TECHNICAL NOTE

21 CFR Part 11 user guide for the Spraytec '97

RTSizer software

PARTICLE SIZE Abstract

This document provides details on how to use the 21 CFR Part 11 features
provided for the Malvern Spraytec laser diffraction system.

In order to allow physical control over access to the more sensitive features of the
software, such as the security system, this information is not incorporated in the
online help or the printed manuals

Requirements
The intended readership is the system administrator. This is defined as the person
responsible for the security and 21 CFR compliance of the instrument. Some
knowledge of the Windows™ operating system is assumed and some familiarity
with the instrument software is also assumed.

It is assumed that the software has been installed in accordance with the
guidance provided by the Software Update Notification document contained on
the software CD-ROM and that the 21CFR11 feature key (Part Number CPS0028)
has been installed using the Tools-Install Feature Key menu option within the
RTSizer software. The features described here relate to RTSizer software v5.60,
although most of the advice is applicable to v5.4x and v5.5x as well. Details of
software updates can be found in the Software Update Notification document.

ER/ES Configuration
The configuration settings of the Electronic Records and Electronic signatures
can be found under the Tools-ER/ES Settings menu options. This allows users to
configure the options shown in Figure 1.

Malvern Instruments Worldwide

Sales and service centres in over 65 countries
www.malvern.com/contact ©2017 Malvern Instruments Limited
TECHNICAL NOTE

Figure 1: Configure ER/ES Options Screen

PDF file output directory

The PDF file output directory is the location where reports generated at the end
of a measurement will be stored. It is recommended that these reports be held
on a centralized file server in order to comply with the 21 CFR Part 11 regulations
about data preservation. Administrators can also select whether users can edit
the filename of the PDF file when a report is produced or whether this should be
automatically specified by the date and time of the measurements included in the
report. Automatic specification of the file name is the default option.

Enable continuous use check

In order to ensure that the person operating the system is the person identified
by the access control system, it is possible to configure the software to monitor
the system usage. If the software remains idle for longer than a period specified,
the user will be logged out. To enable this feature, check the option on the
Configure ER/ES options screen and configure the Timeout period.

Note: If a continuous-mode measurement is being performed it will remain active

when the user is logged out due to lack of activity. The user will have to login
again to stop the measurement.

2 21 CFR Part 11 user guide for the Spraytec '97 RTSizer software
TECHNICAL NOTE

Show Last Username at Logon

It is possible to configure the security system such that the last username is
recalled by the system when a logon is attempted. As default this is disabled in
order to retain the confidentiality of the username as well as the password for
each user.

Specify the Audit Trail file output directory

The Audit Trail file output directory is the location where the Audit Trail files will be
stored. It is recommended that these reports be held on a centralized file server in
order to comply with the 21 CFR Part 11 regulations relating to data preservation.

Specify the Audit Trail file interval

It is possible to control the approximate size of an audit trail file by specifying
how often a new file is created. The period depends upon the usage of the system
and the typical number of auditable events that occur in a day. This can only be
assessed by the user from experience of using the system. Typical practice is to
start a new audit file weekly and observe the number of events audited over that
period.

After the specified period has passed, the application will automatically begin a
new audit trail file. The new file name will be recorded in the previous file in order
to maintain a continuous audit trail.

Security Configuration
The configuration for the security system can be found under the Tools-Security-
Configure Security menu option (Figure 2). The security system is similar to the
Windows™ operating system security and should be familiar to most advanced
users.

3 21 CFR Part 11 user guide for the Spraytec '97 RTSizer software
TECHNICAL NOTE

Figure 2: Security Configuration Screen

Security Configuration View

The security configuration view provides a list of the users configured within
the security system (top pane) and the groups to which users can be assigned
(bottom pane). The Username and Full Name of each user is supplied along with
a brief description of the role that user has. For each group, a group description is
specified in order allow Administrators to assess the capabilities of each group.

Setting up Groups
The Group Setup process defines a set of access rights that may be granted to
member users. An access right allows or prohibits use of a specific feature of the
software. The access rights available within the Spraytec software are detailed in
Appendix 1.

