Weever Process Regulatory Compliance
How does the Weever Process platform support regulations like FDA 21 CFR Part 11 and CFIA through secure digital signatures and audit trails?
Key Takeaways
- Compliance Superhero! Weever is built to fly through audits by meeting tough standards like FDA 21 CFR Part 11, CFIA, and EU Annex regulations
- The "Paper Trail" is now a "Digital Fortress." Every change is tracked (who, what, when, and why), making your records tamper-resistant and easily accessible
- Lock it Down. Electronic signatures aren't just fancy marks—they re-authenticate the user and lock the record so the data stays safe and sound
- No Secrets Allowed. From software versions to every single login and logout, Weever keeps a meticulous diary of everything happening in the system
- Data Integrity is King. Inputs are validated, and deletions are restricted, ensuring your data is accurate, synchronized, and honest
- Fort Knox Security. With encryption, complex password rules, and automatic lockouts, only the right people get through the digital front door
Weever Process — FDA 21 CFR Part 11 compliance
Third-party attested by David Nettleton, Computer System Validation expert
| Category | Feature | What Weever Process does |
|---|---|---|
| Software identity | Version tracking | Software version indicates both major and minor changes |
| Role-based access | Access limited to authorized individuals; privileges assigned to roles, not individuals | |
| No "God" role | No unrestricted superuser role; system administrator access is explicitly limited | |
| Unique usernames | Usernames are unique, identify a person (not generic), displayed on screen, and inactivated — never deleted or reused | |
| Password security | Minimum length | Passwords must be at least 8 characters |
| Composition requirements | Alphanumeric makeup enforced | |
| Change frequency | Required every 90 days | |
| Reuse restriction | Previous passwords cannot be reused within 1 year | |
| Password masking | Passwords are not displayed on entry, not remembered by browsers, and cannot be copied from the password field | |
| Encryption | Passwords are encrypted on entry and in storage | |
| Temporary passwords | Unique, must be changed at next login, expire within 24 hours | |
| Auto session timeout | Automatic logout after 20 minutes of inactivity | |
| Failed login lockout | Auto lockout after 5 failed attempts; email notification sent to admin/security staff | |
| Inactive account lockout ★ | Accounts inactive for 30 days are automatically locked (commended by auditor) | |
| Access logging | Login activity log | All login, logout, and lockout events are recorded |
| Last login display | Last login time is shown when a user signs in | |
| Concurrent login alert ★ | Both users are notified when a login occurs from a significantly different IP address (commended by auditor) | |
| Data encryption in transit ★ | Downloaded confidential data and all data leaving the intranet firewall is encrypted | |
| Data integrity | Input validation | Validity checks applied to the type and size of all input data |
| Limited delete | Delete capabilities are limited and controlled | |
| Unambiguous date format | Dates use an unambiguous format (e.g., dd-MMM-yyyy) to prevent misinterpretation | |
| Time synchronization | All system timestamps synchronized to a standard external time source | |
| Audit trail | Comprehensive record tracking | Creation, modification, inactivation, and deletion of all records and configuration data is tracked |
| Change details captured | Records who changed what, when, the previous value, the new value, and reason for change where required | |
| User access to audit trail | Authorized users can access and review the audit trail directly | |
| Database-level audit trail | Audit trail is written at the database level for high-integrity record keeping | |
| On-screen change indication ★ | Users are shown on-screen when data has changed — not just in the audit trail log | |
| EU Annex 11 compliance ★ | Additional best practices earned Weever a rare EU Annex 11 compliance credit alongside 21 CFR Part 11 | |
| Electronic signatures | Unique public identifier | Username uniquely identifies the signer |
| Private credential | Password known only to the signer confirms intent | |
| Statement of meaning | Each signature carries a statement of testament explaining the meaning of the signature | |
| Signature display | Signed records display printed name, date, time, and meaning of signature | |
| Permanent lock | Signed objects are permanently locked from editing after signature | |
| Permanent linkage | Signatures are permanently and inseparably linked to the signed record |