WIXLIB

Subpart B Electronic RecordsRef.15.16.11.10 (f)11.10 (g)11.1011.3011.5011.70Subpart C Electronic mentsRecommended Customer ActionsIf the sequence of system steps or eventsis important, is this enforced by thesystem (e.g. as would be the case in aprocess control system)?YesThe balance offers to create tasks for different weighing applications. The userswithout the permission to create or modify tasks are not allowedIf a weight value is acquired accidentlythe user can mark the value as invalidand enter a reason for the invalidation.Does the system ensure that onlyauthorized individuals can use thesystem, electronically sign records, accessthe operation, or computer systeminput or output device, alter a record, orperform other operations?Yesto modify the basic settings of weighing tasks and can only execute the process.In the weighing task the user is guided by instructive texts and icons through theworkflow.In the user management user profiles and role rights are configured. The rolerights are a list of functions a user is allowed to perform with the system.Furthermore in the settings menu the local password rules (length, minimumlength, validity period, reuse, automatic logout time after inactivity, maximumretries of password entries and action after maximum failed password entries) aredefined.By the unique combination of user profile and password the access is limited toauthorized personnel and restricted to granted role rights.To sign electronic records the user must enter his password. Failed attempts tosign electronics records are recorded in the audit trail.17.11.10 (h)If it is a requirement of the system thatinput data or instructions can only comefrom certain input devices (e.g. terminals)does the system check the validity ofthe source of any data or instructionsreceived?N.A.The Cubis II MCA balance is a stand-alone system and don’t need external input.If the balance is connected to external systems or databases the integrity ofexchanged files is checked using MD5 checksum files. Connected devices mustbe configured and enabled in the balance system settings.18.11.10 (i)Is there documental training, includingon the job training for users, developers,IT support staff?YesSartorius offers the installation and IQ/OQ for Cubis II MCA balances. In theIQ/OQ protocol the list of trained personnel is document and signed by thecustomer.If the access is administrated locally thecustomer needs to define user profilesand educate administrative staff in theusage and configuration of user profiles.Alternatively the balance can beconnected to the company’s/institute’sLDAP server. Then the customer needsto work with the IT department for theconfiguration of user profiles.Each organization must developcontrolled, documented procedures forcompliance with this requirement.It is the customer’s responsibility to trainusers and support staff in the operationand administration of the Cubis II MCAbalance.19.11.10 (j)Is there a written policy that makesindividuals fully accountable andresponsible for actions initiated undertheir electronic signatureN.A.20.11.10 (k)Is the distribution of, access to, and useof systems operations and maintenancedocumentation controlled?N.A.The customer is responsible for a writtenpolicy concerning the correct usage ofelectronic signatures.The Sartorius Service can enter data on maintenances and device qualification(contact details, maintenance contract, next maintenance, warning date,maintenance cycle, device qualification) at the balance.Each organization must developcontrolled, documented procedures forcompliance with this requirement.It is the customer’s responsibility toadministrate these documents.For moremore w.sartorius.com/cubis-ii

