How to activate 21CFRp11 mode on NC-200/ NC-250/NC-3000

Background

The US regulatory agency Food and Drug Administration (FDA) 21 Code of Federal Regulation 21 Part 11; Electronic Records, Electronic Signatures (21 CFR Part 11) came into effect on August 20th 1997. In short, the 21 CFR Part 11 defines the FDA acceptance criteria for the use of electronic records and electronic signatures as equal to paper records with handwritten signatures. The NucleoView™ NC-200™/NC-250™/ NC-3000™ application can be set into a restricted mode (hereafter referred to as 21 CFR Part 11 mode), which prevents operators from violating the 21 CFR Part 11 regulations via the NucleoView™ NC-200™/NC-250™/ NC-3000™ application itself. Consequently, it is possible to achieve compliance on a computer system that is already 21 CFR Part 11 compatible. 

How to activate 21CFRp11 mode on NC-200

  • Setting up ’21 CFR part 11 mode’ consists of the following steps: 
  • Assign users to predefined user groups in Windows Active Directory 
  • Activate ’21 CFR part 11 mode’ 
  • Configure NucleoView™ User Permission
  • Secure local NucleoView™ files 
  • Assign users to predefined user groups in Windows Active Directory.

The installation and activation of the 21 CFR part 11 license requires 3 NucleoView User Groups. The users need to be assigned to these groups. It is most easily done using a Windows Active directory. 

Create these user groups in advance:

  1. NucleoViewAdminNucleoViewSuperVisorNucleoViewUser
  • Activate ’21 CFR part 11 mode’ 
  • The NucleoView™ NC-200™ user group permissions are configured under the ‘Options’ dialog box (Tools →Options → Authorization). 
  • You need to log in as NucleoViewAdmin user in order to enable or disable ’21 CFR part 11 mode’ and apply changes.
  • Check encrypted file format under Event Log Format. Event Log Format NucleoView™ NC-200™ can store the event log as an encrypted file format and/or a plain text format. The encrypted format serves as an authoritative audit trail and can be authenticated. The plain text format is relevant when importing event log data to data management systems. 
  • User Log In. Check user login needed when starting NucleoView. Enabling this option will require users to enter username and password upon launching NucleoView™ NC-200™. Only users belonging to the NucleoViewAdmin, NucleoViewSuperVisor or NucleoViewUser group can log into the application when running in 21 CFR part 11 mode. 
  • User login needed after timeout. After a configurable period of inactivity, the user will be prompted with a log-in screen and is required to enter username and password to continue operating NucleoView™ NC200™.  
  • Configure NucleoView™ User Permissions on NC-200

The laboratory in question needs to decide the user permissions accordingly to SOP.

  • Approve other users results. Define which user groups are authorized to approve recorded data using the Approve function. 
  • Allow self approval. Define which user groups are authorized to approve data recorded by themselves. 
  • Event Log access. Define which user groups are authorized to view the ‘Event Log’ files using the ‘Event Log Viewer’. 
  • Prevent Sample ID renaming. Define which user groups are authorized to rename recorded samples ID. The .cm and .cmpp-file name is also changed when the sample ID is changed. 
  • 15 min renaming grace period. Define which user groups are authorized to rename recorded samples ID within 15 minutes of recording the sample. 
  • Hide Protocol Setup Access. Define which user groups that have access to the Hide Protocols Function. 

After applying the changes to the Options dialog, please click on “Apply” to finish the procedure.

  • Secure local NucleoView™ files 

With the 21 CFR Part 11 license, the NucleoCounter is ready to work under GMP, but does not in itself conform to GMP standards. Only the laboratory in question can be compliant, as 21 CFR Part 11 requires both procedural control (i.e. notifications, training, SOP etc.) and administrative control.

So, to ensure your laboratory as a whole conforms to 21 CFR Part 11, it is needed to develop Standard Operating Procedures (SOPs) and limit the accessibility to the PC system (e.g. with third-party software).  

In the following, three potential strategies for securing the local NucleoView™ data files are presented: a) Secure local files using folder permissions in Windows, b) Secure local files by blocking access to the Windows shell using third party software, c) Securing data by storing NucleoCounter® NC-200™ files on a remote server.

How to activate 21CFRp11 mode on NC-250 and NC-3000

Same procedure for activation of 21CFRp11 mode on NC-250 and NC-3000:

  1. Assign users to predefined user groups in Windows Active Directory 
  2. Activate ’21 CFR part 11 mode’ (only Admin user group)
  3. Configure NucleoView™ Approval (only Admin user group)
  4. Secure local NucleoView™ files 

Configurable software features in the Authorization tab of the Options dialog is described below (Tools → Options →Authorization). Check the boxes accordingly to the SOP of the laboratory in question and click on “Apply” to finish the process.

Last updated byAnonymous