Electronic records

Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to assist with the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to help confirm that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following:

Validation of systems to assist with accuracy,reliability, consistent intended performance, and the ability to discern invalid or altered records.

The system validation is a unique process and lies with the customer.

Rockwell Automation can provide validation services for any validation activity performed during the specific integration of the system.

The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency. Persons should contact the agency if there are any questions regarding theability of the agency to perform such review and copying of the electronic records.

FactoryTalk Optix Studio can store data records for alarms, audits, and process data into an external database. Alternatively, data records can be stored into an internal (embedded) database, but consideration should be given as to database limitations.

For enhanced detectability, alarming and logic can be implemented to prevent the user from entering data in the event the network connection from FactoryTalk Optix Studio to the database is lost.

Once data has been sent to the database, users can employ FactoryTalk® Optix objects and nodes, developed libraries, and custom NetLogic methods to read records, including data visualization, exports, reporting. Query based datalogging and reporting are both supported. FactoryTalk Optix Studio provides reporting features.

Protection of records to enable their accurate and ready retrieval throughout the records retention period.

Records can be stored in an external database, as described in 11.10, section b. Alternatively, data records can be stored into an internal (embedded) database, but consideration should be given as to the location where the runtime is deployed, the size of storage space, and database record limits. For most applications, it may be preferred to store data records to a dedicated external database for adherence to data retention policies and disaster recovery procedures

Records can be made available for viewing, printing, and exporting during the records retention period.

Precautionary measures such as periodic backup of the database are procedures that customers should incorporate into their SOP. Access to these databases should be controlled to maintain data integrity. For external databases, these are managed by the database administrator. For internal databases, automatic backup can be set up through tag-based controller variables or C# script, and access to the internal database is managed by securing the runtime location hardware and software. Both the backup and restoring features can be used independently from the database type.

When saving application files for backup and version control, FactoryTalk Optix provides options to save to a local or remote repository. Preference may be given to use of a local repository managed by an administrator for data security.

While there is no buffering or caching of audit messages in the local system, alternative methods can be employed to enable data integrity, such as through installation of MQTT with NetLogic. Additionally, if the network connection to FactoryTalk Optix Studio is lost, specifically customized logics can be implemented to prevent the user from entering data until a connection is restored.

Limiting system access to authorized individuals.

The security level and access control for application users and groups can be set up either during Design time or Runtime. It is possible to set up access credentials for different roles and user groups, as well as object-based authorization during the user login. Microsoft Windows Active Directory (AD) users and groups can be leveraged with the FactoryTalk Optix application for centralized user management.

Additionally, the system access should be managed by securing the Runtime, hardware and software to prevent any unintended access. These measures prevent unauthorized access to data files.

Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information.

Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.

Each entry and activity carried out in FactoryTalk Optix Studio can be tracked together with a number of details, such as the date and time of the operation, the name of the logged-in user who performed the action, the operation type and any previous and updated values related to an item after a specific action.

The operator's username and full name are tracked also for electronic signatures. The FactoryTalk Optix signing workflow consists of a multilevel signing process, including: confirmation, single and double signing options. This workflow allows to log user comments.

Automatic time synchronization of the runtime application should also be setup to read from an NTP server for accurate time-stamps.

Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate.

FactoryTalk Optix Studio supports both screen-level and tag-level security. Additionally, the Signing Workflow library can be leveraged to enforce that electronic signature is entered during sequencing of steps and events.

Any application can be developed in such a way to support user-initiated operational checks which require screen security.

Use of authority checks to help provide confidence that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.

FactoryTalk Optix provides interaction with the local LDAP or AD controller to allow domain-based login. Both AD groups and users can be leveraged within FactoryTalk Optix. Users shall implement any administrative procedures to regulate authorized access to the system. FactoryTalk Optix Studio and Runtime allow to create users and groups compliant with different roles, security levels, and set policies to access specific HMI features. Some elements can be disabled for restricted users, groups, or roles.