Subpart B Electronic RecordsRef.11.1011.3011.5011.70Subpart C Electronic mentsRecommended Customer Actions21.11.10 (k)Is access to “sensitive” systemsdocumentation restricted e.g., netsecurity documentation, system accessdocumentation?N.A.On the balance only users with the right to access the settings menu can view, sortor export the alibi memory or audit trail.Each organization must developcontrolled, documented procedures forcompliance with this requirement.22.11.10 (k)Is there a formal change controlprocedure for system documentationthat maintains a time sequenced audittrail for those changes made by thepharmaceutical organization?N.A.Sartorius tracks the version number of software elements and operatinginstructions. Each change at the balance is recorded in the audit trail. Versioncontrol is an important part of the IQ/OQ documentation. Every change made tothe system must be documented in the IQ/OQ documentation, e.g. firmware andQApp Center updates.Each organization must developcontrolled, documented procedures forcompliance with this requirement.QuestionYes/No/N.A.CommentsRecommended Customer ActionsRef.It is the customer’s responsibility todefine a change control procedure forthe Cubis II MCA configuration anddocumentation.Subpart B – Electronic Records 11.30 Controls for Open Systems23.11.30What controls ensure record authenticity,integrity, and confidentially?N.A.The Cubis II MCA balance is a closed system24.11.30Is data encrypted?N.A.The Cubis II MCA balance is a closed system25.11.30Are digital signatures used?N.A.The Cubis II MCA balance is a closed systemQuestionYes/No/N.A.CommentsRef.Recommended Customer ActionsSubpart B – Electronic Records 11.50 Signature Manifestations26.27.11.5011.50--Do signed electronic records contain thefollowing related information?YesIn the electronic record the user name, date and time of signing are saved.Electronic records are created and signed by the user who started the weighingtask.YesThe electronic signature is displayed and printed with user name, date and timeof signing in reports.The printed name of the signerThe date and time of signingThe meaning of the signing (such ascreate, approval, review, responsibility)Is the above information shown ondisplayed and printed copies of theelectronic record?For moremore w.sartorius.com/cubis-iiSartorius assumes that the audit trail is notreviewed at the instrument but the audittrail and alibi memory data is exported andexternally reviewed and approved. It is thecustomer’s responsibility to perform audittrail review and approval in an appropriateway.

Subpart B Electronic RecordsRef.11.1011.3011.5011.70Subpart C Electronic mentsRecommended Customer Actions28.11.50Are date and time stamps appliedautomatically (vs. being keyed in by theuser)YesDate and time are automatically added to electronic records.By connecting the balance to an NTPserver the balance automaticallyreceives the correct time and datesettings at set intervals.29.11.50Are date and time stamps derived ina consistent way in order to be able toreconstruct the sequence of events?YesDate and time stamps are the local date and time at the location where thesignature was executed. The local time recorded in the audit trail is traceable toUTC time.By connecting the balance to an NTPserver the balance automaticallyreceives the correct time and datesettings at set intervals.30.11.50Is the above information subject to thesame controls as electronic records?(Audit trail, access control, etc.)YesThe user must have licensed the audit trail function. Then the system createselectronic records for events as listed above.Each organization must developcontrolled, documented procedures forcompliance with this requirement.31.11.70Are changes to electronic signaturesincluded in the audit trail?N.A.Electronic signatures cannot be changed.32.11.70Do the printed name, date, time andelectronic signature meaning appearin every human readable form of theelectronic record) (e.g. all screens andprinted reports).YesThe user name, date, time and meaning are displayed and printed in humanreadable form which each electronic signature (the Cubis MCA II only allows tocreate records.QuestionYes/No/N.A.CommentsRef.Recommended Customer ActionsSubpart B – Electronic Records 11.70 Signature/Record Linking33.11.70Are signatures linked to their respectiveelectronic records to ensure that theycannot be cut, copied or otherwisetransferred by ordinary means for thepurpose of falsification?YesEach electronic signature is linked to a specific record and the record is savedwith MD5 checksum. If electronic signatures are changed, deleted or transferredthe manipulation will be detected by a mismatch in the MD5 checksum.34.11.70If handwritten signatures are executed toelectronic records, are the handwrittensignatures linked to the electronicrecord?N.A.In electronic records no handwritten signatures can be executed. Handwrittensignatures may be executed to a printed report and such a report by itsmetadata is traceable to the original electronic record.35.11.70If the electronic record is changed, is theN.A.signer prompted to re-sign (via either manualprocedures (SOP) or technical means)?For moremore w.sartorius.com/cubis-iiElectronic records cannot be changed.The Cubis II MCA balance offersdifferent print formats for reports. Inprinciple any report can be signed byhandwritten signatures but to print acomplete dataset incl. metadata theGLP print incl. all data is the best option.

