Pharmaceutical Technology - October 2020

PharmTech - Regulatory Sourcebook - October

Issue link: https://www.e-digitaleditions.com/i/1302985

Contents of this Issue

Navigation

Page 43 of 75

44 Pharmaceutical Technology Regulatory Sourcebook October 2020 P h a r mTe c h . c o m data integrity can also prove especially challeng- ing. To protect data and safeguard its integrity, legacy system owners must include the applicable regulatory requirements from the Code of Federal Regulations (CFR) Part 11 (3) when assigning risk- based security target levels, especially regarding manufacturing execution systems and process control systems, and data integrity in master recipes and batch records. The 21 CFR Part 11 regulation on electronic records and electronic signatures requires data integrity, user authenti- cation, and access control (3). Implementation of t he IEC- 624 43 require- ments support data integrity and compliance with these regulations. One example is the se- curity target level 4 requirements for authenti- cation and identification requiring multifactor authentication for all users. Another is the secu- rity target level 4 requirements for use control, which requires the control system to support dual approval where an action can result in seri- ous impact on the industrial process (2). Best practice in this area involves combining accountability, audit trails, and security. There are many synergies between 21 CFR Part 11 and the standard for modern bio/pharmaceutical fa- cilities, IEC 62443, especially at security levels two and above. For example, IEC 62443 System Requirement 1.1 (4) addresses the use of mul- tifactor authentication; similarly, requirements are stated in 21 CFR Part11 for closed systems. Anot her exa mple is t he IEC requirement for dua l approva ls where an action can result in serious injur y (4); dual signatures for critical actions are required in good manufacturing practices applications. Solutions' providers are addressing the chal- lenge of legacy facility staff working remotely due to COVID-19 by deploying globally dispersed teams that provide remote monitoring for facili- ties on a 24/7 basis. This f lexible approach means that teams can detect and respond to any potential cyber-threat in real time. Finally, and crucially, it is necessary that there is a change in work culture to support effective implementation of these cybersecurity measures. Staff that work in the legacy environment need to be convinced that they should not work with outdated operating systems, while facility owners must be fully supportive of the need to address vulnerabilities and ensure that legacy systems are protected from cyber-threats. Conclusion Like other industries, the bio/pharmaceutical sec- tor faces a number of cybersecurity challenges. This is particularly pronounced in the area of manufacturing, where a prevalence of legacy systems can cause exposure to cyber-risks. To address these challenges, solutions providers must conduct comprehensive risk assessments, use best-practice approaches in relation to data integrity, and draw on global resources and local know-how to monitor for cyber-threats. References 1. K. Bissell, R. Lasalle, and P. Cin, "Ninth Annual Cost of Cyber- crime Study," accenture.com, March 6, 2019. 2. IEC, IEC 62443 Series 3. CFR Title 21, Part 11, Electronic Records; Electronic Signatures 4. IEC, Network and System Security, Part 3-3: System Security Re- quirements and Security Levels (2013). PT Data Integrity For legacy systems, preserving data integrity can prove challenging.

Articles in this issue

Links on this page

Archives of this issue

view archives of Pharmaceutical Technology - October 2020 - PharmTech - Regulatory Sourcebook - October