21CFR11 FAQ STARv901

CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
21 CFR Part 11 FAQ

(Frequently Asked Questions)
Customer and Supplier Roles and Responsibilities for Assessment of METTLER TOLEDO
STARe Software Version V9.01, including:
- 21 CFR 11 Compliance software option and
- Install Plus software option
for Compliance with the Requirements of 21 CFR Part 11 Regulations
(Electronic Records and Electronic Signatures Final Rule)
21CFR11FAQSTAREv901.doc
1 of 24
27.02.2006
1. 21 CFR 11: Technical, Administrative and Procedural Controls

The purpose of this document is to outline the roles and responsibilities for 21 CFR 11 assessment and compliance and inform customers how METTLER TOLEDO is
responding to the challenges presented by the regulation.
Published in March 1997 and effective on August 20, 1997, the Electronic Records; Electronic Signature final rule (21 CFR Part 11) has had a greater impact on
computerized systems than any other regulation. The basic requirement forces computerized systems to ensure the integrity, reliability and trustworthiness of electronic
records. In addition, electronic signatures must be trustworthy and equivalent to handwritten signatures executed on paper records.
The regulation requires organizations to have in place three levels of control:
Administrative controls: e.g. policies for Part 11 and the use of electronic signatures
Procedural controls:
SOPs for using the system
Technical controls:
functions built into software that ensure the reliability and integrity of electronic records and signatures
This means that it is not possible for any supplier to offer a turnkey 21 CFR Part 11 compliant system.
There is software that can be designed to be compliant with 21 CFR 11 technical controls, but it is the user who is responsible for providing policies and procedures to
ensure the systems are fully compliant with the regulations and the predicate rule applicable. This is shown in Figure 1 below and illustrates the importance of an
integrated approach to 21 CFR 11 compliance and why there is no 21 CFR 11 compliant software.
Technical controls
(Supplier responsibility)
Software designed to be
compliant
Procedural controls
(User responsibility)
Administrative controls
(User responsibility)
21 CFR 11 Requirements
defined in the regulations
Procedures for System

(company internal guidelines)
Figure 1: A compliant system requires 3 elements: one from the supplier and two from the user
2 of 24
27.02.2006
The reference number (Ref. No.) index on page 5 21 is based on the following
table:
21 CFR Part 11 (Electronic Records; Electronic Signatures)
http://www.fda.gov
Sec.
Subpart A General Provisions
11.1
Scope.
11.2
Implementation.
11.3
Definitions.
Subpart B Electronic Records
11.10 Controls for closed systems.
11.30 Controls for open systems.
11.50 Signature manifestation.
11.70 Signature/record linking.
Subpart C Electronic Signatures
11.100 General requirements.
11.200 Electronic signature components and controls.
11.300 Controls for identification codes/passwords.
3 of 24
27.02.2006
1.1 Closed Versus Open System

1.1.1 Definition of a closed system (Subpart A Definitions: 11.3 (4)):
Closed system means an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.
1.1.2 Definition of an open system (Subpart A Definitions: 11.3 (9)):

Open system means an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system
(for example Internet).
1.1.3 STARe software

The STARe software is designed as a closed system.
There is therefore no discussion or mention of open system controls (Subpart B Electronic Records: 11.30).
4 of 24
27.02.2006
Controls Required for Electronic Records

Abbreviations for 21 CFR 11 Control Type: P&A = Procedural & Administrative (Customer responsibility); Tech = Technical (Supplier responsibility)
Ref. No.
21 CFR Requirement and Reference
Control
Responsible
Comments
P&A
Customer
The end user is responsible for validation according to

company policies and procedures. The system is specified in
the DQ and the tested in the PQ.
P&A
Supplier
METTLER TOLEDO provides IQ and OQ at installation and

can assist you with PQ. The STARe software is delivered with
a certificate of system validation.
The software is designed and tested according to the
METTLER TOLEDO internal ISO9001 quality management
standards.
11.10 Controls for closed systems

System Validation [11.10(a)]
Validation of systems to ensure accuracy,
reliability, consistent intended performance, and
the ability to discern altered and invalid records.
11.10(a) / 1
Is the system validated to the Company standards?
11.10(a) / 2
Did software validation include tests and checks that

demonstrate compliance with all applicable parts of 21
CFR 11 (e.g. audit trail, backup/restore, archive,
security controls, device/terminal checks, esignatures)?
(The tests are based on these technical controls
having been designed, programmed and tested into
the system by the supplier)
P&A
Customer
11.10(a) / 3
Are altered records recognized by the system and how

are these changes documented?
P&A
Supplier
5 of 24
The changes made to records are recognized by the system.

