Question: How does the software ensure compliance with 21 CFR Part 11, particularly concerning the logging of user management actions such as modification and deletion within the Vision module?

Background: While evaluating the software's features for our project development, we've noticed that certain actions related to user management, particularly modifications and deletions, are not being logged in the audit trail within the Vision module. Considering the importance of compliance with 21 CFR Part 11 requirements, which mandate comprehensive audit trails for electronic records, it's critical for us to ensure that all relevant user actions are adequately tracked and documented.

Could you please provide insight into how the software addresses this specific aspect of compliance and if there are any plans to enhance the audit trail functionality within the Vision module to encompass user management actions comprehensively?

Also Could you provide guidance on the process or mechanisms within the software that allow us to set up and customize user audit messages based on button actions? Additionally, are there any best practices or recommended configurations to ensure accuracy and completeness in logging these critical user interactions?

Are there any sample Ignition applications available that have been developed to meet requirements such as user management, tracking of failed attempts, logging of all actions within the application, electronic signatures, etc.?


1 Like

The Bachem example uses Active Directory for its user authentication. Using Vision's user management component with an internal user source may simply not be possible for this task.

This document lays out IA's recommended best practices. In that article it talks about extending the audit functionality via scripting.

system.util.audit will allow you to generate customized audit data pretty easily. See here.

This documentation shows all of the actions that are automatically audited

1 Like

I see in our documentation that we log audit events for "creating, editing, or deleting a user". Can you confirm that this does not occur? What version of Ignition are you using? Are you using the internal Ignition identity provider or external?

1 Like

Hi, Thank you, Yes, it is available. I think we may need to put little effort into capturing the exact modifications done in the user management components instead of common naming 'edited".

Can we bring the Password Policies Properties of the gateway to vision screens for user configuration?

At this time, we have no plans to further enhance the functionality of the User Management component (where you can manage your users and their roles) nor add any other notable security configuration features like this to the designer.

I'm sure there are some security implications in play here as well, but ultimately we often have to ask ourselves should that be configurable in the designer/in a client session or only configurable in the gateway webpage? For frequent activities (such as manipulating users and their roles) we will build that functionality out into the designer (hence the User Management component) but oftentimes we intentionally reserve a lot of configuration operations to be performed in the gateway webpage.