Eres Annex 11 Eu GMP Siemens

Introduction 1
The Requirements in Short 2

Meeting the Requirements
with SIMATIC IT eBR 3
Evaluation List for SIMATIC
IT eBR 4
SIMATIC IT eBR V6.1 SP2
ERES Compliance Response
Product Information
Electronic Records /
Electronic Signatures (ERES)
01/2017
A5E40688601-AA
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will be
used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property
damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified
personnel are those who, based on their training and experience, are capable of identifying risks and avoiding
potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended or
approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and
maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software described.
Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in
this publication is reviewed regularly and any necessary corrections are included in subsequent editions.
Siemens AG A5E40688601-AA Copyright © Siemens AG 2017.

Division Process Industries and Drives Ⓟ 05/2017 Subject to change All rights reserved
Postfach 48 48
90026 NÜRNBERG
GERMANY
Table of contents
1 Introduction...................................................................................................................................................7
2 The Requirements in Short...........................................................................................................................9
3 Meeting the Requirements with SIMATIC IT eBR......................................................................................11
3.1 Lifecycle and Validation of Computerized Systems...............................................................11
3.2 Suppliers and Service Providers............................................................................................11
3.3 Data Integrity..........................................................................................................................11
3.4 Audit Trail...............................................................................................................................13
3.5 System Access, Identification Codes and Passwords...........................................................14
3.6 Electronic Signature...............................................................................................................17
4 Evaluation List for SIMATIC IT eBR...........................................................................................................19
4.1 Lifecycle and Validation of Computerized Systems...............................................................19
4.2 Suppliers and Service Providers............................................................................................21
4.3 Data Integrity..........................................................................................................................21
4.4 Audit Trail, Change Control Support......................................................................................23
4.5 System Access, Identification Codes and Passwords...........................................................24
4.6 Electronic Signature...............................................................................................................25
4.7 Open Systems........................................................................................................................27

Product Information, 01/2017, A5E40688601-AA 5
Table of contents

6 Product Information, 01/2017, A5E40688601-AA
Introduction 1
Life science industry is basing key decisions on regulated records that are increasingly
generated, processed and kept electronically. Reviews and approval of such data are also
being provided electronically. Thus the appropriate management of electronic records and
electronic signatures has become an important topic for the life science industry.
Accordingly, regulatory bodies defined criteria under which electronic records and electronic
signatures will be considered as reliable and trustworthy as paper records and handwritten
signatures executed on paper. These requirements have been set forth by the US FDA in
21 CFR Part 11 (21 CFR Part 11 Electronic Records; Electronic Signatures, US FDA, 1997;
in short: Part 11) and by the European Commission in Annex 11 of the EU GMP Guideline (EU
Guidelines to Good Manufacturing Practice, Volume 4, Annex 11: Computerised Systems,
European Commission, 2011; in short: Annex 11).
Since requirements on electronic records and electronic signatures are always tied to a
computerized system being in a validated state, both regulations also include stipulations on
validation and lifecycle of the computerized system.
Application of Part 11 and Annex 11 (or their corresponding implementation in national
legislation) is mandatory for the use of electronic records and electronic signatures. However,
these regulations are only valid within their defined scope.
The scope of both regulations is defined by the regional market to which the finished
pharmaceutical product is distributed and by whether or not the computerized systems and
electronic records are used as part of GMP-regulated activities (see Part 11.1 and Annex 11
Principle).
Supplemental to the regulations, a number of guidance documents, good practice guides and
interpretations have been published in recent years to support the implementation of the
regulations. Some of them are referred to within this document.
To help its clients, Siemens as supplier of SIMATIC IT eBR evaluated version 6.1 SP2 of the
system with regard to these requirements and published its results in this Compliance
Response. Due to its level of detail, this analysis is based on the regulations and guidelines
mentioned above.
SIMATIC IT eBR V6.1 SP2 fully meets the functional requirements for the use of electronic
records and electronic signatures.
Operation in conformity with the regulations is ensured in conjunction with organizational
measures and procedural controls to be established by the client (the regulated user). Such
measures and controls are mentioned in chapter "Evaluation List for SIMATIC IT eBR
(Page 19)" of this document.
This document is divided into three parts:
1. Chapter "The Requirements in Short (Page 9)" provides a brief description of the
requirement clusters.
2. Chapter "Meeting the Requirements with SIMATIC IT eBR (Page 11)" introduces the
functionality of SIMATIC IT eBR V6.1 SP2 as means to meet those requirements.
3. Chapter "Evaluation List for SIMATIC IT eBR (Page 19)" contains a detailed system
assessment on the basis of the individual requirements of the relevant regulations.

