The best long-term corrective and preventive action (CAPA) in this situation is acombination of user re-training, communication, and routine monitoring— as described inOption B.
According to theGCDMP (Chapter: Electronic Data Capture Systems)andFDA 21 CFR Part 11, user credentials and electronic signatures in clinical systems arelegally bindingand must be used only by the assigned individual. Simultaneous log-ins under the same credentials often indicatecredential sharing, acompliance violationthat must be addressed through user education, reinforced security policies, and ongoing system oversight.
While technical controls (option A) may be considered, behavioral and procedural reinforcement are the first lines of defense. Options C and D are excessive and not aligned with proportional CAPA practices.
Reference (CCDM-Verified Sources):
SCDM Good Clinical Data Management Practices (GCDMP), Chapter: Electronic Data Capture (EDC) Systems, Section 7.1 – User Access, Authentication, and Training
FDA 21 CFR Part 11 – Electronic Records and Electronic Signatures, Sections 11.10(i) and 11.200(a)
ICH E6 (R2) Good Clinical Practice, Section 5.5.3 – Access Control and Audit Trail Requirements
