modification history for any sample， sequence， folder or data source can be instantly accessed viathe Show Data Audit Trail command. The Data Audit Trail display (Figure 21) lists， for each event， the corresponding date and time， name of object， affecteddata object， object version number， operator identification， type of change， and comments. Versions can be compareddisplaying differences between selected versions with all changes， deletions and additions clearly indicated and none ofthe entries obscured. Chromeleon CDS locks records as soon as they enter the electronic signature process. Lockedrecords cannot be modified by anyone， and the System Administrator can restrict who has the privilege to unlockrecords. Electronically signed records cannot be unlocked without removing the signatures. The Chromeleon CDS DataAudit Trail keeps track of all Lock and Unlock operations and of all actions in the electronic signature process. Figure 21. The Chromeleon CDS modification history tracks all changes to all data objects and lists the before and after state of eachvariable associated with each change. The System Administrator can also prohibit the modification of existing data objects. The binary nature of the audit trailfiles makes the possibility of falsification extremely remote. However， in an unsecured operating system， it could bepossible for a user to gain access at the operating system level， stop the Windows service that protects the files anddelete or corrupt one of the files cited above. Thus， Thermo Fisher Scientific recommends that regulated laboratoriesstore all data on secured computers running Windows 7 or Windows 10 with the NTFS file system. Chromeleon CDS provides complete functionality for viewing all audit trails on the system and for printing hard copiesof the audit trails at any time. The hard copies include time/date stamps to facilitate traceability of paper documents. f) Use of operational system checks to enforce permitted sequencing of steps and events， as appropriate. Chromeleon CDS has a context-sensitive structure that hides or disables functions that are either： not relevant， notappropriate， or not permitted within the current context. This structure helps ensure that steps and events occurin the proper sequence. For example， if a sequence has been configured to have signature levels of Submitterand Approver， it cannot be approved until it has been signed by a submitter. Chromeleon CDS also provides afeature titled eWorkflows which is an electronic procedure for automating the laboratory processes related to achromatographic analysis. It assists the user in creating an appropriate sequence with predefined associated files and a well-defined structure (Figure 22). In addition Chromeleon CDS also provides further Wizards (Figure 23) and manystep-by-step procedures with detailed instructions in on-line Help (Figure 24) to further guide users. Chromeleon CDSperforms numerous error checks when instruments are configured， when instrument methods are defined， and whensequences are readied for execution (Figure 25). Any conflicts must be resolved before the user is allowed to proceed. Figure 22. The Chromeleon CDS eWorklfows for automating the laboratoryprocesses related to a chromatographic analysis. Figure 23. The Chromeleon CDS Instrument Method Wizard guides the user throughthe steps required to create instrument control programs. Figure 24. The Chromeleon CDS on-line Help provides background information as wellas step-by-step procedures for all common chromatography operations. Figure 25. Before executing any sequence or batch of sequences， Chromeleon CDS automatically checks thatthe instruments are present and functioning，the control programs are valid for the selected instruments， allparameters of the sequence are valid， and sufficient disk space is available for data storage. g) Use of authority checks to ensure that only authorized individuals can use the system， electronically signa record， access the operation or computer system input or output device， alter a record， or perform theoperation at hand. Chromeleon CDS provides a comprehensive， chromatography-specific security system that controls access to instrumentsand data， and defines the types of operations that each class of users can perform on the items to which they are grantedaccess (as described under Section S 11.10 Controls for closed systems (d). Chromeleon CDS also controls who isauthorized to electronically sign specific sequences (as described under Section S 11.50 Signature manifestations). h) Use of device (e.g.， terminal) checks to determine， as appropriate， the validity of the source of data inputor operational instruction. Upon installation， Chromeleon CDS automatically performs a Software Installation Qualification to verify that allsoftware components are correctly installed. A report is stored to disk and can be printed. Password-controlledlogins， both at the operating system level and at the Chromeleon CDS level， are used to prevent unauthorizedaccess and to identify users， regardless of where they log in. Whenever possible， Chromeleon CDS records specificinformation about the actual instruments used (serial numbers， operating conditions， vial positions injected， etc.). i) Determination that persons who develop， maintain， or use electronic record/electronic signature systemshave the education， training， and experience to perform their assigned tasks. Thermo Fisher Scientific regularly provides appropriate training for its