Introduction

The Requirements in Short 2
Annex 11 and Part 11 take into account that the risk of manipulation, misinterpretation and
changes without leaving a visible trace is higher with electronic records and electronic
signatures than with conventional paper records and handwritten signatures. Furthermore the
means to restrict access to electronic records to authorized individuals are very different to
those required to restrict access to paper records. Additional measures are required for such
reasons.
The terms "electronic record" / "electronic document" mean any combination of text, graphics,
data, audio, pictorial or other information representation in digital form that is created, modified,
maintained, archived, retrieved or distributed by a computer system.
The term "electronic signature" means a computer data compilation of any symbol or series
of symbols executed, adopted, or authorized by an individual to be the legally binding
equivalent of the individual's handwritten signature. Since electronic signatures are also
considered as being electronic records by themselves, all requirements for electronic records
are applied to electronic signatures too.
The following table provides an overview of the requirements from both regulations.
Requirement Description
Lifecycle and Validation of Computerized systems used as a part of GMP-related activities must
Computerized Systems be validated. The validation process should be defined using a risk-
based approach. It should cover all relevant steps of the lifecycle and
must provide appropriate documented evidence.
The system's functionality should be traceable throughout the lifecycle
by being documented in specifications or a system description.
A formal change control procedure as well as an incident management
should be established. Periodic evaluation should confirm that the vali‐
dated state of the system is being maintained.
Suppliers and Service Provid‐ Since competency and reliability of suppliers and service providers are
ers considered key factors, the supplier assessment should be decided on
a risk-based approach. Formal agreements should exist between the
regulated user and these third parties, including clear responsibilities
of the third party.
Data Integrity Under the requirements of both regulations, electronic records and
electronic signatures must be as reliable and trustworthy as paper re‐
cords.
The system must provide the ability to discern altered records. Built-in
checks for the correct and secure handling of data should be provided
for manually entered data as well as for data being electronically ex‐
changed with other systems.
The system's ability to generate accurate and complete copies is es‐
sential for the use of the electronic records for regulated purposes, as
well as the accessibility, readability, and integrity of archived data
throughout the retention period.

The Requirements in Short
Requirement Description
Audit Trail, Change Control Besides recording changes to the system as defined in the lifecycle,
Support both regulations require that changes on GMP-relevant data are being
recorded.
Such an audit trail should include information on the change (before /
after data), the identity of the operator, a time stamp, as well as the
reason for the change.
System Access, Identifica‐ Access to the system must be limited to authorized individuals. Attention
tion Codes and Passwords should be paid to password security. Changes on the configuration of
user access management should be recorded.
Periodic reviews should ensure the validity of identification codes. Pro‐
cedures should exist for recalling access rights if a person leaves and
for loss management.
Special consideration should be given to the use of devices that bear
or generate identification code or password information.
Electronic Signature Regulations consider electronic signatures being legally binding and
generally equivalent to handwritten signatures executed on paper.
Beyond requirements on identification codes and passwords as stated
above, electronic signatures must be unique to an individual. They must
be linked to their respective electronic record and not be copied or oth‐
erwise being altered.
Open Systems Open systems might require additional controls or measures to ensure
data integrity and confidentiality.

Meeting the Requirements with SIMATIC IT eBR 3
The Siemens recommendations for the system architecture, conception and installation will
assist system users in achieving compliance. For additional information and assistance see
“SIMATIC IT eBR Functional and Technical documentation“ from Siemens.
The requirements explained in chapter "The Requirements in Short (Page 9)" can be supported
by the system as follows.
3.1 Lifecycle and Validation of Computerized Systems

Although Annex 11 in 1992 and Part 11 in 1997 underlined that a computerized system should
be subject to validation, it was not until the 2011 revision of Annex 11 that a comprehensive
set of criteria for the validation of the system and its lifecycle had been introduced.
Nonetheless the requirements to validate a computerized system and to keep it in a validated
state had long been a part of regulations other than Part 11 and Annex 11. This was the
motivation for the ISPE (International Society of Pharmaceutical Engineers, http://
www.ispe.org) to publish practical guidance like the Baseline Guides (Baseline®
Pharmaceutical Engineering Guides for New and Renovated Facilities, Volume 1-7, ISPE),
the GAMP 5 guide (GAMP 5 – A Risk-Based Approach to Compliant GxP Computerized
Systems, ISPE, 2008) as well as the GAMP Good Practice Guides.
Thus the system lifecycle as well as the approach to validation should be defined considering
the guidance from the GAMP 5 guide. The guide also includes a number of appendices for
lifecycle management, system development and operation of computerized systems.
Since most pharmaceutical companies already have a validation methodology for
computerized systems as a part of their process landscape, it is preferable to set up the
systems lifecycle and validation according to these.
3.2 Suppliers and Service Providers

Suppliers of systems, solutions and services must be evaluated accordingly, see GAMP 5
Appendix M2. Siemens as a manufacturer of SIMATIC hardware and software components
follows internal procedures of Product Lifecycle Management and works according to a Quality
Management System, which is regularly reviewed and certified by an external certification
company.
3.3 Data Integrity

Data integrity is assured in the system by measures like access protection, audit trail, data
type checks, checksums, backup/restore, and archiving/retrieval, completed by system
validation, appropriate procedures and training for personnel.

