21 CFR Part 11 Definitions:

Project Definition: 

System Requirements: 

Solution Overview: 

Implementation Timeframe: 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

             Radio Security Implementation

21 CFR Part 11 Definitions:

Closed System: An environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.

Open System: An environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system.

Electronic Record: Any combination of text, graphics, data, audio, pictorial or any other information representation in digital form that is created, modified, maintained, archived, retrieved or distributed by a computer system.

Electronic Signature: A Computer data compilation of any symbol or series of symbols executed, adopted or authorised by an individual to be the legally binding equivalent of the individuals handwritten signature.

Project Definition: 

KBA Systems were asked to develop an RF Security system to ensure RF Data Collection System conformed to the customers corporate standards. The customer was a large US multinational in the healthcare sector, who had a requirement to upgrade the security functionality to incorporate password encryption, password expiry and user profile maintenance amongst other things.

 

System Requirements: 

The security system had to satisfy the following requirements:

Passwords to be stored in encrypted format.

Terminals not in use for a configurable period of time (IDLE Time) had to be automatically signed-off.

A system wide, configurable expiration period can be set, to ensure that passwords must be changed at regular intervals

Passwords must conform to certain rules (Minimum of 5 characters, at least 1 numeric)

If a user attempts to logon with an invalid password a configurable number of times, then that users profile is disabled

The number of times an operator can be signed on simultaneously can be configured.

The transaction log file contains a log of all transactions, including invalid logons.

 

Solution Overview: 

The final solution consisted of the following applications:  

RF Security Maintenance Program:  A Security Administration application running on Windows 95/98/NT based workstations. This application allows for the addition, maintenance and deletion of User Profiles, and the setting of passwords and authorization levels.

Interface to Mainframe Computer: The interface to the mainframe security files were implemented by means of an ODBC Application Programming Interface Module. Any transactions, or queries where mainframe files are accessed are processed through this module. The benefits of this become apparent if the host platform changes.

Data Collection System Modifications: In order to complete the implementation of the Security system, the existing RF applications had to be updated to incorporate the security requirements.

Export Program Modifications: The following modifications will be made to the functions that processed logons:

At startup, the system security values had to be read & loaded inand load into memory.

Use encryption when comparing passwords.

On Logon, check expiry date for the password. Check that user id is not already signed on.

Update the user profile with failed logon attempts, and update the tracking table.

If too many logon attempts fail, then disable profile.

RF Terminal Program Modifications: The following modifications are required on the RF Terminal:

If password has expired - display warning message - and go straight to Change Password option.

For each transaction check for Idle Time. If received - Logoff, display message and send terminal to initial logon screen.

Hardware Requirements:  Standard network attached Windows PC.

Software Requirements: Client Access ODBC drivers for mainframe.

Implementation Timeframe: 

KBA Systems implemented the full project in 16 man/days. This included:

  • Initial Consultancy

  • System Design

  • Functional Design

  • Project Management

  • Coding & Testing

  • Installation

  • Training

  • Documentation