Samsara is designed to be used to securely collect electronic records as part of an FDA Title 21 CFR Part 11 compliant process in food, drug, and medical environments.
Title 21 CFR 11 compliance requires a number of controls to ensure integrity, accessibility, and confidentiality of electronic records. Samsara's technical architecture meets these requirements as specified below.
Data integrity: 21 CFR Part 11 requires that data be stored redundantly, regularly backed up, and recorded with a computer generated timestamp, checksum and audit trail. Samsara sensor data is encrypted in transit, redundantly stored, and is not able to be modified by users once recorded. All data is recorded with a timestamp and data validity is verified upon storage and thereafter. Data is stored by Samsara without limit in time or quantity, and is regularly backed up across distributed data stores.
Data accessibility: 21 CFR Part 11 requires that human readable copies of recorded data must be available. Samsara sensor data can be retrieved from a browser in the form of historical graphs and standard reports, manually exported in spreadsheet/text form, or programmatically exported using a secure API. In all forms, data is accessible to authenticated users in a readable and standard format.
Confidentiality: 21 CFR Part 11 specifies that only authorized users with a unique username and password can access the system. Samsara authenticates users according to this standard (or better), with a username and password as the minimum requirement and optional 2-factor authentication via use of OAuth and a Google account. Unauthorized users are not granted access to stored sensor data.
Note: In order to be completely Title 21 CFR Part 11 compliant, an organization's entire system of data collection and recording must meet regulations. This system extends beyond the use of Samsara equipment to manual procedures, user training, and validation.