The audit trail is a key component in a 21 CFR Part 11 compliant system, but it can also be useful in many different applications. The electronic signature audit trail contains a computer-generated, time-stamped record of each electronic signature. Each record clearly identifies all pertinent information about the person who entered the signature, such as the person's name, the time he entered the signature, and why he entered the signature.
iFIX stores the electronic signature audit trail in a relational database. A relational database provides you with an open, secure storage solution you can query using established methods to produce reports and perform analysis and review. The relational database must be ODBC-compliant, such as Microsoft's SQL Server or Oracle.
NOTE: Microsoft Access is not supported in the electronic signature environment because it is not secure enough to ensure tamper-resistance.
Each time an operator signs for an action, a message is sent to the relational database containing all the elements of the signature, including:
- User name and full name of the person that performed the action.
- User name and full name of the person that verified the action.
- Description of the action.
- Time the action occurred.
- Name of the iFIX node where the user signed.
- User name and full name of the person logged in to the iFIX security system when the user signed.
- Optional comments entered by the performer and verifier.
Additionally, fields such as the name of the iFIX tag and the name of the SCADA node are included. You can also configure up to four user-defined fields that can be read from the tag and incorporated into the message.
