Frequently asked questions regarding CFR21 Part 11 for UNICOM Intelligence
Introduction
This white paper addresses aspects of CFR 21 Part 11 requirements for customers who are considering using the UNICOM Intelligence products within such an environment, and answers some commonly asked questions regarding capabilities of UNICOM Intelligence relevant to CFR 21 Part 11. This white paper only provides information regarding UNICOM Intelligence, not other UNICOM Systems, Inc. products.
UNICOM Intelligence is an enterprise feedback platform used for deploying surveys to gather attitudinal data. Typically, a user will define a project, assign roles and responsibilities and then step through the various survey life-cycle activities based on the requirements of the project. The product makes use of two main types of data:
1 Operational data: What the software needs to operate (for example, system account details, project information, survey life-cycle activities).
2 Respondent data: The electronically captured information that is collected from survey respondents (for example, preferences, opinions, demographic details).
It should be noted that UNICOM Intelligence is designed to support a broad spectrum of applications and environments and is not designed towards a specific industry or market, such as Pharmaceuticals/Life Sciences. UNICOM Intelligence can be used within a compliant or regulated environment but is not intended to satisfy the requirements of specific regulated environments. There are other integral aspects to compliance separate from UNICOM Intelligence, including but not limited to the following:
▪The customer's database, including its data model and security features.
▪The customer's application design and business logic/rules, and especially any part of the application that is responsible for confidential or private data that is subject to regulatory controls.
▪The customer's choice of authentication and access control system (for example, LDAP) together with their networking environment and other IT infrastructure elements.
The use of UNICOM Intelligence in a regulatory controlled environment is at the discretion of the customer and UNICOM Systems, Inc. makes no warranty or representation when using UNICOM Intelligence in such an environment. If used in the development of surveys that are to be deployed in a regulatory controlled environment, in addition to any other items needed for you to show compliance, the surveys will still need to undergo a formal validation process (based on the customer's controls) to demonstrate compliance with applicable regulatory requirements.
High level summary
Because UNICOM Intelligence works openly within a customer's IT environment (in terms of authentication protocols and access to underlying data sources and databases), and can be flexibly implemented within the underlying data and security systems, our responses are either “Not Applicable” or will depend on how the customer chooses to control the software usage under “Standard Operating Procedures” or “Work Instruction”. Customers should use the following responses only for informational purposes, and a proper assessment should be performed in each customer environment.
UNICOM Systems, Inc. is aware that the following CFR 21 Part 11 types are used when customers need to describe compliance with the functional requirements of electronic records and electronic signatures (as per CFR 21 Part 11 regulations). The following types are used within this white paper to provide guidance to those assessing the role of UNICOM Intelligence within an environment that must demonstrate compliance.
CFR 21 Part 11 types
Type
|
Description
|
SOP
|
The requirement should be met through the development, approval, and implementation of a Standard Operating Procedure.
|
MAN
|
The requirement should be met through the development, approval, and implementation of a manual process defined in a Work Instruction.
|
CONF
|
The requirement should be met through configuration of the application software.
|
CUST
|
The requirement should be met through customization of the application software.
|
Applicability of CFR 21 Part 11 requirements for UNICOM Intelligence
The following table summarizes what is understood to be the functional requirements for electronic records and electronic signatures, as per CFR 21 Part 11, and describes their applicability to the UNICOM Intelligence products. The table does not represent a comprehensive list, and may not be accurate for your environment or implementation of the software. If you require further clarification, or have additional questions, contact UNICOM Systems, Inc.
CFR 21 Part 11 requirements
ID
|
CFR 21 Part 11 Functional Requirement
|
Applicability to UNICOM Intelligence
|
Response
|
1
|
The system will require users to enter a unique non-biometric User Identification and Password to gain access to the application.
|
Applicable.
UNICOM Intelligence can be used standalone (desktop) or in a web-based (server) configuration. User authentication for UNICOM Intelligence Server is either via UNICOM Systems, Inc. supplied forms authentication against an UNICOM Systems, Inc. format user database or via Microsoft Windows authentication.
|
CONF
|
2
|
The system will utilize transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management.
|
Applicable.
