21 CFR Part 11 - software designed for easier compliance
21 CFR Part 11Industries needing secure SCADA systems, including those affected by FDA 21 CFR Part 11 regulations, can benefit from Prodigy's "one tick" approach towards compliance. FDA 21 CFR Part 11 defines the U.S. Food and Drug Administration rules on the storage and control of electronic records and the implementation of electronic signatures. The regulation sets out the mandatory requirements for compliance of electronic systems used in the industries covered by the legislation. These industries include drug & pharmaceutical, food and beverage, biological or medical device manufacturing, cosmetics, blood handling processes etc.

21 CFR Part 11 applies specifically to companies based in or supplying into the U.S. However similar regulations by other agencies such as the Foods Standards Agency (UK) and EFSIS (EU) are likely to be based on the FDA rules. Other standards such as GAMP (Good Automated Manufacturing Practice) and GLP (Good Laboratory Practice) also require defined levels of data security and traceability. It is therefore important when choosing software that it is capable of compliance with the regulatory requirements.

21 CFR Part 11 Compliance Made Simple

In meeting the 21 CFR Part 11 requirements the Prodigy design philosophy has been to go beyond simple technical compliance by providing facilities that are both extensive and flexible yet easy to apply. In order to aid compliance a 'one tick' approach is provided that can be used to automatically configure facilities for 21 CFR Part 11. Alternatively, for maximum flexibility the facilities can be selected and configured manually.

21 CFR Part 11

Audit Trail

21 CFR Part 11 regulation requires that a verifiable audit trail is provided. The audit trail facility works throughout Prodigy and once enabled generates a time stamped record of every user action that makes a material change to the system.
"Tascomp's 'one shot' implementation of FDA 21 CFR Part 11 standard enables a manufacturer to establish a compliant and validated system quickly and easily. Incorporation of a full audit trail, secure file format and user security by electronic signatures provides the perfect solution for many of our MEDACS and SL400 wireless installations and complements our own validatable system for transport and distribution"
Martin Westover, Signatrol Limited

  • Such actions include:
  • User log on
  • User log off
  • Manual signal value changes
  • Configuration changes
  • Alarm acceptance
  • Recipe changes
  • System start up/shutdown
  • Invalid user access
  • Password changes
  • User lockout
  • Display changes
  • Program execution

21 CFR Part 11

User Security

With FDA 21 CFR Part 11 Compliance the standard Prodigy User Security is enhanced to meet the requirements for electronic signatures. A user database allows each user to be assigned a unique user ID and high security password as well as a list of allowed actions or privileges. The minimum password length and the password expiry period is configurable, defaulting to 6 characters and 180 days respectively when the 'one tick' enable option is selected. User access is recorded to audit trail and repeated invalid access by any user automatically invalidates the users account. To prevent access due to the system being left open inadvertently the system automatically logs off inactive users.

User access is recorded as part of the audit trail and repeated invalid access will automatically invalidate that user's account. Automatic log off of an inactive users prevents the system being left open inadvertently.

Data Security

"Support for FDA 21 CFR Part 11 is more comprehensive than any other SCADA software package..."
Tony Truin, Technical Director, Anville Instruments
To ensure data security all text based configuration and data files are encrypted. Full 128 bit multi-cyclic encryption is used to resist even the most sophisticated and determined of would-be hackers. The encryption process is irreversible and once encrypted all affected configuration and data files are readable only through the Prodigy programs to which they relate.

Prodigy software also password protects all Access™ databases. The passwords used are created by the Prodigy system on an individual database basis and once applied opening of the database is prevented other than via a relevant Prodigy program.

Secure File Browser

For 21 CFR Part 11 Prodigy provides a Secure File Browser to replace the standard Windows file browser, which allows options that are incompatible with secure applications. These include, for example, the ability to; delete, rename and copy files; launch programs; browse to other areas of the computer. The browsing level and file deletion capability of the Secure File Browser can be set to eliminate these security loopholes.

Desktop Security Lockdown

21 CFR Part 11 Compliance


Audit Trail

  • Comprehensive Audit Trail
  • Security encrypted
  • Audit reporting
  • Audit analysis
  • Automatic archive

User Security

  • Unique user I.D.
  • Password expiry
  • Enforced password length
  • Operator comments
  • Timed operator logout
  • Auto lockout on tamper
  • User barring
  • User access log

Data Security

  • 128 bit data encryption
  • No commercial decryption tools
Prodigy software also provides complete and flexible options for configuring desktop lockdown on the computer that it runs on. Depending upon security requirements this can prevent the users of the system from gaining access to Explorer, system tools, games, the internet, network resources and so on. This kind of lockdown is recommended in many application areas where you want to prevent "tampering" with the system, either intentional or otherwise. The desktop lockdown is a standard security facility in all Prodigy packages and is often useful for non 21 CFR Part 11 systems.

Applying the technical control required for 21 CFR Part 11 is made simple with Prodigy’s ‘one tick’ approach allowing users to concentrate on the procedural and administrative controls required for full compliance.

The FDA 21 CFR Part 11 Compliance facility comes as standard in the Prodigy Complete software package and is an add-on option in Prodigy Chart Recorder, Lite or Classic software packages. The facility can be enabled on any Prodigy software package from version 7 onwards. Users of earlier versions who require the facility can do so simply by upgrading to the latest version.

More information on 21 CFR Part 11 facilities as well as the standard User Access and Security features is available in the Prodigy Technical Overview

Your next step?
Request a Prodigy information pack here.

Resource links -

FDA Office of Regulatory Affairs 21 CFR Part 11 Electronic Records:Electronic Signatures documentation

The United Kingdom Good Laboratory Practice Monitoring Authority (UK GLP MA)