ProFicient & FDA Signature Requirements

tion, Ethicon Endo-Surgery and others, InfinityQS has incorporated the FDA requirements for Electronic Signatures into our applications. Specifically, those items include:
  • Access Control: Only authorized individuals are allowed to access records, perform controlled operations or record modifications.
  • Password Encryption: System administrators do not have access to user passwords (encrypted).
  • Password Security: No one other than the holder of the ID, can access his or her password.
  • Password Uniqueness: Each combination of ID and password must be unique.
  • Maximum Password Age: Incorporating the ability to require passwords to automatically expire after a certain period of time.
  • Forced Password Change: Requiring a user to change his/her password upon logging on for the first time after a password reset.
  • Minimum Password Length: The ability to require a minimum number of characters for a password.
  • Account Lockout: The ability to lock the system after a certain number of unsuccessful logon attempts. This would require system administrator intervention to unlock the system.

Many of these features are automatically enabled when you chose to secure your database. But, in order to maintain backward compatibly with our other product lines, you must enable some of these features through options and system settings. Following is a list how to take advantage of the "extra" features.

Password Encryption & Password Expiration

Password Encryption and Password Expiration are enabled for a particular database through Database Manager option. To enable this feature:

  1. Start the InfinityQS Database Manager application by selecting Start > Programs > InfinityQS International > Utilities > Database Manager.
  2. Log in to your selected database.
  3. Select the menu item Preferences > Password Encryption. The dialog to the right will be displayed.
  4. Set the check boxes to enable the options.
  5. If Enable Password Expiration is checked, you may also specify the number of days that the password will remain valid before the user must update it.
  6. Select OK to invoke the change. When a change to the encryption occurs the message to the right will be displayed.
  7. Select Yes to continue.

Account Lockout

Account Lockout occurs anytime a user exceeds the retry count for password entry without successfully entering in the correct password. The InfinityQS Administrator through the InfinityQS Database Manager application can free a locked account. The administrator must access the Employee Security information for the locked user and reset their password. To free a locked account:

  1. Start the InfinityQS Database Manager application by selecting Start > Programs > InfinityQS International > Utilities > Database Manager.
  2. Log in to your selected database.
  3. From the Tables dialog double-click on the Employee Security (EMPL_SEC) table item to open.
  4. From the Employee Security (EMPL_SEC) table display select the employee who’s password will be reset.
  5. Finally set a new password for the operator. The operator will be required to update their password the next time they log in to an InfinityQS application.

Changing the Retry Count

The number of times a user is allowed to incorrectly enter their password is set by a system parameter. As a default, the number of retries that an operator is allowed to enter their password incorrectly before they are locked out of the system is three. To change the number of retries you must modify a setting contained in the IQS_SYS.INI initialization file located in the \InfinityQS International\Applications directory. Use the following steps to change the setting:

  1. Using Notepad or WordPad open the IQS_SYS.INI located in the \InfinityQS International\Applications directory.
  2. Locate the security options section, designated as [SECURITY], within the file. If the section does not exist it can be added at the end of the file. Note: all section headings must be enclosed in square brackets.
  3. Within the security section locate or create the item SEC_RETRY and set its value to the desired retry count. For example, to set the retry count to five the entry should look like this:

[SECURITY] 
SEC_RETRY=5

Other System Parameters

There are several additional system parameters that can be changed to better support the FDA requirements for Electronic Signatures. These parameters are contained in the IQS_SYS.INI initialization file located in the \InfinityQS International\Applicationsdirectory. Below is a brief explanation of their use and settings. Use the steps above to modify their values.

Security Options Items:

[SECURITY]

SEC_MIN_LENGTH=3

Specifies the minimum number of characters that must be used for both a users sign in name and password. The valid range of values is from 3 to 16 with 3 being default.

SEC_RETRY=3

Specifies the maximum number of retries that a use is allowed to retry their password before they are locked out from the system. When locked out their password will be marked as <REVOKED> in the password list of Database Manager. The default value for this item is 3 retries.

SEC_AUTOCLOSE=10

Specifies the number of seconds that the user login or sign-in dialog will remain open with no user activity. The default value is 10 seconds of inactivity before the dialog automatically closes.

SEC_ACCESS_LOG=0

Determines whether or not an access log is generated in the applications directory. If the option is set to 1 an access log file, iqs_access.txt" will be created in the applications directory. This file will contain the login and logout times for any one accessing the database via one of the InfinityQS applications.

Event Options Items:

[EVENTS]

ALLOW_CODE_EDIT=0

This item is used to allow assignable cause and corrective action codes to be edited. By default these code values cannot be changed by an operator. Setting the value to 1 will allow these codes to be changed.

COMMENT_EDIT=1

This item is used to allow event comments to be edited by the user who originally created the comment or an administrator. To inhibit the editing of comments set the value to 0.

COMMENT_DEL=1

This item is used to allow event comments to be deleted by the user who originally created the comment or an administrator. To inhibit the deletion of comments set the value to 0.

AUTOCLOSE=0

Specifies the number of seconds that the event dialog will remain open with no user activity. The default value of 0 allows the dialog to remain open indefinitely. Setting the value to a number greater than 0 will automatically close the dialog after the specified seconds of inactivity.

RESTORE_USER=1

The events dialog allows other users to log into the system for setting codes and comments. This option specifies whether the user who was logged into the system when the events dialog was first displayed is restored as the active user when the events dialog is closed.

Need help?
​For further information contact GetInTouch@infinityqs.com
Toll Free: 1.800.772.7978​

Take the first step from quality to excellence

Take the Next Steps