Dashboard / Files / QS-115
QS-115

cGMP Electronic System Controls and Requirements

Section QS — Quality System Revision 0 9 pages

Original Document

Scanned document (image-only PDF)

Extracted Text

Searchable text extracted from PDF

1.0 Purpose 
 
 This procedure defines the controls and requirements for Electronic Systems used to perform
 cGMP functions. 
 2.0 Scope 
 
 This procedure only applies to Electronic Systems used to perform cGMP functions. This
 procedure may be used to control and add requirements to non-cGMP systems at the discretion
 of Ion Labs management. Separate procedures may be written to cover other details of specific
 systems. If those specific SOPs conflict with this SOP, the more specific SOP will have
 precedence. 
 
 3.0 Responsibility 
 
 3.1 It is the responsibility of Ion Labs management to: 
 3.1.1 Be familiar with this SOP. 
 
 3.1.2 Identify electronic systems that perform cGMP functions and register those
 systems with Quality. 
 3.1.3 Participate with Quality in defining requirements as described in this SOP.
 
 3.2 It is the responsibility of Quality to: 
 3.2.1 Review and reject or approve requirements and controls for each registered
 system covered under the scope of this SOP. 
 
 3.3 It is the responsibility of Document Control to: 
 3.3.1 Assign and log system numbers. 
 
 3.3.2 File and retain forms, protocols, reports, and risk assessments associated with
 each systems and this SOP. 
 \ 
 4.0 Definitions 
 4.1 CFR — Code of Federal Regulations 
 
 4.2 Electronic Signature — Symbols or other data in digital form attached to other
 electronic data, transactions, or processes that are logically associated with a single
 individual (i.e. signatory) 
 4.3 Electronic System — A physical connection of components or parts that gathers various
 amounts of information together of fulfills an electronic request 
 
 
 

[SOP 

 Standard Operati; ng Procedure 
 SOOS-P1 N15o Re0 v Page 2 of 5
 cGMP Electronic System Controls and Requirements 
 
 4.4 ESCR — Electronic system control and requirements 
 4.5 eGMP — Current Good Manufacturing Practices 
 
 4.6 Validation — confirmation by examination and provision of objective evidence that the
 particular requirements for a specific intended use can be consistently fulfilled (21 CFR
 820.3) 
 5.0 References 
 
 5.1 QS-115-F1, Form, cGMP ESCR System Log 
 5.2 QS-115-F2, Form, cGMP ESCR Checklist 
 
 5.3 QS-115-F3, Form, cGMP ESCR Electronic Signature Acknowledgement 
 5.4 QS-115-F4, Form, cGMP ESCR Backup Requirements 
 
 5.5 21 CFR Part 11 
 5.6 C-105, SOP, Protocol and Report Document Requirements 
 
 Sf QS-114, SOP, Quality Risk Management 
 5.8 D-105, SOP, Out of Specification/Out of Trend Investigation 
 
 6.0 Procedure 
 
 6.1 Overview 
 6.1.1 This SOP defines the requirements and controls that should accompany cGMP
 electronic systems and provides a mechanism to document specific controls and
 requirements for each individual system. 
 
 6.2 System Numbers 
 6.2.1 Document Control is responsible for assigning a unique number to each system
 applicable to this SOP. DC assigns numbers in the following format:
 
 6.2.1.1 SYS -— [Year] — [###] 
 
 e SYS = abbreviation for “System” that uniquely identifies the number
 as a system number rather than other types of numbers used at Ion
 Labs. 
 e [Year] = the last two digits of the year that the system number is
 assigned. 
 
 e [###] = a sequential number representing the count of numbers
 assigned to that event type for the given year starting at 001.
 
 Example: the third system number issued in 2020 would be assigned
 SYS-20-003. 
 Example: the fifth system number issued in 2021 would be assigned
 SYS-21-005. 
 
 
 

[SOP 

 Standard Operating Procedure SOP No Rev 
 . Le Page 3 of 5 
 cGMP Electronic System Controls and Requirements QS-115 0 8 
 
 6.3 System Log 
 6.3.1 DC maintains a log of each system number issued. At a minimum, the following
 information will be maintained in the log: 
 
 6.3.1.1 System number 
 6.3.1.2 System description 
 
 6.3.1.3 Logged by initials and date 
 6.3.2 DC may choose to include additional information in the log. DC may use form
 QS-115-F1 to create the log to record assigned system numbers and maintain
 those numbers. 
 
