Validation and Documentation

The system used to validate data that has been submitted to the Audit Trail is based on a maximum security model that involves the use of encrypted system users and SQL Server Transaction Log verification. All data submitted to the Audit Trail are recorded according to univocal security criteria and can be validated by means of using graphical objects, called "Audit Trail Validator" available from the Movicon.NExT toolbox, that are used to view and timestamp data.

In order to get positive results, the validation process examines historical data to identify any tampering performed externally with Movicon. Each unauthorized variation will inevitably be detected by the Transaction Log analysis along with any user who is not a Movicon encrypted user (“NExT_IO_Server” user) but is responsible for performing the operations.

Please take the following points into account when dealing with the necessary validation and documentation concepts:

Some of the CFR21 Part 11 regulation requirements demand activities and measures that are not based on the software application. To meet these demands required by the Part 11 standard, the customer must validate their application to ensure data recording accuracy, reliability and security in addition to its capacity to prevent the mishandling, errors and cancellation of data. Movicon.NExT users should validate applications developed in accordance with the FDA regulation standards. Users can develop and/or run their own validation programs or protocols or delegate this process to other entities. The validation process should follow a methodology established according to the system's life cycle (SLC).
In order to meet the control procedures required to obtain conformity with the CFR21 Part 11 regulations, the customer must adopt adequate procedures to verify the identification of the individual assigned an electronic signature.
The customer must establish in writing and put into practice the procedures to give specific operators specific responsibility for executing operations assigned to them according to their electronic signature to further impede falsifications or mishandling of their signatures or user registration in accordance with the CFR21 Part 11 regulations.
The customer must verify the true identity of the individual to whom they wish to assign an electronic signature. In addition, the customer is required to certify in writing to the Federal Agency (FDA) that they intend to use the electronic signature as and equivalent substitute for tradition paper documents and, if necessary, produce the required documentation as requested by the agency,
The customer is responsible for producing documentation on system use or the application they have developed and details of the produced documentation's updates and distribution as well as personnel training. However, the customer is not responsible for any documentation of the platform being used (Movicon, Windows).
When producing 'guaranteed' documentation, the customer must use the timestamp viewer tools provided by the Movicon.NExT platform which can validate and guarantee the veracity of recorded historical data as appropriately predisposed in the project properties.

Audit-Trail

The audit-trail records all operations carried out by users on process variables during runtime. The audit-trail is enabled to record by simply selecting the 'Enable Audit Trail' option found in each variable's Audit properties.

The 'Enable Data Protection' property, found in the I/O Data Server settings, protects both historical and Audit data so that they can be validated using the Audit Trail Validator object from the ToolBox.

When enabling this option, the ServerIO will startup with the “NExT_IO_Server” user created in the Movicon SetUp phase. This user, whose password is encrypted, will be used by the system to manage records on the DataBase and will be the only user permitted to valide data with the above mentioned object.

Below are listed some of the main columns or items that can be displayed within the "Audit Trail Validator" and "Historian Viewer" to keep track of eventual modifications to variables:

Name: indicates variable name.
Description: this is the description associated to the variable using the Tag's 'Description' property.
Value: indicates the Tag's value after being changed.
ValueBefore: indicates the tag's value before being changed.
Status: indicates the Tag's quality.
RecordDateTime: indicates the date and time of the event.
UserName: indicates the name of the user who generated the event.
Reason: Comment entered by the user to explain reason why changed was made (This requires that the 'Force Comment On Audit' property be enabled beforehand).

Data Validation

Data validation is done by using the ‘ 'Audit Trial Validator' object from the Movicon.NExT toolbox.

Data validation in Movicon.NExT is essentially based on the SQL Server's Transaction Log. Basically, the logs of protected databases are monitored to see if any record sets have been modified by unauthorized users who are not registered with the Movicon.NExT I/O Server (“NExT_IO_Server” user).

When the project is started up for the first time, the first database backup is performed automatically after the first data recording in the SQL Server database has been executed (SQL Server installation backup folder). This first backup is essential for subsequent data validations. If this first backup is removed or deleted, it will not be possible to validate data within the database.

In addition, the validation of data in the Transaction Log is not based on the actual validation user's name (default “NExT_IO_Server”), but on their SID (the user's security ID). If the validation user (default “NExT_IO_Server”) is eliminated by the operating system and then reinstated, their SID will change and, therefore, it will not be possible to validate data recorded with the previous user.

Time Stamp (date and time) Management

The Time Stamp is managed by Movicon.NExT using the Windows operating system clock for both date and local time which is Universal Time Coordinated (UTC).
In order to get the right time, the user should set the operating system to synchronize with the metrological servers that refer to the Network Time Protocol (NTP), or synchronize the client system date and time with the Server's for data recording consistency. These synchronizations can be managed directly using the Windows 7, Windows 8 and Windows 10 operating system functions or by using Basic Script code to synchronize the project times.

Validation User (NExT_IO_Server)

The encrypted and unique validation user (“NExT_IO_Server”), which is essential for the validation of Audit Trail data, is added to the operating system during the Movicon Setup phase. This user will be added as local user to the machine with the name of “NExT_IO_Server” when executing a Standard Setup. When executing a Custom Setup, a different user name can be specified or a Domain user can be created/selected if the PC belongs to a Domain.

The Domain user can only be created by accessing with a Domain user who has the necessary credentials for executing this operation.

The validation user (“NExT_IO_Server”) will also be added to those of the SQL Server and added to the list of users authorized to start the Windows services.

If the validation user (default “NExT_IO_Server”) is added as domain user, the Movicon client application should also be started up with a domain user that has the right credentials to retrieve the validation user's information (default “NExT_IO_Server”).

When the Movicon.NExT I/O DataServer is run as service, the validation user (default “NExT_IO_Server”) should be the same one with which the service was started up, unless the user is deliberately changed in the 'Services Control Panel' or the service is installed before enabling one of the data protection options.