We have an automation system used for WIP, and our business user want to get the remote suppport for it frorm supplier, means they can ask supplier to perfrom trouble shooting remotely in the future.
This system must be compliant with Part11 (just electronic record), is anybody can advise that the system should be Open system or Closed system under this situation?
Thanks in advance.
I don’t think you’ve provided sufficient information to determine if the system is open or closed. A closed system, by definition is:
“an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.”
Presuming your company is responsible for the content, does your company control access (both physical and logical)? Just logging in remotely (even by someone outside your company) wouldn’t, I believe, create an ‘open’ system.
Realize that the only difference between open and closed is the added burden of data encryption. So you may want to look at how the data is transmitted / stored / managed and decide if it’s in your best interest to encrypt anyway!
There’s still a lot of “enforcement discretion” and so if you document what you do, the rationale for why you took the approach, and a risk assessment of the situation (with appropriate and adequate controls implemented), you’re more than likely to pass muster.