The Cove Business Standards Discussion Forums More Free Files Forum Discussion Thread Post Attachments Listing Cove Discussion Forums Main Page
Open vs Closed Systems - Criteria for Categorization in cGMP Environment
UL - Underwriters Laboratories - Health Sciences
Open vs Closed Systems - Criteria for Categorization in cGMP Environment
Open vs Closed Systems - Criteria for Categorization in cGMP Environment
Open vs Closed Systems - Criteria for Categorization in cGMP Environment
Open vs Closed Systems - Criteria for Categorization in cGMP Environment
Open vs Closed Systems - Criteria for Categorization in cGMP Environment
Open vs Closed Systems - Criteria for Categorization in cGMP Environment
Open vs Closed Systems - Criteria for Categorization in cGMP Environment
Open vs Closed Systems - Criteria for Categorization in cGMP Environment
Open vs Closed Systems - Criteria for Categorization in cGMP Environment
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > > >
Forum Username

Elsmar Cove Forum Visitor Notice(s)

Wooden Line

Open vs Closed Systems - Criteria for Categorization in cGMP Environment


Elsmar XML RSS Feed
Elsmar Cove Forum RSS Feed

Monitor the Elsmar Forum
Sponsor Links




Courtesy Quick Links


Links Elsmar Cove visitors will find useful in the quest for knowledge and support:

Jennifer Kirley's
Conway Business Services


Howard's
International Quality Services


Marcelo Antunes'
SQR Consulting, and
Medical Devices Expert Forum


Bob Doering
Bob Doering's Blogs and,
Correct SPC - Precision Machining


Ajit Basrur
Claritas Consulting, LLC



International Standards Bodies - World Wide Standards Bodies

ASQ - American Society for Quality

International Organization for Standardization - ISO Standards and Information

NIST's Engineering Statistics Handbook

IRCA - International Register of Certified Auditors

SAE - Society of Automotive Engineers

Quality Digest

IEST - Institute of Environmental Sciences and Technology

View Poll Results: Criteria for categorization and examples for open systems vs closed systems in cGMPs
User & Data authentication controls 0 0%
Network controls (accessibility of intranet vs internet) 1 50.00%
Both the above options 1 50.00%
Others or None of above 0 0%
Multiple Choice Poll. Voters: 2. You may not vote on this Poll because you are not Logged In.


Some Related Topic Tags
21 cfr part 11 - electronic records and signatures, cgmp (current good manufacturing practices), data security, electronic records, pharmaceuticals and pharmaceutical industry
Reply
 
Thread Tools Search this Thread Rating: Thread Rating: 1 votes, 5.00 average. Display Modes
  Post Number #1  
Old 16th October 2014, 08:52 PM
v9991

 
 
Total Posts: 950
Please Help! Open vs Closed Systems - Criteria for Categorization in cGMP Environment

my query is,
1) what are examples of open & closed systems in typical pharma cGMP environment?
2) does the network controls differentiate a system from being open vs closed (viz., a system which is accessible only on intranet vs one accessible over internet)
VS
user/data authentication.or.encryption process?
VS
combination of network controls +user/data authentication.or.encryption process?

3) the point is we have a system which is solely accessible over intranet, vs a system accessible over internet. (both of them have pertinent e-signature features of id+password); now the confusion is how to treat above two systems?

as per 21 CFR Part 11...
Quote:
(9) Open system means an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system.

(4) Closed system means an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.

Sec. 11.30 Controls for open systems. Persons who use open systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to the point of their receipt. Such procedures and controls shall include those identified in 11.10, as appropriate, and additional measures such as document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality.

Sec. 11.10 Controls for closed systems. Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following:
(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.
(b) The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency. Persons should contact the agency if there are any questions regarding the ability of the agency to perform such review and copying of the electronic records.
(c) Protection of records to enable their accurate and ready retrieval throughout the records retention period.
(d) Limiting system access to authorized individuals.
(e) Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.
(f) Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate.
(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.
(h) Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction.
(i) Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks.
(j) The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification.
(k) Use of appropriate controls over systems documentation including:
(1) Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance.
(2) Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation.

