Skip to main content
All CollectionsCompliance
Dokeos and FDA compliance
Dokeos and FDA compliance

Find out how Dokeos complies with 21 CFR Part 11

Vasileos avatar
Written by Vasileos
Updated over 8 months ago

FDA Section

Requirements

Dokeos LMS

11.10 (b)

The system shall generate accurate and complete copies of records in human readable and electronic form suitable for inspection, review and copying

Dokeos LMS enables you to export individual training reports for each learner, in Excel or PDF format, with Time Stamp and identity of the person requesting the export. All reports can also be exported in Excel format.

11.10 (d)

The system shall limit system access to authorized individuals.

No Dokeos LMS access is possible without a login and password. All access rights and permissions depend on the "roles" assigned to the user. After logging in with login and password, the user will have access to the features associated with the roles assigned to him or her.

11.10 (e)

The system shall employ secure, computer-generated date/time stamped audit trails to independently record operator entries and actions that create, modify, or delete electronic records, without obscuring previously recorded information.

Any action carried out in Dokeos LMS is recorded in a Log that includes its Timestamp.

11.10 (f)

The system shall enforce required steps and events sequencing, as appropriate (e.g., key steps cannot be bypassed or similarly compromised).

Dokeos LMS enhances a number of actions, such as the publication of a module or training course by the trainer, or the completion of an assessment by requiring a secure electronic signature.

11.10 (g)

The system shall ensure that only authorized individuals can use the system, electronically sign a record, access the operations or computer system input or output device, alter a record, or perform the operation at hand.

Within Dokeos LMS, customized user roles are assigned to users to authorize permissions and control their access rights. Subsidiaries (i.e. sub-portals) can be used to control the features and information that users (i.e. subsidiary members) can access. All user actions are logged.

11.10 (h) (1)

The system shall determine, as appropriate, the validity of the source of data input or operational instruction.

Dokeos LMS is protected by an SSL certificate to ensure that all communications are carried out via HTTPS, eliminating any possibility of unauthorized data modification during transmission. Dokeos LMS has built-in CSRF filters to protect data against such attacks.

11.50 (a) (1), (2), (3)

The system shall ensure all signed electronic records contain the printed name of the signer, date/time signature was executed, and the meaning associated with the signature (e.g. approval, responsibility, authorship).

The Dokeos LMS Timeline records each action, the date and time of execution, and the name and username of the associated user.

11.50 (b)

The system shall ensure the three signature elements (described in the previous requirement) of a signed electronic record are a part of any human readable form of the electronic record (e.g. electronic display or printout).

The three essential elements (i.e. action, date/time and user/username) are included in all Dokeos LMS audit track reports.

11.70 (a)

The system shall ensure electronic signatures are linked to their respective electronic records and that these electronic signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.

In Dokeos LMS, an electronic signature is linked and protected by the corresponding user name and password. Electronic records cannot be manipulated, copied, transferred or falsified.

11.100 (a)

The system shall ensure that each electronic signature is unique to one individual and shall not be reused by, or reassigned to, anyone else.

Dokeos LMS requires the use of unique user names.

11.200 (a) (1)

The system shall employee at least two distinct identification components such as an identification code and a password.

Dokeos LMS uses a combination of username and password for authorization. The password can be " strongened " to make it impossible to guess via a brute-force attack.

11.200 (a) (1) (i)

The system require the use of all electronic signature components for the first signing during a single continuous period of controlled system access.

In Dokeos LMS, RAII sessions begin with a digital signature combining username and password. The validity of the session is assured at each request.

11.200 (a) (1) (i)

The system shall allow all subsequent signing during the same continuous period of controlled system access to use at least one electronic signature component.

Après la première demande, Dokeos LMS continue d'utiliser l'ID utilisateur d'origine de chaque demande pour maintenir la sécurité de la session. De plus, des filtres CSRF sont utilisés pour empêcher toute tentative d'accès non autorisée par le biais de la session active de l'utilisateur.

11.200 (a) (1) (i)

The system shall ensure users are timed out during periods of specified inactivity.

In Dokeos LMS, automatic user logout is automatically applied by the system after 3 hours of inactivity.

11.200 (a) (1) (ii)

The system shall require the use of all electronic signature components for the signings not executed during a single continuous period of controlled system access.

Dokeos LMS users must re-authenticate each time they fail to access the system, using their electronic signature elements.

11.200 (a) (3)

The system shall require all attempted uses of an individual’s electronic signature by anyone other than its genuine owner to require collaboration of two or more individuals.

No sharing of electronic signatures is authorized in Dokeos LMS, with the exception of their use by the global administrator.

11.300 (a)

The system shall require that each combination of identification code and password is unique, such that no two individuals have the same combination of identification code and password.

Dokeos LMS does not allow the duplication of any identification code (user name), so the combination of identification code and password is always unique.

11.300 (b)

The system shall require that passwords be periodically revised.

Dokeos LMS can impose a password change after a configurable period of time. (development on demand)

11.300 (d)

The system shall employ transaction safeguards preventing the unauthorized use of password and/or identification codes.

Dokeos LMS includes advanced protections to prevent unauthorized user access (e.g. limiting registration to specific domains, etc.). In addition, Dokeos LMS can impose best practices such as using strong passwords and changing passwords on first login. (development on demand)

11.300 (d)

The system shall detect and report unauthorized use of password and/or identification codes to specified units.

Dokeos LMS blocks users for a customizable period of time after a certain number of unsuccessful login attempts (development on request).

Did this answer your question?