|
FORMULATORÔ
21 CFR Part 11 Compliance
FORMULATOR Software, LLC certifies that FORMULATORÔ (Version 3.1 and higher) provides the software functionality and auxiliary tools to completely and fully facilitate end-user compliance with applicable rule requirements within current FDA “Guidance for Industry Part 11, Electronic Records” as follows: (a) Validation.
We
certify that all equation functionality, property bases, and unit of measure
bases have been fully validated by hand testing of formulation data provided
with the demonstration database(s). The
user can apply this method to validate any equations, properties, or units of
measure that they add to the software via the set-up screens provided.
There is no functional opportunity for the user to manipulate or change
the calculation results once the calculation has been performed. FORMULATORÔ provides
simultaneous viewing access to the following (including details): All
properties; all units of measure; all equations; all QC tests; all boilerplate
instructions and device interface codes / LIM logic.
Records are displayed and highlighted during editing functions allowing
the user to validate data before and during the editing process as editing is
performed. Whilst the
above windows are displayed, the user can review all raw materials and their
properties, and view any given formulation at the same time, within
Formulation maintenance or via the tree viewers.
The tree view editor provides the user the ability to view and record
unit conversion and multi-level quantity summary validation.
These software utilities also provide the ability to validate the CAS
breakdown for REGULATORÔ. User
accessible data is date, time and user ID stamped for add and update.
Logs may be selectively created for each database / company, depending
on end-user preferences. (b) Printing.
Comprehensive reports
are provided with the FORMULATORÔ system software. Printouts are available for all
data entered and saved into the system to allow hard copy documentation and
retention of data. FORMULATORÔ data is
always contained within an SQL* database of the user’s choosing, and all
reports are provided in Seagate Crystal Reports RPT format. (c) Records retention.
While
largely an end-user procedures issue, FORMULATORÔ
provides a complete formula logging and restore system that lets the user
“undelete” formulas, or completely restore (or clone*) them back to a
previous state. (d) Limiting system access.
FORMULATORÔ access is controlled by several means.
Within the application, each user has a unique login with predetermined
access levels to the functions of FORMULATORÔ set by an
authorized administrator. The
passwords are stored ‘in the clear’ using a 128 bit fractal hashing
algorithm. Each successful logon
is stamped with a unique session ID and in/out times are logged in the system
database. All formulation activity
is traceable back to this session ID (logging of user IP address, domain, ARP,
or other system aspect is NOT covered in the base version).
The full SQL* version provides GRANT and REVOKE privileges synchronized
with the user maintenance module for enhanced SQL* security with minimal
impact on the database administrator.
A complete
application data log is also available, at the user’s discretion.
This option selectively saves all the SQL* input sent to the FORMULATORÔ database. A
completely qualified database administrator could ‘play back’ this output
against a back up of the data, to restore it to a given point in time. (f) Sequencing and Workflow. FORMULATORÔ has only
one true workflow-type operation, the QC process.
QC results begin when a batch ticket is printed.
QC then enters results against this ticket.
If you attempt to re-print the ticket, you will either be prevented, or
warned against it, depending on how your database is configured.
The other FORMULATORÔ workflow
instances are contained within single modules, and may be validated visually by
using the application (i.e., reverse calculation, search and replace, etc.).
Additional checks include preventing you from deleting a raw material that is
contained in a formulation. (g) Authorization.
FORMULATORÔ allows each user to be assigned an authorization
level for each module in the main menu. These
act locally, with the exception of the Raw Materials editor.
If you set up a user with no access to ‘Costs’ within the Raw
Material module, that user will typically not be able to see any costs anywhere
at any time, no matter what module they are running. Some major
edit and analysis modules, such as Raw Material and Formulation Maintenance,
allow further sub-authorizations within each editor.
For instance, you might allow a user read-write access to the main
formula screen and ingredients, but you may prevent this same user from
altering, or perhaps even viewing, QC standards or other aspects of the
formulation. (h) Device authentication.
While FORMULATORÔ can provide
device authentication to virtually any user specification, typically this
section falls into the realm of custom end-user requirements.
Signature Pad authentication is available as an additional function.
Further development would be needed to meet any additional needs in this
area. Subpart C – Electronic Signatures
11.300 Controls
for identification codes / passwords. (a)
Uniqueness.
FORMULATORÔ enforces a one string – one user policy that is
case insensitive. (b)
Password aging and (d) Unauthorized access
attempts. The
base version of FORMULATORÔ does not
enforce application level password length, re-use prevention, and does not
provide password aging / freshness logic or logon date / time / count
restrictions. It does not shut an
account down after a given number of bad logon attempts.
All of these functions, however, are generally available, at minimal
cost, depending on client specific requirements. James T.
DeGroff
*Note:
1) Cloning is a standard FORMULATOR function available within all application
and system editing components. Simply
put, it means to save the contents of a given editor to a new code number. 2)
All FORMULATOR I/O is based on ANSI Structured Query Language (SQL).
|