Meeting the Requirements with SIMATIC IT eBR
3.3 Data Integrity
Data storage
All data is stored in an Oracle database. As described in the "Security recommendation
document" it is strongly recommended to activate the advanced security functionality during
installation of the database. Encryption of the database and the connection between server
and client will therefore be enabled.
It is also possible to link external data, such as pdf files containing material certificates, to a
data set. The responsibility for the integrity of all linked documents is in the regulated user.
Although SIMATIC IT eBR can support the user by individually identifying each attached file
and generating a checksum in order to detect any alteration to these documents. If an alteration
is detected, the system will notify the user and display an error message.
Archiving
SIMATIC IT eBR provides a configurable and scalable archiving function. Messages and
measured values are stored continuously to local SIMATIC IT eBR archives. These locally
stored data can be transferred automatically to long-term archives. Archived data can be
retrieved within the entire, configured retention period.
Data can also be moved from the archive database to the export database, which is being
used as an interface to third party archiving tools.
Figure 3-1 Set up screen: archiving strategy

3.4 Audit Trail
3.4 Audit Trail

"Audit trails can be particularly appropriate when users are expected to create, modify, or delete
regulated records during normal operation." In other words, an audit trail is required for
manually entered data and/or automatically recorded data that has been modified or deleted
by an operator.
Audit trail
SIMATIC IT eBR supports the requirement for audit trail of GMP relevant operations by
recording such actions appropriately (who, what, when, and optionally why) and it provides
adequate system security for such electronic records (e.g. access control). The GMP relevant
data is defined by the regulated company based on the applicable regulatory requirements.
All audit trails can either be printed on paper or be exported in an electronical format.
Operator actions
All changes and inputs of relevant data entered by the operator during operation must be
recorded in an audit trail.
Therefore operator actions performed in SIMATIC IT eBR are being recorded in an audit trail
containing information like old value, new value, user ID, date and time stamp, operation and
optionally comments.
Changes made in user management

User Management can be set up using SIMATIC IT eBR authentication system or can be
delegated to Microsoft Active Directory. If the SIMATIC IT eBR authentication system is used
all changes are subject to the audtil trail. If Microsoft Active Directory is being used any changes
made in the course phase of user management (e.g. setup of new users, blocking users, etc.)
are recorded in the event log of Windows. The event log must be configured accordingly, as
described in the Microsoft documentation.

3.5 System Access, Identification Codes and Passwords
Figure 3-2 Audit trail of a weighing work order

Users must be assigned the required access rights only, to prevent unauthorized access to
the file system, the directory structures, and the system data and their unintended
manipulation.
The requirements regarding access security are fully met in combination with procedural
controls, such as those for "specifying the responsibility and access authorization of the system
users".
Additional security mechanisms need to be set up for any “open paths” which might exist. For
more information on the basic policies of the security concept and configuration
recommendations, refer to the SIMATIC IT eBR Security manual.
The SIMATIC IT eBR User Management application, a basic functionality of SIMATIC IT eBR,
is used to set up user management either based on MS Windows security mechanisms or as
a standalone solution. The basic functionalities of this application are listed below:
● Management of the System functionalities
● Management of User groups

● Management of User accounts

● Modification of the current User’s password
● Management of Audit Trail
Figure 3-3 View of a User Profile
Thereby the following requirements for access protection are fulfilled:

● Central user management (setup, deactivation, blocking, unblocking, assignment to user
groups) by the administrator
● Use of a unique user identification (user ID) in combination with a password
● Definition of system functionalities and access for specific user groups
● Password settings and password aging: The user is forced to change his/her password on
expiry of a time that is easily configured in the profile; the password can be reused only
after "n" generations.
● Prompt the user to define a new password at initial logon (initial password)
● The user is automatically blocked after a configurable number of failed logon attempts and
can only be unblocked by administrators who have the Users Managements Rights

● Automatic Lock after a configurable idle time of the keyboard and mouse or if the application
is running during the idle time as a background task
● Log functions for actions related to access security, such as logon, manual and automatic
logoff, input of incorrect user ID or password, user put into not allowed status after several
attempts to enter an incorrect password, and password change by user
● Concurrent access in order to enter records is being prohibited by the System
SIMATIC IT eBR meets the requirements regarding access security in combination with
procedural controls, such as those for “specifying the responsibility and access authorization
of the system users”.
In addition, users must be assigned specific access rights at operating system level to prevent
unauthorized access to the directory structure of the SIMATIC IT eBR system programs and
unintended manipulation.
Figure 3-4 Assigning Functions to the Group weighing operator

