“However, procuring new instruments, installing new and upgraded data acquisition software, and enabling various features on software are not sufficient alone. These steps will be effective only if you implement appropriate procedures and systems to ensure that you retain data as required…and control data and associated audit trails.”
This is obviously talking about the need to have standard operating procedures (SOPs) in place that describe how to use the software, and performing a validation of your CDS to demonstrate it is operating as intended. Many commercial CDS packages are 21 CFR Part 11 capable, but in order to ensure they are 21 CFR Part 11 compliant, the software needs to be validated after it has been configured to your specifications. Compliance, after all, comes down to having documented evidence that you are following your procedures and quality systems.
Thermo Scientific™ Chromeleon™ Chromatography Data System (CDS) provides validation certificates with the installation documentation. These certificates are for the validation of the software itself, but do not cover any installation. Chromeleon CDS has several built-in Station Qualification tools. These are intended to qualify the installation by checking to verify the correct files are present and that the software is operating as Thermo Fisher Scientific intended. These built-in qualifications do not, and cannot, validate that the Chromeleon software is operating as you, the end-user, intend it to – that validation must be performed separately, and can be accomplished in three steps:
-
- Determine the policies, roles, access and privileges you require. Chromeleon CDS can be configured in many different ways depending on your internal requirements. Common areas to think about include:
-
- Are audit trails required? Do users need to add comments when they make changes?
-
- How strong should the passwords be? How often should they be changed? Can they use their Windows password?
-
- What roles are needed and what privileges should each have?
-
- Determine the policies, roles, access and privileges you require. Chromeleon CDS can be configured in many different ways depending on your internal requirements. Common areas to think about include:
-
- Create SOPs that define the policies and roles determined above. Include what privileges are assigned to each role so that periodic review can be made and documented to help prove compliance.
-
- Validate the CDS configuration using scripts. A script is a short set of detailed instructions intended to challenge the security setup. Each script should have an expected outcome. It is not necessary to test every feature of the CDS – that is why the validation certificates mentioned above are provided. The intent of these scripts is to define the areas you feel to be most important in demonstrating compliance and data integrity, and then challenge them to show the system is functioning as intended. Typically, 5-10 scripts that cover several features in each is appropriate. Five example scripts are shown below that, when combined, would give be a strong start in validating the CDS performance.
-
- Verify the policies and privileges assigned match those in the SOP.
-
- Login using an incorrect password and verify access was denied. Login with the correct password and verify access was granted. Then check the audit trails to see if these actions were captured correctly.
-
- Try to delete data using a role that does not allow the action.
-
- Initiate a sequence and start acquiring data, then interrupt the sequence. Verify the actions could be performed correctly and the audit trail captures the information.
-
- Integrate a peak and then change the integration parameters. Verify the audit trails capture the changes.
-
- Validate the CDS configuration using scripts. A script is a short set of detailed instructions intended to challenge the security setup. Each script should have an expected outcome. It is not necessary to test every feature of the CDS – that is why the validation certificates mentioned above are provided. The intent of these scripts is to define the areas you feel to be most important in demonstrating compliance and data integrity, and then challenge them to show the system is functioning as intended. Typically, 5-10 scripts that cover several features in each is appropriate. Five example scripts are shown below that, when combined, would give be a strong start in validating the CDS performance.
If you perform chromatography in a regulated environment, validation of your CDS is essential. Chromeleon CDS provides all of the tools necessary to ensure data integrity, but it is how you choose to set it up and how you decide to document and prove the desired performance, that will lead to true compliance.
Check out this product spotlight to see how Chromeleon CDS can help to ensure compliance in your lab. For data security beyond your CDS, encompassing instruments such as balances and pH meters, learn about Chromeleon XTR Laboratory Management System.