|
||
|
||
| Home > Press & News > News |
||
| BIGBYTE | ||
By: Gagan Arora, MetricStream Inc
Electronic records
IN A world where data and records are mostly maintained in electronic form it is high time that we have regulations governing the reliability and authenticity of data. Organisations and individuals are concerned about data whether it is bank deposits, tax records, or health care related information.
The Need: United States Food and Drug Administration Title 21 Code of Federal Regulations Part 11 establishes standards for the use of electronic records and electronic signatures as an equivalent of paper records and hand written signatures. Though it applies only to USFDA regulated industries such as pharmaceutical, medical devices, and biotechnology, the general concepts and principles are applicable to any industry that relies on critical information and approval workflows. Such a regulation is highly relevant to India where compliance requirements are many and most of them are presently paper-based.
The Solution: Any regulation would need to address all the aspects of electronic data gathering and processing. Electronic information processing can be grouped in to the following categories, electronic data gathering and individuals performing operations on data
Electronic data: Also known as electronic records is defined as any combination of text, graphics, or other information in digital format that is created, modified, or distributed by a computer system. Any system should be able to generate accurate and complete copies of the records in human readable and electronic format. It is vital that the changes made to records are captured. Apart from the changes made to the record(s), the system needs to track the time-stamp and identity of the individual who altered the record.
Electronic Signature: In addition to electronic records, compliance regulations need to be defined for electronic signature. An electronic signature (ES) is defined as a computer data compilation of any symbol or series of symbols executed or authorized by an individual, to be legally binding, which is the equivalent of the individual's handwritten signature.
Though most systems are able to implement the technical requirements/controls for electronic records, electronic signatures require both procedural as well as technical controls. An ES should be unique for an individual and there should be procedural controls, in place, to ensure the identity of an individual before assigning electronic signatures.
A user ID and password based access control, combined with context-specific password has been found to be as effective as biometric signatures if there are adequate controls to ensure uniqueness, periodic revision, periodic check, and revocation of passwords as needed. A set of technical checks need to be in place to ensure that the passwords are not easy to guess and changed periodically to ensure genuineness.
The author is Vice President - Engineering, MetricStream, Inc