Sponsored Links
  Post Number #2  
Old 18th October 2014, 03:44 PM
yodon

 
 
Total Posts: 971
Re: Open vs Closed systems - Criteria for categorization in cGMP environment

Well, I'll give it a whirl...

My take is that the FDA recognizes that it's quite typical for records to be gathered electronically and stored on systems or otherwise transmitted over systems where some or all of the pieces aren't in control of the company gathering for and responsible for those records.

So let's say your manufacturing system is all quite self-contained at the plant. Records may be gathered at individual workstations but they are stored on a server completely inside the plant and the server is completely under control of the company. The company defines how access is granted, security levels, etc. That would be a closed system.

Pretty much everything else, IMO, will be open. Examples include a leased (even dedicated) server, transmitting the records over the internet to another site, etc.

So it's really, to me, a matter of who potentially has access to the data / records. (If you're transmitting over the internet, the transmission could be detected / intercepted).

The difference in controls between open and closed is just the additional level of protection(s) employed; e.g., encryption.

So no, authentication / encryption doesn't DEFINE open -v- closed. You can implement those on a closed system if you're so inclined.

If you have "internet" in the description of your system, my take would be that it's an open system. Then it boils down to risk as to how much additional control you deploy to protect the data / ensure its integrity.
Thank You to yodon for your informative Post and/or Attachment!
Sponsored Links

  Post Number #3  
Old 12th July 2017, 06:29 PM
Ajit Basrur's Avatar
Ajit Basrur

 
 
Total Posts: 6,073
Re: Open vs Closed systems - Criteria for categorization in cGMP environment

This is an old poll ... closed !
  Post Number #4  
Old 13th July 2017, 10:58 AM
v9991

 
 
Total Posts: 950
Lurker Re: Open vs Closed systems - Criteria for categorization in cGMP environment

Managing 21 CFR Part 11 Compliance: Using Checksums on Opens Systems

Quote:
The system is designed so that when the .xml file is exported a checksum is run
on the .xml file. In this example, the checksum is a .sha1 file. The user then places the .xml and .sha1 files on a secure network drive at the sponsor site. A parsing tool then checks the .sha1 file to ensure that the .xml file has not
been modified during the transmission. The parsing tool then converts data from the .xml file into a .csv file. When the .csv file is outputted from the parsing tool, it generates a checksum for the .csv file (a new .sha1 file)
Approval Processes, Security and 21 CFR Part 11

Quote:
multiple passwords
PKI Authentication
Biometric ID
Biometric PKI ubiquity


Types of Systems under Part 11 - Open Systems
Attached Files: 1. Scan for viruses before opening, 2. Please report any 'bad' files by Reporting this post, 3. Use at your Own Risk.
File Type: pdf Types of Systems under Part 11 - Open Systems.pdf (75.2 KB, 24 views)
File Type: pdf PharmaSUG-2013-MS06-Managing 21 CFR Part 11 Compliance - using check sums on open systems.pdf (125.0 KB, 14 views)
File Type: pdf Approval Processes, Security and 21 CFR Part 11.pdf (71.6 KB, 15 views)
Thanks to v9991 for your informative Post and/or Attachment!
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > > >

Bookmarks



Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Emoticons are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
Rich O2 Environment Testing Laboratories (Clause 11.2.2 ME EQUIPMENT and ME SYSTEMS) eyalhend IEC 60601 - Medical Electrical Equipment Safety Standards Series 0 1st June 2017 03:31 AM
Benchmarking cGMP compliance (Systems compliance ) v9991 US Food and Drug Administration (FDA) 4 28th April 2011 10:30 PM
Transitioning from cGMP to ISO Systems v9991 Career and Occupation Discussions 1 22nd April 2011 03:49 PM
Implementation Plan for ICH Q10 - Gap analysis of cGMP vs ICH Q10 Quality Systems v9991 US Food and Drug Administration (FDA) 2 4th February 2011 01:14 PM
Open Source Documentation Systems MarkJoel Document Control Systems, Procedures, Forms and Templates 9 26th October 2004 02:49 PM



The time now is 03:08 PM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.


 
 
 


NOTE: This forum uses "Cookies"