Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Batch Management

Controls for Identification Codes & Passwords – 11​.300

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Controls for Identification Codes & Passwords – 11​.300

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMar 06, 2025
  • 2 minute read

ID and Password Uniqueness - 11.300 (a)

21 CFR Part 11:

Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include: (a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password.

This requirement is addressed by the content in 4.2.1.1 Signature Uniqueness - 11.100 (a).

Password Changes - 11.300 (b)

21 CFR Part 11:

(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging).

FDA-audited industries should use OS Security for best results. Both OS Security models use Windows operating system authentication. This permits user name and password management, outside AVEVA Batch Management, directly in the Windows operating system environment. By using OS Security you benefit from the standard Windows functions for password aging and complexity, logon maximum trial, user name uniqueness and more.

Transaction Safeguards - 11.300 (d)

21 CFR Part 11:

(d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management.

Any failed authentication in AVEVA Batch Management is reported in the AuditEvent table as depicted in Figure 38. The OS security shall also be set to disable a user after a certain number of failed attempts. The reason for failure is contained in the Reason_ID column. The meaning of the codes is defined in the StringTable. For example: the two failed (0) reason_ids displayed in Figure 38 correspond to:

1033: “Done By Approved – need Check By”

1018: “Same users for both done by and check by clearance is illegal.”

Figure 38 - Authentication success or failure

SQL Server Alerts can be configured to respond to new records in the AuditEvent table corresponding to authentication failure. See Microsoft SQL Server documentation.

In addition to this log, Windows security shall be configured to disable a user’s account after consecutive failed log ons.

In This Topic
TitleResults for “How to create a CRG?”Also Available in