3.6 Electronic Signature

SIMATIC IT eBR provides functions for configuring an electronic signature. The operations or
actions which require an electronic signature, which group is able to sign this action and the
sequence of signatures are specified during the configuration phase. In order to meet the
individual validation process, four different electronic signature types are predefined:
● Single electronic signature (signature of the user who performed the action)
● Double (conditional) electronic signature (if the original operator does not have the rights
to validate the performed action an additional signature of a responsible user is needed)
● Single Check electronic signature (Signature of a user who differs from the user who
performed the action)
● Double Check electronic signature (signature of the user who performed the action and a
user who did not perform the action)
Figure 3-5 Configuring electronic signature for different actions
The electronic signature is being executed in a separate dialog in which the user has to sign
electronically by confirming the intended action with entering his password. Subsequently the
electronic signature is saved in the audit trail along with the user name, time stamp, and the
action performed. Also failed attempts to perform an electronic signature is saved in the audit
trail. A comment can be configured as optional or mandatory for each action.

Figure 3-6 Dialog double check electronic signature

Evaluation List for SIMATIC IT eBR 4
The following list of requirements includes all regulatory requirements from 21 CFR Part 11
as well as from Annex 11 of the EU‑GMP Guidelines. All requirements are structured in the
same topics as those introduced in the chapter "The Requirements in Short (Page 9)" of this
Compliance Response.
The requirements listed fully consider both regulations, regardless of whether technological
or procedural controls or a combination of both are needed to fully comply with Part 11 and
Annex 11.
The answers include, among other things, information about how the requirement is handled
during the development of the product and which measures should be implemented during
configuration and operation of the system. Furthermore, the answers include references to the
product documentation for technical topics and to the GAMP 5 guide for procedural controls
that are already considered in the guide.

The fundamental requirement that a computerized system that is used as a part of GMP-related
activities must be validated is extended by a number of newer Annex 11 requirements detailing
expectations on a system's lifecycle.
Requirement Reference Answer

4.1.1 Risk management should be ap‐ Annex 11, 1 The R&D process for Siemens software products incor‐
plied throughout the lifecycle of the porates risk management accordingly.
computerized system. During the validation of a customer-specific application
risk management should be ensured by the regulated
user.
4.1.2 Validation of a system ensures its 21 CFR 11.10 (a) Yes, the development of the software product (COTS,
accuracy, reliability, consistent in‐ see Annex 11, glossary) is under the control of the Sie‐
tended performance, and the ability mens QMS and the Product Lifecycle Management
to discern invalid or altered records. process.
The regulated user should take appropriate measures
to validate the application (see Annex 11, glossary), as
well as maintaining its validated state.
4.1.3 Validation documentation covers Annex 11, 4.1 Yes, the R&D process for the software product covers
relevant steps of the lifecycle. all relevant steps of the Software Development Life Cy‐
cle (SDLC).
The responsibility for the validation of the application
(see Annex 11, glossary) is with the regulated user.
4.1.4 A process for the validation of be‐ Annex 11, 4.6 The validation process for customer-specific applica‐
spoke or customized systems tions is under the responsibility of the regulated user.
should be in place. Nonetheless Siemens is able to offer support regarding
validation activities. Also as part of the standard soft‐
ware package all test protocols which might be used in
the validation activities.

Evaluation List for SIMATIC IT eBR

4.1.5 Change management and deviation Annex 11, 4.2 Yes, the R&D process for the software product includes
management are applied during the change management, deviation management and fault
validation process. corrections.
The regulated user should ensure appropriate change
management and deviation management (see
GAMP 5, appendices M8 and D5).
4.1.6 An up-to-date inventory of all rele‐ Annex 11, 4.3 The regulated user should establish appropriate report‐
vant systems and their GMP func‐ ing, a system inventory as well as system descriptions
tionality is available. For critical sys‐ (see GAMP 5, appendix D6).
tems an up-to-date system descrip‐
tion […] should be available.
4.1.7 User Requirements Specifications Annex 11, 4.4 Product Requirement Specifications are used during
should describe required functions, the R&D process. The regulated user should have the
be risk-based and be traceable User Requirement Specification appropriately consid‐
throughout the lifecycle. ered in the system’s life cycle (see GAMP 5, appendix
D1).
4.1.8 Evidence of appropriate test meth‐ Annex 11, 4.7 Ensuring the suitability of test methods and scenarios
ods and test scenarios should be is an integral part of the SIMATIC IT product’s R&D
demonstrated. process and test planning.
The regulated user should be involved in the agreement
of testing practice (see GAMP 5, appendix D5) for the
application.
4.1.9 Appropriate controls should be 21 CFR 11.10 (k) During the development of the product the product’s
used over system documentation. documentation is treated as being part of the product.
Such controls include the distribu‐ Thus the documentation itself is under the control of the
tion of, access to, and use of system development process.
operation and maintenance docu‐ The regulated user should establish appropriate proce‐
mentation. dural controls during development and operation of the
production system (see GAMP 5, appendices M9 and
D6).
4.1.10 A formal change control procedure 21 CFR 11.10 (k) During the development of the product changes are
for system documentation main‐ Annex 11.10 handled according to the development process.
tains a time sequenced record of The regulated user should establish appropriate proce‐
changes. dural controls during development and operation of the
system (see GAMP 5, appendices M8 and O6).
4.1.11 Persons who develop, maintain, or 21 CFR 11.10 (i) Siemens’ processes do ensure that employees have
use electronic record/electronic sig‐ according training for their tasks and that such training
nature systems should have the ed‐ is properly documented.
ucation, training and experience to Furthermore Siemens offers a variety of training cour‐
perform their assigned task. ses for users, administrators and support staff.
4.1.12 Computerized systems should be Annex 11, 11 The regulated user should establish appropriate proce‐
periodically evaluated to confirm dural controls (see GAMP 5, appendices O3 and O8).
that they remain in a valid state and
are compliant with GMP.

