nanodac ™

Recorder/Controller and 21 CFR Part 11

Record Manage Optimize

Sub Part B - Electronic Records
11.10 Controls for Closed Systems

Eurotherm offer assistance with product validation to GAMP

guidelines.

Files are recorded in a binary, compressed and check-summed

format proprietary to Eurotherm. Details are not published. The
viewing tool rejects invalid/altered (i.e. incorrectly check-summed)
(a) Validation of systems to ensure accuracy, reliability, consistent
records.
intended performance, and the ability to discern invalid or altered
records.
Extensive testing is carried out by Eurotherm Ltd, an ISO 9001
approved company.

Automatic incrementing of configuration version number each time

a save is changed this number is stored to the audit trail. It is also
available as a maths function allowing it to be trended.

(b) The ability to generate accurate and complete copies of

Complete and accurate copies are available on screen or for printing
records in both human readable and electronic form suitable
through the use of the Review software package.
for inspection, review, and copying by the agency. Persons should
Complete and accurate electronic copies are available by copying
contact the agency if there are any questions regarding the
the raw data files or by setting up a ‘PDF Printer’ (requires Adobe
ability of the agency to perform such review and copying of the
Acrobat or similar) in order to export graphs in PDF format.
electronic records.

On the instrument, files are held internally in Flash then archived to

Removable media and/or via a network to an FTP server.
(c) Protection of records to enable their accurate and ready
Data can also be periodically pulled from the product using Review.
retrieval throughout the records retention period.
Once data has left the instrument, the media it is stored on and
backup strategy is the responsibility of the user.

(d) Limiting system access to authorized individuals. Individual password protected user accounts.
nanodac / 21CFR eurotherm.com/nanodac 2

nanodac ™

Recorder/Controller and 21 CFR Part 11

Sub Part B - Electronic Records (continued)

11.10 Controls for Closed Systems

(e) Use of secure, computer-generated, time-stamped audit trails
to independently record the date and time of operator entries and
actions that create, modify, or delete electronic records. Record
changes shall not obscure previously recorded information. Such
audit trail documentation shall be retained for a period at least as
long as that required for the subject electronic records and shall
be available for agency review and copying.
Secure (embedded in the binary history file), computer
generated, time-stamped runtime audit trail of batch stop/start,
alarm acknowledgements, logins, signature details, configuration
changes. Record changes do not obscure previous data.
Audit trail is embedded in the history file so guaranteeing retention
alongside the records and availability for review/copying.
Time synchronisation is available via SNTP.

(f) Use of operational system checks to enforce permitted Interlocks can be achieved using the product configuration and
sequencing of steps and events, as appropriate. relay outputs. The specifics are down to configuration.

(g) Use of authority checks to ensure that only authorised

Individual password protected user accounts. Each user can have
individuals can use the system, electronically sign a record,
a unique set of access permissions or privileges to customise what
access the operation or computer system input or output device,
they can do to the product.
alter a record, or perform the operation at hand.

(h) Use of device (e.g., terminal) checks to determine, as

appropriate, the validity of the source of data input or operational System errors and input channel status are logged.
instruction.

(i) Determination that persons who develop, maintain, or use

electronic record/electronic signature systems have the educa- Procedural - responsibility of the user
tion, training, and experience to perform their assigned tasks.

(j) The establishment of, and adherence to, written policies that
hold individuals accountable and responsible for actions initiated
Procedural - responsibility of the user
under their electronic signatures, in order to deter record and
signature falsification

(k) Use of appropriate controls over systems documentation

including:
(1) Adequate controls over the distribution of, access to, and use
of documentation for system operation and maintenance. Procedural - responsibility of the user
(2) Revision and change control procedures to maintain an audit
trail that documents time-sequenced development and
modification of systems documentation.

11.30 Controls for Open Systems

Persons who use open systems to create, modify, maintain, or

transmit electronic records shall employ procedures and controls The product is targeted at use in closed systems. With appropriate
designed to ensure the authenticity, integrity, and as appropriate, external systems/procedures the product may be used in an open
the confidentiality of electronic records from the point of their system.
creation to the point of their receipt.
nanodac / 21CFR eurotherm.com/nanodac 3

nanodac ™

Recorder/Controller and 21 CFR Part 11

11.50 Signature Manifestations

(a) Signed electronic records shall contain information associated

with the signing that clearly indicates all of the following:
(1) The printed name of the signer;
(2) The date and time when the signature was executed; and
(3) The meaning (such as review, approval, responsibility, or
authorship) associated with the signature.
Signed records contain username, date, time and meaning. “Mean-
ing” includes signed/authorised information, an automatically gener-
ated type (for example, ‘config’ for a configuration change), plus an
operator entered note.

b) The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of

this section shall be subject to the same controls as for electronic
Username, time-stamp and meaning are all embedded in the binary
records and shall be included as part of any human readable
format history file.
form of the electronic record (such as electronic display or
printout).

