21 CFR Part 11 user guide for the Mastersizer 3000 software

User guide providing advice on how to achieve technical compliance to 21CFR Part 11 when using the Mastersizer 3000 software.

Assumptions

This document is intended to be read by Mastersizer 3000 system administrators. Administrators are defined as people responsible for the security and 21 CFR Part 11 compliance of the instrument. Knowledge of the Windows™ operating system is assumed along with some familiarity with the instrument software.

In order to allow the 21CFR11 features to be configured correctly, the software must be installed in accordance with the guidance provided by the Software Update Notification document contained on the software CD-ROM, and the 21CFR11 feature key will have been installed. The features described here relate to Mastersizer 3000 v1.10 or higher software. Details of software updates can be found in the Software Update Notification document.

Software Security

The Mastersizer 3000 software can be secured using the Malvern Access Configurator (MAC) application. This allows Windows users and groups to be assigned to Mastersizer 3000 roles. These roles can be defined by the system administrator.

The MAC application is provided on the Mastersizer 3000 software CD-ROM. It needs to be installed as a separate, stand-alone component. Please refer to the Software Update Notification document for the Mastersizer 3000 software regarding the installation of the MAC. The MAC help file provides a functional description of the applications capabilities. Technical Note MRK1828 provides a step by step guide to configuring a security system within the MAC, and describes the process of exporting security settings to other applications. The Mastersizer 3000 user guide describes how security is enabled for each instance of the Mastersizer software, guidance which is also repeated within the document.

Setting up users

The way in which users and groups are defined for the Mastersizer 3000 application has changed compared to the approach used in previous Malvern applications. In the past, administrators had to set up users and passwords for each installation of the Malvern software. Although this provided the ability to precisely configure the software security system for each installation, it also made it very difficult to share the security configuration between different Malvern systems installed on the same network or within the same company.

In order to allow access permissions to be shared between systems, the MAC utility now relies on the local Windows security system to provide authentication of user names and passwords (figure 1).

Figure 1: An example of user selection for a role within the MAC application. The user list is obtained from the Windows network upon which the software is installed.
MRK1747_fig01

Control of these is therefore provided as part of the standard IT policies applied at each customer site. For this reason, the Mastersizer 3000 software and the MAC do not provide specific features relating to user and password maintenance, computer lock-outs following inactivity and application access as these are provided by the Windows operating system via the domain policy implemented by the local IT department. The advantage of this approach is that the roles accessible by different users can be set up once, and then applied to any Mastersizer 3000 installation running on the same network.

Role Definitions

The MAC application allows different roles to be defined for users of the Mastersizer 3000 software (figure 2).

Figure 2: Roles within the Malvern Access Configurator application.
MRK1747_fig02

Roles are constituted by sets of permissions to perform functions.  By grouping permissions to perform functions into logical role types it is then possible to then create intricate layers of security control within the system. For example, all those users having the "Basic User" role might be able to run measurements, but not edit records. Similarly an "Intern" role might be able to access reports, but not run measurements.

The way roles can are defined is very flexible. Administrators can define very simple roles, within which the members only have limited software access. However, it is also possible to assign roles as being members of other roles. For instance, an Advanced User might have a set of specific high-level permissions that have been individually assigned, yet they still need to be able to perform the functions of a Basic User. In this case it is easier to assign all Basic User permissions to the Advanced User role by making the Advanced User "a member of" the Basic User role (figure 3).

Figure 3: Role structures.
MRK1747_fig03

This saves time in structuring your security hierarchy and also makes it easier to keep lists of permissions for a role up to date (i.e. you only need amend the core role that holds those functions, in this example the Basic User role, to know that the Advanced is also up to date).

Role Validity

The period of time over which a role is active can be set within the MAC application (figure 4). This enables roles to be created for short time periods if required, for instance to allow the completion of a specific project by a group of users.

Figure 4: Setting the role validity period.
MRK1747_fig04

Role Permissions

The Mastersizer 3000 user actions associated with each role can be configured to provide the level of access required (figure 5).

Figure 5: Permissions set for a role created for the Mastersizer 3000 system.
MRK1747_fig05

Permissions are grouped into the following sets:

  • Reports: Permissions relating to the creation, editing and printing of reports.
  • SOP: Permissions relating to the export and reviewing of SOP settings.
  • SOPEditor: Permissions relating to the creation of SOPs.
  • Measurements: Permissions relating to the creation, editing and deletion of measurement files and records.
  • Measurementinitiation: Permissions relating to the process of making measurements using either SOPs or the system's manual measurement mode.
  • Auditing: Permissions relating to the review of the system and measurement file audits.
  • Macro: Permissions relating to the creation and running of macros.
  • Accessories: Permissions relating to the control of dispersion units.
  • Scripting: Access control to the script engine within the MS3000 software, as required for Malvern service engineers.
  • Engineering: Access control for the engineering functions within the software, as required by Malvern service engineers.
  • DataExport: Permissions relating to the set up and use of data export templates.
  • Database: Access control for the database of material and dispersant properties stored within the Mastersizer 3000 software.
  • RecordView: Permissions relating to the configuration of the record view.
  • OperationalQualificationProcedures (OQ): Permissions relating to the generation of OQ certificates within the software.
  • ElectronicSignatures: Permissions relating to the use of the electronic signatures functions available using the 21CRFR Part 11 feature key.

Administrators can set the validity period for each permission assigned to a role. A complete list of permissions, which can be used in setting up roles for the Mastersizer 3000 software, is provided in the appendix of this document.

Role Members

The final part of configuring the Mastersizer 3000 security system is to assign different users to each of the roles which have been defined within the MAC application. The list of available users is obtained from the local Windows network. The MAC application is able to assign either specific users or user groups to each role. In addition, a validity period can be set, defining the period of time over which each user or group has access to the capabilities of the role which is being configured (figure 6).

Figure 6: Assigning users and groups to a role.
MRK1747_fig06

In addition to allowing different Windows users and groups to be assigned access to a role, it is also possible to assign the permissions of a given role to other roles within the MAC application. This is configured using the 'Has These Member Roles' tab within the Role Detail setup dialogue (figure 6). All roles listed within this tab will inherit the role's permissions. In addition, it is possible for a role to obtain permissions from another role which is already defined within the MAC application. This is configured using the 'Is A Member Of' tab within the Role Detail setup dialogue (figure 6).  The role being configured will inherit permissions from any role listed within this tab. An example of this is shown in figure 7: here the Power User role has been set-up to inherit all of the permissions associated with the QC User role.

Figure 7: Assigning roles within the MAC application.
MRK1747_fig07

Auditing security set-up

Depending on your local validation requirements, it may be necessary to control access to the MAC application, and also audit any changes applied to the security configuration for the Mastersizer 3000 software. Full details of how this is achieved are provided in Technical Note MRK1828.

Access control for the MAC application is set up using exactly the same approach as is described for the Mastersizer 3000 application above. All that is required is for the permissions associated with the MAC application to be imported into the MAC software. Administrators can then select the MAC application within the interface, and can then set up specific roles (figure 8).

Figure 8: Application selection within the MAC interface. In this example, it is the MAC application itself which has been selected. Access control can then be set for the different roles listed.
MRK1747_fig08

In addition to this, an audit can be enabled for the MAC application. This provides information on any changes which have been made to the security configurations associated with any application currently controlled by the MAC (figure 9).

Figure 9: MAC application audit trail example.
MRK1747_fig09

Enabling Security within the Mastersizer 3000 software

The security settings are transferred between the MAC software and the Mastersizer 3000 software via a secure settings file. Full instructions on how to achieve this are provided in the MAC application help, within Technical Note MRK1828 and also within the Mastersizer 3000 User Manual. The security system can only be enabled by users who are administrators on the computer running the Mastersizer 3000 software.

21CFR11 Specific Features

The Mastersizer 3000 security system is available for all systems users. However, the software also provides a set of specific 21CFR11 features, access to which is controlled using a feature key. These options are available via the program Options, accessible from the File menu tab.

To enable 21CFR11 mode, select the 21CFR Part 11 section from within the Options dialogue. You will be prompted to enter a valid 21CFR11 feature key for your system, if this has not already been done for your software installation. Once this has been successfully entered, the audit and electronic signatures options will become available for you to enable. You must be an administrator on the computer running the Mastersizer 3000 software in order to enable these options.

Auditing

When 21CFR 11 mode is enabled, the Mastersizer 3000 software can be configured to store an audit trail of key record creation and editing activities using the Enable Audit option in the 21CFR Part 11 section of the Options dialogue. When enabled, the audit information is stored in two distinct audit trails:

  • System audit: provides information specific to the current Mastersizer 3000 system, including record creation and deletion activities.
  • Records audit: provides the ability to track changes to specific records or SOPs.

These audits can be accessed using the System and Records options available within the Review ribbon bar. A summary of the audit capabilities is provided here - please refer to the Mastersizer 3000 user manual or help file for more information.

System Audit

The system-based audit trail keeps track of all user activity which cannot be associated with specific records within a measurement file. This includes application start-up / shut-down, initial record creation and record deletion. Other system activities, such as the activation of the security system, are also logged (figure 10).

Figure 10: Example system audit.
MRK1747_fig10

For each audit entry, the time of the audited action is logged along with the user and computer details. In addition, further information can be obtained for each action. So, in the case of record creation, the name of the measurement file within which the record is created is logged, along with the record number.

Measurement Record Auditing

Each measurement record stored within a Mastersizer 3000 measurement file automatically contains all of the key method and analysis parameters used in creating the record, as well as a log of the user who was logged into the software at the time the record was created. This enables a full audit of the SOP settings used for record creation. Beyond this, any changes made to a record post-measurement are also audited when operating in 21CFR 11 mode. Administrators can obtain access to this audit information from within the software's record view, by double clicking on a record and selecting the View Record Audit History option. Alternatively, the Records option within the Review ribbon bar can be used. Both of these actions causes an audit to be displayed detailing any changes which have applied to the selected records (figure 11).

Figure 11: Example measurement record audit. In this case, the audit confirms that the user has edited the sample identifier.
MRK1747_fig11

System Audit Trail Intervals and Storage

It is possible to control the approximate size of the system audit trail file by specifying how often a new file is created. This is controlled using the Schedule option within the Review ribbon bar in the software. In addition, the location of the audit file can be changed using the Audit Trail Folder option.

Figure 12: System audit trail period selection.
MRK1747_fig12

A new audit trail file can either be created every day, every week on a specific day of the week, or every month on a specific day of the month (figure 12). The period selected depends upon the usage of the Mastersizer 3000 system and the typical number of auditable events that occur in a day. This can only be assessed by the user from experience of using the system. Typical practice is to start a new audit file weekly and observe the number of events audited over that period.

SOP Versions

The SOP files used by the Mastersizer 3000 to set measurement conditions contain their own audit history in the form of a file version history. Each time that an SOP is edited, a new version is created and the original values are preserved. By viewing the SOP History, it is possible to see what changes have been made.

Figure 13: SOP version history. In this case, the user has selected to only view the SOP parameters which have been modified across each version of the SOP.
MRK1747_fig13

Administrators reviewing this information can either decide to view all of the parameters stored in each version of the SOP, or to only view those parameters which have been modified (figure 13).

Electronic Signatures

When 21CFR 11 mode is enabled, the Mastersizer 3000 software can be configured to enable the signing of records using the Enable Electronic Signatures option in the 21CFR Part 11 section of the Options dialogue. When this option is enabled, two options become available within the Review section of the Mastersizer 3000 ribbon bar:

  • Sign Selected Records: allows a signature to be applied to a record or a selection of records.
  • View Signature History: provides a view, similar to the audit history view, showing the signatures which have been applied to a record or group of records.

In addition to this, right clicking on a record within the record view provides access to a Sign-off Result function, which also allows a signature to be applied.

When a user decides to apply a signature, a SignRecord dialogue will appear, within which a reason for the signature can be entered and the user can also re-authenticate (figure 14). In addition, users with an appropriate level of access within the security system can decide to sign the record as a final reviewer. If this option is selected the record will be locked, ensuring that it cannot be modified.

Figure 14: Record signature dialogue.
MRK1747_fig14

Note that any signatures applied to a record are removed by the software system if the record is edited. Also, following locking, the only way of editing a record is to create a new copy of it within the measurement file. This action will also cause any existing signatures to be removed.

Appendix 1 - Security Permissions

The security permissions that can be set for different Groups within the Mastersizer 3000 software are detailed below.

PermissionDescription
Print ReportPrint reports
Create or Edit ReportsCreate a new report
Delete ReportDelete a report
Select ReportsChoose which reports to show as tabs
Extract SOPExtracts the SOP settings from a measurement record.
Create SOP fileCreates a new SOP file
Opens a SOP fileOpens an existing SOP file into the application.
View SOP summary reportViews the summary report of a SOP
View SOP HistoryView the history details associated with a SOP
Save SOPSave an SOP in the SOP Editor
Save SOP AsSave an SOP under a new name in the SOP Editor
Save SOP As TemplateSave an SOP as a Template
Edit MeasurementsEdit measurements
Delete MeasurementsDelete measurements
Copy MeasurementsCopy measurements to the clipboard
Paste MeasurementsPaste measurements between measurement files
Create new measurement fileInitiates the creation of a new measurement file
Create averaged resultCreates an averaged result for a selection of results
Open SOP PlayerOpen the SOP Player to allow creation, editing and running of playlists.
Initiate SOP MeasurementInitiate an SOP Measurement
Initiate PV SOP MeasurementInitiate an PV SOP Measurement
Initiate PV QAS SOP MeasurementInitiate a PV QAS SOP Measurement
Initiate Manual MeasurementInitiate a Manual Measurement
View Audit Trail With ArchiveView system audit trail archive
View Audit TrailView the current system audit trail
Archive Audit TrailArchive system audit trails
Open Audit Trail FolderOpen the folder where system audit trails are stored.
View measurements audit trailView audit trail for selected measurements
Add a user macroAdd a user macro
Delete macroDelete a macro
Launch Accessories ControlLaunches the accessory control window
Open Dispersant Sources Database viewOpen dispersant source database view, from where the dispersants tank behavior can be configured
Launch Script EngineLaunches the MS3000 Scripting Engine
Open EngineeringAccess the engineering dialog
Open MaintenanceAccess the maintenance controls
Configures the engineering add-inConfigures the engineering add-in
Show Engineering Macro LauncherShow the launcher for the engineering macros
Loads the specified engineering add-inLaunches the MS3000 Scripting Engine
Initiates data exportInitiates the export of measurement data into other formats
Create or edit new data export templatesCreates a new data export template.
Delete Data Export TemplateDeletes an existing data export template from the system.
Open Materials DatabaseOpen the database of materials
Open Dispersants DatabaseOpen the database of dispersants
Configure record viewConfigures the measurement parameters to be displayed on the record view
Show Current ResultsShows only the current version of records within the Records View. Previous versions are hidden.
Show All ResultsShows all results including previous versions in the Records View
Generate PV CertificateGenerate a PV certificate for the selected results.
View record signature historyView a record's signature history.
Enable electronic signaturesEnables the electronic signatures function.
Disable electronic signaturesDisables the electronic signatures function.
Non Locking Sign OffAllows users to apply a signature which does not lock a record.
Locking Sign OffAllows the final and locking sign off to be applied.
Change WorkspaceControl the ability to change to the private workspace.
Modify company informationControl the ability to change the company information in the options menu.

Login

Not registered yet? Create an account