WIXLIB

Spectroscopy Configuration Manager (SCM)Software21 CFR Part 11 Compliance Booklet

NoticesManual Part NumberWarrantyG9226-90034The material contained in thisdocument is provided “as is,” and issubject to being changed, withoutnotice, in future editions. Further, tothe maximum extent permitted byapplicable law, Agilent disclaims allwarranties, either express or implied,with regard to this manual and anyinformation contained herein,including but not limited to theimplied warranties of merchantabilityand fitness for a particular purpose.Agilent shall not be liable for errors orfor incidental or consequentialdamages in connection with thefurnishing, use, or performance ofthis document or of any informationcontained herein. Should Agilent andthe user have a separate writtenagreement with warranty termscovering the material in thisdocument that conflict with theseterms, the warranty terms in theseparate agreement shall control.Edition 1, July 2019Copyright Agilent Technologies, Inc. 2019No part of this manual may bereproduced in any form or by anymeans (including electronic storageand retrieval or translation into aforeign language) without prioragreement and written consent fromAgilent Technologies, Inc. as governedby United States and internationalcopyright laws.Agilent Technologies Australia (M) PtyLtd679 Springvale RoadMulgrave, Victoria, 3170, Australiawww.agilent.comTechnology LicensesThe hardware and/or softwaredescribed in this document arefurnished under a license and may beused or copied only in accordance withthe terms of such license.Safety NoticesCAUTIONA CAUTION notice denotes a hazard. Itcalls attention to an operatingprocedure, practice, or the like that, ifnot correctly performed or adhered to,could result in damage to the productor loss of important data. Do notproceed beyond a CAUTION noticeuntil the indicated conditions are fullyunderstood and met.WARNINGA WARNING notice denotes a hazard.It calls attention to an operatingprocedure, practice, or the like that, ifnot correctly performed or adhered to,could result in personal injury ordeath. Do not proceed beyond aWARNING notice until the indicatedconditions are fully understood andmet.Restricted Rights LegendU.S. Government Restricted Rights.Software and technical data rightsgranted to the federal governmentinclude only those rights customarilyprovided to end user customers.Agilent provides this customarycommercial license in Software andtechnical data pursuant to FAR 12.211(Technical Data) and 12.212(Computer Software) and, for theDepartment of Defense, DFARS252.227-7015 (Technical Data Commercial Items) and DFARS227.7202-3 (Rights in CommercialComputer Software or ComputerSoftware Documentation).2Spectroscopy Configuration Manager (SCM) Software 21 CFR Part 11 Compliance Booklet

Contents123Introduction5Background5How to Use This Document6Applicable Software Packages7System Requirements7Installation Configurations8Components of the SCM Software9Spectroscopy Database Administrator (SDA)9Spectroscopy Configuration Manager (SCM)10Profiles and Privileges1021 CFR Part 11 Compliance Using the SCM Software13Overview13DefinitionsElectronic RecordsClosed versus Open SystemsNon-biometrics versus Biometrics13141415Approach to Software SecurityAccess Controls and Authority Checks – User ID and PasswordsElectronic Record Security and Database ProtectionControlling User Identification Codes and PasswordsControlling Access and Checking Authority1516171819Controls for Electronic RecordsAccurate and Complete CopiesAudit trailsProtection of RecordsOperational and Device ChecksUsing Electronic Signatures202021222324Spectroscopy Configuration Manager (SCM) Software 21 CFR Part 11 Compliance Booklet 3

Contents4Documentation27Recommended Standard Operating Procedures27Archive and Retrieval of Electronic Records from the Agilent Software28Archiving and Retrieval of Electronic Records from the SCM SoftwareLogs28Breach of Security Identification28Locking the Application28Identifying Signed and Approved Files29Exporting data to LIMS, directories and databases29Education, Training and Experience29Documentation Control System30Account Policy30Reason for Change31Accountability and Responsibility for Electronic Signatures31Verification of Identification31Declaration of Evidence to Handwritten Signature31Roles and Responsibilities31Security of Passwords31564Validation DocumentationLong Term Qualification Procedures3232Checklists33SOP Checklist33Compliance Matrix34References37Spectroscopy Configuration Manager (SCM) Software 21 CFR Part 11 Compliance Booklet