developers， service engineers， and supportpersonnel. Records of training are maintained in accordance with training policies that are registered to ISO 9001.Thermo Fisher Scientific provides on-site introductory training for users at the time of installation. Additional trainingis recommended for laboratory managers and for support personnel. System administrators should also attendadvanced Chromeleon CDS training courses. Off-site classes are regularly conducted in Thermo Fisher Scientific fieldoffices. Custom on-site training courses are also available. j) The establishment of， and adherence to， written policies that hold individuals accountable and responsiblefor actions initiated under their electronic signatures， in order to deter record and signature falsification. k) Use of appropriate controls over systems documentation including： 1) Adequate controls over the distribution of， access to， and use of documentation for system operationand maintenance. 2) Revision and change control procedures to maintain an audit trail that documents time-sequenceddevelopment and modification of systems documentation. Thermo Fisher Scientific supplies user documentation in electronic format on the same read-only media as thesoftware， so that the two are always synchronized. Release notes providing a history of changes from release torelease are provided with the software. S 11.30 Controls for open systems Persons who use open systems to create， modify， maintain， or transmit electronic records shall employprocedures and controls designed to ensure the authenticity， integrity， and， as appropriate， the confidentiality ofelectronic records from the point of their creation to the point of their receipt. Such procedures and controls shallinclude those identified in $ 11.10， as appropriate， and additional measures such as document encryption and useof appropriate digital signature standards to ensure， as necessary under the circumstances， record authenticity，integrity， and confidentiality. As is the case with practically all systems in analytical laboratories， Chromeleon CDS is generally implemented in aclosed system environment， with an appropriate security system in place， and the laboratory applying full control onwho will access the system. An open system in a laboratory would be one where the data is stored on a server thatis under the control of a 3rd party. Other examples for open systems are websites where everyone has access. S 11.50 Signature manifestations a) Signed electronic records shall contain information associated with the signing that clearly indicatesall of the following： 1) The printed name of the signer； 2) The date and time when the signature was executed； and， 3) The meaning (such as review， approval， responsibility， or authorship) associated with the signature. b) The items identified in paragraphs (a)(1)， (a)(2)， and (a)(3) of this section shall be subject to the samecontrols as for electronic records and shall be included as part of any human readable form of theelectronic record (such as electronic display or printout). The Chromeleon CDS comprehensive implementation of electronic signatures provides all the functionality required bySection S 11.50 Signature manifestations， while satisfying laboratory workflow needs. With each individual user grantedaccess to Chromeleon CDS， the System Administrator can grant an individual a signature password which is separateand distinct from the login password. Functions such as minimum password length， password uniqueness requirements，password age control， and password history are supported for signature passwords as they are for login passwords. In association with electronic signatures the Chromeleon CDS user manager provides privileges for signing results，for removing signatures， and for modifying sequence signature requirements. Also for each injection sequence inChromeleon CDS， persons with appropriate security clearance (i.e. the user privilege Modify Signature Requirements)can define up to three signoff levels (Submit， Review， and Approve) (Figure 26). Figure 26. The list of Electronic Signature steps for submission， review， and approvalof results can be specified separately for each sequence Applying electronic signatures is a simple， straightforward process. The submitter chooses the desired sequenceand selects the“Submit” button in the Sequence Status bar (Figure 27). The Chromatography Studio opens in theElectronic Report category and if the user has the relevant privileges， chooses which report pages to include in theirfinal signed off report (Figure 28). Results are recalculated and then an on-screen display of the report is visible(Figure 29). When satisfied with the report， the submitter proceeds to signoff (Figure 30)， where they enter theirindividual signature credentials and any desired final comments. After the correct password has been entered，the current state of the sequence is frozen and protected and no further changes are possible (Figure 31). Thesequence is marked with a special icon indicating that it has been signed and the signatory controls in ChromeleonCDS indicate the next step in the signing process if required. jsmith： Operator Figure 27. To sign a sequence， the user begins by selecting the corresponding toolbar button. Figure 28. If permissible， the user specifies which report sheets and which injections should be included in the electronic signoff. Figure 29. Chromeleon CDS locks all the sequence data against modification， then recalculates