UNICOM Intelligence Server and Microsoft Windows authentication will by default report attempts at unauthorized access. Failed Windows authentication is logged to the Windows Event log. Failed forms authentication is logged to the UNICOM Intelligence Server logs files.
|
CONF
|
3
|
The system will use a secure, computer-generated, time-stamped audit trail to independently record the date and time of operator entries and actions that create, modify, or delete electronic records.
|
Applicable.
Updates made to the Users and Participants databases are logged to the UNICOM Intelligence log files.
|
CONF
|
4
|
The system will record changes in a manner that does not obscure previously recorded information.
|
Applicable.
The default audit logging records the user ID that made the update and the new value for each of the fields updated. Customization is required to record the old value.
|
CONF
|
5
|
The system will have the ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the US FDA.
|
Limited Applicability.
UNICOM Intelligence products can provide outputs in human readable and electronic formats, but does not include any reports that are for intended FDA use out of the box. It is up to the customer to design such reports and include them in their application system.
|
CUST
|
6
|
The system will require at least two distinct identification components, such as an identification code and a unique password, to initiate the execution of an electronic signature.
|
Not Applicable.
UNICOM Intelligence does not currently support any specific features for recording or executing an electronic signature on a report. It is up to the customer to design such reports and include them in their application system.
|
CUST
|
7
|
The system will assure signed electronic records contain the following information that is associated with the signing:
▪The printed name of the signer.
▪The date and time when the signature was executed.
▪The meaning (such as review, approval, responsibility, or authorship) associated with the signature.
|
Not Applicable.
Capabilities described in the question must be provided by the application in its data entry components and its database design.
UNICOM Intelligence does not currently support any specific features for recording or executing an electronic signature on a report.
|
CUST
|
8
|
The system will include the following information as part of any human readable form of the electronic record (such as electronic display or printout):
▪The printed name of the signer.
▪The date and time when the signature was executed.
▪The meaning (such as review, approval, responsibility, or authorship) associated with the signature.
|
Not Applicable.
It is up to the application designer to include the data fields of the question in the design of reports that are to be generated by UNICOM Intelligence.
UNICOM Intelligence does not currently support any specific features for recording or executing an electronic signature on a report.
|
CUST
|
9
|
The system will ensure that electronic signatures executed to electronic records will be logically linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred so as to falsify an electronic record by ordinary means.
|
Not Applicable.
It is up to the application designer to ensure these linkages are designed into the database, application, and UNICOM Intelligence product reports.
UNICOM Intelligence does not currently support any specific features for recording or executing an electronic signature on a report.
|
CUST
|
Frequently asked questions
1 Are controls in place to ensure that electronically captured raw data is retained in electronic form for the retention period of the record?
UNICOM Intelligence stores respondent data that was generated as a result of conducting surveys. It is the responsibility of users/customers to manage the retention of information in databases through other applications.
2 For retained raw data, are controls in place to ensure that the ability to derive original results is retained for the retention period of the record?
UNICOM Intelligence stores respondent data that was generated as a result of conducting surveys. It is the responsibility of users/customers to manage the retention of information in databases through other applications.
3 Are controls in place to assure that signatures (electronic or handwritten captured electronically) associated to electronic records are retrievable and/or reproducible unaltered for the retention period of the record?
UNICOM Intelligence stores respondent data that was generated as a result of conducting surveys. It is the responsibility of users/customers to manage the retention of information in databases through other applications.
4 Are controls in place to assure that audit trails are retrievable and/or reproducible unaltered for the retention period of the record?
UNICOM Intelligence stores respondent data that was generated as a result of conducting surveys. It is the responsibility of users/customers to manage the retention of information in databases through other applications.
5 Are controls in place to ensure that electronic records and systems are included in a controlled record retention schedule?
UNICOM Intelligence stores respondent data that was generated as a result of conducting surveys. It is the responsibility of users/customers to manage the retention of information in databases through other applications.
6 At a minimum, is a valid login required for access security?
UNICOM Intelligence Server is deployed with a login authentication requirement that requires a user name and password.
