[Code of Federal Regulations]
[Title 21, Volume 1]
[Revised as of April 1, 2007]
From the U.S. Government Printing Office via GPO Access
[CITE: 21CFR11.300]
[Page 113]
TITLE 21--FOOD AND DRUGS
CHAPTER I--FOOD AND DRUG ADMINISTRATION, DEPARTMENT OF HEALTH AND HUMAN
SERVICES
PART 11 ELECTRONIC RECORDS; ELECTRONIC SIGNATURES--Table of Contents
Subpart C Electronic Signatures
Sec. 11.300 Controls for identification codes/passwords.
Persons who use electronic signatures based upon use of
identification codes in combination with passwords shall employ controls
to ensure their security and integrity. Such controls shall include:
(a) Maintaining the uniqueness of each combined identification code
and password, such that no two individuals have the same combination of
identification code and password.
(b) Ensuring that identification code and password issuances are
periodically checked, recalled, or revised (e.g., to cover such events
as password aging).
(c) Following loss management procedures to electronically
deauthorize lost, stolen, missing, or otherwise potentially compromised
tokens, cards, and other devices that bear or generate identification
code or password information, and to issue temporary or permanent
replacements using suitable, rigorous controls.
(d) Use of transaction safeguards to prevent unauthorized use of
passwords and/or identification codes, and to detect and report in an
immediate and urgent manner any attempts at their unauthorized use to
the system security unit, and, as appropriate, to organizational
management.
(e) Initial and periodic testing of devices, such as tokens or
cards, that bear or generate identification code or password information
to ensure that they function properly and have not been altered in an
unauthorized manner.
[[Page 114]]
Back to Top
© 2007 Betterchem Corp.
|