4.3 Data Integrity

4.1.13 All incidents should be reported and Annex 11, 13 The SIMATIC IT portfolio offers functionalities to sup‐
assessed. port reporting on different system levels. The regulated
user should establish appropriate procedural controls
(see GAMP 5, appendix O5).
4.1.14 For the availability of computerized Annex 11, 16 The regulated user should appropriately consider the
systems supporting critical process‐ system in his business continuity planning (see
es, provisions should be made to GAMP 5, appendix O10).
ensure continuity of support for
those processes in the event of a
system breakdown.
4.2 Suppliers and Service Providers

If the regulated user is partnering with third parties for planning, development, validation,
operation and maintenance of a computerized system, then the competence and reliability of
this partner should be considered utilizing a risk-based approach.

4.2.1 When third parties are used, formal Annex 11, 3.1 The regulated user is responsible to establish formal
agreements must exist between the agreements with suppliers and 3rd parties.
manufacturer and any third parties.
4.2.2 The competency and reliability of a Annex 11, 3.2 The regulated user should assess its suppliers accord‐
supplier are key factors when se‐ Annex 11, 4.5 ingly (see GAMP 5, appendix M2).
lecting a product or service provid‐
er. The need for an audit should be
based on a risk assessment.
4.2.3 The regulated user should ensure Annex 11, 4.5 The development of SIMATIC IT products follows the
that the system has been devel‐ R&D process stipulated in Siemens’ Quality Manage‐
oped in accordance with an appro‐ ment System.
priate Quality Management System.
4.2.4 Documentation supplied with com‐ Annex 11, 3.3 The regulated user is responsible for the performance
mercial off-the-shelf products of such reviews.
should be reviewed by regulated
users to check that user require‐
ments are fulfilled.
4.2.5 Quality system and audit informa‐ Annex 11, 3.4 Matter and extent of the documentation affected by this
tion relating to suppliers or develop‐ requirement should be agreed upon by the regulated
ers of software and implemented user and Siemens. The joint non-disclosure agreement
systems should be made available should reflect this requirement accordingly.
to inspectors on request.
4.3 Data Integrity

The main goal of both regulations is to define criteria under which electronic records and
electronic signatures are as reliable and trustworthy as paper records. This requires a high
degree of data integrity throughout the whole data retention period, including archiving and
retrieval of relevant data.

4.3 Data Integrity

4.3.1 The system should provide the abil‐ 21 CFR 11.10 (a) Yes.
ity to discern invalid or altered re‐ Based on the Oracle database security settings, access
cords. is only possible via SIMATIC IT eBR. An entry in the
audit trail will be generated for any operator action (for
example, the operator changes set points / alarm thresh‐
olds / the monitoring mode or acknowledges alarms).
All relevant changes are recorded including time stamp,
user ID, old value and new value and comment. Unau‐
thorized changes are prevented by the system through
access control.
A finalized electronic batch record and archived data
can be accessed in read only mode and cannot be al‐
tered.
The handling of external files which might be attached
to data of SIMATIC IT eBR is in the responsibility of the
regulated user. It is possible to implement security func‐
tionalities within SIMATIC IT eBR to ensure the integrity
of external files.
4.3.2 For records supporting batch re‐ Annex 11, 8.2 Yes.
lease, it should be possible to gen‐ Modification of data is recorded in the general audit trail
erate printouts indicating whether and can be printed out in a report.
any of the data has changed since
the original entry.
4.3.3 The system should provide the abil‐ 21 CFR 11.10 (b) Yes.
ity to generate accurate and com‐ Annex 11, 8.1 Accurate and complete copies can be generated in
plete copies of electronic records in electronic portable document formats or on paper.
both human readable and electron‐
ic form.
4.3.4 Computerized systems exchanging Annex 11, 5 Yes.
data electronically with other sys‐ The exchange of data is ensured via the gateway data‐
tems should include appropriate base. In this module a built-in data type check validates
built-in checks for the correct and the correctness of incoming data.
secure entry and processing of data.
4.3.5 For critical data entered manually, Annex 11, 6 The system has built-in plausibility checks for data en‐
there should be an additional check try. In addition, a multiple signature or operator dialog
on the accuracy of the data. can be realized as an additional check.
4.3.6 Data should be secured by both Annex 11, 7.1 In addition to the system’s access security mecha‐
physical and electronic means nisms, the regulated user should establish appropriate
against damage. security means like physical access control, backup
strategy, limited user access authorizations, regular
checks on data readability, etc. Furthermore the data
retention period should be determined by the regulated
user and appropriately considered in the users process‐
es (see GAMP 5, appendices O3, O4, O8, O9, O11 and
O13).

