We have purchased an XRD system where it is possible for users to
delete electronic records and the delete function does not appear in
the audit trail. Are we still compliant with the part (11.10c) if we
simply state in the operational SOP that records must not be deleted
from the system?
There are obviously controls around access to the system e.g. small
number of authorised users, raw data can only be accessed via the
workstation local to the instrument which is housed in a lab
accessible only by swipe access which is logged.
I have had a similar situation with XRD instruments.
A few questions are in order before we can give you advice.
You say that access is limited to the instrument. Is the computer
networked (e.g. use of a directory services for authentication)? Are you
running a variation of MS Windows NT (4 thru Vista)?
If yes, you have the potential for physical (Card Access) and logical
security (Access Controls). This gets you part way to subpart B 11.10c.
The second part of 11.10c is data protection. SOPs are great, but how can
you demonstrate compliance? If I were auditing you, this would be a
central point in my inspection.
Most XRD instrument software is written without security controls available
(as you have pointed out). One way I have dealt with this issue is to use a
software system (Waters SDMS or Agilent ECM) to capture raw and meta data
generated by the instrument without overwriting the data with each
instrument session. Besides a pseudo audit trail (who and when, but not a
detailed what changed), this system allows access to data at your business
pc (rather than just the lab pc).
One other fundamental issue with Part 11 is that the system must be
validated. This includes both the hardware and software parts of the
system. I am assuming that you are in the process for this activity and
this why you are asking the question.
There are other more convoluted and labor intensive ways around this issue
that are completely dependent on your environment and the number of warm
bodies available to insure compliance with Part 11.
The SDMS or ECM solution is not perfect. These systems require constant
feeding (maintenance, change management, etc.) and are quite expensive.
They do give benefits over and above compliance however and are well worth a
look if your needs are more than just a few instruments.
As is usual in these matters, there are no simple answers. It would help if
more instrument vendors gave us compliant software to work with, but without
demand, we have no hope on this issue.
One of the most insisted on design features for part 11, was that original records could never be over-written or deleted.
As soon as you try (assuming you have all the correct authorities) to over write data, the system MUST retain the origin data, and give you a later edition to alter. This later addition will carry your identity and you will have to accept it or it will self disappear.
In the early days of part 11, there were many companies proposing design specifications, many of these allowed the audit facility to be on or off. The regulators refused, not only had the audit trail to be permanently active and the original record retained, at all times, but, it also had to be beyond the ability of the end user to tamper with it.
If you were to attempt to come up with some sort of patch up, you would have to validate it and prove the integrity of it to the regulators, a pretty daunting task.