Specifications
28
21 CFR Part 11 permits the use of
electronic signatures if the appli-
cation ensures data integrity, data
security and full audit-trail docu-
mentation. If an electronic signa-
ture is supposed to be equivalent
to a handwritten signature it must
contain at least two distinct identi-
fication components such as an
identification code and a pass-
word.
The ChemStation Plus Security
Pack protects all activities that
create, modify or delete electronic
records with user privileges and
electronic signatures. Signing for
approval is a privilege that must
be configured and granted by the
system administrator and is there-
fore limited to certain users.
Signing runs for approval and
rejection always prompts for a re-
identification and password con-
firmation of the signing and cur-
rently logged-on user for each run,
plus a mandatory comment for the
sign off, as shown in figure 16.
All other sensitive actions (for
example, changing run-related
custom field values such as the
batch ID) and the archival or
deletion of runs follow the same
process as described above.
All electronic signatures are
noted in the individual sample
audit-trail and in the database log-
book.
The ChemStation Security Pack
uses electronic signatures based
on the application User-ID/pass-
word combination to uniquely
identify the user and their signa-
ture. In order to keep the pass-
word unique to the individual
user an additional security func-
tion is implemented to periodical-
ly check and revise passwords,
and apply the company's pass-
word policy (figure 17). The
administrator can specify the val-
ues for these conditions.
• Minimum length is the
minimum acceptable length (in
characters) of a password.
Passwords shorter than the
minimum length are invalid
and rejected by ChemStore
C/S. The default is eight char-
acters with a valid range
between 0 and 30.
• Password expiry date is the
number of days over which the
password remains valid. The
password expires after the
specified validity, and a new
password must be provided.
The default is 90 days with a
valid range between 1 and
32000.
• Password uniqueness is the
minimum number of new,
unique passwords that a user
must use before a password can
be re-used. The default is 12,
which means that a user must
change the password at least 12
times before re-using the origi-
nal password. The range is
between 0 and 32000.
• Account lockout after ‘x’
attempts (where ‘x’ is the num-
ber of failed log-on attempts) is
the maximum number of con-
secutive unsuccessful attempts
that a user can enter before
ChemStore rejects the user. The
default is three with a valid
range between 0 and 32000. If
the maximum number of re-
entries is reached, the current
user is invalidated and must be
reactivated by a user with the
required permission.
ChemStation Plus Security Pack—Electronic Signatures and Password Security
Figure 17
Password policy
Figure 16
Signing off results requires reentry of
user ID with password confirmation
and a mandatory comment