4.4 Audit Trail, Change Control Support

4.3.7 Regular backups of all relevant data Annex 11, 7.2 Yes.
should be done. The Archive module ensures the storage and retrieval
of records within internal or external archiving databa‐
ses.
The regulated user should establish appropriate pro‐
cesses for backup and restore (see GAMP 5, appendix
O9).
4.3.8 Electronic records must be readily 21 CFR 11.10 (c) Yes.
retrievable throughout the records Annex 11, 17 As stated above, procedural controls for Backup/Re‐
retention period. store and Archiving/Retrieval should be established.
4.3.9 If the sequence of system steps or 21 CFR 11.10 (f) Yes, e.g. allowances can be made for a specific se‐
events is important, then appropri‐ quence of operator actions by configuring the work or‐
ate operational system checks der accordingly.
should be enforced.
4.4 Audit Trail, Change Control Support

During operation, regulations require the recording of operator actions that may result in the
generation of new relevant records or the alteration or deletion of existing records.

4.4.1 The system should create a record 21 CFR 11.10 (e) Yes.
of all GMP-relevant changes and Annex 11, 9 Changes during operation can be traced back by the
deletions (a system generated "au‐ system itself via audit trail and contain information with
dit trail"). For change or deletion of time stamp, user ID, old and new value and comment.
GMP-relevant data, the reason The audit trail is secure within the system and cannot
should be documented. be changed by a user. It can be made available and
also be exported in electronic portable document for‐
mats.
4.4.2 Management systems for data and Annex 11, 12.4 The requested information is part of the user manage‐
documents should be designed to ment and audit trail functionality.
record the identity of operators en‐
tering, changing, confirming or de‐
leting data including date and time.
4.4.3 Changes to electronic records shall 21 CFR 11.10 (e) Yes.
not obscure previously recorded in‐ Recorded information is not overwritten and is always
formation. available in the database.
4.4.4 The audit trail shall be retained for 21 CFR 11.10 (e) Yes, this is technically feasible and must be considered
a period at least as long as that re‐ Annex 11, 9 in the archiving process (see GAMP 5, appendices O9
quired for the subject electronic re‐ and O13).
cords.
4.4.5 The audit trail should be available 21 CFR 11.10 (e) Yes, see also requirement 4.4.1.
for review and copying by regulato‐
ry agencies.


Since access to a system must be restricted to authorized individuals and the uniqueness of
electronic signatures also depends on the authenticity of user credentials, user access
management is a vital set of requirements regarding the acceptance of electronic records and
electronic signatures.

4.5.1 System access should be limited to 21 CFR 11.10 (d) Yes, system access via SIMATIC IT eBR User Manage‐
authorized individuals. 21 CFR 11.10 (g) ment is either based on the operating system’s user
administration or configured within the SIMATIC IT eBR
Annex 11, 12.1
itself. Functions are to be allocated with User Groups in
SIMATIC IT eBR.
In addition procedural controls should be established
by the regulated user, as described in GAMP 5, appen‐
dix O11.
4.5.2 The extent of security controls de‐ Annex 11, 12.2 System security is a key factor during design and de‐
pends on the criticality of the com‐ velopment of SIMATIC IT products.
puterized system. Nonetheless, since system security highly depends on
the operating environment of each IT-system, these as‐
pects should be considered in security management
(see GAMP 5, appendix O11). Recommendations and
support is given by Siemens’ Industrial Security ap‐
proach.
4.5.3 Creation, change, and cancellation Annex 11, 12.3 Changes in the user access management are being re‐
of access authorizations should be corded and should be subject to change control proce‐
recorded. dures.
4.5.4 If it is a requirement of the system 21 CFR 11.10 (h) Yes.
that input data or instructions can The SIMATIC IT eBR work center (workstations) can be
only come from certain input devi‐ configured so that special input data / commands can
ces (e.g. terminals), does the sys‐ only be performed from a dedicated work center. All
tem check the validity of the source other work centers then have read only access rights at
of any data or instructions re‐ the most.
ceived? (Note: This applies where
data or instructions can come from
more than one device, and there‐
fore the system must verify the in‐
tegrity of its source, such as a net‐
work of weigh scales, or remote, ra‐
dio controlled terminals).
4.5.5 Controls should be in place to main‐ 21 CFR 11.300 (a) Yes.
tain the uniqueness of each com‐ If the user administration of the operating system is
bined identification code and pass‐ used as a platform for access management it is not
word, so that no individual can have possible to define more than one user with the same
the same combination of identifica‐ user ID within a workgroup / domain.
tion code and password as any oth‐
If the User Management of Simatic IT eBR is used for
er.
access management it is not possible to define more
than one user with the same short name, full name or
initials.
Thus each combination of user ID and password is
unique.