Many graphic objects available in FactoryTalk Optix Studio can be configured to require an electronic signature. This latter can be configured in a way to require the operator to reauthenticate, or to require both the operator and a member of a pre-configured approver group to reauthenticate, to complete the electronic signature process.

Use of device (for example, terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction.

FactoryTalk Optix Studio provides functions such as operator login and electronic signature via the Signing Workflow library to validate the source of data input.

Terminal location information can also be captured via use of the IP address of the connected client (when using the Web Presentation engine) or other local client information, for example by using System object or by using C# code to run or monitor any project logics according to the device in use.

Determination that persons who develop, maintain, or use Electronic records and Electronic signatures systems have the education, training, and experience to perform their assigned tasks.

Customers are responsible for hiring and training appropriate staff members with the education, training, and experience to perform assigned tasks.

FactoryTalk® Optix helps support this requirement by validating that only users with appropriate security rights be granted access to the system.

FactoryTalk Optix Studio allows individual audit logs tracking and features enablement or disablement of individual objects or components for single users or groups.

The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, to determine record and signature falsification.

Customers should implement policies and procedures that outline the significance of electronic signatures, in terms of individual responsibility, and the consequences of falsification for both the company and the individual.

FactoryTalk® Optix helps support this requirement by providing a single or multilevel signing workflow template to change any single variables or to validate any changes.

Use of appropriate controls over systems documentation including:

Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance.

FactoryTalk Optix Studio provides online support documentation. Any documentation changes are logged in a specific FT Hub section. The documents are also built-into the FTOptix desktop installer package and available offline after installation.

Changes are logged in the Release Notes.

Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation.

Rockwell Automation assists with delivery and distribution of the correct versioning of the product documents.

Persons who use open systems to create, modify, maintain,or transmit electronic records shall employ procedures and controls designed to assist with the authenticity, integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to the point of their receipt.

Such procedures and controls shall include those identified in §11.10, as appropriate, and additional measures such as document encryption and use of appropriate digital signature standards to assist with, as necessary under the circumstances, record authenticity, integrity, and confidentiality.

Customers are responsible for establishing internal policies and procedures to assist with the appropriate controls that are put in place to meet regulation for an open system.

Users management provides confidentiality of electronic records, as it allows the creation of an application running on the runtime, to which a user can access by entering their username and password. Data logged in the database can be exported into a document that can be signed and verified. FactoryTalk Optix Studio allows to encrypt any project secrets during design-time and download to the target device a project in encrypted mode to preserve its integrity and confidentiality.

Users can be assigned to determined groups, both during design time and runtime, so as to grant them specific permissions that can be accessed during different phases.

Signed electronic records shall contain information associated with the signing that clearly indicates the following:

The printed name of the signer.

Signed electronic records are marked through different standard activity feedbacks.

At runtime, all of the signing workflow levels allow to include additional notes for further information about the action.

The audit trail logs actions performed by the user come together with a time and date stamp, the username, ID and full name of the person who performed the action, and the approver ID set during development.

The date and time when the signature was executed.

FactoryTalk Optix Studio records the date and time associated with each action in the activity logs.

The meaning, such as review, approval, responsibility, or authorship, associated with the signature.

The FactoryTalk Optix Studio Electronic signature Runtime dialog can be configured to display and record the meaning of the signature. It also allows for separate performer and approval signatures, and for any comments to be added regarding the meaning of the signature.

The audit trail records the action performed by the operator and approver role.

The items identified in paragraphs a 1, a 2, and a 3 of this section shall be subject to the same controls as for electronic records and shall be included as part of any human-readable form of the electronic record (such as electronic display or printout).

The activity log can be viewed at runtime or printed and stored. It shows the user name, time, performed action and any other fields, as needed. These fields are available for use in any data reporting, including using a third-party tool. The Signing workflow activity logger can be connected to a database for data reporting or alternatively, downloaded as an HMI event logger data grid.

Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to provide confidence that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.

All records are automatically tied to a specific user identity reflecting who performed each action.