Subpart B Electronic No/N.A.11.70Subpart C Electronic SignaturesCommentsAre the electronic signatures linked (viaYestechnology, not procedures) to theircorresponding electronic records to ensurethat the signature cannot be excised,copied, or otherwise transferred to falsifyan electronic record by ordinary means?Electronic signatures are part of electronic reports and create an entry in theaudit trail. The Cubis II MCA balance doesn’t allow to modify electronic recordsor the audit 0Recommended Customer ActionsRecommended Customer ActionsSubpart C – Electronic Signatures 11.100 General Requirements37.11.100 (a)Are electronic signatures unique to anindividual?YesElectronic signatures are signed with the user name. The Cubis II MCA balancedoes not allow to create user accounts with identical names.If the user accounts at the Cubis II MCAbalance are controlled by a local LDAPsystem it’s in the customer’s responsibilitynot to allow group accounts (accounts usedfrom more than one individual to accessnetwork or local resources). Furthermore itmust be regulated that users do not makepassword available to other internal orexternal individuals.38.11.100 (a)Each electronic signature shall be uniqueto one individual and shall not be reusedby, or reassigned to, anyone else?YesThe user name is unique and cannot be assigned to anyone else.Each organization must developcontrolled, documented procedures forcompliance with this requirement.If users leave the lab the systemadministrator can inactivate the user.39.11.100 (b)Is the identity of an individual verifiedbefore an electronic signature isallocated?Yes40.11.100 (b)Is there a procedure for reissuingforgotten passwords that verifies therequestor’s identity?N.A.41.11.100 (c)(1)Has certification of the intent to useelectronic signatures been submittedto the agency in paper form with atraditional handwritten signature?N.A.Each organization must developcontrolled, documented procedures forcompliance with this requirement.42.11.100 (c)(2)Can additional certification or testimonybe supplied to show that an electronicsignature is the legally binding equivalentof the signer’s handwritten signature?N.A.Each organization must submit theirwritten intent to comply with thisrequirement.For moremore w.sartorius.com/cubis-iiBefore the electronic signature is assigned to an electronic record the user mustenter his password to authorize the signing process.

Subpart B Electronic Subpart C Electronic SignaturesComments11.10011.20011.300Recommended Customer ActionsSubpart C – Electronic Signatures 11.200 Electronic Signature Components and Controls43.11.200 (a)(1) (i)Is the electronic signature made up ofat least two components, such as anidentification code and password, or anID card and password?YesAn electronic signature comprises if a unique user name and a password. Theuser has to log on with password to start tasks and sign electronic reports.44.11.200 (a)(1) (ii)When several signings are made duringa continuous session, is the passwordexecuted at each signing (Note: Bothcomponents must be executed at thefirst signing of a session)?YesThe user has to select their unique user name and to log on to the balance withhis password. For each signing process the user must enter his password again.45.11.200 (a)(1) (ii)If signings are not made in a continuoussession, are both components of theelectronic signature executed with eachsigning?N.A.An automatic log off after a selected time of inactivity can be configured. By theautomatic log off the current session is closed and is not continued if user logs inagain.46.11.200 (a)(2)Are non-biometric signatures onlyused by their genuine owners (e.g. byprocedures or training reinforcing thatnon-biometric electronic signatures arenot “loaned” to co-workers or supervisorsfor overrides)?N.A.47.11.200 (a)(3)Would an attempt to falsify an electronicsignature require the collaboration of atleast two individuals?N.A.For LDAP the functionality to rest the passcode require at least the resetter andwitness to ensure that the reset is trustworthy. This rest mechanism must beimplemented in the customer directory service.48.11.200(b)Are biometric electronic signaturesdesigned to ensure that they can be usedonly their genuine-owners?N.A.The Cubis II MCA does not use biometric electronic signatures.QuestionYes/No/N.A.CommentsRef.The user management and electronicsignature must be licensed andactivated. Furthermore the user musthave set a password to sign reports.It is the customer’s responsibility tocorrectly configure the automatic log offfunction to avoid endless sessions. Thetime of inactivity until automatic log offmust be selected.Each organization must developcontrolled, documented procedures forcompliance with this requirement.Each organization must developcontrolled, documented procedures forcompliance with this requirement.Recommended Customer ActionsSubpart C – Electronic Signatures 11.300 Controls for Identification Codes/Passwords49.11.300 (a)Are controls in place to maintain theYesuniqueness of each combined identificationcode and password, such that no individualcan have the same combination ofidentification code and password?For moremore w.sartorius.com/cubis-iiIf new user account are created the Cubis II MCA checks if the user name isalready in use. It is not possible to create a user accounts with identical names.In the local password settings the rules for the reuse of passwords can be set.If using LDAP it’s the customer’sresponsibility to ensure that useraccounts are unique and to prevent thereuse of user names if a user leaves thecompany. The customer must defineprocedures for the definition of uniqueuser names or password reuse.

