| 11.10 (b) ||The
system shall generate accurate and complete copies of records in human
readable and electronic form suitable for inspection, review and copying
||Advanced reports, generated
dynamically, include records of user progress and performance. Reports
can be downloaded as EXCEL.
| 11.10 (d) || The system shall limit system access to authorized individuals. ||
Access rights and permissions are controlled by user types. Users must
log on in order to gain access to the portal and the features/options
available to their specific user type. Additional security steps have
been incorporated, tailored for 21 CFR Part 11, e.g. enforce strong
password , force password change upon initial logon. Passwords are stored hashed rather than encrypted, so recovering
them is impossible.
|11.10 (e) ||
The system shall employ secure, computer-generated date/time stamped
audit trails to independently record operator entries and actions that
create, modify, or delete electronic records, without obscuring
previously recorded information. ||
Actions performed on TalentLMS are recorded and included on the
timeline of each user, containing a timestamp. Timelines can be exported
and saved to EXCEL.
|11.10 (f) ||
The system shall enforce required steps and events sequencing, as
appropriate (e.g., key steps cannot be bypassed or similarly
compromised). ||The system shall
enforce required steps and events sequencing, as appropriate (e.g., key
steps cannot be bypassed or similarly compromised).
| 11.10 (g) ||
The system shall ensure that only authorized individuals can use the
system, electronically sign a record, access the operations or computer
system input or output device, alter a record, or perform the operation
at hand. || Custom user types to
authorize permissions and control access rights. Branches, sub-portals,
can also control what users can view depending on the branch they are
in. Actions performed by users are recorded on the timeline including
changes made to records and performing various tasks.
| 11.10 (h) (1) || The system shall determine, as appropriate, the validity of the source of data input or operational instruction. ||
Can restrict IP access and file type extensions, to control the
validity of data sources. Can include a SSL certificate to ensure all
communication is performed over https, thereby eliminating the ability
of unauthorized data modification during transmission. CSRF filters are
built-in to defend against this type of attack.
| 11.50 (a) (1), (2), (3) ||
The system shall ensure all signed electronic records contain the
printed name of the signer, date/time signature was executed, and the
meaning associated with the signature (e.g. approval, responsibility,
authorship). || The timeline on TalentLMS records the actions performed, the name of the associated user and their username.
| 11.50 (b) ||
The system shall ensure the three signature elements (described in the
previous requirement) of a signed electronic record are a part of any
human readable form of the electronic record (e.g. electronic display or
printout). || The three signature items are included in all audit trail reports.
| 11.70 (a) ||
The system shall ensure electronic signatures are linked to their
respective electronic records and that these electronic signatures
cannot be excised, copied, or otherwise transferred to falsify an
electronic record by ordinary means. ||
Electronic signatures are linked and protected by user name and
password protection. The electronic records can not be manipulated,
copied, transferred or falsified.
| 11.100 (a) ||
The system shall ensure that each electronic signature is unique to one
individual and shall not be reused by, or reassigned to, anyone else.
|| Unique usernames are enforced by TalentLMS.
| 11.200 (a) (1) || The system shall employee at least two distinct identification components such as an identification code and a password. ||
The system uses a login/pass combination for authorization. The
password may be “hardened” so as to be impossible to be guessed by a
| 11.200 (a) (1) (i) ||
The system require the use of all electronic signature components for
the first signing during a single continuous period of controlled system
access. || RAll sessions begin with a
digital signing in the form of login / pass combination. The validity
of the session is ensured on each request.
| 11.200 (a) (1) (i) ||
The system shall allow all subsequent signing during the same
continuous period of controlled system access to use at least one
electronic signature component. || The
system will continue to use the originating user id of each request
after the first to maintain security of the session. In addition, CSRF
filters ensure that access is not a result of an unauthorized access
attempt, via the user's active session.
| 11.200 (a) (1) (i) || The system shall ensure users are timed out during periods of specified inactivity. || Time out is set by the system , automatically.
|11.200 (a) (1) (ii) ||
The system shall require the use of all electronic signature components
for the signings not executed during a single continuous period of
controlled system access. || Users must
be re-authenticated in each non-continuous period of system access
using their electronic signature components.
| 11.200 (a) (3) ||
The system shall require all attempted uses of an individual’s
electronic signature by anyone other than its genuine owner to require
collaboration of two or more individuals. || No sharing of electronic signatures is permitted, except for the global administrator.
| 11.300 (a) ||
The system shall require that each combination of identification code
and password is unique, such that no two individuals have the same
combination of identification code and password. ||
On TalentLMS, the identification code (username) can not be
duplicated, so the combination of identification code and password will
always be unique.
| 11.300 (b) || The system shall require that passwords be periodically revised. ||TalentLMS supports making passwords expire in a configurable number of days.
| 11.300 (d) || The system shall employ transaction safeguards preventing the unauthorized use of password and/or identification codes. ||
TalentLMS includes advanced safeguards to prevent unauthorized users,
such as restrict registration to specific domains. It also enforces best practices on password
handling like advanced complexity and immediate change upon first login.
| 11.300 (d) || The system shall detect and report unauthorized use of password and/or identification codes to specified units. ||TalentLMS will block a user from logging in for a period of time after a configurable number of unsuccessful attempts.|