The change record is logged in the audit trail and referenced in
section 11.10(e)
27.02.2006
Ref. No.
11.10(a) / 4
Control
Responsible
Comments
Is the system able to recognize invalid records?
P&A
Customer
The end user is responsible for checking that information is

correctly applied. Standard operating procedures (SOPs) can
be setup to ensure that this is the case. It is also a requirement
under GMP regulations that a second, independent person
checks laboratory records and the information they contain.
P&A
Supplier
The STARe Software is designed with the following features:

a) It does not allow you to create invalid records. Manual
entry values are checked for validity. So as a result the
data base contains only valid records.
b) The data base does not allow a user to manually
modify a record. A user only gets access to the
records through the application.
c) Invalid records cannot be read by the STARe software.
6 of 24
27.02.2006
Ref. No.
Control
Responsible
Comments
Can the system generate accurate and complete

copies of records in both human readable and
electronic form (ASCII, PDF) for inspection, off-line
review, and copying by the FDA?
Tech
Supplier
Yes, in ASCII and PDF formats.
P&A
Customer
METTLER TOLEDO recommends an SOP for the handing

over of electronic records to the agency for inspection.
Can the software generate copies of users with their

individual user rights (e.g., file access, electronic
signature)
Tech
Supplier
Yes, paper copies are possible and electronic copies (in PDF
format) are possible.
Record Inspection [11.10(b)]

The ability to generate accurate and complete
copies of records in both human readable and
electronic form suitable for inspection, review and
copying by the agency.
11.10(b) / 3
11.10(b) / 4
7 of 24
27.02.2006
Ref. No.
Control
Responsible
Comments
Records Protection [11.10(c)]

Protection of records to enable their accurate and
ready retrieval throughout the records retention
period.
11.10(c) / 5
Are all electronic records saved to a secure location,

preferably on the site network?
P&A
Customer
11.10(c) / 6
Do SOPs cover who is responsible for backup, restore

and recovery. How is this done?
P&A
Customer
11.10(c) / 7
Do SOPs cover who is responsible for long term

archiving and retrieval. How is this done?
P&A
Customer
11.10(c) / 8
Are all electronic records included in system backups?
P&A
Tech
Customer
Supplier
The backup is made with a tool from the Ingres database

management system. It includes all electronic records.
11.10(c) / 9
Can data generated in earlier software versions be

retrieved from archive and viewed in its entirety?
Tech
Supplier
The restore function allows you to import backups from earlier

software versions. Backup and restore actions are
documented in the system audit trail.
11.10(c) / 10
If records can be copied outside the software, is user

access to the copy read-only?
If no, does the software prohibit the overwriting of
the original record by the copy?
Tech,
P&A
Supplier,
Customer
Records cannot be copied outside of the STARe software.

Copies can be generated by export/import or by save as, but
they are stored in a new file with a different date/time stamp.
The original file is not overwritten.
11.10(c) / 11
Are critical records stored in one location only?

If not, do validated automatic functions exist to
maintain data integrity?
Tech
Supplier
All data are stored in the Ingres database in one location.

The customer can only access the database through the
STARe software.
11.10(c) / 12
Is simultaneous write access to the same electronic

record by multiple users prohibited?
Tech
Supplier
The database prevents two or more users simultaneously

saving the same electronic record.
11.10(c) / 13
Can data be recreated after a computer system

failure?
Tech
P&A
Supplier
Customer
The data can be recreated from the backup. Data created after
the last backup is usually lost (e.g. hard disk failure).
11.10(c) / 14
Are the records protected from hazards such as fire,

heat and water by environmental controls (e.g.
ventilation)?
P&A
Customer
8 of 24
27.02.2006
Ref. No.
11.10(c) / 15
Control
Responsible
Have retention periods for the electronic records

