The increasing popularity of wireless monitoring devices adds pressure to GxP-regulated companies. Compliance with Part 11 doesn't change much with the latest technology, however, there are specific recommendations for wireless environmental monitoring systems with regards to several key points, specifically around validation, device checks, and written network security procedures.
Companies should look at what is the real expectation of regulators. For an environmental monitoring system, this means to provide a reliable monitoring, recording and alarming system that collects accurate data, without gaps and errors, and ensure that the data maintains its integrity for its lifecycle.
In this scenario, many customers ask what specific risks and challenges are posed by a wireless system?
ERES: Electronic Records and Electronic Signatures
The FDA's 21 CFR Part 11 was first written in the mid-nineties, long before wireless monitoring was a thing. Its primary focus was to ensure that the use of ERES, the new technology at the time, did not introduce more risk than good old-fashioned paper records.
Part 11 didn't include the mode of communication: Ethernet, TCP/IP, Wi-Fi, etc. Despite revisions, the set of rules hasn't really addressed technological shifts in data transmission methods, maintaining a focus primarily on procedural controls, such as training, SOPs, and review of data and audit trails.
Because of this, I think Part 11 is more about procedures than technological functions. Despite this, functions (like the audit trail) and technologies still matter.
I usually break Part 11 dealing with "Closed Systems" into 10 parts and most monitoring systems fit this category.
- Validation
- Human Readable Records
- Protection and Retention of Records
- Audit Trails
- Restrict Access to Authorized Users
- Device Checks
- Authority Checks (Different roles to match job requirements)
- Training
- Written Procedures
- System Documentation
When I look at that list the only things that seem specifically different with a wireless sensor are #1 Validation and #6 Device Checks. I think I would also want to see #9 Written Procedures, but with specific applicability to the IT side of the security of the wireless network.
Expert advice
Paul Daniel
Vaisala Regulatory Compliance Expert
Below are Daniel's top tips for a wireless sensor system with regards to validation, device checks, and written network security procedures.
Validation: I'd probably add some wireless-specific steps to my IQ, like verifying signal strength and connectivity, with some sort of challenge added.
I might also want to see the specific wireless network settings documented, or verification of such activity, as actually recording them in the protocol might be a security risk (especially if the system was Wi-Fi). I would also pay more attention to verifying the physical location and identity of each device, and verifying that the device is fixed in place.
A battery-powered wireless device can get moved easier than a wired one with a power cable.
Device checks: This ensures that information sent over the wireless network is legitimate data from a legitimate device. We can assume that the risk of someone inserting falsified data into a monitoring device is the same for wired or wireless. However, it would be easier for a non-legitimate wireless device to connect to your monitoring network since it doesn’t need the physical connection.
Written procedures: I'd like to see an SOP for how the security of the wireless network is maintained. This is more of a concern with a Wi-Fi system, which is usually using a shared infrastructure (usually the LAN) to connect to the monitoring systems server/database.
There are some security concerns with Wi-Fi, that aren't present with other types of wireless (Bluetooth, ZigBee), because wireless uses the same TCP/IP protocols as wired Ethernet. Essentially, an exploitable opening to your LAN for a user with the correct credentials.
Because Bluetooth and ZigBee use different protocols (not TCP/IP), it is more difficult for a malicious agent to penetrate the wired Ethernet TCP/IP-based LAN through the non-Wi-Fi access point.
Digital security
Is there an equivalent risk of hacking a wireless or wired network? For Daniel, the common wisdom is that the wired network is more secure. "Sadly, there are many other easy ways to send falsified data without hacking a wireless network," he notes, adding that connectivity is not the only security issue for monitoring systems.
"Among the easiest ways is to simply move the sensor to a favourable temperature environment, or create a false environment (put an icepack next to the sensor)," he explains and argues that Part 11 does not say "do this for your wireless monitoring system because it is wireless".
Daniel recommends expanding validation to combine it with an overall quality systems approach. "So, if you are considering implementing a wireless monitoring system, do include requirements for reliability, range, security, etc. in your user requirements (UR) documents," he says, noting that if you choose a wireless system, you have at least ensured that it has all the capabilities and features required for GxP compliance purposes.
"Once you have entered such concerns in the URs, it forces the validation process (risk assessment, protocols, etc.) to address any concerns that are introduced by the use of wireless.
Daniel's advice for wireless systems is simple. "Follow existing procedures that you normally use to implement any computerised system, including Part 11, and you will be on the right track," he says.
There is nothing specific to wireless that shouldn't be already covered by an IT department following basic GMP for written procedures and best practices.
Companies can reduce complexity by selecting a proprietary wireless system that is "closed". This means that only the sensors that are part of the network can use the network and the network protocols cannot be altered or edited by a user.
