Sr. No.
|
Annex-11
|
CFR 21 Part-11
|
1
|
Principle
|
11.2(b)- Implementation
11.10(a)- Validation
|
2
|
Risk Management
|
Not Applicable
|
3
|
Personnel
|
11.10(i)- Personnel
|
4
|
Suppliers and Service Providers
|
Not Applicable
|
5
|
formal agreements
|
Not Applicable
|
6
|
audit supplier
|
Not Applicable
|
7
|
review documentation for COTS
|
Not Applicable
|
8
|
supplier audit available on
request
|
Not Applicable
|
9
|
Validation
|
11.10(a)- Validation
|
10
|
cover life cycle
|
not covered
|
11
|
change control and deviations
|
11.10(k)- Documentation control
|
12
|
systems inventory
|
not covered
|
13
|
user requirement specifications
|
not covered
|
14
|
quality management system
|
not covered
|
15
|
process for customized systems
|
not covered
|
16
|
evidence of appropriate test
methods
|
not covered
|
17
|
data transfer validation
|
11.10(h)- Device checks
|
18
|
Data
|
11.10(f)- Operational system
checks
11.30- Controls for open
systems
|
19
|
Accuracy Checks
|
11.10(f)- Operational system
checks
|
20
|
Data Storage
|
11.10(c)- Protection of records
|
21
|
secured and accessible
|
11.10(d)Limiting system access
11.10(e)-Secure Records
11.10(g)-Authority checks
|
22
|
back-up
|
not covered
|
23
|
clear printed copies
|
11.10(b)- Generate accurate and
complete copies
|
24
|
batch release/changed since
original
|
not covered
|
25
|
Audit Trails
|
11.10(e)- Electronic audit
trail,
11.10(k)(2)- Documentation
control
|
26
|
Change and Configuration
Management
|
11.10(d)- Limiting system
access
11.10(e)- Electronic audit
trail
|
27
|
Periodic evaluation
|
11.300(b) and (e)- periodically
checked
11.10(k)- Documentation control
|
28
|
Security
|
11.10(c)- Protection of records
|
29
|
physical/logical
|
11.10(d)- Limiting system
access
11.10(g)- Authority checks
11.200(a) and (b)biometrics
11.300(a) Unique
11.300(d)- prevent unauthorized
use
|
30
|
criticality
|
Not Coverd
|
31
|
Security-record events
|
11.300(b)and (c)-Controls for
Identification Codes/Passwords
|
32
|
data management/operators entries
|
11.10(e)-Controls for Closed
Systems
|
33
|
Incident Management
|
not covered
|
34
|
Electronic Signature
|
11.50-Signature manifestations
|
35
|
same as hand-written
|
11.1(a) Scope
11.3(b)(7) Definitions
11.100(c) Certify equivalent to
Handwritten
|
36
|
permanent link
|
11.70- Signature/record linking
|
37
|
time and date
|
11.10(e)- Electronic audit
trail
|
38
|
Batch release
|
not covered
|
39
|
Business Continuity
|
not covered
|
40
|
Archiving
|
11.10(c)- Protection of records
for accurate retrieval
|
41
|
Validation
|
4-Validation
|
42
|
Generate accurate and complete
copies
|
8.1-Printouts
|
43
|
Protection of records for
accurate retrieval
|
17-Archiving, 12-Security
7-Data Storage
|
44
|
Limiting system access to
authorized individuals
|
7.1- secured and accessible
10- Change and Configuration
Management
12.1-Security, physical/logical
|
45
|
Record of operator entries
(audit trail)
|
7.1- secured and accessible
10- Change and Configuration
Management
12.1-Security, physical/logical
|
46
|
Operational system checks
|
5-Data, 6- Accuracy Checks
|
47
|
Authority checks
|
7.1- secured and accessible
12.1-Security, physical/logical
|
48
|
Device checks
|
4.8-Validation
|
49
|
Personnel (who develop, users
and maintain
systems)
|
2-Personnel
|
50
|
User accountability for actions
initiated undere-signatures
|
not covered
|
51
|
Documentation control
|
9-Audit Trails
4.2- change control and
deviations
10-Change and Configuration
Management
11- Periodic evaluation
|
52
|
Controls for open systems
|
Principle (all systems)
5. Data
|
53
|
Signature manifestations
|
14-Electronic Signature
|
54
|
Signature/record linking
|
14(b)-Electronic Signature
|
55
|
Unique/not reused
|
not covered
|
56
|
Verify identity
|
not covered
|
57
|
Certify equivalent to
handwritten
|
14(a) same as hand-written
|
58
|
not based on biometrics
|
12.1-Security, physical/logical
|
59
|
based on biometrics
|
12.1-Security, physical/logical
|
60
|
Unique
|
12.1-Security, physical/logical
|
61
|
periodically checked
|
11. Periodic Evaluation
12.3-Security- record events
|
62
|
procedures to deauthorize
|
12.3-Security, record events
|
63
|
prevent unauthorized use
|
12.1-Security
|
64
|
proper function
|
11-Periodic evaluation
|
Key Point:-
1. Are entry /
exit procedures followed as per the approved procedure for server room?
2. Review the
job description and training record of the computer system administrator in
charge of Automated and Computerized Equipment and Systems.
3. Are PLC
systems controlled in order to prevent unauthorized changes?
4. Are all
Master document saved in separate folder with security controls.
5. Are obsolete
files separated from master documents / files & archived in separate folder.
Note :- This is Only Knowledge Purpose and Blog Contain is my View + Internet Search and Guideline.
Note :- This is Only Knowledge Purpose and Blog Contain is my View + Internet Search and Guideline.
0 Comments