and freezes all report sheets. Figure 30. Users enter their individual signature credentials and any desired final comments to sign off sequence. Figure 31. Using the signature data and the report contents， Chromeleon CDS calculates a hash code that becomes anintegral part of the encrypted final report and certifies its authenticity. Reviewers and approvers follow the same steps as submitters， but they can only review or approve sequences thathave been first signed by a submitter. If a problem is found with the report， an authorized user can undo the signatureof the submitter so that necessary modifications can be made； in this case， the report must be resubmitted with anew signature. Any of the variables related to electronic signatures (such as signoff status， name of signatory， job title，meaning of the signature， time/date signed， and so forth) can be included in reports and used for database queries.Sequences awaiting review and approval can be quickly located by running a simple query. S 11.70 Signature/record linking Electronic signatures and handwritten signatures executed to electronic records shall be linked to theirrespective electronic records to ensure that the signatures cannot be excised， copied or otherwisetransferred so as to falsify an electronic record by ordinary means. In Chromeleon CDS， electronic signature data are stored as integral parts of sequence， such that the signature datacannot be excised， copied， or otherwise transferred by ordinary means. When an electronic signature is applied，Chromeleon CDS generates a unique hash code that cannot be generated outside of the application. The hashcode is stored along with the sequence data in the database. It is only possible to create a valid hash code usingChromeleon CDS. Any user can use the Verify toolbar button to quickly confirm the integrity of electronically signeddocuments (Figure 32). The software recalculates the unique hash code and confirms that nothing has been alteredsince the document was created (Figure 33). Thermo Fisher Scientific does not provide functionality for execution ofhandwritten signatures to electronic records at this time. jsmith： Operator Figure 32. Electronically signed sequences and reports are marked with special icons. Signatures can be checked by selectingthe Verify toolbar button or menu command. Figure 33. When an electronically signed sequence is verified， the unique hash code is recalculated and comparedagainst the stored value. Subpart C-Electronic signatures $ 11.100 General requirements a) Each electronic signature shall be unique to one individual and shall not be reused by， or reassigned to，anyone else. The Chromeleon CDS electronic signatures are implemented using a combination of a user's unique login name and asignature password. Because the software requires a unique login name for each individual， each person's signaturecombination is unique. (Chromeleon CDS does not require that each user’s signature password be unique， becausethis could actually compromise security i.e. a user might enter a password and if they encounter a“password notavailable”or other relevant message they might realize that they had entered part of the combination to anotherperson’'s signature.) Chromeleon CDS maintains a history of login and signature passwords， and prohibits re-use of the previously usedpassword. The System Administrator can require users to change passwords when they next log in， and can set anexpiration interval for passwords (Figure 34). Figure 34. The System Administrator can set password requirements， inactivity timeouts， automatic account disabling，and other policies. b) Before an organization establishes， assigns， certifies， or otherwise sanctions an individual's electronicsignature， or any element of such electronic signature， the organization shall verify the identity of the individual. c) Persons using electronic signatures shall， prior to or at the time of such use， certify to the agency that theelectronic signatures in their system， used on or after August 20， 1997， are intended to be the legally bindingequivalent of traditional handwritten signatures. 1) The certification shall be submitted in paper form and signed with a traditional handwritten signature， to theOffice of Regional Operations (HFC-100)， 5600 Fishers Lane， Rockville， MD 20857. 2) Persons using electronic signatures shall， upon agency request， provide additional certification or testimonythat a specific electronic signature is the legally binding equivalent of the signer's handwritten signature. S 11.200 Electronic signature components and controls a) Electronic signatures that are not based upon biometrics shall： 1) Employ at least two distinct identification components such as an identification code and password. i) When an individual executes a series of signings during a single continuous period of controlled systemaccess， the first signing shall be executed using all electronic signature components； subsequentsignings shall be executed using at least one electronic signature component that is only executableby， and designed to be used only by， the individual. ii) When an individual executes one or more signings not performed during a single continuous periodof controlled system access， each signing shall be executed using all of the electronic signaturecomponents. 