4.5.6 Procedures are in place to ensure 21 CFR 11.300 (b) The regulated user should establish appropriate proce‐
that the validity of identification co‐ dural controls (see Good Practice and Compliance for
des is checked periodically. Electronic Records and Signatures, Part 2).
4.5.7 Passwords should periodically ex‐ 21 CFR 11.300 (b) Yes.
pire and have to be revised. Password aging is either based on the operating sys‐
tem’s user administration or on SIMATIC IT eBR user
management.
4.5.8 A procedure should be established 21 CFR 11.300 (b) The regulated user should establish appropriate proce‐
for recalling identification codes and dural controls (see Good Practice and Compliance for
passwords if a person leaves or is Electronic Records and Signatures, Part 2). The MS
transferred. Windows security system can be used to deactivate
user accounts. In the SIMATIC IT eBR User Manage‐
ment the corresponding user has to be put in the “not
allowed” status.
4.5.9 Following loss management proce‐ 21 CFR 11.300 (c) The regulated user should establish appropriate proce‐
dures to electronically deauthorize dural controls (see Good Practice and Compliance for
lost, stolen, missing, or otherwise Electronic Records and Signatures, Part 2).
potentially compromised tokens,
cards, and other devices that bear
or generate identification code or
password information, and to issue
temporary or permanent replace‐
ments using suitable, rigorous con‐
trols.
4.5.10 Measures for detecting attempts of 21 CFR 11.300 (d) Yes, unsuccessful attempts to use the system or to per‐
unauthorized use and for informing form electronic signatures are recognized and are log‐
security and management should ged.
be in place. The regulated user should establish appropriate proce‐
dural controls to ensure a periodic review of security
and access control information logs (see GAMP 5, ap‐
pendix O8).
4.5.11 Initial and periodic testing of devi‐ 21 CFR 11.300 (e) Such devices are not part of the SIMATIC IT eBR port‐
ces, such as tokens and cards, that folio.
bear or generate identification code The regulated user should establish appropriate proce‐
or password information to ensure dural controls (see Good Practice and Compliance for
that they function properly and have Electronic Records and Signatures, Part 2).
not been altered in an unauthorized
manner.

To ensure that electronic signatures are generally accepted as equivalent to handwritten
signatures executed on paper, requirements are not only limited to the act of electronically
signing records. They also include requirements on record keeping as well as on the
manifestation of the electronic signature.


4.6.1 Written policies should be establish‐ 21 CFR 11.10 (j) The regulated user should establish appropriate proce‐
ed that hold individuals accountable Annex 11, 14.a dural controls.
and responsible for actions initiated
under their electronic signatures, in
order to deter record and signature
falsification.
4.6.2 Signed electronic records should 21 CFR 11.50 (a) Yes.
contain the following related Infor‐ Annex 11, 14.c
mation:
● The printed name of the signer
● The date and time of signing
● The meaning of the signing
(such as approval, review,
responsibility)
4.6.3 The above-listed information is 21 CFR 11.50 (b) Yes.
shown on displayed and printed
copies of the electronic record.
4.6.4 Electronic signatures shall be linked 21 CFR 11.70 Yes.
to their respective electronic re‐ Annex 11, 14.b
cords to ensure that the signatures
cannot be excised, copied, or other‐
wise transferred to falsify an elec‐
tronic record by ordinary means.
4.6.5 Each electronic signature shall be 21 CFR 11.100 (a) Yes, the electronic signature uses the unique identifiers
unique to one individual and shall 21 CFR 11.200 (a) for user accounts in the MS Windows user administra‐
not be reused by, or reassigned to, (2) tion or is locally defined in the SIMATIC IT eBR User
anyone else. Management. The re-use or re-assignment of electronic
signatures is effectively prevented.
4.6.6 When a system is used for record‐ Annex 11, 15 Electronic signatures are linked to an individual and
ing certification and batch release, each individual is allocated to a group. The system al‐
the system should allow only Quali‐ lows strict determinations about which functions a group
fied Persons to certify the release of is allowed to perform a signature.
the batches and it should clearly
identify and record the person re‐
leasing or certifying the batch.
4.6.7 The identity of an individual should 21 CFR 11.100 (b) The regulated user should establish appropriate proce‐
be verified before electronic signa‐ dural controls for the verification of an individual’s iden‐
ture components are allocated. tity before allocating a user account and/or electronic
signatures.
4.6.8 When an individual executes one or 21 CFR 11.200 (a) Yes, performing an electronic signature requires the
more signings not performed during (1) (ii) user ID as well as the user’s password.
a single session, each signing shall
be executed using all of the elec‐
tronic signature components.

