1. The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy Div for 21 CFR Part 11

2. 2 GAMP requirements of 21 CFR Part 11  1. Access Control (The system should restrict access in accordance with pre-configured rules that can be maintained. Any change to the rules should be recorded)  2. Audit trail (The system should be capable of recording all electronic record create, update, and delete operations. This record should be secure from unauthorized alteration)  3. Authentication (The system should provide proof of identity)  4. Digital signatures (The system must provide a method for linking electronic signatures to their respective electronic records in a way that prevents the signature from being copied, removed, or changed. Additionally, the system should be able to detect invalid or altered records)

3. 3 Item 1: Access Control Access Control (The system should restrict access in accordance with pre-configured rules that can be maintained. Any change to the rules should be recorded)  We have created a client – server access control system that can work with any application and is extremely easy to integrate and operate. This system also supports internationalization.  Our design allows application settings and access control to features to be maintained and edited in one central location. By not storing settings on each client PC, roaming users get the same settings regardless of which PC is used.  The client and server can be installed upon the same machine for a non-network environment.  Any Win 2000/XP workstation computer can be a client or server.

4. 4 The Admin application Admin.exe This application edits the rules for access control and generates audit events for every change to those rules.  The application reads in XML files that describe the unique functionality of each application.  New functionality can be added and merged into an existing application’s rules.  The application supports rules for access control, policies, and electronic signature reasons.  The admin application can edit settings for multiple applications. This allows standardization across divisions.

5. 5 The Admin application Admin.exe The next screen shows the Admin program editing rules for 3 applications, Thermo Admin, Nicolet Omnic, and Spectronic Vision.  Each application can have a hierarchy of menus, menu items, or other descriptions of functionality for access control. For each item, access can be granted or denied to an individual user or group of users.  Each application can have system policy items that are specific rules or settings to be applied. Examples are the ability to overwrite data or the directory where data should be stored.  Each application can assign multiple signature reasons for electronically signing data. Each reason can be granted or denied to an individual user or group of users.

6. 6 Screen capture of Admin application

7. 7 How do the applications find the server?  The first time an application starts you will see the following dialog. If you know the name of the server where the Security Administration software is installed simply type it in the box.  If you do not know the name of the server, you can press the search button and have it automatically found.  If you do not have Administrative rights it will automatically search for the server and you can only view the progress This dialog only appears for users with Admin rights, others just see automatic search progress.

8. 8 Item 2: Audit trail  The “ AuditChangesToFileSystem.msi” should be installed on any computer where data will be stored. This will insure that audit events are generated whenever data is created, deleted, modified, or renamed. This occurs even when the application (such as Omnic) is not running.  These audit events are put into a separate Thermo Electron category so they are not mixed in with all the other events in the Windows NT event log.  The application will not let you save data if it cannot communicate with the server. It checks the connection before saving to insure that an audit event is created when data is changed.

9. 9 Item 3: Authentication  We use Microsoft’s Authentication services to validate the identity of a user.  The user must type in the name and password they would use for the operating system to validate identity.  This authentication occurs when starting the software, and when digitally signing data.

10. 10 Item 4: Digital Signatures  We have created signatures that support the government validated digital signature techniques. This includes usage of the secure hash algorithm SHA-128 and public/private key encryption. This fully meets 21 CFR part 11 requirements.  When data is digitally signed it is impossible to change any part of the file or signature and have the signature be valid.  The digital signature is virtually impossible to forge. I cannot say that it is impossible, just extremely unlikely.

11. 11 Other items: Thermo Log Service  We also have the ThermoLogService which monitors a list of extensions specified in the application XML file. It then sends audit events whenever files of those extensions are created, modified, deleted, or renamed. These events are monitored even outside of the application (such as events from the Windows Explorer).  We have a separate installer for the ThermoLogService so that you can install it on any computer that you want the status of file modifications on local hard disks monitored.  At installation it pops up the dialog shown earlier to specify the location of the server where the audit events will be logged.

12. 12 Other items: Thermo File Service  This service allows a client application to write data to locations that the currently logged in user does not have NTFS access rights to.  This allows data to be collected, but not modified / deleted by the user who created it outside of your application. If the application supports a “Prevent overwriting of files” policy then the data created cannot ever be modified or deleted except by an administrator.  To enable this requires creation of an NTFS directory where administrators have read/write access and users have read- only access.

13. 13 Other miscellaneous security items  We have written code to modify the Windows common open/save dialogs and turn off their ability to browse to other directories or enter in paths in the filename edit box. This allows you to make a policy that lets some users browse and other be constrained to specific directories.  This allows you to force data to be saved in specific locations.  This code also turns off common open/save dialog file operations such as renaming files, deleting files, creating sub-directories, etc.  We prevent printing, copying, or e-mailing data that has not been saved.

14. 14 Overridden Logon procedure  We install software that lets you specify a policy that forces certain users directly into the application from the logon prompt.  This forces certain users directly into the application, they do not get a Start button, toolbar, or desktop in Windows. They cannot do anything but run the application.  When you exit the application it returns you to the Windows logon prompt.  This software also enforces a policy (if you wish) to turn on a password protected screen saver after a specified number of minutes.