Back

Establish, implement, and maintain paper document integrity requirements for the output of records.


CONTROL ID
00930
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain records management procedures., CC ID: 11619

This Control has the following implementation support Control(s):
  • Review and approve output exceptions., CC ID: 06625
  • Perform regularly scheduled quality and integrity control reviews of output of records., CC ID: 06627


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • T34: The organization shall provide functions to ensure ledgers, checklists, journals, and other files match. T34.4: The organization shall pay special attention to matching files when the files are dispersed for decentralized processing. (T34, T34.4, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • The fax sender should make arrangements with the receiver to obtain the fax message as soon as possible after it has been received. (Control: 1075 Bullet 1, Australian Government Information Security Manual: Controls)
  • Systems should be configured so protective markings appear at the top and bottom of every page when the file is printed. (§ 3.5.68, Australian Government ICT Security Manual (ACSI 33))
  • Electronically stored data should be able to be obtained in clear printed format. (¶ 8.1, EudraLex, The Rules Governing Medicinal Products in the European Union, Volume 4 Good Manufacturing Practice, Medicinal Products for Human and Veterinary Use Annex 11: Computerised Systems, SANCO/C8/AM/sl/ares(2010)1064599)
  • The system can generate accurate and complete copies of records in electronic format and human readable form. (¶ 21.10 Bullet 6, Good Practices For Computerized systems In Regulated GXP Environments)
  • The system should be able to print copies of electronically stored data in a meaningful way. (¶ 12, PE 009-8, Guide to Good Manufacturing Practice for Medicinal Products, Annex 11, 15 January 2009)
  • The Digital Rights Management system should protect sensitive information by protecting the information against unauthorized changes, copying, and distribution (including printing). (CF.08.08.04b, The Standard of Good Practice for Information Security)
  • The Digital Rights Management system should protect sensitive information by protecting the information against unauthorized changes, copying, and distribution (including printing). (CF.08.08.04b, The Standard of Good Practice for Information Security, 2013)
  • Before displaying, writing, or printing output, the system must automatically check it to ensure it has not reached the wrong device. The system must establish a connection and verify the connection before transmitting data. (CSR 9.6.2, Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
  • The signer's printed name; the date and time the signature was executed; and the meaning that is associated with the signature shall be included whenever electronic records are printed in human readable form. (§ 11.50(b), 21 CFR Part 11, Electronic Records; Electronic Signatures)
  • The information system validates information output from {organizationally documented software programs and/or applications} to ensure that the information is consistent with the expected content. (SI-15 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)