PDXpert PLM Software
Product Lifecycle Management
PDXpert PLM software features: Electronic signature
PDXpert software assists compliance with U.S. Food and Drug Administration regulation 21 CFR Part 11 - Electronic Records; Electronic Signatures (20 March 1997).
Relevant extracts are shown; refer to the actual regulation for complete information.
§11.10 - Electronic Records Integrity
FDA requirement
...ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine.
PDXpert PLM software
All access to electronic records within PDXpert requires a named-user log-in account. Each account has a user-managed log-in password, with separate (optional) password for change form sign-off. A computed one-way hash - more secure than encryption - validates that the signature is genuine.
§11.10(b) - Record Copies and Inspection
FDA requirement
The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency.
PDXpert PLM software
Each document, part and change form record has both a computer screen form and an equivalent printed report. Each equivalent printed report can be exported as an electronic file.
§11.10(c) - Record Protection and Retrieval
FDA requirement
Protection of records to enable their accurate and ready retrieval throughout the records retention period.
PDXpert PLM software
Database records and associated electronic library files are protected from (a) inappropriate access using system log-in credentials; (b) pre-approval modification or deletion via security access roles; and (c) post-approval modification or deletion via system-level constraints. PDXpert renames file system objects to ensure uniqueness and to obscure their original source and purpose.
§11.10(d) - System Access Control
FDA requirement
Limiting system access to authorized individuals.
PDXpert PLM software
System access is limited to those individuals who have been assigned a log-in account. Administrators can create or revoke access to PDXpert for any individual. PDXpert provides users with the option of forward secrecy encryption.
§11.10(e) - Audit Trails
FDA requirement
Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. ...
PDXpert PLM software
Created document, part and change form records includes the date/time of initial release and identifies the releasing approvers. Each new item modification (revision) of a previously-approved item indicates the new iteration's approvers and date/time. Previously-approved electronic records cannot be deleted, but can be canceled with approvers' names and date/time stamps.
§11.10(f) - Operational System Checks
FDA requirement
Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate.
PDXpert PLM software
PDXpert workflow includes sending sequenced notifications to change reviewers and observers.
§11.10(g) - Authority Checks
FDA requirement
Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.
PDXpert PLM software
The administrator-assigned user account determines PDXpert access. The administrator also determines which users have record creation permissions, viewing rights to unreleased or canceled items, and reviewer authority.
§11.10(k) - Systems Documentation Controls
FDA requirement
Use of appropriate controls over systems documentation including: (1) Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance. (2) Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation.
PDXpert PLM software
Access to PDXpert records is controlled by the user account and password. Role-based user permissions can be defined for viewing unreleased, released and canceled document, part and change form records, as well as creating new records. Document and part revision management, with approvals based on formal change review and approval process, is an inherent capability.
§11.50 - Signature Manifestations
FDA requirement
Signed electronic records shall contain information associated with the signing that clearly indicates all of the following: (1) The printed name of the signer; (2) The date and time when the signature was executed; and (3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature.
PDXpert PLM software
A reviewer response on a change form consists of the (1) administrator-assigned reviewer name, (2) system-assigned date/time of the review, and (3) reviewer-selected response (approve, disapprove, hold, etc.) to the proposed change.
§11.70 - Signature/Record Linking
FDA requirement
Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.
PDXpert PLM software
PDXpert automatically links a reviewer response to the change form being reviewed. The response record cannot be modified, copied or transferred to another change form.
§11.200 - Electronic Signature Components and Controls
FDA requirement
Electronic signatures that are not based upon biometrics shall: (1) Employ at least two distinct identification components such as an identification code and password. ...
PDXpert PLM software
The first item to be signed requires logging into PDXpert using two distinct identifiers: an administrator-assigned account name and a self-managed account password. Each user can also have an optional reviewer password that is used exclusively during signing. Subsequent signings while the user has been continuously signed into PDXpert requires only the user's self-managed password.
⚠️ Important Note
Note: The Food and Drug Administration requires a compliant and validated process, not tool. "Off the shelf" software cannot be validated prior to its configuration by the device manufacturer. Instead, many of PDXpert software's FDA-related features must be enabled, configured or assigned to support the device manufacturer's compliant quality system, which is then validated. The FDA's General Principles of Software Validation states that the device manufacturer must "determine what additional efforts are needed to establish that the software is validated for the device manufacturer's intended use."