For regulated spaces creating electronic records of environmental monitoring and other sensitive data, accuracy and security are of paramount concern. How data is handled in regulated environments like cleanrooms is crucial to both regulatory compliance and data security. Besides the damage a data breach can do to a company’s reputation, a company has a legal obligation to protect user and customer data.
What is Data Security?
数据安全是保护电子数据免受盗窃、未经授权的访问或损坏。数据安全政策和程序的目标是保护上述数据,同时降低暴露或被破坏的风险。为了使这种安全性有效,它必须同时考虑数据的敏感性和适用的法规。许多行业和企业需要一定程度的数据安全,包括洁净室。
What is FDA 21 CFR Part 11?
TheUnited States FDA 21 CFR Part 11addresses the security and integrity of data for cleanrooms and other FDA regulated environments. FDA 21 CFR Part 11 outlines how electronic records should be created and maintained. Such records must be accurate and reliable for both adherence to the standard and to maintain the safety of the regulated environment. FDA CFR 21 Part 11 is not a mandate for the use of electronic records, but instead directs companies choosing to use electronic records with guidelines on how to keep that data safe and in compliance.
The safety of many products depends on the integrity and accuracy of environmental monitoring systems because operating outside environmental parameter thresholds can compromise product. The electronic records of environmental monitoring data are regulated by FDA CFR 21 Part 11 in industries including:
- Medical Devices
- Pharmaceuticals
- Food Products
FDA 21 CFR Part 11 Compliance
For FDA 21 CFR Part 11 compliance, an environmental monitoring system must be validated frequently. In addition, secure databases and computers prevent tampering. Recording the date, time, and personnel of each entry, as well as marking all data changes, ensure compliance and can help avoid error in production processes. The environmental monitoring system used to maintain compliance with FDA 21 CFR Part 11 should allow for easy review of metadata for entries. Regulated environments must have secure systems for record generation and storage, automatically created and time-stamped records, and an easy way to retrieve said records for audits.
A crucial piece of maintaining FDA 21 CFR Part 11 compliance relies on electronic signatures. Electronic signatures, such as those used as the equivalent of a handwritten signature or initials, need to be valid. In the electronic records covered by FDA 21 CFR Part 11, electronic signatures are most typically used when documenting events or actions. To be considered valid, an electronic signature must have non-repudiation. Non-repudiation is when the author of a statement cannot dispute they composed said statement, and for FDA 21 CFR Part 11 compliance, this means a user must verify their signature when entering or accessing data.
Maintain Compliance and Data Security with Setra CEMS
Setra’s Continuous Environmental Monitoring System (CEMS)can help regulated environments with FDA 21 CFR Part 11 compliance. Data collected and stored by CEMS is encrypted by industry standard AES-256 algorithm. Types of data collected by CEMS includes:
- Environmental Data
- Personnel Identifiers
- Asset Information
Built on top of Amazon Web Services, backups of data and high availability are incorporated into CEMS; 6 copies of data are maintained at all times in 3 separate locations so in the unlikely event of a primary database failure, data can be automatically recovered. Daily backups of data are retained for 7 days.
For data security purposes, Setra has partnered with a 3rdparty security firm to identify and address security vulnerabilities, including the Open Web Application Security Project (OWASP) Top 10. In addition, CEMS undergoes rigorous 24/7 vulnerability scanning. All traffic to and from CEMS is encrypted, and user access to the web portal is limited to HTTPS. Access to the CEMS portal is only through valid credentials, and any unauthorized login attempts are logged. Minimum password strength requirements and regularly scheduled expiring passwords enforce a strong password policy.
数据安全是在线平台的一个关键问题,这就是Setra在构建Setra CEMS时如此谨慎的原因。此外,整合数据完整性的重要性是Setra的CEMS如何提供符合法规、认证和认证的洁净室监测系统,如FDA 21 CFR Part 11。
