On Fri, Oct 13, 2006 at 05:23:05PM -0700, Jason Kraus wrote:
> Hello all,
>
> Recently this year the FDA publishes a new 21 CFR 11 guideline. For those
> that don't know, this standard primarily deals with security regarding
> electronic documents and signatures. One of the recent
> additions/clarifications is that an electronic signature cannot be falsified
> by a single person. Most software that claims to be 21 CFR 11 compliant do
> not do this. After all, many of this software has a root account that has
> full access to the system and do not implement any safeguards against root
> forging signatures. I was contemplating how it would be done and I was
> thinking perhaps using PGP signatures.
>
> I have two questions, what do you guys think? and does Compiere have the
> feature to somehow PGP sign (or something equivalent) actions done by a
> user? The reason why I am interested in Compiere is that I know that it is
> being used in an FDA regulated environment and it seems to be the only open
> source ERP software in that environment.
>
We do what we call "Part 11" signatures at my work in SAP and other
tools. I was unaware of the requirement that no single person could
change it, and I'd like to read it in the original (not doubting you,
just want to know whet they really want).
In practice we do userid/passwd under M$, so it's probably changeable by
anyone savvy and on your network :-(
--
Lan Barnes
Linux Guy, SCM Specialist
Tcl/Tk Enthusiast
Anyone who doesn't believe in miracles isn't a realist.
- Billy Wilder
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
