The 10 Compliance Commandments for Laboratory Systems
- Management are responsible
All levels of management are responsible for quality and compliance in regulated laboratories.
- Use networked systems with a database
Systems that are file based are not fit for use in a regulated environments as it is easy to delete data, instead use a system with an integrated database.
- Document the systems configuration and manage all changes to it
A laboratory application needs to be configured to enable the audit trail, turn on electronic signatures and define user types with associated access privileges.
- Work electronically and use electronic signatures
Design your work processes to work electronically for greater efficiency and speed, validate the system for intended use. Keep paper print-outs to a minimum, define electronic records/raw data for the system and sign the reports electronically.
- Have unique user identities
Allocate each user a unique identity and use adequate password strength. When a person leaves or no longer requires access, disable the account to ensure that the user identity is not reused. Ensure the passwords are sufficiently strong and are not shared or written down.
- Separate roles to avoid conflict of interest
Use the IT department to administer the system if possible to avoid conflicts of interest. For example application configuration settings and user account management.
- Define methods that can and cannot be changed
Determine and document which analytical procedures can be adjusted and those which cannot, this control can include the data acquisition, instrument control and integration parameters as deemed necessary.
- SOP for data interpretation/manipulation
SOP defines hot interpret data for specific instrument types.
- Ensure staff are trained and competent
Staff must be trained in all the SOP’s applicable to the system. Training includes data integrity.
- Conduct effective internal audits
Carry out effective self-inspections or internal audits. Self-inspections must be independent and focus on ensuring data integrity within any system. Auditors must focus on the electronic records and working practices within the system rather than any paper records outside of it. If non-compliances are identified ensure that CAPA’s are effective and issues are not repeated.