BioPhase 8800 system 21 CFR Part 11 compliance features

BioPhase 8800 system design and software

Richard Carson, Marcia Santos, Sahana Mollah
SCIEX, Brea, CA

Introduction


In 1997, the United States Food and Drug Administration (FDA) released a document outlining their expectations for collecting and reporting of specified data to the FDA in electronic format for inspection. This regulation is under Title 21, Chapter 11 in the Code of Federal Regulations. Technology changes rapidly, and many questions have been raised regarding this regulation. The FDA has released guidance documents to clarify the regulation, continuously being updated as the regulation evolves. 21 CFR Part 11is being applied as described in subsequent FDA guidance documents by therapeutic development companies. 1 Software and data collection systems alone cannot achieve compliance with 21 CFR Part 11. It is necessary to have policies and procedures designed to ensure these products are used in compliance with 21 CFR Part 11.

In this document, we describe the data collection system, software, and controls that should be considered with each institution's policies and procedures to achieve compliance with 21 CFR Part 11. This document is limited to sections of 21 CFR Part 11 where the customer can use the design and features of the BioPhase 8800 system to facilitate compliance with 21 CFR Part 11.

Figure 1. The BioPhase 8800 system equipped with LIF and UV detectors and consumable/reagent kits.

BioPhase 8800 system design and configurations


The BioPhase 8800 system has an integrated control system designed to manually govern the instrument and run sequences located in a project folder. Project folders can be found on a local workstation (Figure 2) or a network (Figure 3). When connected to a network, a workstation configured as a "Domain Isolator is required. The Domain Isolator must have two network ports. One port is connected to the BioPhase 8800 system, and the other port is connected to the network. The purpose of the Domain Isolator is for the configuration of projects and granting project access to authorized users. The Domain Isolator is also used to designate users with signature authority for a given project. Users with BioPhase 8800 software installed on their workstation can write methods and sequences to projects if granted access to these projects. Users of the instrument can access these sequences to run samples on the system if they have been given access to these project folders. Any data collected by the instruments will be written back to its respective project folder. Users with the method development software can subsequently analyze data on their workstation if they have been granted access to the project data folder.

Figure 2. Projects on local workstation.

Figure 3. Projects on network domain.

Subpart B – Electronic Records

Subpart A of 21 CFR Part 11 outlines general provisions including scope, implementation, and definitions associate with the regulation. Other than as defined below, these general provisions apply more to customer processes than product features, so further discussion of the general requirements is not included in this technical note. For additional details on subpart A, see the full text of 21 CFR Part 11 and related guidance documents on the FDA website.1

Controls for closed systems

21 CFR Part 11 defines a closed system as an environment in which the system access is controlled by the user responsible for the content of electronic records. The BioPhase 8800 system can be configured as an open system or as a closed system.

Local workstation closed system

If the BioPhase 8800 system is configured to obtain sequences and save data to a project on a local workstation, user access canbe governed using login credentials for the local workstation.

Network domain closed system

If the BioPhase 8800 system is configured to obtain sequences and savedata to a project on a network domain, user access is controlled using an application on the Domain Isolator. Access to the Domain Isolator can be restricted to specific users on the network domain by granting only particular users access to the applicationon the Domain Isolator with their network credentials. These users will have the ability to create projects, grant other users access to the project folders, and grant certain users authority to electronically sign data.

Signature repudiation

Procedures and controls must be established to ensure a signer cannot readily repudiate a signed record on the basis of it not being genuine.

Validation

The users are responsible for validating their procedures and the product controls, to ensure accuracy, reliability, consistent performance, and the ability to discern invalid or altered records. The BioPhase 8800 system control pertaining to a part of 21 CFR Part 11 includes controls for data file integrity, data audit trails, draft watermark for reports with unsigned data and electronic data signature. 

Data file integrity

When BioPhase 8800 system files are created, a 256-bit hash value is calculated. This hash value is encrypted with a 1024-bit private encryption key. The encrypted value and a corresponding public key are saved with the file. When a user attempts to open a file in the software, the hash value for the file is calculated. Next, the software decrypts the hash value saved using the public key and compares it with the calculated hash value. If the hash values are not the same, the software will not allow the file to be opened. This technique is commonly used to ensure file data integrity. The same hash function technique is applied to all file types created in BioPhase 8800 system software.

Data audit trails

To review the data audit trail of a data file, select the data file and right-click on the undo icon in the right-hand side tool bar.

Figure 4. Undo icon.

The analysis history of the data file will be displayed. In the example below, the data has been acquired, but no analysis has been performed.

Figure 5. Analysis history.

For example, in Figure 6, the data was analyzed. The Threshold parameter was changed, and the data file was reanalyzed. The threshold was changed a third time and analyzed again.

Figure 6. Unsaved analysis history.

In Figure 7, the Not analyzed event was selected, which is indicated by the blue highlight. The remaining events show the file was subsequently analyzed three times. The final analysis instance is highlighted in red to indicate these are the parameters currently loaded for analysis. The second and third history entry is shown without highlight. This shows the data file has not yet been saved with these analysis parameters. If the data file is closed without being saved, this integration history will be discarded. Once the data file is saved, the integration history is protected with the data file. After saving the data file,the second and third history events are highlighted in a lighter shade.

 Figure 7. Integration history.

Draft watermark

Any report containing unsigned data will be watermarked with the word DRAFT across the report as shown in Figure 8.

Figure 8. Report watermark

Electronic data signature

Authorized users can apply an electronic signature to a data file and provide a reason for their signature. To sign the data file, select Signature from the File drop-down menu and select Apply.

