WARRANT

Literary Warrant for Functional Requirement #9c2

This requirement derives from the law, customs, standards and professional best practices accepted by society and codified in the literature of different professions concerned with records and recordkeeping. The warrant is as follows:

Citation Department of Health and Human Services Food and Drug Administration 21 CFR Part 11 [Docket No. 92N-0251] Electronic Signatures; Electronic Records
Pages 11.10
Extract Controls for closed systems. Closed systems used to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following: (e) Use of time stamped audit trails to document record changes, all write to file operations, and to independently record the date and time of operator entries and actions. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as required for the subject electronic documents and shall be available for agency review and copying.

Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module 8, Telecommunications, 1991
Pages 8-90,91,92
Extract RISKS AND CONTROLS The risks associated with EDI applications include the following: Controls to mitigate these risks include the following: * Activity logging

Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module 8, Telecommunications, 1991
Pages 8-90,91,92
Extract The internal auditor should perform the following steps when reviewing controls over EDI applications: * Verify that reconciliation/balancing and error detection/correction procedures are adequate to ensure that processing is complete, accurate, and timely. * Review the adequacy of the audit trail, including the completeness of activity logging and file retention requirements.

Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module 9, Security, 1991
Pages 9-52
Extract The evaluation of all types of software should assure that the following objectives are met: * An audit trail of all significant activity is maintained.