GemStone can be part of your lab's compliance strategy for 21 CFR Part 11 when it is setup and operated in Compliance mode. It has been developed under a quality management system and validated with a suite of quality assurance tests. The table below summarizes how the key elements of Part 11 relate to GemStone and its use in Compliance mode settings.
| Section | Summary of Rule | Compliance Strategy |
| 11.10 | Controls for closed systems | GemStone can be accessed only through the user interface; it is a closed system. |
| 11.10 (a) | Validation and accuracy. | GemStone uses externally-generated data to validate its results and employs proprietary binary format, static PDF, and/or CRC methods to ensure valid files. |
| 11.10 (b) | Record generation and readability | GemStone generates CRC-checked log files and static PDF reports that are human-readable and machine-readable. |
| 11.10 (c) | Record protection and retrieval | Record retention and retrieval plan is managed by the laboratory’s file management practices. |
| 11.10 (d) | Authorized access | GemStone uses the operating system’s user login validation, and user group membership determines permissions within the software. |
| 11.10 (e) | Audit trails | GemStone employs a CRC-checked logging system with time stamps, and log files are preserved. Log files cannot be deleted by ordinary means. |
| 11.10 (f) | Operational system checks | GemStone enables and disables portions of the UI to enforce permitted sequencing of steps and events. |
| 11.10 (g) | Authority checks | GemStone uses the operating system user groups and login validation to assure authorized access. |
| 11.10 (h) | Device checks and validity | GemStone performs validation checks on the FCS data files. |
| 11.10 (i) | Education, training and experience | GemStone provides a User Guide, technical support, and tutorial videos to assist with the proper, intended use of the program. Specific on-site training may be arranged. |
| 11.10 (j) | Electronic signatures | This is an individual laboratory requirement beyond the scope of use of GemStone. |
| 11.10 (k) | Systems documentation | GemStone version releases are accompanied by an updated User Guide. Verity employs document control procedures. |
| 11.30 | Controls for open systems | GemStone is designed as a closed system. |
| 11.50 | Signature manifestations | GemStone does not require or offer electronic signatures. |
| 11.70 | Signature linking | GemStone does not require or offer electronic signatures. |
| 11.100 (a) | Unique electronic signatures | Your laboratory must ensure that electronic signatures are unique to each user on the network. |
| 11.100 (b) | Identity verification | Each laboratory must verify its own employment records and IDs. |
| 11.100 (c) | Signature verification | Each laboratory must verify electronic signature eligibility with the FDA. |
| 11.200 (a)(1) | Two-component signing | GemStone does not require or offer electronic signatures. |
| 11.200 (a)(2,3) | Authenticity and falsification | GemStone does not require or offer electronic signatures. |
| 11.200 (b) | Biometric signatures | GemStone does not utilize biometric IDs. |
| 11.300 (a) | Controls for identification | GemStone uses the operating system user groups and login validation to assure unique user identities. |
| 11.300 (b) | Identification aging | The individual laboratory IT structure must control password checks and aging requirements. |
| 11.300 (c) | External ID validation | Not applicable. GemStone does not utilize external tokens, cards, RFID, or other physical identity-confirming devices. |
| 11.300 (d) | Unauthorized use | The individual laboratory IT structure must control login authenticity and manage safeguards to prevent unauthorized use. |
| 11.300 (e) | External device testing | Not applicable. GemStone does not utilize external tokens, cards, RFID, or other physical identity-confirming devices. |