Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yokogawa Electric Corporation Copyright © Yokogawa Electric Corporation 21 CFR Part 11 Support for CS1000/3000.

Similar presentations


Presentation on theme: "Yokogawa Electric Corporation Copyright © Yokogawa Electric Corporation 21 CFR Part 11 Support for CS1000/3000."— Presentation transcript:

1 Yokogawa Electric Corporation Copyright © Yokogawa Electric Corporation 21 CFR Part 11 Support for CS1000/3000

2 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.2 Yokogawa’s policy for 21CFR Part11 compliance is constructed based on FDA documents, and on discussion with our customers who have pharmaceutical plants. In order for pharmaceutical plants to comply with 21CFRpart11, both of the following must be addressed. Technical point of view (with the functions of CS1000/CS3000) Management by procedure, I.e, SOP (Standard Operation Procedures) We hope this presentation not only explains the technical points, but also helps to create your own SOP. Scope This presentation describes the 21CFR Part11 related functions of CENTUM CS1000, CS3000.

3 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.3 R3.02(Phase.1) R3.03(Phase.2) R3 (Phase.0) Support 21 CFR Part11 RXX (Phase.3) Enhancement Security function of HIS, Builder Audit trail of HIS Enhancement of HIS security function, such as the check of invalid access. The security function of Builder and that of recipe management with password & finger print. Audit trail of builder & recipe management. The security function and audit trail of reporting function. Integration of HIS historical messages. Enhancement of the builder, recipe management security, such as automatic screen lock. 2001.12 2001.5 2003.1 Development Roadmap

4 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.4 Contents FDA CFR Part11 requirement review. Typical system configuration. Software package overview. Function overview of CS 1000, CS 3000 to meet Part11 requirements. Summary of Part11 related functions. –For operation –For production engineering (Builder) –For recipe management –For reporting Reference. (Display examples)

5 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.5 What is FDA 21CFR Part11 ? The new regulation, issued by the FDA, for all computer systems related to the pharmaceutical production. –Not only for new systems, but also for the existing systems. Many pharmaceutical providers are planning to introduce Part11 support system. CS1000, CS3000 is the system which meets FDA 21CFR Part11. Yokogawa had been investigating the detail of Part11 with several pharma customers together.

6 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.6 Basic requirement for Part11. In order to manage electronic record data, production systems need –to prevent data tampering. –to guarantee data reliability. Based on above, basic requirements are –Computer systems have to be capable of automatically creating an audit trail independent from the users. –System, data security and data integrity should be guaranteed by system access control. –Detection and notification of invalid access. –The mechanism to use electronic records at any time it is required.

7 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.7 Ethernet HIS: Human Interface Station FCS:Field Control Station Audit trail data server E: System Administrator - Data storage - Data search - Reporting V net oo o FCS HIS A: Management of Operators. 1: Management of OperatorsAudit trail DB 2: Management of Operators (Reporting) Audit trail DB 3: Management of instrumentation engineersAudit trail DB 4: Manager of recipe managementAudit trail DB D:Management of recipe management C: Management of instrumentation engineers. Access control Audit trail Reporting PC For System builder Access control Audit trail For Recipe Management Typical system configuration Access control Audit trail For Reporting * Access control Audit trail For HIS Access control Audit trail For the HIS in the field B: Management of Operators. Management of the whole audit trail data in the overall system. In the field HIS

8 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.8 Ethernet Audit trail data server E: System Administrator HIS A: Management of Operators. D:Management of recipe management C: Management of instrumentation engineers. Reporting PC B: Management of Operators. Recipe builder System builder (1) Access Administrator Package (FDA CFR Part11 compliance) (2) Historical message integration pkg. (3) Standard Operation function (4) Standard Builder function (5) Reporting Package (6) Recipe Management Package (7) MS-EXCEL (8) Acrobat Part11 related packages (7) MS-EXCEL (8) Acrobat (1) Access Administrator Package (2) Historical message integration pkg. (3) Standard Operation function (5) Reporting Package (7) MS-EXCEL (1) Access Administrator Package (4) Standard Builder function (1) Access Administrator Package (6) Recipe Management Package (1) Access Administrator Package Part11 related software packages

9 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.9 Audit trail data server needs to be an independent PC, separate from the HIS, Builder (System View), or Recipe management PCs. We strongly recommend separate HIS and engineering functions, such as Builder, Recipe management. Package combination in a PC.

10 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.10 Functional overview of CS 1000/CS 3000 features to meet 21 CFR Part11 requirements.

11 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.11 In CS1000, CS3000 design policy, from the security point of view, was to classify people into 4 groups, based on their roles to access DCS. –Operators Operation and monitoring, Executing control recipes, Reporting, Generation of the report template. –Instrumentation Engineers Configuration work, such as creating control logics, sequence, graphics, etc by using System builder. –Recipe Engineers Creating master recipes. –System Administrators Access control for all people who access DCS, Setting audit trail, etc. Security and classifying

12 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.12 Security functions (1/2) Operator Authentication / Engineer Authentication –2 entry items, User ID and password, are necessary for authentication. Check the valid Period of User Passwords. –System Administrator sets the valid period of user passwords. –On expiration, a dialog is displayed notifying that changing the password is required. Intrusion Counter –System counts the number of invalid intrusions. –If the number reaches the limit set by System administrator, a System Alarm occurs on all HIS’s and is stored in the audit trail server.