Introduction1IntroductionBackgroundHow to Use This DocumentApplicable Software PackagesSystem RequirementsInstallation Configurations56778BackgroundThe Food and Drug Administration (FDA) of the United States (USA) regulates thefood and drug industry of the USA with the Code of Federal Regulations (CFR). TheFDA is within the Department of Health and Human Services and manages theCenter for Devices and Radiological Health.Title 21 of the CFR describes the requirements and regulations for the food anddrug industries. For food and drugs to be used within the USA, they must complywith the requirements of this regulatory body. In particular, manufacturers mustregister with the FDA and obtain approval for a license to distribute their productwithin the USA.Internationally, FDA regulatory compliance is recognized as a benchmark for thepharmaceutical industry with respect to research, drug development, drugmanufacture and sales and marketing of pharmaceutical products.Part 11 of Title 21 of the Code of Federal Regulations (referred to as 21 CFR Part11) 1 was released August 20, 1997 and revised April 1, 2005. Part 11, ‘ElectronicRecords; Electronic Signatures’ states the rules, definitions and guidelines underwhich the FDA,‘considers electronic records, electronic signatures, and handwritten signaturesexecuted to electronic records to be trustworthy, reliable, and generally equivalent topaper records and handwritten signatures executed on paper.’1The rule defines a standard under which an organization must operate in order tocomply with 21 CFR Part 11 and obtain FDA accreditation (licensing).Code of Federal Regulations, Title 21, Food and Drugs, Part 11 ‘Electronic Records: Electronic Signatures Final Rule’,Federal Register 62 (54), 13429-12466. A copy of the final rule can be found at: www.fda.gov1Spectroscopy Configuration Manager (SCM) Software 21 CFR Part 11 Compliance Booklet 5

IntroductionThe ‘Preamble’ to 21 CFR Part 11 states that,‘the use of electronic records as well as their submission to the FDA is voluntary.’ 2However, where an organization does decide to use electronic records andelectronic signatures, all requirements of the rule must be met in full for allelectronic records.Globally, the most stringent regulatory compliance standards are applied withinthe Pharmaceutical Industry. The FDA’s 21 CFR Part 11 rulings are recognized asbeing at the forefront of Pharmaceutical compliance with respect to productsafety. Subsequently, Agilent’s instrument development and technology is focusedtowards facilitating 21 CFR Part 11 regulatory compliance.How to Use This DocumentIt is important to read this document thoroughly, as failure to perform certaintasks could mean that Agilent’s software installation will not assist in meeting therequirements of the 21 CFR Part 11 rule.This document is aimed to provide scientists, database Administrators andNetwork Administrators with accurate information as to how Agilent softwarepackages can be readily and efficiently set up in order to comply with 21 CFR Part11. The majority of information within this document will be easily understood by ascientist or an instrument operator. Some sections of this document describespecific requirements for software set up, which may be more easily understoodand applicable to IT personnel. Overall, the information herein will provide theNetwork Administrator and the Spectroscopy Configuration Manager (SCM)Administrator with the appropriate information, to set up Agilent’s software inorder to assist the operator to achieve 21 CFR Part 11 compliance.NOTE2The 21 CFR Part 11 guidelines represent only one regulatory body. Agilent’s softwarepackages may be applicable to other regulatory guidelines. Contact your localAgilent representative in order to discuss this further.ibid, p 13430.6Spectroscopy Configuration Manager (SCM) Software 21 CFR Part 11 Compliance Booklet

IntroductionApplicable Software PackagesThis publication describes the approach Agilent has undertaken to assistcustomers in achieving 21 CFR Part 11 regulatory compliance.The applicable Agilent software packages that utilize the SpectroscopyConfiguration Manager are: ICP Expert version 7 or greater SpectrAA CFR ICP Expert II UV Dissolution UV Fiber Optic Dissolution Cary WinUV Pharma 4.10 or greater MicroLab, MicroLab Lite, MicroLab Quant, and MicroLab Mobile version 5.2 orgreaterThis document provides the following information:NOTE A detailed description as to how Agilent software (as listed above) assists theoperator to meet the requirements of the 21 CFR Part 11 rulings (Section 2and 3). Recommended, on-going Standard Operating Procedures (SOPs) tocomplement the software and instrument system (Section 4). A Compliance Matrix which compares the Agilent software directly with the 21CFR Part 11 FDA regulation (Section 5).Throughout this document, where the term ‘UV Dissolution’ software is used, thisrefers to both the UV Dissolution software and the UV Fiber Optic Dissolutionsoftware. When the term MicroLab software is used, it refers to the MicroLabversions listed above.System RequirementsAll system requirements are found in the Agilent Spectroscopy ConfigurationManager System Requirements document provided with the application software.Spectroscopy Configuration Manager (SCM) Software 21 CFR Part 11 Compliance Booklet 7

IntroductionInstallation ConfigurationsThe 21 CFR Part 11 software may be installed in the following configurations:NOTE8 Standalone application — where all software components are installed on onecomputer which controls the instrument and the instrument software. Network application — requires a single computer per instrument; where thesoftware components can each be installed on separate computers(unlimited) to form a 21 CFR Part 11 network. When a reference is made tonetworks in the context of SCM and 21 CFR Part 11, it refers to where the SDAis located on a network.Although networks can be used in the SCM system, the software DOES NOT use thesecurity of the networks to protect the data or to set privileges for the instrumentusers. The software uses its own, inherent, built-in security features, which thesystem/Network Administrator controls and activates within the software systemduring installation. This is described in more detail in Section 2.Spectroscopy Configuration Manager (SCM) Software 21 CFR Part 11 Compliance Booklet