 6.4 System Documentation and Checklist 
 6.4.1 This SOP defines a number of controls and requirements for cGMP electronic
 
 systems and provides forms and/or references systems that are used to document
 controls or requirements specific to each system. This documentation provides
 a mechanism to review and approve system settings and requirements and
 provides an approved source to audit the system against. 
 6.4.2 This documentation should be summarized on form QS-115-F2 ESCR Checklist
 for each system,\ and should be filed in document control by system number. If
 desired, documents may be filed in an alternate system (i.e. the report or
 protocol system) with only the cross reference to those documents provided on
 form QS-115-F2. 
 
 6.4.3 The ESCR Checklist, form QS-115-F2, may be updated at any time. The
 signatures and dates on the checklist are not required at the time documents are
 generated, but are rather an indication of the time and date that the listed item is
 verified as current. Over time, the checklist may be updated to reference the
 most current status of the system, and previous versions of the form may be
 archived and also filed in document control by system number.
 
 6.5 System Validation IQ/OQ/PQ 
 6.5.1 Use SOP C-105 to generate one or more protocols and/or reports to document
 the validation assessment of the system. Reference applicable protocol and
 report number(s) on form QS-115-F2 (ESCR Checklist). 
 
 6.6 System Usernames, Passwords, and Electronic Signatures 
 6.6.1 Some cGMP processes require a signature, or initials of an individual
 completing the process. If an electronic system is used to meet a cGMP
 requirement, then that system must apply electronic signatures, initials, and / or
 
 date to the transaction or record the same way paper systems would require
 signatures, initials, or dates. Electronic systems are capable of identifying the
 individual using a system based on the user name and password used to gain
 access to that system. Additionally, biometrics or keys may be used to identify
 individuals using a system. 
 
 
 

[SOP 

 Standard Operating Procedure SOPNo | Rev 
 cGMP Electronic System Controls and Requirements QS-115 0 Page 4 of5 
 
 6.6.2 Ion Labs employees are expected to keep passwords and other identification
 mechanisms confidential and secure to ensure that other individuals cannot gain
 access to systems or sign for activities on their behalf. The use of a username
 and password is considered an electronic signature and carries the same
 meaning as a handwritten signature on a document. 
 6.6.3 This requirement is communicated to Ion Labs employees during the
 
 onboarding and training process and acknowledgement of this information is
 documented on form QS-115-F3 for each employee engaged in or potentially
 engaged in the use of these systems. 
 Ged Password Requirements 
 
 6.7.1 Some systems allow configuration of password requirements. For example, the
 number of characters required in a password, or the types of characters required
 in a password may be configurable. If applicable, the configured requirements
 for a password may be defined and documented on form QS-115-F2 (ESCR
 Checklist). 
 6.8 User Roles and Permissions 
 
 6.8.1 Many electronic systems allow the assignment of permissions to users. This
 may be accomplished by directly assigning permissions to each user, and / or
 may be accomplished by defining a role with specific permissions associated
 with that role, and then assigning a role to each user. In most cases, the
 permissions given to a user are critical to the management of an electronic
 system and are required to maintain data integrity. 
 
 6.8.2 Where applicable, the assignment of permissions to roles and users as well as
 the assignment of roles to users should be documented and approved by at least
 two signatures one of which is a member of the Quality department. Often, this
 documentation may be produced from a system report generated by the
 electronic system. 
 6.8.3 Use SOP C-105 to generate one or more reports to document the assignment of
 permissions to roles, as well as the assignment of roles and permissions to users.
 
 As applicable attach system reports to this report. Reference this report number
 on form QS-115-F2 ESCR Checklist. 
 6.9 System Backup 
 
 6.9.1 Electronic data generated to meet a cGMP requirement must be maintained for
 the period of time required by the applicable regulations and / or applicable Ion
 Labs SOPs. A data backup plan should be determined and documented for each
 applicable system. 
 692 For simple backup plans, use form QS-115-F4 to document the backup plan and
 file the completed form in document control by system number. For more
 complex backup plans, use SOP C-105 to generate one or more reports to
 document the plan, or write a specific SOP to delineate the backup procedure.
 
 Reference either the form, report number(s), or SOP number(s) on form QS-
 115-F2 ESCR Checklist. 
 
 
 

[SOP 

 Standard Operating Procedure SOP No Rev 
 cGMP Electronic System Controls and Requirements QS-115 Page 5 of 5 
 
 6.10 System Audit Trail 
 6.10.1 Use a system specific SOP to delineate audit trail use and review, or use SOP C-
 105 to generate one or more reports to document the assessment of audit trail
 use requirements. Reference the SOP or report number(s) on form QS-115-F2
 ESCR Checklist. 
 
