21 CFR Part 11 Compliance GAP Analysis


The document attached is a Compliance GAP Analysis of SENAITE v1.3.2. The purpose of this document is to guide SENAITE LIMS developers and implementers through the FDA’s 21 CFR Part 11 for lab systems.

191001_21CFRPart11_SENAITE_v1.3.2.pdf (94.0 KB)


Thanks for the update on this topic.
What would be really needed from my point of view would be the following:

  • AT THE VERY LEAST: electronic signatures for the steps “submit”, “verify” and “publish”. That means, an option to activate a modal window or something that requests for reentry of your user ID and password to sign
  • ALSO IMPORTANT: options to enable electronic signatures for certain “high risk” operations (eg. remove an instrument or change its export path); eg. some other computerized systems solve this via a list of so called “privileged actions” where you tick checkboxes to select where an electronic signature is required
  • NEEDED: define user rights for each different role (not only asignment of roles)
  • EDIT: ALSO NEEDED: require entry of comment for each change of values/data (eg. “change needed to reflect the nonconformity #123abc”) and write those comments into the audit trail along with the change
  • the audit trail (aka audit log) seems alright to me already!
  • a big plus would be the ability to link to LDAP users/passwords
  • change of the word “publish” to “approve”, which fits better in a regulated environment

Is this something, that can be easily done via customization, or is re-coding of deeply buried code required here?


Signature Policies and regulated environments (including validation)

To give further input on this, I could imagine something like the following that can be activated on a separate page in “Setup” per function/action/analysis step:
“Modal” with signing step:

improved Audit Log entry:

List to make ticks in checkboxes for required signatures or comments:

What do you think?

See also Signature Policies and regulated environments (including validation)



Thanks @der.einstein for your suggestins. Are really valuable, indeed.

  • modal window for electronic signature: I would just “force” the re-authentication of current user by only prompting for password, without the need of username.

  • User rights for each different role: There is no specific “configurable” view for this in SENAITE, but a rolemap file (see available permissions). With enough skills, one could configure the system with new roles and with desired permissions. New permissions might be required.

  • Ability to link LDAP users: Already supported. Look to plone.app.ldap and/or pas.plugin.ldap. Also a post here: Implementing LDAP

Is this something, that can be easily done via customization, or is re-coding of deeply buried code required here?

The meaning of the word “easy” strongly depends on the perceived complexity of a given problem or solution. Thus, it can drive to false expectations. These modifications are doable, but not something that can be done by adding some snippets here and there. Rather, require a skilled developer with experience in SENAITE, plus time and effort.