Chapter 3, Subject 4
QMP Reference Standard and Compliance Guidelines
Appendix F
Guidelines for the Use of Electronic Records and Signatures

Electronic Records

When QMP records are created and/or stored using microprocessor technology, these electronic systems can be classified as "open" or "closed" systems. A closed system is an environment where the system access is controlled by the persons who are responsible for the content of the electronic records on the system. An open system is an environment in which the system access is not controlled by the persons who are responsible for the content of the electronic record on the system. For example, a processor has purchased off-the-shelf HACCP software to record and store data, and generate reports of CCP monitoring. If the processor does not have access to the data storage files generated by the software, this system is considered closed. If the processor has access to the content of those data files generated by the software the system is considered open. The distinction between open and closed governs who is responsible for implementing controls to ensure the authenticity and integrity of electronic records. If the system is closed then the software manufacturer is responsible, otherwise the food processor is responsible.

When fish processors use electronic records in place of paper records required for QMP, they must develop and implement additional controls to demonstrate the reliability of the electronic records.

Processors should be able to demonstrate compliance with the following requirements:

1. Documentation of the computer system operation, maintenance, and modifications is part of the QMP Plan.
2. Computer systems are validated to ensure their accuracy, reliability, consistency and ability to discern invalid or altered records.
3. Computer systems are able to generate accurate and complete copies of records in a readable text format for inspection purposes.
4. Computer systems contain an adequate means to protect records for accurate and timely retrieval throughout the record retention period. This may include systems to maintain appropriate backup records.
5. Computer systems limit record access to authorised individuals.
6. Computer systems have a rigorous security protocol to ensure that only authorised individuals can use the system, electronically sign a record, access the operation or computer system, alter a record, or perform operations.
7. Management establishes and implements policy that holds individuals responsible and accountable for data recorded and/or actions taken under their electronic signatures.

Electronic Signatures

When a QMP record is made it should be signed or initialled by the responsible party. Similarly, when an electronic record is created, the computer systems will require identification of the person who created the record, this identification is called the "electronic signature".

When electronic signatures are used in association with QMP records, the following characteristics should be associated with the electronic signature:

1. The electronic signature contains a unique identifier for the signer, the date and time of signing.
2. The electronic signature is clearly linked with one (or more) electronic record(s).
3. Controls are in place to ensure that electronic signatures and their links to records cannot be removed, copied, or otherwise manipulated.
4. Each electronic signature is unique to only one individual and is not re-used or re-assigned at any time.
5. Identity of persons authorised to use electronic signatures are documented in the QMP Plan

---

Next page: Chapter 3 Subject 4 - Appendix G | Previous page: Chapter 3 Subject 4 - Appendix E