retained in the system been specified?
(Minimum requirements for GMP record retention is
batch expiry plus one year, however product liability
requirements are 11 years in Europe and 20 years in
United States. The user should refer to their company
policy)
P&A
Customer
9 of 24
Comments
27.02.2006
Ref. No.
Control
Responsible
Comments
Security [11.10(d)]:
Limiting system access to authorized individuals.
11.10(d) / 16
Are devices for storage of electronic records (e.g., PC,

file/database servers and backup and archive durable
media) located in a controlled area or physically
secured?
P&A
Customer
11.10(d) / 17
Does the system limit system access to authorized

individuals?
Tech
Supplier
Does a list of current and previous users of the system

exist?
P&A
Customer
11.10(d) / 18
Does the system prevent deletion of users from the

system in order to ensure the uniqueness of user IDs?
The User ID should be deactivated but retained.
Tech
Supplier
11.10(d) / 19
Does the system have a password-protected inactivity

lock?
P&A
Tech
Customer
Supplier
11.10(d) / 20
Is user access to the operating system restricted to the

system administrator or an equivalent authorized user?
P&A
Customer
11.10(d) / 21
If the computer system can be accessed remotely, are

additional security measures such as call back or
SecurID included?
Tech
P&A
Supplier
Customer
Remote access with STARe Version V9.01 is possible. The

security measures provided are based on the security settings
of the operating system (Windows Terminal Services).
11.10(d) / 22
Do remote access sessions automatically log off when

a disconnect is detected?
Tech
Supplier
After a disconnect, a login is required to establish a connection

between the terminal and the server (Windows Terminal
Services).
11.10(d) / 23
Are safeguards in place to detect attempts at

unauthorized use, and to lock the account after several
consecutive unsuccessful attempts to enter a
password?
Tech
P&A
Supplier
Customer
The number of login attempts can be defined by the STAR

system administrator.
After the defined number of failed login attempts the user
account is locked.
11.10(d) / 24
Is there an approved procedure that describes the

administration of system security?
P&A
Customer
10 of 24
Yes, the system has two safety levels. Only users with a
Windows and a STARe account can access the STARe
software.
In the CFR Compliance mode, it is not possible to delete

users. Old user accounts can only be disabled.
The STARe system has its own session lock system that is
password-protected.
27.02.2006
Ref. No.
Control
Responsible
Comments
Audit Trail [11.10(e)]

Use of secure, computer-generated, time-stamped
audit trails to independently record the date and
time of operator entries and actions that create,
modify, or delete electronic records. Record
changes shall not obscure previously recorded
information. Such audit trail documentation shall
be retained for a period at least as long as that
required for the subject electronic records and
shall be available for agency review and copying.
11.10(e) / 25
Are there computer-generated (automatic) audit trails

of all user actions?
Tech
Supplier
Yes, in the system audit trail or in the analysis audit trail.
11.10(e) / 26
Are audit trail entries date-stamped DD-MM-YYYY?
Tech
Supplier
Yes
11.10(e) / 27
Are audit trails time-stamped HH-MM-SS in local time?
Tech
Supplier
Yes
11.10(e) / 28
Are there controls to ensure that the system clock date

and time stamps are accurate and secure from
tampering (e.g. changing the system clock)?
P&A
Customer
11.10(e) / 29
Do all audit trails include operator identity, using full

name or the customer-defined user ID of an individual?
Tech
Supplier
Yes, the operator identity (user ID) is given by the unique user
name.
11.10(e) / 30
Is there an audit trail for system activity, including all

user login and failed access attempts?
Tech
Supplier
Yes, in the system audit trail.
11.10(e) / 31
Is an audit trail generated during creation of all data?
Tech
Supplier
Yes
11.10(e) / 32
Is an audit trail generated during modification of all

data?
Tech
Supplier
Yes
11.10(e) / 33
Is an audit trail generated during deletion or

inactivation of all data?
Tech
Supplier
Yes
11.10(e) / 34
If a signed record is changed, does the system retain

and display the old and new value?
Tech
Supplier
Yes
11 of 24
27.02.2006
Ref. No.
Control
Responsible
Comments
11.10(e) / 35
Does each audit trail entry describe the action

performed?
Tech
Supplier
Yes
11.10(e) / 36
Does the audit trail contain sufficient information to

