Security for Approvals - Cloud based Complaint, NC, and CAPA systems

#1
I am currenting in the process of reviewing a cloud base Complaint, NC, and CAPA system.

My question:
Once a manager is finished with a complaint, NC, or CAPA they will request a second approver. A email is sent requesting review.
If you log into the system, with a password, during the approval process would you be required to reenter your password?

Thank you for any help and documentation.
 
Elsmar Forum Sponsor

Marc

Hunkered Down for the Duration
Staff member
Admin
#2
If you log into the system, with a password, during the approval process would you be required to reenter your password?
That would be entirely dependent upon the software. You need to ask the software company.
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#4
If they can not give you enough information on how it works, options, etc., I wouldn't touch it.
 

Rincewind

Involved In Discussions
#5
Are you asking if there is a requirement that after being logged in to the software you have to enter the password again to approve a document etc. to prohibit lets say you log in to the software and walk away and someone uses your login to approve something or are you asking how the software works?
 
#6
Thank you Marc, as you are aware sometimes we are told to make a square peg fit in a round hole.

Rincewind,
Yes I am asking about once you log in. I can only set the force log out for 15 minutes or higher. The programs I have used in the past have always had a "2-step" process prior to approval.
 

yodon

Staff member
Super Moderator
#7
Are you familiar with 21 CFR Part 11? In there, 11.200(a)(1)(i) says:

When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.

That would typically be the password so, yes, strictly speaking, if the system is to be compliant to Part 11, the user would need to re-enter the password.

The timeout period is a different consideration and there's no prescribed time limits, you have to define (and be able to justify).
 
#8
Yodon,
Thank you for the information, it is exactly what I was looking for...
Our current system, the service provider came in and help with the IQ - OQ. With this system that I am reviewing it would be just me:(
 
Thread starter Similar threads Forum Replies Date
Richard Regalado Automotive News TISAX - VDA ISA (information security assessment) VDA Standards - Germany's Automotive Standards 5
Marc Security in Health Industry Software - February 2020 IEC 27001 - Information Security Management Systems (ISMS) 0
C Security and access in cGMP facilities Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
A Bookmarking my security protected IEC 60601-1 .pdf file IEC 60601 - Medical Electrical Equipment Safety Standards Series 16
M Informational TGA – Medical device cyber security guidance for industry Medical Device and FDA Regulations and Standards News 0
M How To Define ISMS (information Security Management System) Scope IEC 27001 - Information Security Management Systems (ISMS) 9
R Validation of mobile app and cloud servers for data security IEC 62304 - Medical Device Software Life Cycle Processes 4
S In a risk analysis, how can we tie mobile app security breach to ISO 14971? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
A Integration of Information Security in an existent Integrated Management System IEC 27001 - Information Security Management Systems (ISMS) 4
P Do we need equipment stock control for security company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
Paul Simpson Does Knowledge Management include aspects of Information Security? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
N Anyone working on NIST SP 800-171 (Network and Information Security)? Records and Data - Quality, Legal and Other Evidence 4
R Internal Audit of Information Security and Data Protection Internal Auditing 6
A How to rollout Security Awarness at Project Level in the Organisation IEC 27001 - Information Security Management Systems (ISMS) 1
K ISO/IEC 27000, ISO 15408 and the DSS security clearance (FCL) -- Oh, My IEC 27001 - Information Security Management Systems (ISMS) 0
Sidney Vianna Sector specific Information Security ISO Management System Standards IEC 27001 - Information Security Management Systems (ISMS) 1
R Training in Cyber Security Training - Internal, External, Online and Distance Learning 2
H ISMS (information security management system) Manual ISO27001:2013 Example wanted IEC 27001 - Information Security Management Systems (ISMS) 6
A Creating a policy to evaluate the Third Party Security IEC 27001 - Information Security Management Systems (ISMS) 4
N Computer System Access and Security Procedure example wanted 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
R Medical Device Cyber Security Third Party Review Other US Medical Device Regulations 6
A Medical Device Testing for Airport Security US Food and Drug Administration (FDA) 5
V 510(K) Cyber Security Documentation for Pre-market Submission (Templates) Other US Medical Device Regulations 6
Q ISO 9001 Requirement Dilemma - Security Aspects Quality Management System (QMS) Manuals 14
M Does anyone here have experience implementing PCI DSS (Data Security Standard) IEC 27001 - Information Security Management Systems (ISMS) 10
Richard Regalado 2014 Information Security Breaches Survey by PWC IEC 27001 - Information Security Management Systems (ISMS) 1
Jim Wynne Windows 8.1: No Security Updates Without Update 1 After Work and Weekend Discussion Topics 4
R Security Standard referred to as TAPA (Transported Asset Protection Association) Other ISO and International Standards and European Regulations 1
Colin Objectives Form - Format for Documenting Information Security Objectives IEC 27001 - Information Security Management Systems (ISMS) 2
L Implementing ISO 27001 A12.1.1 Security Requirements Analysis and Specification IEC 27001 - Information Security Management Systems (ISMS) 2
R Who is regulating Security Alarm Codes? Coffee Break and Water Cooler Discussions 8
D Please help for the CISSP (Certified Information Systems Security Professional) Exam Professional Certifications and Degrees 2
AnaMariaVR2 ISO 22322 & ISO 22324 - Societal security ? Emergency Management Other ISO and International Standards and European Regulations 0
L A 6.1.8 Independent review of information security question IEC 27001 - Information Security Management Systems (ISMS) 1
T Has anyone done both Quality and Facility Security Officer (FSO) roles ? Career and Occupation Discussions 8
R ISO 13485 - Security and Control of ERP System ISO 13485:2016 - Medical Device Quality Management Systems 1
B Lessons Learnt template - Information Security Management System Experiences Document Control Systems, Procedures, Forms and Templates 1
M Business Case for ISMS (Information Security Management System) IEC 27001 - Information Security Management Systems (ISMS) 1
D U.S. Department of Commerce, Bureau of Industry and Security survey Various Other Specifications, Standards, and related Requirements 1
Marc Security holes enable attackers to switch off pacemakers World News 3
R ISO 27001 A.8.2.2 Information Security Awareness, Education and Training IEC 27001 - Information Security Management Systems (ISMS) 10
K Effectiveness of ISMS (Information Security Management System) Controls Measurement IEC 27001 - Information Security Management Systems (ISMS) 3
A ISMS (Information Security Management System) Policy vs. Information Security Policy IEC 27001 - Information Security Management Systems (ISMS) 1
T ISMS (Information Security Management System) Task Flow Chart in 'Detail' IEC 27001 - Information Security Management Systems (ISMS) 7
B Property Management and Physical Security Plans Business Continuity & Resiliency Planning (BCRP) 5
T Information System Security (infosec) Incident Form - Looking for samples IEC 27001 - Information Security Management Systems (ISMS) 4
Richard Regalado Information Security Joke on Password Management Funny Stuff - Jokes and Humour 4
Richard Regalado ISO/IEC 27007:2011 (ISMS) Information Security Management Systems Auditing IEC 27001 - Information Security Management Systems (ISMS) 6
Richard Regalado Banning Social Media INCREASES Risks to Information Security IEC 27001 - Information Security Management Systems (ISMS) 2
K I.T. Management in Clause 4.2.3? Control of Computer Data Backup and Access Security ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4

Similar threads

Top Bottom