Dear all,
I am currently implementing a new validation plan for a Software as a Service. The criteria shall take explicit requirements defined in 21 CFR part 11 into consideration, but should also cover implicit requirements.
Section 11.10 (e) only specifies some certain criteria which shall be available in the audit log.
From my point of view, the following user actions are relevant:
Best, Franz
I am currently implementing a new validation plan for a Software as a Service. The criteria shall take explicit requirements defined in 21 CFR part 11 into consideration, but should also cover implicit requirements.
Section 11.10 (e) only specifies some certain criteria which shall be available in the audit log.
From my point of view, the following user actions are relevant:
- Log on
- Log off
- Automatically log-off (safety measure to prevent unauthorized access when nobody is in front of the workstation/laptop)
- Download a draft report
- Sign off a final report
- Download a final report
- Reissuing a report incl. ‘label new report version as’ feature to specify the change category (drop down) and reason (free text) for reissuing the report
- Electronic signature applied
- Encryption
- Password changes (successful / unsuccessful)
- Password recovery
- Configuration changes
- Changes in the report template
- Unsuccessful log-in attempts
Best, Franz