allow a reviewer to trace all changes to a signed record
from its current state back to the original values?
Tech
Supplier
Yes
11.10(e) / 37
Is the audit trail directly linked to the record, but

located separately?
Tech
Supplier
Yes. The audit trail entry however is stored separately and is

not part of the electronic record itself.
11.10(e) / 38
Is the audit trail backed up?
Tech
Supplier
Yes. The audit trail is also stored in the database and therefore
part of the backup.
Are audit trail records being maintained for at least as

long as the retention of the underlying records?
P&A
Customer
11.10(e) / 39
Is a read-only display or report available for viewing

the audit history?
Tech
Supplier
Yes. The display or the printout of the audit trail can be

configured using suitable filter criteria (e.g. action, date from,
date to, user).
11.10(e) / 40
Are audit trails available for review and copying by the

agency?
Tech
P&A
Supplier
Customer
Yes
11.10(e) / 41
Are all users, (including the system administrator)

unable to modify audit trail details?
Tech
Supplier
Yes. Nobody can modify the audit trail.
11.10(e) / 42
Are changes to user access control levels (i.e. user

roles) and permissions (i.e. user rights) audit trailed?
Tech
Supplier
Yes
Tech
Supplier
Yes. Sample analysis is performed in the appropriate

sequence. For example, it is not possible to sign a record
before it has been processed.
Operational Checks [11.10(f)]

Use of operational system checks to enforce
permitted sequencing of steps and events, as
appropriate.
11.10(f) / 43
If the sequence of system steps or events is important

in a process, is this enforced by the system? (as
appropriate)?
12 of 24
27.02.2006
Ref. No.
Control
Responsible
Comments
Authority Checks [11.10(g)]

Use of authority checks to ensure that only
authorized individuals can use the system,
electronically sign a record, access the operation
or computer system input or output device, alter a
record, or perform the operation at hand.
11.10(g) / 44
Does the software require entry of a separate user ID

and password, in addition to that required by the
operating system?
Tech
Supplier
Yes, see 11.10(d) / 17
11.10(g) / 45
Does each user have an individual unique account?
Tech
Supplier
Yes
11.10(g) / 46
Does the system have different user-defined access

control levels?
Tech
Supplier
Yes, via user roles and user rights.
11.10(g) / 47
If the system has different user levels, are there

SOP(s) in place to describe how a users access shall
be defined?
P&A
Customer
11.10(g) / 48
Are modifications/deletions to data always performed

through the software control? (e.g. data is not changed
through SQL or other data access tools).
Tech
Supplier
P&A
Customer
Yes. You can only access the database via the STARe
software. The STARe software allows only certain predefined
transactions to be performed.
Device and Terminal Checks [11.10(h)]

Use of device (e.g., terminal) checks to determine,
as appropriate, the validity of the source of data
input or operational instruction
11.10(h) / 49
Are device checks to determine validity of the source

of input or operation designed and implemented in the
system (as appropriate)? [e.g. a software indicating
that data input is derived from a particular device, such
as a balance, should identify the device or only allow
data entry from that device, and not from a terminal].
Tech
Supplier
Yes. The system performs checks to ensure the validity of

manual or automatic data input. For example with manual input
the system checks whether the temperature entered exceeds
the maximum usable temperature defined for the crucible.
The data transferred from measuring modules to the STARe
system are automatically checked. Invalid data either leads to
an error message, i.e. no data is stored, or all data is stored
but the faulty data points are marked as invalid.
11.10(h) / 50
Are terminal checks to determine validity of the source

of input implemented?
Tech
Supplier
The STARe software V9.01 does not support terminal input.
13 of 24
27.02.2006
Ref. No.
Control
Responsible
Comments
Has it been documented that the following persons

have the education, training, and experience to
perform their assigned tasks:
Developers of the computerized system?
Note: Following the preamble, this requirement only
goes as far as internal developers. (Comment 87). In
order to answer Yes to this question, the vendor must
maintain training records, and be aware of the 21 CFR
11 implications. Documentation should be reviewed
during audits.
P&A
Supplier
Sales and service engineers receive special CFR training (see

training certificate) and are fully qualified to perform their tasks.
11.10(i) / 52
External maintainers of the computerized system?
P&A
Supplier
11.10(i) / 53
Internal maintainers of computerized system?
P&A
Customer
11.10(i) / 54
Users of the computerized system?
P&A
Customer
P&A
Customer
Personnel Qualifications [11.10(i)]

Determination that persons who develop, maintain,
or use electronic record/electronic signature
systems have the education, training, and
experience to perform their assigned tasks
11.10(i) / 51
The software development team was trained in January 3-4,

2001 by Dr. Bob McDowall.
The initial training on version 8.00 for sales and service
engineers was given from March 31 to April 1, 2003. Followed
by trainings on version 8.10 in 2004 and on version 9.00 in
June 2005
Only METTLER TOLEDO personnel are qualified to maintain
the STARe system, e.g. repair, upgrading, equipment
qualification.
Accountability and Responsibility for Actions

[11.10(j)]
The establishment of, and adherence to, written
policies that hold individuals accountable and
responsible for actions initiated under their
electronic signatures, in order to deter record and
signature falsification
11.10(j) / 55
Have policies and/or procedures holding individuals

accountable and responsible for actions initiated under
their electronic signatures been established and
followed?
14 of 24
27.02.2006
Ref. No.
Control
Responsible
Comments
Systems Documentation Controls [11.10(k)]

Use of appropriate controls over systems
documentation including:
(1) Adequate controls over the distribution of,
access to, and use of documentation for system
operation and maintenance.
(2) Revision and change control procedures to
maintain an audit trail that documents timesequenced development and modification of
systems documentation.
Note: This covers vendor supplied
manuals/documentation as well as logs for the system
(backup, errors etc.)
11.10(k) / 56
Are there adequate controls over the distribution of

documentation for system operation and maintenance?
(Only controlled copies of SOPs should be issued by
the Quality Department.)
P&A
Customer
11.10(k) / 57
Are there adequate controls over access to

(System log books should be kept on the laboratory
bench, next to the system.)
P&A
Customer
11.10(k) / 58
Are there adequate controls over the use of

P&A
Customer
11.10(k) / 59
Are revision and change control procedures in place to

maintain an audit trail that documents the timesequenced development and modification of the
systems documentation? (Only applies to
documentation that can be changed by individuals
within Customer).
P&A
Supplier
Software and operating instructions are version-controlled.
Customer
Version control is an important part of the IQ/OQ

documentation provided by METTLER TOLEDO. Every
change made to the system must be documented in the IQ/OQ
documentation, e.g. a software update.
11.50 Signature manifestations.
15 of 24
27.02.2006
Ref. No.
Control
Responsible
Comments
Do electronically signed electronic records contain

information associated with the signing that clearly
indicates: The full printed name of the signer? [11.50
(a)(1)]
Tech
Supplier
Yes
P&A
Customer
The date and time when the signature was executed?

[11.50(a)(2)] N.B. Handwritten signatures on paper
records require date only.
Tech
Supplier
P&A
Customer
The meaning of the signature? [11.50(a)(3)]
Tech
Supplier
P&A
Customer
Signing Requirements [11.50(a)]

(a) Signed electronic records shall contain
information associated with the signing that clearly
indicates all of the following:
(1) The printed name of the signer;
(2) The date and time when the signature was
executed; and
(3) The meaning (such as review, approval,
responsibility, or authorship) associated with the
signature.
11.50(a) / 1
11.50(a) / 2
11.50(a) / 3
16 of 24
Yes
Yes. The system administrator can define up to 10 meanings

of signatures.
The user must select one of these meanings when signing a
document.
27.02.2006
Ref. No.
Control
Responsible
Comments
Tech
Supplier
Yes
P&A
Customer
Tech
Supplier
Controls for Electronic Signatures [11.50(b)]

(b) The items identified in paragraphs (a)(1), (a)(2),
and (a)(3) of this section shall be subject to the
same controls as for electronic records and shall
be included as part of any human readable form of
the electronic record (such as electronic display or
printout).
11.50(b) / 4
11.50(b) / 5
Are all items in the signature manifestation subject to

the same controls as for electronic records? [11.50(b)].
Are all items in the signature manifestation included as
part of any human readable form of the electronic
record (such as electronic display and/or printout or
report)? [11.50 (b)]
17 of 24
Yes. The signature manifestation consists of:

- printed name of the signer,
- date and time of the signing,
- meaning of signing and
- remarks (optional text)
This information is displayed or printed.
27.02.2006
Ref. No.
Control
Responsible
Comments
Yes
11.70 Signature/record linking.

