DataThread - Regulatory Compliances

DataThread - Compliance

DataThread enables full compliance with stringent FDA and international regulations.

As a basic principle, Part 11 states:

"The regulations in this part set forth the criteria under which the agency considers electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper."

Consequently, the collection, storage, and retrieval of electronic data records in the FDA regulated industries have become business-critical tasks. As companies struggle to comply with 21CFR Part 11 and in support of the industry's efforts to move from traditional paper-based to electronic-based data management, effective implementation of e-record management systems has become a strategic goal.

DataThread™ is a product that is aimed at satisfying the need for collecting e-records and e-signatures and for storing auditable files of this data as needed to comply with 21CFR Part 11. Additionally, DataThread™ has significant capabilities for oversight and supervisory approval of any change to business critical data elements.

DataThread is the total solution to the FDA's Part 11 requirements:

  • AS/400 based and, by using the available functionality of the operating system, DataThread does not require any modification to existing applications
  • Highly configurable, able to identify at the file and field level, able to meet auditing and signature requirements
  • Able to capture data changes into a secure, auditable database
    • Can capture the user id, user name, local time and date, as well as before and after images of the data change
  • Allows user to electronically sign for changes
    • Signature can be captured at time of change or grouped for signing at a later time
    • Multiple signatures can be required for the same change, allowing for work flow management and oversight.
    • Signature can be captured through biometric devices or passwords independent of the AS/400 password
  • Provides user-friendly audit capabilities through electronic files, hard copy reports, and on-screen reports.
    • Auditable data from several AS/400 can be combined into network based data repositories for reporting and archiving
  • Specifically developed for Part 11, DataThread has a very small footprint with efficiency as its cornerstone
  • Infinitely scalable to the largest AS/400 environments

Compliance to 21 CFR Part 11

When introduced, 21 CFR Part 11 Electronic Records; Electronic Signatures was acknowledged by both industry and FDA as an important addition. Since Part 11's inclusion in 21 CFR, the attitude of the FDA toward compliance has evolved from one of relative inattention to one of active review and investigation. In fact, today the FDA has asked industry to provide specific action plans that will bring companies into compliance. The Agency has now trained its inspectors in the Part 11 rule and its interpretation. Although the rule provides a challenging situation, it is clearly in the best interest of all FDA regulated companies to actively undertake projects that will bring them into compliance.

Implementation

DataThread™ can be used with any AS/400 application. It does not require a single change to your existing applications. Utilizing extensive database management functions of the AS/400 native database, DB2, DataThread™ will detect and capture changes to any database record. Since the vast majority of data elements in a database do not require Part 11 tracking, only selected fields configured by the system administrator will be retained.

Electronic signature is collected through the use of an additional signature password which may be different to the user's AS/400 password. FDA electronic signature requirements will be enforced by automated presentation of pop up screens when appropriate. In cases that the update takes place by a batch job, or when configured to do so, a field update is captured to history for subsequent electronic signature.

The Software

DataThread has been designed and programmed specifically with this regulation in mind. It has a very small footprint on the AS/400 and holds efficiency as one of its central requirements. The following functionality is supported:

  • Configuration at the database field level.
  • Ability to require none, one, or several signatures
  • Signatures can be required in a cascading manner creating the ability to manage work flow
  • Export of history to any RDBMS system
  • Secure history database
  • Extensive reporting

Partnering With the Developers

Innovatum Inc. has years of application development experience in FDA regulated companies. Validation is not a foreign concept to us. DataThread™ has been developed utilizing documented and auditable standard development methodologies (SDM) which will enable speedy validation within any environment. Our personnel are available for implementation assistance and regulatory guidance when necessary. Based on the successful implementation of several validated Innovatum systems, we know from experience that technology is only a piece of a much larger puzzle. The involvement and constant communication with the user and support community is critical to overall success. At Innovatum, we have project management methods, industry know-how, and interpersonal skills needed for success in this extremely complex and highly regulated environment.

Post Implementation

Successful implementation of a technology is important, but maintaining the tools for the long-range is just as critical to overall success, and maximum return on investment. Our support services are staffed by seasoned professionals who have been involved with the development of the product; and who are just as comfortable in the batch mix room as they are developing software.

Gramm-Leach-Bliley

The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. This Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information. The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions - such as credit reporting agencies - that receive customer information from other financial institutions.

DataThread can be implemented a a means of identifying personnel or processes that access records on the AS/400 or iSeries. Additionally any changes to critical data can be identified and reported in real time.

Satisfy your Sarbanes-Oxley Auditors

Remember the old adage "it's like finding a needle in a haystack?" That’s how many companies today feel about the database monitoring component of SOX compliance. It’s quite common to schedule massive batch audit reports to print overnight so that some poor soul can review all the transactions and sign off on the veracity and appropriateness of each. In some cases access is so locked down that supporting the system becomes a nightmare; appropriate data correction or master file maintenance is delayed. Several people are required to perform the same task in order to maintain the segregation of duty requirements.

A growing number of companies are now using DataThread as a totally automated solution for monitoring database changes and enforcing SOX compliance. Simply stated:

DataThread will watch all database changes over monitored files and pass them through configured filters representing your company’s additional SOX business logic. If exception conditions are found, notification is sent to appropriate compliance personnel.

The image below shows configuration of a watch point where price is increased by greater than 20%. In this particular case, the price is a field on the order detail file and the monitoring is for unusually large credits being given.

Since the DataThread watch point configuration is soft coded based on the fields in the file being monitored, and the comparison criteria can be used in a combination of "and/or" relationships, there is no limit to the sophistication of the monitoring. You can monitor:

  • Records affected by database utilities such as DBU, DFU, SQL, ODBC
  • Database activity associated with programmer profiles
  • Data changed by users not in a table of supervisors. This gives you greater application security than available in the existing system
  • Programs other than XYZ500 used to change order detail records
  • Changes made by a particular department
  • Changes made by a legitimate and authorized person where the content of the change is exceptional
  • Changed addresses on customer or order records.
  • Terms code changes.
  • Modified credit limits.
  • Vendor related changes.
  • Manipulated AR and AP amounts.
  • Changes to transaction or G/L records
  • Updates to security files

To achieve this monitoring, there is zero intrusion into the programs of the ERP or financial systems. Great importance was given to efficiency so there is minimal impact to system performance. Additionally, if an exception condition is identified, DataThread's workflow module is utilized to capture an electronic signature for the change, including reason codes and comments.

Because of DataThread's independent audit database, and the fact that only important fields are audited, the need to keep journals on the system is eliminated. Imagine, keeping years of audit data online, with an acceptable impact to disk utilization. The included archiving module also allows for placing older audit information to off-line storage which can be readily restored and analyzed using the standard DataThread functionality.

Since efficient access to audit data and exception conditions is key, DataThread has extensive reporting and on-line inquiry capabilities. A web interface is also available for filtering and viewing activity - all without any programming.

Key Benefits Regulatory Compliance Work Flow Management Downloads
Trial Copy Professional Services
IBM Business Partner

Copyright ©2010 Innovatum, Inc.