Figure 9. Apply signature.

Figure 10. Signature comment.

Once an electronic signature has been applied to a data file, a user can no longer change analysis parameters and save the data file. The data audit trail will indicate the signature. 

Figure 11. Signature applied.

If a user attempts to change parameters and save the data file, the action is aborted, and a message will appear in the bottom status field indicating the data file has been signed as shown in Figure 12.

Figure 12. Signature failed.

An authorized user can revoke the signature if additional analysis, review, and approval are required. Shown in Figure 13, the data signature was revoked, parameters were changed and analyzed four times. This file has not yet been saved, and any report will be watermarked DRAFT.

To commit these changes, the user can either save the data file or apply a signature. When using a signature, the data file is automatically saved. 

Figure 13. Signature applied.

Ability to generate accurate and complete copies of records

The user is responsible for adequate procedures and controls to ensure the requisite files are retained for compliance. The BioPhase 8800 system includes a report application that allows data analysis results to be saved in readable PDF format.

System access

The BioPhase 8800 system requires user login to access the system.

Local workstation

If the BioPhase 8800 system connects to the project on a local workstation, the user can control access via user administration on the workstation.

Network domain

If the BioPhase 8800 system connects to a project location on a network domain, the user can control access via the user management application on the Domain Isolator. Similarly, access to the Domain Isolator should only be granted to users responsible for managing access to the system by other users.

Audit Trails


Reagents files

The BioPhase 8800 system allows the user to define the reagents available for a given project in Reagent files. Once saved. The username and time/date stamp are stored in the file properties under the Details tab.

Method files

Method files contain the detector used for the method, data rate, capillary temperature, and sample storage temperature. They also have the name of the reagent file and parameters for each action used to complete separation and collect data. Once saved, it is not possible to make changes to the file and maintain the same file name. The username and time/date stamp are stored in the file properties under the details tab.

Sequence files

Sequence files contain information about the samples and methods that are run in a sequence. Once saved, it is not possible to make changes to the file and save it with the same file name. The username and time/date stamp are stored in the file properties under the Details tab.

Data files

As described above, data files have integrated audit trails that can be viewed within the application. In addition to the acquisition date/time stamp and user ID, this audit trail also records a complete history of data analysis saved with the file and the signature information

Sequencing of steps and events

The BioPhase 8800 system will not allow a sequence to be run if it contains methods with a configuration that does not match the current instrument configuration. The instrument will not allow a sequence to run if any detected failures on any instrument sub-systems might impact the instrument's performance. The method and sequence editors validate userentered parameters when saved to verify that no known combination of parameters will prevent a sequence from completing.

Authority checks

User credentials are used to verify the user is authorized to access the system and project folders. Additional user access can be restricted by limiting user access to folders within each project. Signature authority is controlled via the user administration application on either the local workstation or Domain Isolator.

Validity of source data or operational instructions

The BioPhase 8800 system does not allow input of sample data or parameters that might affect acquisition at the front panel of the instrument. The instrument only permits manual functions required to prepare the instrument for acquisition, and running sequences loaded in a project folder that the user is authorized to access. The method development and analysis software checks fields for values that are incorrect data type, out of range values, or combinations of values that will cause failed operation of the instrument.

Education, training, and experience

SCIEX provides customer familiarization with the operation of the instrument and application training. Additional policies and procedures to evaluate the experience and provide education and/or training for various users that work with the system are the responsibility of the customer.

System documentation


Access and use

SCIEX provides system operation and maintenance documentation in electronic or written format. It is the user's responsibility to establish controls for access and distribution of documentation for the operation and maintenance of the system.

Revision and change control

SCIEX documents are periodically revised or changed in accordance with SCIEX documentation procedures. These procedures include a time-sequenced record of the document release and any subsequent changes. It is the customer responsibility to establish procedures on any additional documentation they might produce regarding the operation and maintenance of the system.

Controls for open systems

The FDA defines an open system as an environment in which system access is not controlled by personnel who are responsible for the content of electronic records that are on thesystem. By design, the BioPhase 8800 system software ensures file integrity. All files are time and date stamped, and electronic signature is active. However, the identity of users of the system is dependent on the customer policies and procedures.

Signature manifestations

Data files signed with the BioPhase 8800 system software include the printed name of the signer, date and time of the signature, and reason for the signature. All other files created using the BioPhase 8800 system software cannot be edited and saved with the same file name. Name, date, and time stamp of these files is saved in the file properties.

Signature/record linking

Data signature applied in BioPhase 8800 system software are integral to the data file and cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means. For all other files, authorship username, date, and time stamp are integral to the file and if any attempt is made to tamper with the file, it will be identified as altered by the BioPhase 8800 system software.

Subpart C – Electronic signatures
Electronic signature components and controls


First signing

When a user applies a signature for the first time after login, they are prompted to enter their username, password, and reason for the signature.

Multiple data file signing

The BioPhase 8800 system software does not permit the signing of multiple data files with a single signature. Nor does it allow a series of consecutive signatures without providing a username, password, and reason for each instance.

Genuine owners

The BioPhase 8800 system is only accessible by users that have been granted access to projects on either a local workstation or network domain. It is the user’s responsibility to implement policies and procedures designed to ensure electronic signatures using these user credentials are applied only by their genuine owners.

Biometric genuine owners

The BioPhase 8800 system does not currently support electronic signatures based on biometrics.

Controls for identification codes/passwords

The BioPhase 8800 system uses the user credentials from a local workstation or network domain.