Linking Signatures to Electronic Records [11.70]
Electronic signatures and handwritten signatures
executed to electronic records shall be linked to
their respective electronic records to ensure that
the signatures cannot be excised, copied, or
otherwise transferred to falsify an electronic
record by ordinary means.
11.70 / 1
Are all electronic signatures on electronic records

linked to their respective electronic records to ensure
that the signatures cannot be excised, copied, or
otherwise transferred to falsify an electronic record by
ordinary means? [11.70]
Tech
Supplier
11.70 / 2
Are handwritten signatures on printouts of electronic

records linked to their respective electronic records?
Note: Minimum requirement is initials of signer, print
date/time unique sample identifier, and, if appropriate,
file name and location / file size.
P&A
Customer
11.70 / 3
Does the system identify whether a record has been

modified after signing and requires a new signature?
Tech
Supplier
Yes
11.70 / 4
When changes are made to previously approved

electronic records, are electronic or handwritten
signatures applied to updated records, and linked to
the original signed record?
Tech
Supplier
Yes.
P&A
Customer
Please note that the linkage of handwritten signatures to

printouts of the electronic records is in the responsibility of the
user.
18 of 24
27.02.2006
Ref. No.
Control
Responsible
Comments
Tech
Supplier
P&A
Customer
Yes. The STARe software supports unique electronic

signatures.
Please note, the customer must ensure that no two or more
users share the same user account.
Tech
P&A
Supplier
Customer
P&A
Tech
Customer
Supplier
11.100 General requirements.

Uniqueness of Signature [11.100(a)]
(a) Each electronic signature shall be unique to
one individual and shall not be reused by, or
reassigned to, anyone else.
11.100 (a) / 1
11.100 (a) / 2
Are electronic signatures unique to an individual?

[11.100 (a)]
Does the system prohibit use of shared/group

accounts as components of electronic signatures?
Yes. The STARe software supports unique user accounts.

Please note, the customer must ensure that no two or more
users share the same user account.
Verification of Identities [11.100(b)]

(b) Before an organization establishes, assigns,
certifies, or otherwise sanctions an individuals
electronic signature, or any element of such
electronic signature, the organization shall verify
the identity of the individual.
11.100 (b) / 3
Electronic signatures cannot be reused by, or

reassigned to, anyone else [11.100 (b)]
19 of 24
Yes. The user account (and therefore also the electronic

signature) is unique for the lifetime of the database. User
accounts can only be disabled but not deleted.
27.02.2006
Ref. No.
Control
Responsible
Comments
Certification to the FDA [11.100(c)]

(c) Persons using electronic signatures shall,
prior to or at the time of such use, certify to the
agency that the electronic signatures in their
system, used on or after August 20, 1997, are
intended to be the legally binding equivalent of
traditional handwritten signatures.
(1) The certification shall be submitted in paper
form and signed with a traditional handwritten
signature, to the Office of Regional Operations
(HFC100), 5600 Fishers Lane, Rockville, MD
20857.
(2) Persons using electronic signatures shall,
upon agency request, provide additional
certification or testimony that a specific
electronic signature is the legally binding
equivalent of the signers handwritten signature.
11.100 (c) / 4
Is the identity of an individual verified before an

electronic signature is allocated? [11.100 (c)]
P&A
Customer
11.100 (c) / 5
Has the customer organization sent a letter to the

FDA, stating their intent to use electronic signatures?
(Before using electronic signatures)
P&A
Customer
20 of 24
27.02.2006
2. Controls Required for Electronic Signatures

