Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ System Platform

TABLE OF CONTENTS

Non-Biometric Signatures—11​.200 (a)

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedApr 11, 2023
  • 2 minute read

"(a) Electronic signatures that are not based upon biometrics shall:

(1) Employ at least two distinct identification components such as an identification code and password.

(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.

(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.

(2) Be used only by their genuine owners; and

(3) Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals."

Systems should be set up to require user ID and password entry to authenticate users. Logging the authentication event or logon can then act as the first signing as all electronic signature components (ID, password) are required for logon and the user name of the logged in user can be recorded as part of the logon event.

Subsequent signature events, such as alarm limit change and alarm acknowledgement, can also include the user name to indicate the signing of the event. The user ID and password combination is not required to complete the signing while this same user is logged in as the duration of any logon for a user is a single, continuous period of controlled access.

If a user logs out manually, is logged out by another user logging in, for example to perform a checked-by function, or is inactive and logged out automatically by the system, the continuous period of controlled access ends. Any signatures would then require a new user to be logged in, which requires all electronic signature components including ID and password.

InTouch WindowViewer can be configured to automatically log off an inactive operator from an InTouch application. An operator must log on again after being logged off for inactivity. Setting an automatic inactivity log off period prevents unauthorized access to your InTouch application when operators leave their workstations unattended. Inactivity time periods should be evaluated for each system and vary according to the unique attributes and environment in which each system is operated.

Embedded Image (65% Scaling) (LIVE)

For more information on using the WindowViewer inactivity features see "Security Configuration for InTouch HMI" in the AVEVA InTouch online help.

TitleResults for “How to create a CRG?”Also Available in