21 CFR Part 11 - software designed for easier compliance

Industries needing secure SCADA systems, including those affected by FDA 21 CFR Part 11 regulations, can benefit from Prodigy's "one tick" approach towards compliance.


21 CFR Part 11 Compliance

Audit Trail

  • Comprehensive Audit Trail
  • Security encrypted
  • Audit reporting
  • Audit analysis
  • Automatic archive

User Security

  • Unique user I.D.
  • Password expiry
  • Enforced password length
  • Operator comments
  • Timed operator logout
  • Auto lockout on tamper
  • User barring
  • User access log

Data Security

  • 128 bit data encryption
  • No commercial decryption tools

FDA 21 CFR Part 11 defines the U.S. Food and Drug Administration rules on the storage and control of electronic records and the implementation of electronic signatures.

The regulation sets out the mandatory requirements for compliance of electronic systems used in the industries covered by the legislation.

These industries include drug & pharmaceutical, food and beverage, biological or medical device manufacturing, cosmetics, blood handling processes etc.

21 CFR Part 11 applies specifically to companies based in or supplying into the U.S. However similar regulations by other agencies such as the Foods Standards Agency (UK) and EFSIS (EU) are likely to be based on the FDA rules.

Other standards such as GAMP (Good Automated Manufacturing Practice) and GLP (Good Laboratory Practice) also require defined levels of data security and traceability.

It is therefore important when choosing software that it is capable of compliance with the regulatory requirements.

21 CFR Part 11 Compliance Made Simple

In meeting the 21 CFR Part 11 requirements the Prodigy design philosophy has been to go beyond simple technical compliance by providing facilities that are both extensive and flexible yet easy to apply.

In order to aid compliance a 'one tick' approach is provided that can be used to automatically configure facilities for 21 CFR Part 11. Alternatively, for maximum flexibility the facilities can be selected and configured manually.

21 cfr part 11

Audit Trail

21 CFR Part 11 regulation requires that a verifiable audit trail is provided. The audit trail facility works throughout Prodigy and once enabled generates a time stamped record of every user action that makes a material change to the system.

  • Such actions include:
  • User log on
  • User log off
  • Manual signal value changes
  • Configuration changes
  • Alarm acceptance
  • Recipe changes
  • System start up/shutdown
  • Invalid user access
  • Password changes
  • User lockout
  • Display changes
  • Program execution

User Security

With FDA 21 CFR Part 11 Compliance the standard Prodigy User Security is enhanced to meet the requirements for electronic signatures. A user database allows each user to be assigned a unique user ID and high security password as well as a list of allowed actions or privileges.CRF 21 Part 11 software

The minimum password length and the password expiry period is configurable, defaulting to 6 characters and 180 days respectively when the 'one tick' enable option is selected.

User access is recorded to audit trail and repeated invalid access by any user automatically invalidates the users account. To prevent access due to the system being left open inadvertently the system automatically logs off inactive users.

User access is recorded as part of the audit trail and repeated invalid access will automatically invalidate that user's account. Automatic log off of an inactive users prevents the system being left open inadvertently.

Data Security

To ensure data security all text based configuration and data files are encrypted. Full 128 bit multi-cyclic encryption is used to resist even the most sophisticated and determined of would-be hackers.

The encryption process is irreversible and once encrypted all affected configuration and data files are readable only through the Prodigy programs to which they relate.

Prodigy software also password protects all Access™ databases. The passwords used are created by the Prodigy system on an individual database basis and once applied opening of the database is prevented other than via a relevant Prodigy program.

Secure File Browser

For 21 CFR Part 11 Prodigy provides a Secure File Browser to replace the standard Windows file browser, which allows options that are incompatible with secure applications. These include, for example, the ability to; delete, rename and copy files; launch programs; browse to other areas of the computer. The browsing level and file deletion capability of the Secure File Browser can be set to eliminate these security loopholes.

Desktop Security Lockdown


"Tascomp's 'one shot' implementation of FDA 21 CFR Part 11 standard enables a manufacturer to establish a compliant and validated system quickly and easily. Incorporation of a full audit trail, secure file format and user security by electronic signatures provides the perfect solution for many of our MEDACS and SL400 wireless installations and complements our own validatable system for transport and distribution"

Martin Westover, Signatrol Limited

Prodigy software also provides complete and flexible options for configuring desktop lockdown on the computer that it runs on.

Depending upon security requirements this can prevent the users of the system from gaining access to Explorer, system tools, games, the internet, network resources and so on.

This kind of lockdown is recommended in many application areas where you want to prevent "tampering" with the system, either intentional or otherwise. The desktop lockdown is a standard security facility in all Prodigy packages and is often useful for non 21 CFR Part 11 systems.

Applying the technical control required for 21 CFR Part 11 is made simple with Prodigy’s ‘one tick’ approach allowing users to concentrate on the procedural and administrative controls required for full compliance.

The FDA 21 CFR Part 11 Compliance facility comes as standard in the Prodigy Complete software package and is an add-on option in Prodigy Chart Recorder, Lite or Classic software packages. The facility can be enabled on any Prodigy software package from version 7 onwards. Users of earlier versions who require the facility can do so simply by upgrading to the latest version.

More information on 21 CFR Part 11 facilities as well as the standard User Access and Security features is available in the Prodigy Technical Overview