Abbreviations for 21 CFR 11 Control Type: P&A = Procedural & Administrative (Customer responsibility); Tech = Technical (Supplier responsibility)
Ref. No.
Control
Responsible
Comments
Tech
Supplier
Yes, user name and password.
11.200 Electronic signature components and

controls.
Components and Sessions [11.200(a)]
(a) Electronic signatures that are not based upon
biometrics shall:
(1) Employ at least two distinct identification
components such as an identification code and
password.
(i) When an individual executes a series of
signings during a single, continuous period of
controlled system access, the first signing shall
be executed using all electronic signature
components; subsequent signings shall be
executed using at least one electronic signature
component that is only executable by, and
designed to be used only by, the individual.
(ii) When an individual executes one or more
signings not performed during a single,
continuous period of controlled system access,
each signing shall be executed using all of the
electronic signature components.
(1) Be used only by their genuine owners; and
(2) Be administered and executed to ensure that
attempted use of an individuals electronic
signature by anyone other than its genuine owner
requires collaboration of two or more individuals.
11.200 (a) / 1
Is the signature made up of at least two components,

such as an identification code and password or an ID
card and a password? [11.200 (a)(1)]
21 of 24
27.02.2006
Ref. No.
Control
Responsible
Comments
11.200 (a) / 2
When several signings are made during a continuous

session, is the secret part of the signature executed
at each signing? Both components must be executed
at the first signing of a session. [11.200 (a)(1)(i)]
Tech
Supplier
The STARe software does not allow procedures in which more

than one file is signed in a continuous signing session.
Electronic records must be individually signed.
11.200 (a) / 3
If signings are not done in a continuous session, are

both components of the electronic signature
executed with each signing? [11.200 (a)(1)(ii)]
Tech
Supplier
Yes. Each signing action is linked to one single electronic

record and always requires authentification with user name
and password.
11.200 (a) / 4
Are signatures designed to ensure that they can only

be used by their genuine owners? [11.200 (a)(2)]
P&A
Customer
11.200 (a) / 5
Would an attempt to falsify an electronic signature

require the collaboration of at least two individuals?
[11.200 (a)(3)]
Tech
Supplier
Yes
Biometric Electronic Signatures [11.200(b)]

(b) Electronic signatures based upon biometrics
shall be designed to ensure that they cannot be
used by anyone other than their genuine owners.
11.200 (b) / 6
The STARe system does not support biometric devices.
Have biometric electronic signatures been validated

including attempted use by other users?
11.300 Controls for identification
codes/passwords.
Uniqueness of Electronic Signature [11.300(a)]
(a) Maintaining the uniqueness of each combined
identification code and password, such that no
two individuals have the same combination of
identification code and password.
11.300 (a) / 1
Does the system keep all password details

confidential, so that they are not available to any
system user, including the administrator?
Tech
Supplier
11.300 (a) / 2
Are controls in place to maintain the uniqueness of

each combined identification code and password,
such that no two individuals can have the same
combination of identification code and password?
[11.300 (b)]
P&A
Customer
Tech
Supplier
22 of 24
Yes
Yes, the identification code (ID) is already unique.
27.02.2006
Ref. No.
Control
Responsible
Comments
Checking of IDs and Passwords [11.300(b)]

(b) Ensuring that identification code and
password issuances are periodically checked,
recalled, or revised (e.g., to cover such events as
password aging).
11.300 (b) / 3
Are procedures in place to ensure that the validity of

identification codes is periodically checked?
[11.300 (b)]
P&A
Customer
11.300 (b) / 4
Do passwords periodically expire and need to be

revised? [11.300(b)]
Tech
Customer
Supplier
The password expires after a certain time period predefined by

the system administrator.
11.300 (b) / 5
Are passwords obscured when entered?
Tech
Supplier
Yes
Is there a procedure for recalling identification codes

and passwords if a person leaves or is transferred?
[11.300(c)]
Tech
Supplier
Yes. The STARe system allows the administrator to disable

user accounts.
P&A
Customer
Is there a procedure for electronically deactivating an

identification code or password if it is potentially
compromised or lost? [11.300(c)]
Tech
Supplier
P&A
Customer
Is there a procedure for temporary or permanent

replacements using suitable rigorous controls?
[11.300(c)]
P&A
Customer
Loss of Passwords and Tokens [11.300(c)]

(c) Following loss management procedures to
electronically deauthorize lost, stolen, missing,
or otherwise potentially compromised tokens,
cards, and other devices that bear or generate
identification code or password information, and
to issue temporary or permanent replacements
using suitable, rigorous controls.
11.300 (c) / 6
11.300 (c) / 7
11.300 (c) / 8
23 of 24
Yes. The STAR system allows the administrator to reset the

passwords of any user.
27.02.2006
Ref. No.
Control
Responsible
Comments
Unauthorised Use [11.300(d)]