13 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.13 Security functions (2/2) Automatic User-Logout (HIS) –After a period set by System Administrator, no action with keyboard or with mouse will automatically trigger a User- Logout action and the display screen is cleared. Automatic screen lock (Builder, Recipe builder, Reporting) –After the period set by System Administrator, no action with keyboard or with mouse will trigger the “Lock screen” action preventing user actions on any windows. To unlock, a password is required. The management of disused user ID’s. –When an user ID becomes disused (ex. Quits the company), the user ID is managed as “Disused User ID” instead of just deleting the ID. Disused User ID’s are not able to be used again.

14 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.14 Audit Trail Actions are stored automatically in the Audit Trail Server with 5W1H (Who, What, When, Where, Why, and How) manner. The audit trail starts automatically when the system starts up, and keeps running continuously.

15 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.15 The protection against accessing the files directly. CENTUM Desktop function –All icons and the Windows Explore can be hidden to avoid operator’s access Windows’s files directly. –This enables prevention of miss-operation or invalid access. –Note:that even with the use of the CENTUM Desktop function, 100% protection is not possible (I.e., remote network access). It is essential to manage this with a SOP (Standard Operation Procedure). Note for security policy (1/2)

16 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.16 The management of System Administrator. –There is no function to protect against the illegal access by System Administrator. –It is essential to manage with a SOP (Standard Operation Procedure) based on the example below. Example: Assign two people who have following roles respectively to have the difficulty to perform the invalid access. System Administrator (The administrator for DCS users) who is responsible to register/delete user accounts. IT maintenance administrator (Not a DCS user) who is responsible to maintain all PCs used in the DCS system. Note for security policy (2/2)

17 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.17 HIS on field HIS Management of Operators V net oo o FCS Access control User ID + Password User ID + Finger print check Check the valid Period of User Passwords. Intrusion Counter Automatic user-out Double Authenticated Confirmation Dialog Box Audit Trail Automatic recording with 5W1H manner. Eternal storage & Integrated management. Others Disused user ID management. Ethernet Management of Operation Access control Audit trail For HIS HIS: Human Interface Station FCS:Field Control Station

18 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.18 HIS in field HIS Ethernet All operations (actions) on the HIS are stored in each HIS in an FIFO manner and are equalized among all HIS’s. The audit trail of all HIS’s can be handled in a single PC. Long-term storage. (Eternal) Quick search. Reporting the search result. (PDF, Electric signature) Therefore, Audit trail data server Audit trail for operation Storage & integrated management.

19 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.19 Management of Instrumentation engineering. Access control - User ID + Password - Check the valid Period of User Passwords. - Intrusion Counter - Automatic lock-out Audit Trail - Automatic recording with 5W1H manner. - Recorded audit can be displayed on a dedicated viewer. Others - Disused user ID management. C: Management of instrumentation engineers. Access control Audit trail For System builder

20 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.20 Management of Recipe engineering. Access control - User ID + Password - Check the valid Period of User Passwords. - Intrusion Counter - Automatic lock-out Audit Trail - Automatic recording with 5W1H manner. - Recorded audit can be displayed on a dedicated viewer. Others - Disused user ID management. D:Management of recipe management Access control Audit trail For Recipe Management

21 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.21 Action range for reporting. The Reporting Package The reporting package of CS1000, CS3000 contains 2 major functions. –Generating the report template by a senior operator (manager) –Printing the report by a general operator Depending on each role of manager or operator, they are included in each group and access control can be executed. The Group “Manager” The group “Operator” Report printing Generating report template

22 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.22 Management of generating templates Access control - User ID + Password - Check the valid Period of User Passwords. - Intrusion Counter - Automatic lock-out Audit Trail - Automatic recording with 5W1H manner. - Recorded audit can be displayed on a dedicated viewer. Others - Disused user ID management. Reporting Access control Audit trail For Reporting B: Management of Operators. HIS

23 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.23 Management of printing There are 2 ways to print the report. –Output the report as PDF files. (Recommended) PDF files have stronger security. It enables to need User ID and password. –Output the report as XLS files. It is necessary –to make the audit trail function of MS-EXCEL start automatically –to manage all report files with passwords –to store the Audit Trail Server as XLT files.

24 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.24 Case A:Because the reconsideration data need to be entered via HIS, the authentication function of HIS can be used. Adobe Acrobat HIS or PC A B Stronger data security Electric signature with User ID + Password.xlt Logging DB Printing log files DB Audit Trail server.xlt Case B:Make the audit trail function of MS-EXCEL start automatically, manage all report files with passwords, and store the Audit Trail Server with “xlt” files. MS-EXCEL PDF files Entry reconsideration data Management of printing

25 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.25 Appendix

26 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.26 User-in Dialog

27 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.27 WhoWhenWhereWhatWhyHow Audit Trail (Historical Report)

28 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.28 Revised items are noted by color Clarifying the revised items at configuration

29 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.29 Double Authenticated Confirmation Dialog Box

30 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.30 Warning Dialog for operation

31 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.31 Setting password related items Preservation of invalid access Notification of invalid access Valid Period of User Passwords. Intrusion Counter

32 Copyright © Yokogawa Electric Corporation Proprietary info goes here… Page.32 User ID [Number of characters] Password [Number of characters] Valid Period of Passwords [Day] Intrusion Counter [Times] Non-operation time [Min] HIS1 – 161 – 32Up to 1000Up to 10Up to 59 Builder1 – 16No upper limitation.Up to 999 Up to 59 Recipe Management 1 – 16No upper limitation.Up to 999 Up to 59 Reporting1 – 16No upper limitation.Up to 999 Up to 59 Reference Configurable range


Download ppt "Yokogawa Electric Corporation Copyright © Yokogawa Electric Corporation 21 CFR Part 11 Support for CS1000/3000."

Similar presentations


Ads by Google