I’m currently working on the specs for CFR 21 Part 11 assistance within our SCADA package.
Currently our audit trails and event logs are not tamper proof so we need to change the way these are logged.
We have chosen to output the logs to a Microsoft Access MDB file auto generating a password for writing within our software so no one else can write to it. Any other access is read only and only our software will know how to write.
This is much easier to implement for us as we don’t ship any database server with our package and most users wouldn’t want the bulk of installing SQL server onto their PCs - especially as one of our core markets is IPCs which don’t have much storage.
So the question is, is it acceptable to use MS Access MDB files for secure storage of the logs as far as CFR 21 part 11 is concerned?
Hope you can help