4.7 Open Systems

4.6.9 When an individual executes a ser‐ 21 CFR 11.200 (a) Yes. Each signature consists of two components (user
ies of signings during a single ses‐ (1) (i) ID and password).
sion, the first signing shall be exe‐
cuted using all electronic signature
components; subsequent signings
shall be executed using at least one
private electronic signature compo‐
nent.
4.6.10 The use of an individual's electronic 21 CFR 11.200 (a) Yes. It is not possible to falsify an electronic signature
signature by anyone other than the (3) during signing or after recording of the signature.
genuine owner would require the In addition, the regulated user needs procedures that
collaboration of two or more individ‐ prevent the disclosure of passwords.
uals.
4.6.11 Electronic signatures based upon 21 CFR 11.200 (b) Standard tools of third-party manufacturers can be used
biometrics shall be designed to en‐ to create biometric electronic signatures. The integrity
sure that they cannot be used by of such solutions should be assessed separately.
anyone other than their genuine
owner.
4.7 Open Systems

The operation of an open system may require additional controls to ensure data integrity as
well as the possible confidentiality of electronic records.

4.7.1 To ensure the authenticity, integrity, 21 CFR 11.30 All communications are performed via SSL encryption.
and, as appropriate, the confiden‐ Detailed information about security measures are de‐
tiality of electronic records addition‐ scribed in the security manual.
al measures such as data encryp‐
tion are used.
4.7.2 To ensure the authenticity and in‐ 21 CFR 11.30 SIMATIC IT eBR does not provide functionality for digi‐
tegrity of electronic signatures, ad‐ tal (encrypted) signatures.
ditional measures such as the use
of digital signature standards are
used.

4.7 Open Systems


Eres Annex 11 Eu GMP Siemens

Uploaded by

Copyright:

Available Formats

Eres Annex 11 Eu GMP Siemens

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Eres Annex 11 Eu GMP Siemens

Uploaded by

Copyright:

Available Formats

Introduction 1

The Requirements in Short 2

Siemens AG A5E40688601-AA Copyright © Siemens AG 2017.

ERES Compliance Response

ERES Compliance Response

ERES Compliance Response

ERES Compliance Response

ERES Compliance Response

ERES Compliance Response

3.1 Lifecycle and Validation of Computerized Systems

3.2 Suppliers and Service Providers

3.3 Data Integrity

ERES Compliance Response

Figure 3-1 Set up screen: archiving strategy

ERES Compliance Response

3.4 Audit Trail

Changes made in user management

ERES Compliance Response

Figure 3-2 Audit trail of a weighing work order

3.5 System Access, Identification Codes and Passwords

ERES Compliance Response

● Management of User accounts

Figure 3-3 View of a User Profile

Thereby the following requirements for access protection are fulfilled:

ERES Compliance Response

Figure 3-4 Assigning Functions to the Group weighing operator

ERES Compliance Response

3.6 Electronic Signature

Figure 3-5 Configuring electronic signature for different actions

ERES Compliance Response

Figure 3-6 Dialog double check electronic signature

ERES Compliance Response

4.1 Lifecycle and Validation of Computerized Systems

Requirement Reference Answer

ERES Compliance Response

Requirement Reference Answer

ERES Compliance Response

Requirement Reference Answer

4.2 Suppliers and Service Providers

Requirement Reference Answer

4.3 Data Integrity

ERES Compliance Response

Requirement Reference Answer

ERES Compliance Response

Requirement Reference Answer

4.4 Audit Trail, Change Control Support

Requirement Reference Answer

ERES Compliance Response

4.5 System Access, Identification Codes and Passwords

Requirement Reference Answer

ERES Compliance Response

Requirement Reference Answer

4.6 Electronic Signature

ERES Compliance Response

Requirement Reference Answer

ERES Compliance Response

Requirement Reference Answer

4.7 Open Systems

Requirement Reference Answer