New groups are specified using the User-New Group menu option. Existing
groups can be configured by double-clicking on the group name within the
Security Configuration window. Both actions cause the Group Properties dialogue
box to appear (Figure 3). Within this the following can be configured:

4 21 CFR Part 11 user guide for the Spraytec '97 RTSizer software
TECHNICAL NOTE

Figure 3: Group Properties

• The Group Name: An alias for the group. This is usually a descriptive name
for either a level of access or a job function. Commonly defined groups are
Operators, Supervisors and Administrators.
• A Description: A more detailed description of the group's capabilities.
• Group Members: The users who are members of the group and have the
access permissions that the group allows. Users can be added to a group
either as part of the user creation process or by clicking on the Add button.
• Group Permissions: The list of access permissions conferred by membership
of a group. Any user who is a member of the group will be granted access to a
software feature if the relevant permission is checked.

Setting up Users
Once suitable groups have been defined, the next step is to add the users to the
system. New users are specified using the User-New User menu option. Existing
users can be configured by double-clicking on the user name within the Security
Configuration window. Both actions cause the User Properties dialogue box to
appear (Figure 4). Within this the following can be configured:

5 21 CFR Part 11 user guide for the Spraytec '97 RTSizer software
TECHNICAL NOTE

Figure 4: User Properties

• Username: Each user must have a unique user identifier. Any local SOP for
security configuration should be followed but a typical practice is to use the
initials and surname of a user as the user identifier.
• Full Name: This is the full name of the individual and will appear on any
reports in order to identify the individual who made a measurement.
• Description: This is typically the user's job title or function.
• Password: The password field is where you enter the password. For security
reasons, the password is not displayed. It will also be noted that the number
of asterisks may not necessarily map exactly to the password length. A typical
practice to preserve the security of user's passwords when setting up a new
user is for the administrator to agree a temporary password with the user,
(this must not be the user's final password), and check the option to force the
user to change this password at the next logon.
• User must change password at next logon: If this field is checked, users
will be asked to change their passwords the next time that they log on to the
system. This allows the administrator to set temporary passwords for new
users or users who have forgotten their passwords.
• User cannot change password: If this box is checked, the user will not be
able to change the password unless it is the first time that a user has logged
in and the system expects the user to change the password at the next logon.
This box should only be checked in special circumstances such as for an
administrator account to be used in emergencies.
• Password never expires: Checking this box prevents the password expiration
setting from applying to this user. This box should only be checked in
special circumstances such as for an administrator account to be used in
emergencies.
• Account disabled: Checking this box prevents the user from logging in to
the system. This box should be checked when a user leaves the company or
is no longer allowed access to the Spraytec system. Under 21 CFR Part 11,

6 21 CFR Part 11 user guide for the Spraytec '97 RTSizer software
TECHNICAL NOTE

user's information must be retained for the full period of record retention. This
option allows access to be prevented without removing the user details from
the system. If the username in the Security Configuration screen (figure 2) has
an icon with a cross through it, that user's access capability has been disabled.
• Account locked out: This box will be enabled and checked if a user has been
denied access by the security system. The administrator is able to allow access
again by clearing this check box. Lockout will typically happen when users
forget their passwords and have made more than the allowed limit of logon
attempts (Figure 6). It may also be an indication of an attempt to logon by an
unauthorized user.

Adding users to groups

Users can be added to groups in one of two ways.

In the User Properties window (Figure 4), pressing the Groups… button will list
the groups available for the user to join (Figure 5). Selecting a group from the
right-hand list and pressing the Add button will include the user in the selected
group. Selecting a group from the left hand list and clicking the Remove button
will remove a user from a given group. Where users are members of more than
one group it should be noted that if a permission is granted in one group it will
override any denial of the same permission in another group. In this way, users
have the sum of all the permissions in the groups they belong to.

Figure 5 - Group Membership selection.

It is also possible to add users to groups from the Group Properties screen (Figure
3) using the Add and Remove buttons. Clicking Add will cause the User Selection
dialogue to appear. This will enable users to be multiply selected and added to
the group. Removal of a user from a group is achieved by selected the user within

7 21 CFR Part 11 user guide for the Spraytec '97 RTSizer software
TECHNICAL NOTE

the Members section of Group Properties window and then clicking the Remove
button.

Note: It is important to ensure that every user is a member of at least one group
in order to allow them access to the Spraytec system's capabilities.

Security Settings
The security settings are accessed from the Options menu of the security screen
(figure 6). From within this menu, the password storage and account lockout
features of the security system can be configured. The security system can also be
activated. This is described below.

Figure 6 - Security Settings.

Password Age
It is possible to force users to change their passwords after a period of time has
elapsed. Once the password has expired, users will be prompted to confirm their
existing passwords and then specify a new one. In conjunction with the password
uniqueness option, this can force users to regularly review their passwords.