7 At a minimum, for systems defined as high or medium priority, are user IDs and passwords employed for access
UNICOM Intelligence Server is deployed with a login authentication requirement that requires a user name and password.
8 If biometric controls are used for access security, are they designed to ensure that they cannot be used by anyone other than their original owner?
UNICOM Intelligence does not provide any direct support for biometric identification systems.
9 When user IDs/passwords are used for access security, are procedural controls in place for the re-issuance of passwords?
In UNICOM Intelligence, re-issuance of passwords is a manual procedure. However, UNICOM Intelligence can be configured to recognize a user's identity based on a broader security system (such as Windows Authentication) which can in turn be configured to require periodic password replacement.
10 When user IDs/passwords are used for access security, are controls in place for locking and unlocking user accounts?
UNICOM Intelligence includes controls for locking and unlocking user accounts.
11 Are system managers, system operators, database administrators, super users, and other privileged system accounts restricted to a minimum number of people?
UNICOM Intelligence itself does not provide management of access restrictions, but would integrate into a broader security environment.
12 Are mechanisms for the delivery of access to user accounts secure from interception by anyone other than the intended recipient?
UNICOM Intelligence supports secure, role-based access.
13 Is protection provided for a system where security can be compromised through physical access?
UNICOM Intelligence stores respondent data that was collected as a result of conducting surveys. Access to UNICOM Intelligence is protected through passwords regardless of physical location, but someone with physical access could potentially bypass UNICOM Intelligence and access data at the database level. It is the responsibility of customers to manage access to their facilities.
14 Has determination of appropriate training for individuals been included in the authorization process?
UNICOM Systems, Inc. offers training courses to all customers. The UNICOM Intelligence products do not enforce that users of specific functionality have taken our training courses (that is a customer's decision).
15 If user accounts are deleted, are controls in place to ensure that electronic record integrity is preserved and that audit trails and signature manifestations are retrievable and/or reproducible for the retention period of the record?
UNICOM Intelligence controls access to projects and activities via role based authentication. In the scenario where a user is an owner of a project and their user account is deleted, there is no impact to the project.
16 Are controls in place to prevent the reuse of a deleted user account?
UNICOM Intelligence does not prevent user accounts from being re-used. However, when a user account is deleted, the access to projects and features is also removed, which prevents a reused user account from gaining access to projects and features assigned to, or created by, the original user.
17 Are procedural controls in place that require users to change their password if they believe their password has been compromised?
UNICOM Intelligence can be configured to recognize the users identity based on a broader security system (for example, Windows Authentication). Procedural controls, such as the one mentioned in the question, are typically implemented at the level of the broader security system.
18 Are common login accounts/IDs allowed for read only access to a particular record?
UNICOM Intelligence can be configured to recognize the users identity based on a broader security system (for example, Windows Authentication). Procedural controls, such as the one mentioned in the question, are typically implemented at the level of the broader security system.
19 Is the ability to modify or delete an electronic record, without being captured by an audit trail, strictly controlled through limiting access to that functionality?
An UNICOM Intelligence user is able, only with the correct database access permissions, to modify database records. If this is not desirable, this should be prevented through configuration of the underlying database sources being accessed through UNICOM Intelligence. Typically, such modifications would be made through other applications.
20 Is there a documented method that describes how the local time of a user's actions will and can be readily determined?
UNICOM Intelligence provides a documented method that describes how the local time of user's actions will and can be readily determined.
21 Is audit trail information easily accessible for review?
UNICOM Intelligence Interviewer - Server Admin, and the activities and applications that run inside it, create a number of log files that provide an audit trail of what each activity has done. The Manage Logs activity provides an easy method of viewing these log files. Additional details are provided by the underlying database.
22 Are all human initiated changes to an electronic record reflected in the audit trail?
UNICOM Intelligence stores respondent data that was collected as a result of conducting surveys. Modifications or deletions to data in underlying databases, and the resulting audit trail, are made through other applications.
23 Are controls provided for system access if devices (for example, displays, terminals, workstations or other input means) are left in an unsecured or unprotected state?
This depends on the operating system configuration to enforce a device lock after a specific period of inactivity.