2) Be used only by their genuine owners； and 3) Be administered and executed to ensure that attempted use of an individual's electronic signature byanyone other than its genuine owner requires collaboration of two or more individuals. b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyoneother than their genuine owners. The Chromeleon CDS electronic signatures are implemented using a combination of a user's unique login nameand a signature password. The user can be forced to enter their unique user name and signature password eachtime a sequence is electronically signed. Continuity of sessions can be easily enforced through an option thatautomatically logs a user out if no system activity is detected for a period of time whose length is specified inadvance by the System Administrator. These features satisfy the requirements of subsections (i) and (ii). Becausethe login name is unique for each individual， each person's signature combination is unique， and can only be usedby its genuine owner. Of course， system users must not reveal their passwords to anyone else； attempted use ofthe signature by anyone other than the genuine owner would require collaboration of two or more individuals. $ 11.300 Controls for identification codes/passwords Persons who use electronic signatures based upon use of identification codes in combination withpasswords shall employ controls to ensure their security and integrity. Such controls shall include： a) Maintaining the uniqueness of each combined identification code and password， such that no twoindividuals have the same combination of identification code and password. b) Ensuring that identification code and password issuances are periodically checked， recalled， or revised，(e.g.， to cover such events as password aging). c) Following loss management procedures to electronically de-authorize lost， stolen， missing， orotherwisepotentially compromised tokens， cards， and other devices that bear or generate identification code orpassword information， and to issue temporary or permanent replacements using suitable， rigorous controls. d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes， anddetect and report in an immediate and urgent manner any attempts at their unauthorized use to the systemsecurity unit， and， as appropriate， to organizational management. e) Initial and periodic testing of devices， such as tokens or cards， that bear or generate identificationcode or password information， to ensure that they function properly and have not been altered in anunauthorized manner. Each person's signature combination is unique as detailed in sections $ 11.100 General requirements and S 11.200Electronic signature components and controls. Chromeleon CDS facilitates administration of password maintenancethrough controls such as minimum password length， enforced password character sets， password age limit， andpassword re-use prevention. The System Administrator can use these controls to force users to regularly change theirpasswords to new， unique expressions of a specified minimum length and complexity. The System Administrator canalso require any user to change a password at next login， and can disable or delete any user account if necessary.Attempts to breach the security system can be thwarted through automatic account deactivation， which can be set todisable any account after a specified number of failed login attempts (Figure 15)， and via email System Administratorsare notified of such failures. All security-related events (user and group configuration changes， successful logins，failed logins， and electronic signings) are automatically tracked in the Chromeleon CDS user management database.A convenient viewer makes it easy for System Administrators to view particular events of interest with in-built filteringusing ‘find as you type'text entry or grouping events together (Figure 14). At this time， use of devices bearingidentification codes or passwords is not explicitly supported. Resources http：//www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11 Guidance for Industry1 Part 11， Electronic Records； Electronic Signatures -Scope and Application；http：//www.fda.gov/RegulatoryInformation/Guidances/ucm125067.htm http：//www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/ucm124787.htm Interested in our complete data management solution?Learn more about the entire Thermo Scientific Integrated Informaticsportfolio at thermofisher.com/integratedinformatics Like Charlie Chromeleon on Facebook to follow his travels and getimportant updates on chromatography software!facebook.com/CharlieLovesChromatography Visit AppsLab Library for online access to applications for GC， IC， LC，MS and more. thermofisher.com/AppsLab Find out more at thermofisher.com/chromeleon ◎2018 Thermo Fisher Scientific Inc. All trademarks are the property of Thermo Fisher Scientific Inc. and its subsidiaries. This information ispresented as an example of the capabilities of Thermo Fisher Scientific Inc. products. It is not intended to encourage use of these productsin any manner that might infringe the intellectual property rights of others. Specifications， terms and pricing are subject to change. Not allproducts are available in all countries. Please consult your local sales representative for details. WP80078-EN 0218S Compliance with regulatory requirements is critical for a business. It is oftenregarded as something that can add significant cost to the company but withthe acquisition of a chromatography data system (CDS) that provides all of thenecessary functionality built-in to one package, that is easy to use, the effortrequired to achieve compliance with 21 CFR Part 11 is significantly reduced.