If you're organisation is in the life
sciences industry, quality management and regulatory compliance are key parts
of your business. The FDA, the MHRA and the EMEA require that products,
services and processes are provided and performed in a quality-assured
environment that meets standards such as 21 CFR 820 and GMP.
Life Science organisations across the
globe are turning to software systems and support to help them overcome the bureaucracy of paper-based
systems and streamline their quality management processes.
Compliance with 21 CFR Part 11 requires
your software system to have some pretty strict security features, including
electronic signatures, limited access, audit trails and date/time stamps.
Luckily, version 5.2 of Q-Pulse addresses these with a vast array of new
features. These features include: intruder lockout, session timeout, password
rules enforcement, electronic signatures and a full audit logger/viewer. If any
of that sounds great but means nothing at all to you... let me explain!
Intruder
lockout describes the security features when
logging into Q-Pulse. If you get your password wrong ‘X' times in a row, you
will be locked out of the system. Only a system administrator can reset your
login to allow you access again. The number of password attempts can be
changed, and is set by the system administrator.
Session
timeout is a security feature based on how long
the system is unused while a user is logged in. For example, if I log into the
system and leave my desk for five minutes to make a cup of tea, I would
probably come back to my desk to find that I've been logged out of the system
and have to log in again. This is to stop people going on to your computer and
performing actions under your login.
The session timeout limit can be
adjusted by the system administrator to suit your own organisations needs.
Obviously, setting it as low as two minutes could get annoying if you pause to
answer a phone call or are talking to a colleague. On the other hand, setting
it to a high number, such as 30 minutes means that if you do leave your desk,
there's a greater chance of some devious person to perform actions as you! On a
side note, if you're using Windows, you could always press CTRL+ALT+DELETE and
lock your computer when you leave your desk.
Password
rules enforcement concerns the ‘strength' of users'
passwords. The stronger the password is, the harder it is to guess. For
example, ‘password' would be a weak password as it only contains lowercase
letters and, let's face it, is pretty easy to guess! ‘A!yCi2*34O0' would be a
very strong password, as it contains a combination of uppercase letters,
lowercase letters and numbers and has no personal information in it, such as my
name and date of birth. How you'd remember such a password is another story
altogether! When password rules
enforcement is turned on, Q-Pulse lets you know how strong your password is
when you originally set it. The screenshot below shows some of the options available.
When I first heard of electronic signatures, I thought it had
something to do with signing a bit of paper and scanning it in to the system. I
was wrong!
To quote the 21 CFR Sec. 11.3
definitions (yes, I looked up Wikipedia!), an electronic signature means "a
computer data compilation of any symbol or series of symbols executed, adopted,
or authorized by an individual to be the legally binding equivalent of the
individual's handwritten signature." In simple terms, a username and password
will suffice.
The Q-Pulse Audit
Logger/Viewer is a standalone program that allows users to view a complete
log of all actions taken. Basically, any action that is done on the system is
logged. It allows you to view log entries by date and time, user, action, and
module and is fully searchable. The tool should come in handy and is especially
useful for auditing purposes. For example, you could use it to view all
non-conformances addressed by a certain user, or to look at all actions done in
a certain time frame on a certain date. As an added security feature, if the
log for some reason stops working, the whole Q-Pulse system is frozen until the
problem with the log is sorted. This is to prevent the log from missing any
actions.