This facility should be used with caution. If users are forced to change their
passwords too frequently, it is common for them to forget them or worse to write
them down, thereby defeating the original purpose of the security system.

8 21 CFR Part 11 user guide for the Spraytec '97 RTSizer software
TECHNICAL NOTE

Password Size
It is possible to specify the minimum length for a password. As a rule of thumb,
the shorter a password is, the easier it is to guess. However, if it is too long, users
will not be able to remember their passwords. 6 characters is generally a good
compromise.

Password Uniqueness
The system is able to remember a user's last n passwords. Each time a user is
required to change passwords, the new password can be checked against this
history to ensure that fresh passwords are used.

It is recommended that if this feature is used, the size of the password history
should be between 3 and 6 passwords. Any fewer and users will not have to
review their passwords. More will force users to choose unfamiliar passwords and
will increase the possibility of passwords being written down.

Account lockout
The software is set up to monitor each user's attempts to log in. If the user fails
to enter the correct user identifier and password combination, the software
will record this. The system can then be configured to deny future access to the
software if too many unsuccessful attempts have been made to access the user's
account.

It is possible to specify the number of unsuccessful attempts allowed before users

are locked out. This count will be reset after a specified period of time to allow for
genuine users forgetting their passwords. If users exceed the allowed number of
attempts, the software can either lock them out of the system for the specified
period or require the intervention of another user with Administrator privileges to
unlock their accounts.

If the username has an icon with a padlock next to it within the Security
Configuration screen (figure 2), that user is locked out and the administrator
should establish the reason for this before unlocking the account to re-admit a
bona-fide user.

Enabling the Security System

By default, the security system is disabled in order to allow free access to the
software. The administrator of the system should configure the users and groups
before enabling the security system.

Once the users and groups are configured, the security system can be enabled
using the check box at the bottom of the Security Settings screen (figure 6). This is
accessed from the Options menu within the Security Configure window (Figure 2).

9 21 CFR Part 11 user guide for the Spraytec '97 RTSizer software
 TECHNICAL NOTE

Enabling the security system is an irreversible process when the software has
been set-up in 21 CFR 11 mode. This prevents the system security being switched
off again and therefore prevents possible unauthorized access to the system.

Audit Trails
The Spraytec RTSizer software records key system events in the system audit trail.
This audit trail provides a record of the software opening and closing, security
events such as logging in and out of the system, and file events such as creation,
deletion and editing of measurement records. The audit trail can be viewed using
the Tools-Security-Audit Trail menu option, displaying the Audit trail View shown
in figure 7. This displays all of the events stored in the current audit trail file,
including the time that the event occurred, the ID of the user involved in each
event and a brief description.

Figure 7: Audit trail View.

Viewing and Exporting Audit Trails

Audit trails can be viewed and exported using the File menu within the audit trail
view.

Use the File#Open menu to view audit trail files other than the currently active.

Use the File#Export menu option to export the audit trail file contents to an ASCII
file for review and printing.

Making an Audit Trail Entry

It is possible for users to enter comments into the audit trail apart from those
automatically produced for key system events. This is done using the Tools-
Security-Add Audit Trail Entry menu option.

10 21 CFR Part 11 user guide for the Spraytec '97 RTSizer software
 TECHNICAL NOTE

Electronic Signature Support

The Spraytec RTSizer does not directly support electronic signatures. The
application will integrate with the Adobe Acrobat © package and allow reports to
be created as Portable Document Format (otherwise known as PDF) files using the
File-Print to PDF menu option. These report files are held in the Acrobat Results
folder specified in the ER/ES Settings (Figure 1). The file name for these report
pages will depend on the type of printout being produced. However, it will contain
the *.pcl or *.dat measurement file name along with the date and time range
covered by the data stored in the file. The username, time and date of printing
and the 21CFR11 mode status (either enabled or disabled) is displayed in the
footer of each report page.

Once reports have been generated, the Adobe Acrobat package can be used
to electronically sign them using either the Adobe Self-Sign technology or a
third party digital signature solution such as VeriSign™. The Adobe Acrobat
Self-Sign solution is fully compliant with 21 CFR Part 11. The Adobe Knowledge
base document 323231 details the compliance. It can be found at http://
www.adobe.com/support/techdocs/1a546.htm (If the document is not displayed,
use the number 323231 as the search clue on the Adobe web site to find it).

