Computer System Access and Security Procedure example wanted


My company is currently implementing an Oracle ERP system and will be subsequently validating to 21 CFR 11 compliance. We need to create a "System Access and Security" procedure, but I'm not sure where to start. Does anyone have an example of such a procedure they would be willing to share?

Mark Meer

Trusted Information Resource
My suggestion:
1. Create a general system procedure that gives requirements that any system you choose must meet. Include all the applicable FDA 21 CFR 11 requirements.
2. Choose your system (e.g. in your case, Oracle ERP)
3. Validate the system against the requirements in (1).
4. (if necessary) Create a work-instruction for staff on using the specific system you've chosen.

Depending on how stuff fits together, you might be able to just tack-on "system access and security" requirements in your documentation control procedure.
Top Bottom