Secure Your Reports, with XLReporter’s CFR Part 11 Features

Do you needed enhanced, CFR Part 11 compliant security applied to your reports? Do you work in the Life Sciences sector? XLReporter meets all the standards set forth by the FDA  in the 21 CFR (Code of Federal Regulations) part 11 with the following features:

  • Audit Trail
  • Security
  • Version Management
  • Electronic Signatures
  • Technology

Audit Trail

The audit trail keeps a secure log of user activity in the areas of configuration and design changes

Normally the audit trail is enabled once a reporting system is deployed since during development it may not necessary to keep track of all the changes taking place.
However, once an application has been validated, any change to either the system or reports can only be performed by authenticated users who will need to explain the reason for any change they make. The audit trail information can be exported to a report for review purposes.


Security is applied to users to determine their level of access at both design and runtime.

User Accounts

Secure authentication is provided in the form of global user accounts which are configured with different levels of access to the reporting project. For example, machine operators might only be allowed to access the reports relevant to their specific job area, while a plant supervisor could be granted universal access to all reports. Only developer-level users would be granted access to design tools to modify report configuration.

Version Control

With version control is enabled on a project, changes are logged to an encrypted audit trail database that tracks when the change occurred and which user performed the change. A roll back feature is provided to restore the system to a previous setup if the change was incorrect.

Electronic Signatures

Electronic signatures are a means for users to indicate electronically that a report is true and accurate. When the signing process is complete, XLReporter attaches a signature certificate to the report containing the list of signees.


The first step in implementing electronic signatures is to design a template with users that are required to apply a signature to complete the report. For example, the report might require signatures from the operators executing the batch process as well as a production supervisor. The ability to add a signature to reports is determined by the roles enabled in the template in conjunction with the role assigned to each user account.


Signatures are applied from the XLReporter secure viewer which will show a banner to indicate the signature status of the report opened.

From the banner, the User applies their signature using two-factor authentication. If the report is modified in any way after it is signed, the signature is invalidated and the report is prevented from being published until any required signatures are re-applied.

eSignature Certificate

When all the signature have been applied to a report, the digital certificate can be added. This is performed from the banner in the XLReporter viewer.

Note that if the content of the report is changed, the digital certificate is removed and the signing process will need to be repeated.


Document Security

An important aspect of compliance is the document integrity. It is critical that verified information in reports cannot be altered by malicious actors. To prevent tampering, XLReporter provides secure, view-only clients for internal use by process personnel as well as PDF encryption which allows varying levels of access (such as printing) to the report file based on the credentials used to open it.
XLReporter’s viewers can also be integrated with HMI software, so reports can be accessed for internal purposes from an operator terminal preventing the user accessing the windows desktop.


Since XLReporter’s reports are standard file formats they can also be protected by Windows security features. Secure documents can be distributed by email attachment as well as SFTP, which is commonly used as a one-way-tunnel from the SCADA network to the business network.

Batch Data

In Life Sciences, it is common to find that the processes are executed in batches and reports need to reflect this behavior. In practice this means the process involves different assets, in different places, executing at different times.
This can mean that the report will contain data fragments across multiple sources, and may become available at different times throughout the batch execution.
XLReporter manages the batch process in Event Frames. At the simplest level the event frames may contain the time when a batch starts and when it ends. However, more complex event frames would include when the batch started/stopped in the mixer, started/stopped in the extruder and so on during the entire batch lifecycle.
With data is bookmarked for the batch across all relevant data sources, all information about a batch can be recalled from all sources automatically or on-demand by selecting the event frame from a list.

For more information about XLReporter’s 21CFR Part 11 features, sign up for a free online workshop here. The workshop for 21CFR Part 11 will be held on July 16th, Don’t miss it!