Figure 8: Signed Spraytec report within Adobe Acrobat ®. The signature history is given on the lefty

hand side of the screen.

11 21 CFR Part 11 user guide for the Spraytec '97 RTSizer software
 TECHNICAL NOTE

Appendix 1 - Security Permissions

The Key security permission which can be set for different

Groups within the Spraytec software are details below.

Permission Description

Access the Calibration and Imaging Window Allows users to create new optical models. This

feature should be restricted to advanced users.

Access the Reference Noise Window Allows users to measure the

electronic background. This feature is

required for routine measurements.

Access the System Controller Window Allow users to configure the address

for the Spraytec data acquisition card.

Create a Particle Size Distribution window Allow users to create *.dat files for

single points on the measurement time

history. This should be enabled for those

users making routine measurements.

Delete time History Records Allow users to delete records from the

active time history file. This feature

should be restricted to advanced users.

Edit Background and Noise Allows users to set the noise and background

Measurement Duration measurement times. This feature

should be restricted to advanced users.

Edit Flash Mode Measurement Settings Allows users to set up flash mode measurements.

This should only be enabled for those

users required to develop methods.

Disabling this option will only allow users

to load previously defined methods.

Edit maximum time history database size Allows the maximum size of a *.pcl

file to be defined. This option is

always disabled in 21CFR11 mode.

Edit Process Variable Definitions Allows users to edit the PCV variable definitions.

These are the 6 parameters that are calculated

for each point in the time history and can be

exported. This feature should only be enabled

for those users required to develop methods.

12 21 CFR Part 11 user guide for the Spraytec '97 RTSizer software
 TECHNICAL NOTE

Disabling this option will only allow users to

load previously defined PCV definition sets.

Edit Reduction Control Settings Allows users to edit the data acceptance criteria

and select previously calculated optical models.

This should only be enabled for those users

required to develop methods. Disabling this

option will only allow users to load previously

defined Reduction Control Settings files.

Edit Security Settings Allows users to configure the security system. This

should only be enabled for system administrators.

Edit Tag Notes Allows users to enter measurement details in

the Tag dialogue box. This should be enabled

for those users making routine measurements.

Edit ER/ES Settings Allows users to configure the ER/ES

system settings. This should only be

enabled for system administrators.

Edit the "Standard Average" setting Allows users to specify whether "Standard

Averages" are reported rather than

concentration-weighted averages.

This should only be enabled for those

users required to develop methods.

Edit time-History display settings Allows users to specify the time

history display, including settings such

as the axis ranges and plot colors.

Edit Time History Update Period Allows users to change the measurement-

reporting rate for continuous-mode

measurements. This should only be enabled

for those users required to develop methods.

Edit Time History or PSD measurements Allow users to edit records in order to change the

measurement details and analysis settings. This

feature should be restricted to advanced users.

Make a Background Measurement Allows users to measure the background

light scattering pattern prior to

making a measurement. This feature

is required for routine measurements.

13 21 CFR Part 11 user guide for the Spraytec '97 RTSizer software
 TECHNICAL NOTE

Make Continuous-mode Measurements Allows users to measurement continuous

sprays. Access to this option will depend

on the application being developed.

Make a Flash-mode Measurement Allows users to measurement pulsed

sprays. Access to this option will depend

on the application being developed.

View Audit trail Allows users to view audit trails. This

feature should be restricted to advanced

users or system administrators.

14 21 CFR Part 11 user guide for the Spraytec '97 RTSizer software
 TECHNICAL NOTE

Malvern Instruments Malvern Instruments is part of Spectris plc, the Precision Instrumentation and Controls Company.
Limited
Grovewood Road, Malvern, Spectris and the Spectris logo are Trade Marks of Spectris plc.
Worcestershire, UK. WR14
1XZ

All information supplied within is correct at time of publication.

Malvern Instruments pursues a policy of continual improvement due to technical development. We therefore

reserve the right to deviate from information, descriptions, and specifications in this publication without notice.
Malvern Instruments shall not be liable for errors contained herein or for incidental or consequential damages in
connection with the furnishing, performance or use of this material.

Malvern Instruments owns  the following registered trademarks: Bohlin, FIPA, Insitec, ISYS, Kinexus, Malvern,
Malvern 'Hills' logo, Mastersizer, MicroCal, Morphologi, Rosand, 'SEC-MALS', Viscosizer, Viscotek, Viscogel and
Zetasizer.

©2017 Malvern Instruments Limited