Find out how a robust configuration audit and control system can enable electronic submissions and signatures, and validate electronic data, in compliance with the FDA's mandatory submission of clinical trials records.
Tripwire and 21 CFR Part 11
Ensuring Integrity and Trustworthiness of Electronic Clinical Data
white paper
Configuration Control for Virtual and Physical InfrastructuresContents
3 Executive Summary 3 How Configuration Control Software Works 4 In Detail:?How Tripwire Solutions Address 21 CFR Part 11 5 Background 8 Meeting Policy and Audit Requirements 9 Verification of Software 9 Conclusion
2 | WHITE PAPER | Tripwire and 21 CFR Part 11Executive Summary
The U.S. Food and Drug Administration (FDA) has issued a 1set of regulations, collectively called 21 CFR Part 11 and How Configuration Control commonly referred to as Part 11, that provide criteria for Software Worksacceptance of electronic records and electronic signatures Tripwire software takes a snapshot of what data looks like as equivalent to paper records and handwritten signatures in its desired state. The software then monitors for differ-executed on paper. ences from the baseline snapshot to see if anything has These regulations, which apply to all FDA program areas, changed. If change is detected, the administrator is quickly are intended to permit the widest possible use of electronic notified and an auditable record is kept. Tripwire software technology, compatible with the FDA's responsibility to then reports details on which files were added, deleted, or promote and protect public health. Though electronic sub- changed.missions are currently optional, the FDA is paving the way, Tripwire software is different from other "security" with Part 11, for routine and eventually mandatory submis- solutions for electronic assets. For example, a firewall sion of clinical trial records electronically. is intended to prevent unauthorized access to a system Part 11 provides in-depth guidelines and criteria for from outside an organization. A virus protection system ensuring authenticity and integrity of digital records, and scans incoming files for key signatures of common viruses. for documenting and validating authorized change processes Network-based security tools focus on intrusion detection. to systems and software involved in the creation of digital Security analysis tools look for network vulnerabilities to records. The common goal is the ability to discern invalid or hackers.altered records and, conversely, to assure accuracy, reliabil- None of these tools detect-or react to-internal compro-ity, and validity of electronic records and signatures. Typical mises in security, monitor the data itself for unauthorized FDA regulated activities that can accept Part 11-compliant changes, or audit compliance with approved change man-validated electronic records and signatures include new drug agement processes.applications (NDAs), medical product license applications Only Tripwire provides the fundamental configuration (PLAs) and biologics license applications (BLAs). control upon which other tools can build. In fact, because Tripwire® configuration audit and control solutions are it is the only technology dedicated specifically for verify-a natural fit for organizations that want to use electronic ing the integrity of data at rest, it is clearly mapped to the submissions and signatures in compliance with Part 11. primarily goals of Part 11-demonstrating that electronic Tripwire software enables trust in information technology records are trustworthy, reliable and authentically the (IT) and data validation by establishing a baseline of your equivalent of paper records and handwritten signatures cap-systems and data in their known good state, and detecting tured on paper. any change from that trusted state. The trust and validation of electronic data enabled by Tripwire Software AdvantagesTripwire software is so fundamental that it transcends spe- Data integrity is fundamental to any enterprise, conduct-cific industries and regulations, and, yet, satisfies several ing any kind of electronic business. And configuration key comments found in Part 11. audit and control is the core of the Tripwire advantage. In this paper, we will detail which guidelines of 21 CFR Tripwire software guards the digital baseline upon which Part 11 are supported by Tripwire software, and how. the actions of other security products are built and can, in fact, be deployed to "guard the guard"-ensure that routers, switches, servers and security product configurations them-selves have not been tampered with.... [download for more]