Subpart B Electronic Subpart C Electronic SignaturesComments11.10011.20011.300Recommended Customer Actions50.11.300(b)Are procedures in place to ensure thatthe validity of identification codes areperiodically checked?N.A.Each organization must developcontrolled, documented procedures forcompliance with this requirement.51.11.300(b)Do passwords periodically expire andneed to be revised?YesIn the local password settings the validity period of password can be set.If using LDAP it’s the customer’sresponsibility to ensure that passwordshave a limited period of validity.52.11.300(b)Is there a procedure for recallingidentifications codes and passwords if aperson leaves or is transferred?N.A.Users can be inactivated/reactivated by the administrator.Each organization must developcontrolled, documented procedures forcompliance with this requirement.53.11.300(b)Is there a procedure for electronicallyYesdisabling an identification code or apassword if it potentially comprised or lost?Users can be inactivated/reactivated by the administrator. In the local passwordsettings the validity period of password can be set. The user password can bemodified at any time if necessary.Each organization must developcontrolled, documented procedures forcompliance with this requirement.54.11.300 (c)Is a SOP in place directing action to betaken to electronically deauthorize lost,stolen, missing, or otherwise potentiallycompromised tokens, cards, and otherdevices used to carry or generateelectronic signature componentsN.A.55.11.300 (c)Does this SOP contain procedures formanaging and controlling temporary orpermanent token/card replacements?N.A.The Cubis II MCA balance does not accept tokens/cards.56.11.300(d)Is there a procedure for detectingattempts of unauthorized use and forinforming security?YesAfter an invalid login attempt an immediate message is displayed and a record iscreated in the audit trail.Each organization must developcontrolled, documented procedures forcompliance with this requirement.The number of maximum retries and the action if the maximum number ofallowed failed login attempts is reached can be configured at the Cubis II MCAbalance in access management rule management menu.The Cubis II MCA balance does not inform the system administrator but insteadthe system administrator defines the action of the software if the maximumnumber of login attempts is exceeded.57.11.300 (a)Are there procedures covering theinitial and periodic testing of devices,such as tokens or cards that bear orgenerate identification code or passwordinformation?N.A.The Cubis II MCA balance does not accept tokens/cards.58.11.300(b)Does the testing include checks forproper functioning, performancedegradation, and possible unauthorizedalterations?N.A.The Cubis II MCA balance does not accept tokens/cards.For moremore w.sartorius.com/cubis-iiIt is the customer’s responsibility toset the access management rulesappropriately and to control if e.g. useraccounts have been inactivated afterthe maximum number of allowed loginattempts were exceeded.If using LDAP it is the customer’sresponsibility to define the action of thesystem at attempts of unauthorized useand the information procedure.

Subpart B Electronic Records 11.10 11.30 11.50 11.70 Subpart C Electronic Signatures 11.100 11.200 11.300 Cubis II MCA 21 CFR Part 11 Compliance Checklist Overview Yes/No/N.A. Is the system a Closed System, where system access is controlled by the persons who are responsible for the content of the electronic records that are on the system?