How does VISION SP meet compliance requirements?

Ask Question Mark


Regulated manufacturing is an important aspect of biotherapeutic production and other industries. Proper controls such as good manufacturing practices (GMP) ensure that products are made with the appropriate quality. An important aspect of these regulated practices is the software used for analysis, where the software must also meet regulatory requirements. To this end, the Code of Federal Regulations, Title 21, Part 11 (21 CFR Part 11) and subparts define how computer-generated data are to be stored and used with the aim of making the data comparable to a lab notebook in terms of providing an immutable and traceable record. The new VISION Security Pack software meets the requirements of 21 CFR Part 11 and provides a regulatory compliant FFF software solution.

Meeting the requirements of
21 CFR Part 11

There are many specific guidelines in 21 CFR Part 11, but they generally fall into one of three categories: data safety and integrity, user security, and audits/logging. Data safety and integrity addresses the data storage security and whether the user can discern altered or invalid records. VISION SP saves data in a secure SQL Server® database. This database leverages the security inherent to the program and from Microsoft Windows®. Additionally, each database entry has an encrypted checksum, which is used verify data integrity. The database can also be created on a networked server that allows for automatic backup for added security.

User security ensures that only authorized users with appropriate permissions are allowed to access the software. VISION SP leverages the Microsoft Windows security system to limit system access to authorized individuals. System administrators create four security groups for VISION SP and then assign Microsoft Windows user accounts to those security groups. Each user account has a unique login and password. It is also possible to set up the VISION SP security groups in the Active Directory, such that network-authenticated accounts can be given VISION SP privileges. One domain-level user account can then be used to log in to any instance of VISION SP on the network. One thing to bear in mind is that VISION SP user accounts and security groups are synchronized with ASTRA SP. A user cannot be a part of different security groups in VISION SP and ASTRA SP. For details on ASTRA SP compliance, please refer to ASTRA SP: Security Pack for 21 CFR Part 11 compliance.

Audits and logging confirm that each action taken in the software is properly tracked and can be retrieved later for review. VISION SP has four separate logs, system, configuration, sequence, and method. The log entries are time-stamped, notes the user making the change along with the computer where the change is made. These log entries are added sequentially and previous entries are not modified or overwritten. Finally, the logs can be exported into a readable file format suitable for inspection and review. For more details on VISION SP compliance, please refer to VISION SP: Security Pack for 21 CFR Part 11 compliance.

Installing and

ASTRA 8 SP must be installed before using VISION SP. In addition to compliance requirements, the database connections are made through ASTRA SP. As part of the ASTRA SP installation, the SQL server database must also be set up. The database storage capacity needs to accommodate both the ASTRA SP and VISION SP data files. This capacity is crucial as each injection in VISION SP is 8-15 MB while each ASTRA file is 2-5 MB. As mentioned before, VISION SP user accounts are synchronized with ASTRA SP. Thus, a user with a Technician role would have those level of permissions in both ASTRA SP and VISION SP. The table below shows the general permission levels for each security group.

Once logged in, the operation of VISION SP is essentially the same as non-SP VISION, with the exception of the users having actions restricted according to their assigned security group. For example, a Technician level user cannot create a new sequence or load an old sequence.

Logging occurs automatically and records important changes in the system. This includes configuration changes, login attempts, database connections, data creation, and importing/exporting data. In addition to all of the information described previously, the ASTRA and VISION data logs will show the file associations. That is to say, an ASTRA data log will show the VISION EMDF file of the sequence that produced the ASTRA data. The VISION sequence log will also show the ASTRA files that were produced from the sequence.


VISION SP utilizes much of the same approach as ASTRA SP to achieve 21 CFR Part 11 compliance. The general areas of data safety and integrity, user security, and auditing are covered by utilization of the SQL server database, defined security groups and users, and multiple exportable logs. Additionally, the functionality of VISION SP is the same as regular VISION, so there is a wealth of procedural documentation for new users. Any users that desire to use FFF in a regulated environment will find an excellent solution in ASTRA SP and VISION SP. To learn more about what you can do with FFF, login to our Support Center for resources including application notes, technical notes, and white papers.

Do you have a question? Contact our experts here in Customer Support. We’re happy to help! Call +1 (805) 681-9009 option 4 or email