(d) Use of transaction safeguards to prevent
unauthorized use of passwords and/or
identification codes, and to detect and report in
an immediate and urgent manner any attempts at
their unauthorized use to the system security
unit, and, as appropriate, to organizational
management.
11.300 (d) / 9
Is there a technical feature to detect attempts at

unauthorized use and for informing security?
[11.300(d)]
Tech
Supplier
Yes. Login attempts are monitored in two ways by the STARe

system.
1. After a predefined number of attempts a user account
is automatically locked.
2. In addition, every login attempt creates an audit trail
entry.
11.300 (d) / 10
Is there a procedure for immediate and urgent

reporting to security/management any attempt at
unauthorized use of identification codes and
passwords? [11.300(d)]
(Note: a SOP should describe the regular inspection
of the audit trail for unauthorized login attempts.)
Tech
Supplier
Unsuccessful login attempts are documented in the audit tail

but not automatically reported to the administrator.
P&A
Customer
Tech
Supplier
Checking Devices [11.300(e)]

(e) Initial and periodic testing of devices, such as
tokens or cards, that bear or generate
identification code or password information to
ensure that they function properly and have not
been altered in an unauthorized manner.
11.300 (e) / 11
Are tokens or devices regularly checked or replaced?
24 of 24
The STARe software does not support the use of tokens and
devices to generate identification codes or password
information.
27.02.2006

21CFR11 FAQ STARv901

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

21CFR11 FAQ STARv901

Uploaded by

Copyright:

Available Formats

CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT

21 CFR Part 11 FAQ

1. 21 CFR 11: Technical, Administrative and Procedural Controls

Procedures for System

1.1 Closed Versus Open System

1.1.2 Definition of an open system (Subpart A Definitions: 11.3 (9)):

1.1.3 STARe software

Controls Required for Electronic Records

21 CFR Requirement and Reference

The end user is responsible for validation according to

METTLER TOLEDO provides IQ and OQ at installation and

11.10 Controls for closed systems

Is the system validated to the Company standards?

Did software validation include tests and checks that

Are altered records recognized by the system and how

The changes made to records are recognized by the system.

21 CFR Requirement and Reference

Is the system able to recognize invalid records?

The end user is responsible for checking that information is

The STARe Software is designed with the following features:

21 CFR Requirement and Reference

Can the system generate accurate and complete

Yes, in ASCII and PDF formats.

METTLER TOLEDO recommends an SOP for the handing

Can the software generate copies of users with their

Record Inspection [11.10(b)]

21 CFR Requirement and Reference

Records Protection [11.10(c)]

Are all electronic records saved to a secure location,

Do SOPs cover who is responsible for backup, restore

Do SOPs cover who is responsible for long term

Are all electronic records included in system backups?

The backup is made with a tool from the Ingres database

Can data generated in earlier software versions be

The restore function allows you to import backups from earlier

If records can be copied outside the software, is user

Records cannot be copied outside of the STARe software.

Are critical records stored in one location only?

All data are stored in the Ingres database in one location.

Is simultaneous write access to the same electronic

The database prevents two or more users simultaneously

Can data be recreated after a computer system

Are the records protected from hazards such as fire,

21 CFR Requirement and Reference

Have retention periods for the electronic records

21 CFR Requirement and Reference

Are devices for storage of electronic records (e.g., PC,

Does the system limit system access to authorized

Does a list of current and previous users of the system

Does the system prevent deletion of users from the

Does the system have a password-protected inactivity

Is user access to the operating system restricted to the

If the computer system can be accessed remotely, are

Remote access with STARe Version V9.01 is possible. The

Do remote access sessions automatically log off when

After a disconnect, a login is required to establish a connection

Are safeguards in place to detect attempts at

The number of login attempts can be defined by the STAR

Is there an approved procedure that describes the

In the CFR Compliance mode, it is not possible to delete

21 CFR Requirement and Reference

Audit Trail [11.10(e)]

Are there computer-generated (automatic) audit trails