11.70 Signature / Record / Linking

(Electronic signatures and handwritten signatures executed to

Signature manifestation is embedded in the binary format history
electronic records shall be linked to their respective electronic
file. For hybrid systems, prints created via review for handwritten
records to ensure that the signatures cannot be excised, copied,
signature will always contain time-stamp details which permit
or otherwise transferred to falsify an electronic record by ordinary
recreation from the original data.
means.

Sub Part C - Electronic Signatures

11.100 General Requirements

a) Each electronic signature shall be unique to one individual and

shall not be reused by, or reassigned to, anyone else.
(b) Before an organisation establishes, assigns, certifies, or
otherwise sanctions an individual’s electronic signature, or any
element of such electronic signature, the organisation shall verify
the identity of the individual
The product complies with this requirement by ensuring that no
two user accounts have the same user name. Expired accounts may
remain in the system and be disabled.
Procedural - responsibility of the user

(c) Persons using electronic signatures shall, prior to or at the

time of such use, certify to the agency that the electronic
signatures in their system, used on or after August 20, 1997, are
intended to be the legally binding equivalent of traditional
handwritten signatures.

(1) The certification shall be submitted in paper form and

signed with a traditional handwritten signature, to the Office of Procedural - responsibility of the user
Regional Operations (HFC-100), 5600 Fishers Lane,
Rockville, MD 20857.

(2) Persons using electronic signatures shall, upon agency

request, provide additional certification or testimony that a
specific electronic signature is the legally binding equivalent
of the signer’s handwritten signature.
nanodac / 21CFR eurotherm.com/nanodac 4

nanodac ™

Recorder/Controller and 21 CFR Part 11

Sub Part C - Electronic Signatures (continued)

11.200 Electronic Signature Components and Controls

(1) Employ at least two distinct identification components such as

an identification code and password.
(i) When an individual executes a series of signings
during a single, continuous period of controlled system
access, the first signing shall be executed using all
electronic signature components; subsequent signings
shall be executed using at least one electronic signature Requires re-entry of user name and password during a signing. Both
component that is only executable by, and designed to components will be required for all signings.
be used only by, the individual.

(ii) When an individual executes one or more signings not

performed during a single, continuous period of
controlled system access, each signing shall be
executed using all of the electronic signature components.

Users can change their own passwords and no read access to

passwords is provided. It is also possible to have logins time out
(2) Be used only by their genuine owners; and after a set period of inactivity; to limit the number of login retries
before an account is disabled; to set a minimum length for
passwords; and to force password expiry after a set number of days.

Users can change their own passwords and no read access to

passwords is provided. So, unless one user tells another their
(3) Be administered and executed to ensure that attempted use
password, it is impossible to commit fraud without an audit trail of
of an individual’s electronic signature by anyone other than its
that fraud being left. It is further possible to force system
genuine owner requires collaboration of two or more individuals.
administrator changes for user accounts to be authorized by a
second individual.

11.300 Controls for identification Codes / Passwords

Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to
ensure their security and integrity. Such controls shall include:

(a) Maintaining the uniqueness of each combined identification

Providing user accounts are not deleted then all user names are
code and password, such that no two individuals have the same
forced to be unique.
combination of identification code and password.

(b) Ensuring that identification code and password issuances are

It is possible to force password expiry after a set number of days. If
periodically checked, recalled, or revised (e.g., to cover such
a user leaves, their account can be disabled.
events as password aging).

(c) Following loss management procedures to electronically

deauthorize lost, stolen, missing, or otherwise potentially
compromised tokens, cards, and other devices that bear or
generate identification code or password information, and to
issue temporary or permanent replacements using suitable,
rigorous controls.
Procedural – compromised accounts can be disabled. On loss of
password, the administrator may set a new password for an
account which the account holder should then immediately replace
by a password of their own.

(d) Use of transaction safeguards to prevent unauthorised use of
passwords and/or identification codes, and to detect and report
in an immediate and urgent manner any attempts at their
unauthorized use to the system security unit, and, as appropriate,
to organizational management.
It is possible to have logins time out after a set period of inactivity;
to limit the number of login retries before an account is disabled; to
set a minimum length for passwords; and to force password expiry
after a set number of days. Failed logins that disable accounts are
detailed in the Audit Trail within the instrument.

Eurotherm Limited
Faraday Close, Durrington,
Worthing, West Sussex BN13 3PL
Phone: + 44 (01903) 268500
Fax: + 44 (01903) 265982
www.eurotherm.com

Document Number HA032921 Issue 1 © 2016 Schneider Electric. All rights reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies.