Introduction 1

The Requirements in Short 2

Meeting the Requirements
with PM-QUALITY 3
SIMATIC WinCC Premium Add-on
PM-QUALITY V10 Evaluation List for PM-
QUALITY 4
ERES Compliance Response

Product Information

Electronic Records /
Electronic Signatures (ERES)

11/2017
A5E39256039-AA
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.

DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.

WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.

CAUTION
indicates that minor personal injury can result if proper precautions are not taken.

NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will be
used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property
damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified
personnel are those who, based on their training and experience, are capable of identifying risks and avoiding
potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:

WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended or
approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and
maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.

Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software described.
Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in
this publication is reviewed regularly and any necessary corrections are included in subsequent editions.

Siemens AG A5E39256039-AA Copyright © Siemens AG 2017.

Division Process Industries and Drives Ⓟ 11/2017 Subject to change All rights reserved
Postfach 48 48
90026 NÜRNBERG
GERMANY
Table of contents

1 Introduction...................................................................................................................................................7
2 The Requirements in Short...........................................................................................................................9
3 Meeting the Requirements with PM-QUALITY...........................................................................................11
3.1 Lifecycle and Validation of Computerized Systems...............................................................11
3.2 Suppliers and Service Providers............................................................................................11
3.3 Data Integrity..........................................................................................................................11
3.4 Audit Trail, Change Control Support......................................................................................13
3.5 System Access, Identification Codes and Passwords...........................................................14
3.6 Electronic signature................................................................................................................15
4 Evaluation List for PM-QUALITY................................................................................................................17
4.1 Lifecycle and Validation of Computerized Systems...............................................................17
4.2 Suppliers and Service Providers............................................................................................19
4.3 Data Integrity..........................................................................................................................20
4.4 Audit Trail, Change Control Support......................................................................................21
4.5 System Access, Identification Codes and Passwords...........................................................21
4.6 Electronic Signature...............................................................................................................23
4.7 Open Systems........................................................................................................................25

ERES Compliance Response

Product Information, 11/2017, A5E39256039-AA 5
Table of contents

ERES Compliance Response

6 Product Information, 11/2017, A5E39256039-AA
Introduction 1
Life science industry is basing key decisions on regulated records that are increasingly
generated, processed and kept electronically. Reviews and approval of such data are also
being provided electronically. Thus the appropriate management of electronic records and
electronic signatures has become an important topic for the life science industry.
Accordingly, regulatory bodies defined criteria under which electronic records and electronic
signatures will be considered as reliable and trustworthy as paper records and handwritten
signatures executed on paper. These requirements have been set forth by the US FDA in
21 CFR Part 11 (21 CFR Part 11 Electronic Records; Electronic Signatures, US FDA, 1997;
in short: Part 11) and by the European Commission in Annex 11 of the EU GMP Guideline (EU
Guidelines to Good Manufacturing Practice, Volume 4, Annex 11: Computerised Systems,
European Commission, 2011; in short: Annex 11).
Since requirements on electronic records and electronic signatures are always tied to a
computerized system being in a validated state, both regulations also include stipulations on
validation and lifecycle of the computerized system.
Application of Part 11 and Annex 11 (or their corresponding implementation in national
legislation) is mandatory for the use of electronic records and electronic signatures. However,
these regulations are only valid within their defined scope.
The scope of both regulations is defined by the regional market to which the finished
pharmaceutical product is distributed and by whether or not the computerized systems and
electronic records are used as part of GMP-regulated activities (see Part 11.1 and Annex 11
Principle).
Supplemental to the regulations, a number of guidance documents, good practice guides and
interpretations have been published in recent years to support the implementation of the
regulations. Some of them are referred to within this document.
As the supplier of PM-QUALITY, Siemens has evaluated version 10 of the system with regard
to these requirements and published the results in this Compliance Response to help its clients.
Due to its level of detail, this analysis is based on the regulations and guidelines mentioned
above.
PM-QUALITY V10 fully meets the functional requirements for the use of electronic records and
electronic signatures.
Operation in conformity with the regulations is ensured in conjunction with organizational
measures and procedural controls to be established by the client (the regulated user). Such
measures and controls are mentioned in chapter "Evaluation List for PM-QUALITY (Page 17)"
of this document.
This document is divided into three parts:
1. The chapter "The Requirements in Short (Page 9)" provides a brief description of the
requirement clusters.
2. Chapter "Meeting the Requirements with PM-QUALITY (Page 11)" introduces the
functionality of PM-QUALITY V10 as means to meet those requirements.
3. Chapter "Evaluation List for PM-QUALITY (Page 17)" contains a detailed system
assessment on the basis of the individual requirements of the relevant regulations.

ERES Compliance Response

Product Information, 11/2017, A5E39256039-AA 7
Introduction

ERES Compliance Response

8 Product Information, 11/2017, A5E39256039-AA
The Requirements in Short 2
Annex 11 and Part 11 take into account that the risk of manipulation, misinterpretation and
changes without leaving a visible trace is higher with electronic records and electronic
signatures than with conventional paper records and handwritten signatures. Furthermore the
means to restrict access to electronic records to authorized individuals are very different to
those required to restrict access to paper records. Additional measures are required for such
reasons.
The terms "electronic record" / "electronic document" mean any combination of text, graphics,
data, audio, pictorial or other information representation in digital form that is created, modified,
maintained, archived, retrieved or distributed by a computer system.
The term "electronic signature" means a computer data compilation of any symbol or series
of symbols executed, adopted, or authorized by an individual to be the legally binding
equivalent of the individual's handwritten signature. Since electronic signatures are also
considered as being electronic records by themselves, all requirements for electronic records
are applied to electronic signatures too.
The following table provides an overview of the requirements from both regulations.

Requirement Description
Lifecycle and Validation of Computerized systems used as a part of GMP-related activities must
Computerized Systems be validated. The validation process should be defined using a risk-
based approach. It should cover all relevant steps of the lifecycle and
must provide appropriate documented evidence.
The system's functionality should be traceable throughout the lifecycle
by being documented in specifications or a system description.
A formal change control procedure as well as an incident management
should be established. Periodic evaluation should confirm that the vali‐
dated state of the system is being maintained.
Suppliers and Service Provid‐ Since competency and reliability of suppliers and service providers are
ers considered key factors, the supplier assessment should be decided on
a risk-based approach. Formal agreements should exist between the
regulated user and these third parties, including clear responsibilities
of the third party.
Data Integrity Under the requirements of both regulations, electronic records and
electronic signatures must be as reliable and trustworthy as paper re‐
cords.
The system must provide the ability to discern altered records. Built-in
checks for the correct and secure handling of data should be provided
for manually entered data as well as for data being electronically ex‐
changed with other systems.
The system's ability to generate accurate and complete copies is es‐
sential for the use of the electronic records for regulated purposes, as
well as the accessibility, readability, and integrity of archived data
throughout the retention period.

ERES Compliance Response

Product Information, 11/2017, A5E39256039-AA 9
The Requirements in Short

Requirement Description
Audit Trail, Change Control Besides recording changes to the system as defined in the lifecycle,
Support both regulations require that changes on GMP-relevant data are being
recorded.
Such an audit trail should include information on the change (before /
after data), the identity of the operator, a time stamp, as well as the
reason for the change.
System Access, Identifica‐ Access to the system must be limited to authorized individuals. Attention
tion Codes and Passwords should be paid to password security. Changes on the configuration of
user access management should be recorded.
Periodic reviews should ensure the validity of identification codes. Pro‐
cedures should exist for recalling access rights if a person leaves and
for loss management.
Special consideration should be given to the use of devices that bear
or generate identification code or password information.
Electronic Signature Regulations consider electronic signatures being legally binding and
generally equivalent to handwritten signatures executed on paper.
Beyond requirements on identification codes and passwords as stated
above, electronic signatures must be unique to an individual. They must
be linked to their respective electronic record and not be copied or oth‐
erwise being altered.
Open Systems Open systems might require additional controls or measures to ensure
data integrity and confidentiality.

ERES Compliance Response

10 Product Information, 11/2017, A5E39256039-AA
Meeting the Requirements with PM-QUALITY 3
The Siemens recommendations for the system architecture, conception, and configuration will
assist system users in achieving compliance. Additional information is available in the online
help system for PM-QUALITY from Siemens.
The requirements explained in chapter "The Requirements in Short (Page 9)" can be supported
by the system as follows.

3.1 Lifecycle and Validation of Computerized Systems

Although Annex 11 in 1992 and Part 11 in 1997 underlined that a computerized system should
be subject to validation, it was not until the 2011 revision of Annex 11 that a comprehensive
set of criteria for the validation of the system and its lifecycle had been introduced.
Nonetheless the requirements to validate a computerized system and to keep it in a validated
state had long been a part of regulations other than Part 11 and Annex 11. This was the
motivation for the ISPE (International Society of Pharmaceutical Engineers, http://
www.ispe.org) to publish practical guidance like the Baseline Guides (Baseline®
Pharmaceutical Engineering Guides for New and Renovated Facilities, Volume 1-7, ISPE),
the GAMP 5 guide (GAMP 5 – A Risk-Based Approach to Compliant GxP Computerized
Systems, ISPE, 2008) as well as the GAMP Good Practice Guides.
Thus the system lifecycle as well as the approach to validation should be defined considering
the guidance from the GAMP 5 guide. The guide also includes a number of appendices for
lifecycle management, system development and operation of computerized systems.
Since most pharmaceutical companies already have a validation methodology for
computerized systems as a part of their process landscape, it is preferable to set up the
systems lifecycle and validation according to these.

3.2 Suppliers and Service Providers

Suppliers of systems, solutions and services must be evaluated accordingly, see GAMP 5
Appendix M2. Siemens as a manufacturer of hardware and software components follows
internal procedures of Product Lifecycle Management and works according to a Quality
Management System, which is regularly reviewed and certified by an external certification
company.

3.3 Data Integrity

Data integrity is assured in the system by measures like access protection, audit trail, data
type checks, checksums, backup/restore, and archiving/retrieval, completed by system
validation, appropriate procedures and training for personnel.

ERES Compliance Response

Product Information, 11/2017, A5E39256039-AA 11
Meeting the Requirements with PM-QUALITY
3.3 Data Integrity

Batch-based recording of data and archiving

The PM-QUALITY system collects process values and messages from different operator
panels (WinCC, WinCC RT Professional / RT Advanced / Comfort Panel, PCS 7) at the same
time. The collected data is stored under a unique batch name in the PM-QUALITY database
in chronological order. After releasing the batch data (either automatically or manually), it is
automatically exported to a long-term archive in form of a database and / or in PDF format.
During export to the export database, each data record is write-protected and marked as
"locked" by a lock symbol in the icon. This prevents any changes at a later time.

Figure 3-1 Batch list with exported and locked batches

Redundancy option
The PM-QUALITY system uses the Data Center option to collect batch data in two databases
at the same time. After completion of a batch, the recordings are compared, combined
according to a specified algorithm and saved in a shared export database.

ERES Compliance Response

12 Product Information, 11/2017, A5E39256039-AA
 Meeting the Requirements with PM-QUALITY
3.4 Audit Trail, Change Control Support

Archiving of the PM-QUALITY databases

You can set up cyclic backup of the PM-QUALITY runtime database with the WinCC tool
CopyWinCCProject.

3.4 Audit Trail, Change Control Support

"Audit trails are of particular importance in areas where operator actions generate, modify, or
delete data in the course of normal operation." (Guidance for Industry Part 11 – Scope and
Application, FDA, 2003)
An audit trail is not required for automatically generated electronic records which can neither
be modified nor deleted by the operator. The system provides adequate system security
mechanisms for such electronic records (e.g. access protection).
The following sections describe the implementation of requirements with regard to the audit
trails during runtime operation and provide information on tracking changes made in the
engineering system.

Audit trail during runtime operation

Logging of process data

The PM-QUALITY system only records process data (e.g. process values, process messages
or operator input messages) that are shown in a configurable protocol and archived based on
batches. The system does not offer a user interface that allows operators to change the
collected data.
This is particularly relevant for input of lab values as described in the chapter "Electronic
signature (Page 15)". Lab values can be continuously added and recorded with user name
and time stamp. They cannot be changed or deleted later.

Representation of the audit trail in the batch report

The operator input messages from different operator panels can be displayed in an audit trail
in the PM-QUALITY batch report. The individual operator input messages are selected from
the pool of archived messages with the help of filter settings.

Figure 3-2 Audit Trail in the PM-QUALITY batch report

ERES Compliance Response

Product Information, 11/2017, A5E39256039-AA 13
Meeting the Requirements with PM-QUALITY
3.5 System Access, Identification Codes and Passwords

3.5 System Access, Identification Codes and Passwords

Users may only be assigned the required access rights. in order to prevent unauthorized
access to and unintended manipulation of the file system, directory structures, and system
data.
The requirements regarding access security are fully met in combination with procedural
controls, such as those for "specifying the responsibility and access authorization of the system
users".
Additional security mechanisms need to be set up for any "open paths" which might exist. For
more information on the basic policies of the security concept and configuration
recommendations, refer to the "Security Concept PCS 7 and WinCC" manual.
SIMATIC Logon, a basic function of WinCC, is used to set up user management based on
Microsoft Windows security mechanisms:
● Individual users and their assignment to Windows user groups are defined in the user
account control of Microsoft Windows.
● SIMATIC Logon provides the link between the Windows user groups and the WinCC or PM-
QUALITY user groups.
● User rights with different levels depending on the user group are defined in the user account
management of PM-QUALITY.
The following access security requirements are thereby fulfilled:
● Central user management (setup, deactivation, blocking, unblocking, assignment to user
groups) by the administrator
● Use of a unique user identification (user ID) in combination with a password
● Definition of access rights for user groups
● Access and authorization levels depending on specific plant areas
● Password settings and password aging: The user is forced to change his/her password on
expiration of a configurable time; the password can be reused only after "n" generations.
● Prompt the user to define a new password at initial logon (initial password).
● The user is automatically blocked after a configurable number of failed logon attempts and
can only be unblocked by the administrator.
● Automatic logoff (auto logout) after a configurable idle time of the keyboard and mouse.
● Log functions for actions related to access protection, such as logon, manual and automatic
logoff, input of incorrect user ID or password, user blocked after several attempts to enter
an incorrect password, and password change by user.

ERES Compliance Response

14 Product Information, 11/2017, A5E39256039-AA
 Meeting the Requirements with PM-QUALITY
3.6 Electronic signature

Figure 3-3 SIMATIC Logon configuration

SIMATIC Logon meets the requirements regarding access security in combination with
procedural controls, such as those for specifying the responsibility and access authorization
of the system users.
In addition, users must be assigned specific access rights at operating system level to prevent
unauthorized access to the directory structure of the various system programs and unintended
manipulation.

3.6 Electronic signature

Any later changes to the batch data, such as adding lab values and releasing or locking a
batch, can be linked to an acknowledgment in form of an electronic signature. The password
is entered in the called SIMATIC Logon dialog to identify the logged on user. The SIMATIC
Logon system must be available.

ERES Compliance Response

Product Information, 11/2017, A5E39256039-AA 15
Meeting the Requirements with PM-QUALITY
3.6 Electronic signature

Figure 3-4 Adding PM-QUALITY lab data in the WinCC user interface

You can add data to the batch data as long as a batch has not been exported. You select the
respective batch in the batch list. Each input is saved in the batch data with time stamp, user
name and any comment that was entered, and reproduced in the batch report.

Figure 3-5 PM-QUALITY report with lab values

ERES Compliance Response

16 Product Information, 11/2017, A5E39256039-AA
Evaluation List for PM-QUALITY 4
The following list of requirements includes all regulatory requirements from 21 CFR Part 11
as well as from Annex 11 of the EU‑GMP Guidelines. All requirements are structured in the
same topics as those introduced in the chapter "The Requirements in Short (Page 9)" of this
Compliance Response.
The requirements listed fully consider both regulations, regardless of whether technological
or procedural controls or a combination of both are needed to fully comply with Part 11 and
Annex 11.
The answers include, among other things, information about how the requirement is handled
during the development of the product and which measures should be implemented during
configuration and operation of the system. Furthermore, the answers include references to the
product documentation for technical topics and to the GAMP 5 guide for procedural controls
that are already considered in the guide.

4.1 Lifecycle and Validation of Computerized Systems

The fundamental requirement that a computerized system that is used as a part of GMP-related
activities must be validated is extended by a number of newer Annex 11 requirements detailing
expectations on a system's lifecycle.

Requirement Reference Answer

4.1.1 Risk management should be ap‐ Annex 11, 1 The R&D process for Siemens software products incor‐
plied throughout the lifecycle of the porates risk management accordingly.
computerized system. During the validation of a customer-specific application,
risk management should be ensured by the regulated
user.
4.1.2 Validation of a system ensures its 21 CFR 11.10 (a) Yes. The development of the software product (COTS,
accuracy, reliability, consistent in‐ see Annex 11, glossary) is subject to the control of the
tended performance, and the ability Siemens QMS and the Product Lifecycle Management
to discern invalid or altered records. process.
The regulated user should take appropriate measures
to validate the application (see Annex 11, glossary), as
well as maintaining its validated state.
4.1.3 Validation documentation covers Annex 11, 4.1 Yes. The development process for the software product
relevant steps of the lifecycle. includes all relevant documents.
The responsibility for the validation of the application
(see Annex 11, glossary) is with the regulated user.
4.1.4 A process for the validation of be‐ Annex 11, 4.6 The validation process for customer-specific applica‐
spoke or customized systems tions is the responsibility of the regulated user. None‐
should be in place. theless, Siemens is able to offer support regarding val‐
idation activities.

ERES Compliance Response

Product Information, 11/2017, A5E39256039-AA 17
Evaluation List for PM-QUALITY
4.1 Lifecycle and Validation of Computerized Systems

Requirement Reference Answer

4.1.5 Change management and deviation Annex 11, 4.2 Yes. The R&D process for the software product in‐
management are applied during the cludes change management, deviation management
validation process. and fault corrections.
The regulated user should ensure appropriate change
management and deviation management for the cus‐
tomer-specific application (see GAMP 5, appendices
M8, D5).
4.1.6 An up-to-date inventory of all rele‐ Annex 11, 4.3 The regulated user should establish appropriate report‐
vant systems and their GMP func‐ ing, a system inventory as well as system descriptions
tionality is available. For critical sys‐ (see GAMP 5, appendix D6).
tems an up-to-date system descrip‐
tion […] should be available.
4.1.7 User requirements should describe Annex 11, 4.4 Specification of requirements is part of the development
required functions, be risk-based process during product development.
and be traceable throughout the life‐ For the project-specific configuration, the regulated
cycle. user should take into account the user requirements
appropriately in the system's lifecycle (see GAMP 5,
appendix D1).
4.1.8 Evidence of appropriate test meth‐ Annex 11, 4.7 Ensuring the suitability of test methods and scenarios
ods and test scenarios should be is an integral part of the SIMATIC product's R&D proc‐
demonstrated. ess and test planning.
The regulated user should be involved to agree upon
testing practice (see GAMP 5, appendix D5) for the ap‐
plication.
4.1.9 Appropriate controls should be 21 CFR 11.10 (k) During the development of the product the product's
used over system documentation. documentation is treated as being part of the product.
Such controls include the distribu‐ Thus the documentation itself is under the control of the
tion of, access to, and use of system development process.
operation and maintenance docu‐ The regulated user should establish appropriate proce‐
mentation. dural controls during development and operation of the
production system (see GAMP 5, appendices M9
and D6).
4.1.10 A formal change control procedure 21 CFR 11.10 (k) During the development of the product changes are
for system documentation main‐ Annex 11, 10 handled according to the development process.
tains a time sequenced record of The regulated user should establish appropriate proce‐
changes. dural controls during development and operation of the
system (see GAMP 5, appendices M8 and O6)
4.1.11 Persons who develop, maintain, or 21 CFR 11.10 (i) Siemens' processes do ensure that employees have
use electronic record/electronic sig‐ appropriate training for their tasks and that such training
nature systems should have the ed‐ is properly documented.
ucation, training and experience to Furthermore, Siemens offers a variety of training cour‐
perform their assigned task. ses for users, administrators and support staff.
4.1.12 Computerized systems should be Annex 11, 11 The regulated user should establish appropriate proce‐
periodically evaluated to confirm dural controls (see GAMP 5, appendices O3 and O8).
that they remain in a valid state and
are compliant with GMP.

ERES Compliance Response

18 Product Information, 11/2017, A5E39256039-AA
 Evaluation List for PM-QUALITY
4.2 Suppliers and Service Providers

Requirement Reference Answer

4.1.13 All incidents should be reported and Annex 11, 13 The portfolio offers functions to support reporting on dif‐
assessed. ferent system levels. Incidents can be reenacted based
on detailed diagnostics entries. You can view the diag‐
nostics entries in PM-QUALITY at any time.
The regulated user should establish appropriate proce‐
dural controls (see GAMP 5, appendix O5).
4.1.14 For the availability of computerized Annex 11, 16 The regulated user should appropriately consider the
systems supporting critical process‐ system in its business continuity planning (see GAMP 5,
es, provisions should be made to appendix O10).
ensure continuity of support for
those processes in the event of a
system breakdown.

4.2 Suppliers and Service Providers

If the regulated user is partnering with third parties for planning, development, validation,
operation and maintenance of a computerized system, then the competence and reliability of
this partner should be considered utilizing a risk-based approach.

Requirement Reference Answer

4.2.1 When third parties are used, formal Annex 11, 3.1 The regulated user is responsible to establish formal
agreements must exist between the agreements with suppliers and third parties.
manufacturer and any third parties.
4.2.2 The competency and reliability of a Annex 11, 3.2 The regulated user should assess its suppliers accord‐
supplier are key factors when se‐ Annex 11, 4.5 ingly (see GAMP 5, appendix M2).
lecting a product or service provid‐
er. The need for an audit should be
based on a risk assessment.
4.2.3 The regulated user should ensure Annex 11, 4.5 The development of PM products follows the R&D proc‐
that the system has been devel‐ ess stipulated in the Siemens Quality Management Sys‐
oped in accordance with an appro‐ tem.
priate Quality Management System.
4.2.4 Documentation supplied with com‐ Annex 11, 3.3 The regulated user is responsible for the performance
mercial off-the-shelf products of such reviews.
should be reviewed by regulated
users to check that user require‐
ments are fulfilled.
4.2.5 Quality system and audit informa‐ Annex 11, 3.4 The content and extent of the documentation affected
tion relating to suppliers or develop‐ by this requirement should be agreed upon by the regu‐
ers of software and implemented lated user and Siemens. The joint non-disclosure agree‐
systems should be made available ment should reflect this requirement accordingly.
to inspectors on request.

ERES Compliance Response

Product Information, 11/2017, A5E39256039-AA 19
Evaluation List for PM-QUALITY
4.3 Data Integrity

4.3 Data Integrity

The main goal of both regulations is to define criteria under which electronic records and
electronic signatures are as reliable and trustworthy as paper records. This requires a high
degree of data integrity throughout the whole data retention period, including archiving and
retrieval of relevant data.

Requirement Reference Answer

4.3.1 The system should provide the abil‐ 21 CFR 11.10 (a) Yes. Locked and released batches are distinguished by
ity to discern invalid or altered re‐ a preceding icon. The batch data itself can no longer be
cords. altered and therefore does not require an audit trail. Un‐
authorized changes are prevented by the system
through access control.
4.3.2 For records supporting batch re‐ Annex 11, 8.2 Any data added to the batch data by an operator at a
lease, it should be possible to gen‐ later time is acknowledged with electronic signature and
erate printouts indicating whether saved with the batch data. The batch report can be prin‐
any of the data has changed since ted with all data.
the original entry.
4.3.3 The system should provide the abil‐ 21 CFR 11.10 (b) Yes. Accurate and complete copies can be generated
ity to generate accurate and com‐ Annex 11, 8.1 in electronic portable document formats or on paper.
plete copies of electronic records in
both human readable and electron‐
ic form.
4.3.4 Computerized systems exchanging Annex 11, 5 Yes. Depending on the type of data, such built-in checks
data electronically with other sys‐ include value ranges, data type check, access authori‐
tems should include appropriate zations, checksums, etc. and finally the validation proc‐
built-in checks for the correct and ess including interface testing. Electronic data ex‐
secure entry and processing of data. change is based on the TCP/IP protocol.
4.3.5 For critical data entered manually, Annex 11, 6 The data entered can be protected by specifying limits
there should be an additional check for the input fields. A dialog with multiple signatures to
on the accuracy of the data. acknowledge the input or a separate operator dialog
can be implemented as an additional check.

4.3.6 Data should be secured by both Annex 11, 7.1 An exported batch data record is write-protected.
physical and electronic means In addition to the system's access security mecha‐
against damage. nisms, the regulated user should establish appropriate
security means like physical access control, backup
strategy, limited user access authorizations, regular
checks on data readability, etc. Furthermore, the data
retention period should be determined by the regulated
user and appropriately considered in the user's pro‐
cesses (see GAMP 5, appendices O3, O4, O8, O9, O11
and O13).
4.3.7 Regular backups of all relevant data Annex 11, 7.2 The regulated user should establish appropriate pro‐
should be done. cesses for backup and restore (see GAMP 5, appen‐
dix O9).
4.3.8 Electronic records must be readily 21 CFR 11.10 (c) Yes. As stated above, procedural controls for Backup/
retrievable throughout the records Annex 11, 17 Restore and Archiving/Retrieval should be established.
retention period.
4.3.9 If the sequence of system steps or 21 CFR 11.10 (f) This requirement is not necessary for a batch report.
events is important, then appropri‐
ate operational system checks
should be enforced.

ERES Compliance Response

20 Product Information, 11/2017, A5E39256039-AA
 Evaluation List for PM-QUALITY
4.5 System Access, Identification Codes and Passwords

4.4 Audit Trail, Change Control Support

During operation, regulations require the recording of operator actions that may result in the
generation of new relevant records or the alteration or deletion of existing records.

Requirement Reference Answer

4.4.1 The system should create a record 21 CFR 11.10 (e) PM-QUALITY does not offer a user interface to change
of all GMP-relevant changes and Annex 11, 9 and delete the automatically collected process data.
deletions (a system generated "au‐ This means a system-internal audit trail is not gener‐
dit trail"). For change or deletion of ated. Messages and process values are automatically
GMP-relevant data, the reason detected and saved in the database under a batch
should be documented. name.
4.4.2 Management systems for data and Annex 11, 12.4 In PM-QUALITY, you can enter lab values with the re‐
documents should be designed to quired information such as user name and time stamp.
record the identity of operators en‐ This information is saved batch-specific in the database
tering, changing, confirming or de‐ and can be displayed in the batch report at any time.
leting data including date and time. Lab values can only be added but not changed and de‐
leted.
4.4.3 Changes to electronic records shall 21 CFR 11.10 (e) Yes. Recorded information is not overwritten and is al‐
not obscure previously recorded in‐ ways available in the database.
formation.
4.4.4 The audit trail shall be retained for 21 CFR 11.10 (e) Yes. The audit trail is part of the batch data and is stored
a period at least as long as that re‐ Annex 11, 9 in a long-term archive using the automatic export func‐
quired for the subject electronic re‐ tion.
cords. (see GAMP 5, appendices O9 and O13).
4.4.5 The audit trail should be available 21 CFR 11.10 (e) Yes. The individual batch reports can be made available
for review and copying by regulato‐ at any time.
ry agencies. See also requirement 4.4.1.

4.5 System Access, Identification Codes and Passwords

Since access to a system must be restricted to authorized individuals and the uniqueness of
electronic signatures also depends on the authenticity of user credentials, user access
management is a vital set of requirements regarding the acceptance of electronic records and
electronic signatures.

ERES Compliance Response

Product Information, 11/2017, A5E39256039-AA 21
Evaluation List for PM-QUALITY
4.5 System Access, Identification Codes and Passwords

Requirement Reference Answer

4.5.1 System access should be limited to 21 CFR 11.10 (d) Yes. System access via SIMATIC Logon is based on
authorized individuals. 21 CFR 11.10 (g) the operating system's user administration, and user
rights are to be defined in the system.
Annex 11, 12.1
Nonetheless also procedural controls should be estab‐
lished by the regulated user, as described in GAMP 5,
appendix O11.
4.5.2 The extent of security controls de‐ Annex 11, 12.2 System security is a key factor during design and de‐
pends on the criticality of the com‐ velopment of SIMATIC products.
puterized system. Nonetheless, since system security strongly depends
on the operating environment of each IT system, these
aspects should be considered in security management
(see GAMP 5, appendix O11).
Recommendations and support is given by Siemens'
Industrial Security approach.
4.5.3 Creation, change, and cancellation Annex 11, 12.3 Changes in user access management are recorded and
of access authorizations should be should be subject to change control procedures of the
recorded. regulated user.
4.5.4 If it is a requirement of the system 21 CFR 11.10 (h) Yes. WinCC workstations can be configured so that
that input data or instructions can special input data/commands can only be performed
only come from certain input devi‐ from a dedicated workstation or from a group of dedica‐
ces (e.g. terminals), does the sys‐ ted workstations. In this case, all other workstations
tem check the validity of the source have read-only access rights at the most. The system
of any data or instructions re‐ performs verifications, because the stations must be in‐
ceived? (Note: This applies where terconnected within the system.
data or instructions can come from PM-QUALITY integrates itself into the WinCC function‐
more than one device, and there‐ ality when the available ActiveX controls are built into
fore the system must verify the in‐ the user interface.
tegrity of its source, such as a net‐
work of weigh scales, or remote, ra‐
dio controlled terminals).
4.5.5 Controls should be in place to main‐ 21 CFR 11.300 (a) Yes. The user administration of the operating system is
tain the uniqueness of each com‐ used as a platform for access management. It is not
bined identification code and pass‐ possible to define more than one user with the same
word, so that no individual can have user ID within a workgroup / domain. Each combination
the same combination of identifica‐ of user ID and password is thus unique.
tion code and password as any oth‐
er.
4.5.6 Procedures are in place to ensure 21 CFR 11.300 (b) The regulated user should establish appropriate proce‐
that the validity of identification co‐ dural controls (see "Good Practice and Compliance for
des is checked periodically. Electronic Records and Signatures, Part 2").
4.5.7 Passwords should periodically ex‐ 21 CFR 11.300 (b) Yes. Password aging is based on the operating sys‐
pire and have to be revised. tem's user administration.
4.5.8 A procedure should be established 21 CFR 11.300 (b) The regulated user should establish appropriate proce‐
for recalling identification codes and dural controls (see "Good Practice and Compliance for
passwords if a person leaves or is Electronic Records and Signatures, Part 2"). The Micro‐
transferred. soft Windows security system can be used to deactivate
user accounts.

ERES Compliance Response

22 Product Information, 11/2017, A5E39256039-AA
 Evaluation List for PM-QUALITY
4.6 Electronic Signature

Requirement Reference Answer

4.5.9 Following loss management proce‐ 21 CFR 11.300 (c) The regulated user should establish appropriate proce‐
dures to electronically deauthorize dural controls (see "Good Practice and Compliance for
lost, stolen, missing, or otherwise Electronic Records and Signatures, Part 2").
potentially compromised tokens,
cards, and other devices that bear
or generate identification code or
password information, and to issue
temporary or permanent replace‐
ments using suitable, rigorous con‐
trols.
4.5.10 Measures for detecting attempts of 21 CFR 11.300 (d) Yes. Failed attempts to use the system or to perform
unauthorized use and for informing electronic signatures are recognized and can be log‐
security and management should ged.
be in place. The regulated user should establish appropriate proce‐
dural controls to ensure a periodic review of security
and access control information logs (see GAMP 5, ap‐
pendix O8).
4.5.11 Initial and periodic testing of devi‐ 21 CFR 11.300 (e) Such devices are not part of the Siemens portfolio.
ces, such as tokens and cards, that The regulated user should establish appropriate proce‐
bear or generate identification code dural controls (see "Good Practice and Compliance for
or password information to ensure Electronic Records and Signatures, Part 2").
that they function properly and have
not been altered in an unauthorized
manner.

4.6 Electronic Signature

To ensure that electronic signatures are generally accepted as equivalent to handwritten
signatures executed on paper, requirements are not only limited to the act of electronically
signing records. They also include requirements on record keeping as well as on the
manifestation of the electronic signature.

Requirement Reference Answer

4.6.1 Written policies should be establish‐ 21 CFR 11.10 (j) The regulated user should establish appropriate proce‐
ed that hold individuals accountable Annex 11, 14.a dural controls.
and responsible for actions initiated
under their electronic signatures, in
order to deter record and signature
falsification.
4.6.2 Signed electronic records should 21 CFR 11.50 (a) Yes.
contain the following related Infor‐ Annex 11, 14.c
mation:
● The printed name of the signer
● The date and time of signing
● The meaning of the signing
(such as approval, review,
responsibility)

ERES Compliance Response

Product Information, 11/2017, A5E39256039-AA 23
Evaluation List for PM-QUALITY
4.6 Electronic Signature

Requirement Reference Answer

4.6.3 The above-listed information is 21 CFR 11.50 (b) Yes.
shown on displayed and printed
copies of the electronic record.
4.6.4 Electronic signatures shall be linked 21 CFR 11.70 Yes.
to their respective electronic re‐ Annex 11, 14.b
cords to ensure that the signatures
cannot be excised, copied, or other‐
wise transferred to falsify an elec‐
tronic record by ordinary means.
4.6.5 Each electronic signature shall be 21 CFR 11.100 (a) Yes. The electronic signature uses the unique identifi‐
unique to one individual and shall 21 CFR 11.200 (a) ers for user accounts in Microsoft Windows user ac‐
not be reused by, or reassigned to, (2) count management. The re-use or re-assignment of
anyone else. electronic signatures is effectively prevented.
4.6.6 When a system is used for record‐ Annex 11, 15 Electronic signatures are linked to an individual. The
ing certification and batch release, system allows strict determinations about which role
the system should allow only Quali‐ and/or individual is allowed to perform a signature.
fied Persons to certify the release of
the batches and it should clearly
identify and record the person re‐
leasing or certifying the batch.
4.6.7 The identity of an individual should 21 CFR 11.100 (b) The regulated user should establish appropriate proce‐
be verified before electronic signa‐ dural controls for the verification of an individual's iden‐
ture components are allocated. tity before allocating a user account and/or electronic
signatures.
4.6.8 When an individual executes one or 21 CFR 11.200 (a) Yes. Performing an electronic signature requires the
more signings not performed during (1) (ii) user ID as well as the user password.
a single session, each signing shall
be executed using all of the elec‐
tronic signature components.
4.6.9 When an individual executes a ser‐ 21 CFR 11.200 (a) Yes. Each signature consists of two components (user
ies of signings during a single ses‐ (1) (i) ID and password).
sion, the first signing shall be exe‐
cuted using all electronic signature
components; subsequent signings
shall be executed using at least one
private electronic signature compo‐
nent.
4.6.10 The use of an individual's electronic 21 CFR 11.200 (a) Yes. It is not possible to falsify an electronic signature
signature by anyone other than the (3) during signing or after recording of the signature.
genuine owner would require the In addition, the regulated user needs procedures that
collaboration of two or more individ‐ prevent the disclosure of passwords.
uals.
4.6.11 Electronic signatures based upon 21 CFR 11.200 (b) Established solutions of third-party manufacturers can
biometrics shall be designed to en‐ be used to create biometric electronic signatures. The
sure that they cannot be used by integrity of such solutions should be assessed sepa‐
anyone other than their genuine rately.
owner.

ERES Compliance Response

24 Product Information, 11/2017, A5E39256039-AA
 Evaluation List for PM-QUALITY
4.7 Open Systems

4.7 Open Systems

The operation of an open system may require additional controls to ensure data integrity as
well as the possible confidentiality of electronic records.

Requirement Reference Answer

4.7.1 To ensure the authenticity, integrity, 21 CFR 11.30 Additional security measures should be taken for open
and, as appropriate, the confiden‐ systems; Support is provided, for example, based on
tiality of electronic records addition‐ the configuration information in the "Security Concept
al measures such as data encryp‐ PCS 7 and WinCC" manual, or by commonly available
tion are used. standard tools for encryption. SSL encryption for the
communication of the terminal bus is integrated.
4.7.2 To ensure the authenticity and in‐ 21 CFR 11.30 The system does not provide functionality for digital
tegrity of electronic signatures, ad‐ (encrypted) signatures.
ditional measures such as the use
of digital signature standards are
used.

ERES Compliance Response

Product Information, 11/2017, A5E39256039-AA 25
Evaluation List for PM-QUALITY
4.7 Open Systems

ERES Compliance Response

26 Product Information, 11/2017, A5E39256039-AA