 7.0 Revision History 

| Rev | Date | Description of Changes | CCR # | By |
|-----|----------|------------------------|-------|----|
| 0 | 12/08/20 | New. N/A K. Burris | - | - |

 
 

[SOP 

| 
 
. 
 
e 
Ys 
So 
A 
T 
S 
I 
O 
U 
“ 
 
T 
o 
S 
s 
g 
Nk 
Is 
Va y 
w 
a 
S 
O 
NY 
‘ 
O9 
OD 
I 
Ud 
O 
S 
1 
T 
S 
a 
l 
o 
u 
y 
H O a s n 
H 
“T 
y 
’ 
u 
q 
s 
| 
I 
|O 
N 
4 
0 
4 
D 
O 
N 
I 
I 
G 
A 
N 
L 
I 
V 
T 
* 
‘ 

[SOP 

 cGMP ESCR Checklist 
 SEE ERaRT. Form: QS-115-F2 CCR No. N/A Revision: 0 
 
 Effective Date | 
 
 System Information 
 System # 
 
 System Name 
 
 System Description 
 
 Checklist Item References /Comments Verified By 
 Initials / Date 
 
 User Requirements 
 
 1Q/0Q/PQ 
 Validation 
 
 Password 
 Requirements 
 
 Defined user roles and 
 associated permissions 
 
 Assignment of either 
 role or permissions to 
 individual users. 
 
 Backup Requirements 
 
 System Audit Trail 
 review and use 
 
 requirements 
 
 
 Page 1 of 1 
 

[SOP 

 . “ cGMP ESCR Electronic Signature Acknowledgement and Consent
 QUALITY FIRST Form: QS-115-F3 CCR No. N/A Revision: 0 
 
 Electronic Signature Acknowledgement and Consent 
 
 BACKGROUND 
 
 Some cGMP processes require a signature, or initials of an individual completing the process. If an electronic
 system is used to meet a cGMP requirement, then that system must apply electronic signatures, initials, and / or
 date to the transaction or record the same way paper systems would require signatures, initials, or dates. Electronic
 
 g s a y i s n t e a m c s c e a s r s e t c o a t p h a a b t l s e y o st f e i m d . e n A t d i d f i y t in i g o n t a h l e l y i , n d b i i v o i m d e u t a r l i c u s s i o n r g k a e y s s y m st a e y m b b e a s u e s d e d o t n o t i h d e e n u t s i e f r y n in a d m i e vi d a u n a d l s p a u s s s in w g o r a d s u ys s t e e d m . to
 
 lon Labs employees are expected to keep passwords and other identification mechanisms confidential and secure
 to ensure that other individuals cannot gain access to systems or sign for activities on their behalf. The use of a
 u 
 si 
 s 
 g 
 e 
 n 
 r 
 a 
 n 
 t 
 a 
 ur 
 m 
 e 
 e 
 o 
 a 
 n 
 n d 
 a d 
 p 
 o 
 a 
 c 
 s 
 u 
 s 
 m 
 w 
 e 
 o 
 n 
 r 
 t 
 d 
 . 
 is considered an electronic signature and carries the same meaning as a handwritten
 PROVISIONS 
 ¢ You will protect and keep confidential usernames, passwords, etc. used to gain access to CGMP Electronic
 Systems 
 e You will not use any username and password other than your own to electronically sign a cGMP document
 or transaction. 
 e You agree that use of your username and password or any other biometric identifier or key carries the
 same meaning on electronic records as your handwritten signature on a document.
 ACKNOWLEDGMENT 
 a 
 B 
 n 
 y 
 d 
 s 
 a 
 i 
 g 
 g 
 r 
 n 
 e 
 i 
 e 
 n g 
 t o 
 t h 
 t 
 i 
 h 
 s 
 e 
 A 
 a 
 c 
 b 
 k 
 o 
 n 
 v 
 o 
 e 
 w 
 p 
 l 
 r 
 e 
 ov 
 d 
 i 
 g 
 s 
 e 
 i 
 m 
 on 
 e 
 s 
 n 
 . 
 t and Consent for Electronic Signatures, you acknowledge that you have read
 Printed Name 
 Signature 
 Date 
 Acknowledged By 
 
 Page 1 of 1 

[SOP 

 [ tt, 
 cGMP ESCR System Backup Requirements 
 sscacliiliaidea: Form: QS-115-F4 CCR No. N/A Revision: 0 
 
 Effective Date 
 
 System Information 
 
 System # 
 
 System Name 
 
 System Description 
 
 This form serves as a mechanism to define and approve the backup plan associated with this system. Use the
 detail section below to define the plan and add attachments as necessary. 
 Details 
 
 7 
 
 L_ 
 
 Additional Attachments 
 Attachment Description 
 # of Pages 
 
 Name Printed Name Signature 
 Date 
 Completed By 
 Approved By 
 | QC Doc Control (DC) 
 
 
 Page 1 of 1