Search the Elsmar Cove!
**Search ALL of** with DuckDuckGo including content not in the forum - Search results with No ads.

Security for Approvals - Cloud based Complaint, NC, and CAPA systems

I am currenting in the process of reviewing a cloud base Complaint, NC, and CAPA system.

My question:
Once a manager is finished with a complaint, NC, or CAPA they will request a second approver. A email is sent requesting review.
If you log into the system, with a password, during the approval process would you be required to reenter your password?

Thank you for any help and documentation.


Captain Nice
Staff member
If you log into the system, with a password, during the approval process would you be required to reenter your password?
That would be entirely dependent upon the software. You need to ask the software company.


Captain Nice
Staff member
If they can not give you enough information on how it works, options, etc., I wouldn't touch it.


Involved In Discussions
Are you asking if there is a requirement that after being logged in to the software you have to enter the password again to approve a document etc. to prohibit lets say you log in to the software and walk away and someone uses your login to approve something or are you asking how the software works?
Thank you Marc, as you are aware sometimes we are told to make a square peg fit in a round hole.

Yes I am asking about once you log in. I can only set the force log out for 15 minutes or higher. The programs I have used in the past have always had a "2-step" process prior to approval.


Staff member
Super Moderator
Are you familiar with 21 CFR Part 11? In there, 11.200(a)(1)(i) says:

When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.

That would typically be the password so, yes, strictly speaking, if the system is to be compliant to Part 11, the user would need to re-enter the password.

The timeout period is a different consideration and there's no prescribed time limits, you have to define (and be able to justify).
Thank you for the information, it is exactly what I was looking for...
Our current system, the service provider came in and help with the IQ - OQ. With this system that I am reviewing it would be just me:(

Top Bottom