24 Does the system ensure that changes to an electronic record do not obscure previously recorded information?
The default audit logging in UNICOM Intelligence records the user ID that made the update and the new value for each of the updated fields. Customization is required in order to record the older values.
25 Can an electronic record that has been changed and saved be reproduced for authoritative representations such that there is an obvious indication that the record has been changed and is not the original entry or version?
In UNICOM Intelligence, changes made to user or participant information are logged such that the record can be reproduced.
26 Are automated logins or the use of login scripts by individual users prohibited?
Automated logins via a script are supported in UNICOM Intelligence.
27 Are remote or interfaced systems authenticated prior to the transfer or processing of data?
UNICOM Intelligence Server authenticates remote systems prior to the transfer or processing of data.
28 When confidential information of any type or format is exchanged over an open system, is secure encryption provided?
UNICOM Intelligence web-server authentication supports SSL.
29 Do non-biometric signatures employ at least two distinct components (user ID and password)?
Out of the box, security providers rely on a valid user name and password for access.
30 For multiple signings in a continuous session, does the initial signing require all components independent of the system log-in and subsequent signings require the password at a minimum?
UNICOM Intelligence requires authentication for every session.
31 Are controls in place to prevent the issuance of duplicate user IDs within an application or group of interfaced or integrated applications for the life of the system?
UNICOM Intelligence Interviewer - Server Admin controls access to features and functionality via the User Management activity. Controls are in place to prevent the issuance of duplicate user IDs.
32 Do controls prevent reuse of IDs by another individual within an application or group of interfaced or integrated applications for the life of the system?
UNICOM Intelligence Interviewer - Server Admin controls access to features and functionality via the User Management activity. Controls are in place to prevent reuse of IDs by another individual.
33 Are users required to change their passwords at least every 90 days?
UNICOM Intelligence with Interim Fix 1 is configured, by default, to ensure that users are required to change their passwords at least every 90 days.
34 Are users required to change their passwords upon first use following administration password assignment?
UNICOM Intelligence is configured so that users are required to change their passwords following administration password assignment.
35 Are there minimum criteria for failed login and signature attempts which constitute suspected unauthorized use identified?
UNICOM Intelligence will by default lock an account after three failed login attempts. The failed login attempt count parameter can be set in the registry.
36 When minimum criteria for failed login or signature attempts are exceeded, do alerts and controls go into effect upon detection?
UNICOM Intelligence Interviewer - Server Admin controls access to features and functionality via the User Management activity. UNICOM Intelligence does log unsuccessful login attempts so this type of reporting is possible. Although underlying security providers would be better suited to handle that, this type of reporting and notification could be accomplished through the UNICOM Intelligence product.
37 Is the product designed to assist users in de-identification?
It is possible to remove fields using UNICOM Intelligence, but it is not designed specifically to assist users in de-identification.
38 Is the product designed so that a user can remove all of the following identifiers:
▪Names
▪Street address, city, county, zip code
▪All elements of dates, except year (includes birth date, admission or discharge date, date of death and even year of birth if the person is over 89)
▪Telephone numbers
▪Facsimile numbers
▪E-mail address
▪Social security number
▪Medical record number
▪Health plan beneficiary number
▪Account numbers
▪Certificate/license numbers
▪Vehicle identifiers and serial numbers, including license plate numbers
▪Medical device identifiers and serial numbers
▪URLs
▪IP address numbers
▪Biometric identifiers, including voice and finger prints
▪Full face photographic images or any comparable images
▪Any other unique identifying number, characteristic or code
It is possible to remove fields using UNICOM Intelligence, but it is not designed specifically to assist users in de-identification.
39 Is there a product design feature implemented to automatically remove all of the listed identifiers through a single command?
It is possible to remove fields using UNICOM Intelligence, but it is not designed specifically to assist users in de-identification.
The information provided in this white paper is provided for informational purposes only. UNICOM Systems, Inc. does not make any representation or warranty to its accuracy or to the ability of UNICOM Intelligence to meet CFR 21 Part 11 requirements or the use of UNICOM Intelligence in a regulated environment.
See