United States Office of Administration Draff Environmental Protection and Resources Management December 28,1990 Agency EPA Good Automated Laboratory Practices Recommendations For Ensuring Data Integrity In Automated; Laboratory Operations with Implementation Guidance ------- GOOD AUTOMATED LABORATORY PRACTICES DRAFT December 28,1990 EPA'S RECOMMENDATIONS FOR ENSURING DATA INTEGRITY IN AUTOMATED LABORATORY OPERATIONS WITH IMPLEMENTATION GUIDANCE Scientific Systems Staff Office of Information Resources Management U.S. Environmental Protection Agency Research Triangle Park, North Carolina 27711 ------- 11 ------- EXECUTIVE SUMMARY This document describes acceptable data management practices in laboratories that pro- vide data to EPA. It is divided into two sections. The first section formally establishes the Agency’s recommended practices for laboratories to follow in automating their operations — Good Automated Laboratory Practices (GALP). The companion section provides laboratory management and personnel with recommendations and examples for complying with the GALP. Compliance with the GALP will assure the reliability of much of the data EPA uses in reaching decisions on human health and the environment. The GALP axe a single source to EPA’s established principles for ensuring integrity of computer resident laboratory data. The Agency’s Information Resource Management Policies build upon managerial controls that govern manual operations in many private laboratories that submit data to the Agency. Thus the GALP prescribe practices that will ensure integrity of health and environmental data for laboratories electing to automate their operations. This knowledge will improve hardware and software investment deci- sions of the private sector. The GALP axe EPA’s response to the need for standardized laboratory data management practices. Recent evidence of corruption, loss, and inappropriate modification of compu- terized data provided to EPA prompted an investigation by EPA’s Office of Inspector General and has underscored the lack of Agency-wide laboratory data management principles. This evidence also prompted EPA to conduct a detailed survey of automated laboratory practices and to visit several laboratories to evaluate first-hand the data man- agement practices employed to protect data integrity. The survey and the site visits amplified the need for the GALP. The survey found the integrity of computer-resident data is at risk in many laboratories that provide data to EPA. Serious gaps in system security, data validation, and basic documentation are re- sponsible for this risk. During the site visits commercial laboratory staff unanimously expressed need for EPA guidance in protecting the integrity of computer-resident data. Staff frequently voiced frustration with their unsuccessful efforts to obtain GALP-type guidance from EPA. m ------- iv ------- If a man will begin with certainties, he shall end in doubt; but if he will be content to begin with doubts, he shall end in certainties. — Francis Bacon V ------- vi ------- ACKNOWLEDGEMENTS This document culminates an intensive two year investigation by EPA’s Office of Information Resources Management (OIRM). Managers of scientific laboratories, laboratory automation specialists, experts in national laboratory standards and directors of federal regulatory pro- grams were employed. Senior management and technical staff in many private companies generously gave their time, candidly provided critical comments, and freely opened their operations to inspection by OIRM and its contract staff. A diverse national audience reviewed the background studies and provided valuable recommendations. Ms. Terrie Baker’s contributions overshadowed the total support of other individuals and organizations in developing the GALP requirements and evaluating the background studies. Her professional experience, symbiotic with the multi-talented needs of this effort; her dedication, determination and commitment to doing the right thing and on time; and her singular ability to examine highly charged and sensitive issues from several angles were essential. Dr. Andy Buchanan and Dr. Sandy Weinberg of Weinberg Associates, Inc. provided significant recommendations for the guidance in this document. They afforded this document an unpar- alleled wealth of experience in- assisting laboratories in complying with national/federal laboratory standards, auditing automated laboratory operations, and translating national guidelines into laboratory operating standards. They infused this document with well-articulated explanations and coherent practical implementation guidance. Several organizations let us into their “kitchens” to observe their staff, review their recipes, and discuss the soundness and practicality of the directions prescribed here. Waste Management Incorporated; EA Engineering; Science and Technology; and EPA’s Region V Central Regional Laboratory went out of their way to have staff meet with EPA and its contractor/consultants. They permitted a detailed exam of their operations, and openly and methodically critiqued drafts of GALP requirements. Mr. Dexter Goldman, Goldman and Associates, generously and enthusiastically supported this program from its inception. He endowed key phases of this program with an unparalleled working knowledge of EPA’s Good Laboratory Programs and their implications to standard- izing the automation of laboratory procedures and practices. Contractor support was essential in several phases of this effort. Computer Sciences Corporation (CSC) and Booz, Allen and Hamilton (BAH) staff undertook the background surveys and technical reviews. Mr. Richard Trilling of CSC and Mrs. Marguerite Jones of BAH supervised staff support, ensured quality control, prepared draft and final reports, and recommended program guidance. Ms. Lynn Laubisch and Mr. Barry Cleveland of Corporate Arts transformed the final product from monotonous printed pages to this current draft. Their skill in page layout, font selection, and icon and diagram creation give the reader the chance to grasp such information in a re- freshing and stimulating way. vii ------- ------- TABLE OF CONTENTS Executive Summary. iii Acknowledgements vii SECTION I: GOODAUTOMATEDLABORATORYPROCEDURES(GALP)...... 1 1.0 1 lirpose 3 2.0 Background 3 2.1 Investigations 4 2.2 Pnmary Findings 4 2.3 Major Recommendations 6 2.4 Initiatives and Actions 6 2.5 Summary 7 3.0 Scope and Applicability 7 4.0 Responsibilities 7 5.0 Authorities 8 6.0 Procedures and Guidelines 7.0 Scope 8 GALPs 8 Appendix A: Inventory of Compliance Documentation 21 SECTION II: GS LP I1 fIPIjE1%4ENrFItTION GIJII)AI CE ........................................ . 25 Principles 27 Operational Roles 28 GuidanceListing 32 Key to Guidance 36 Guidance 37 Appendix A: EPA OIRM GALP Publications 231 CommentForm 233 i x ------- x ------- GOOD AUTOMATED LABORATORY PRACTICES SECTION I: EPA’s RECOMMENDATIONS FOR ENSURING DATA INTEGRITY IN AUTOMATED LABORATORY OPERATIONS DRAFT December 28, 1990 ------- U.S. ENVIRONMENTAL PROTECTION AGENCY RECOMMENDATIONS FOR AUTOMATING LABORATORY OPERATIONS TITLE: GOOD AUTOMATED LABORATORY PRACIICES (GALP) DRAFT APPROVAL: Office of Information Resources Management DATE: December 28, 1990 The GALP are designed to assure a high standard of quality for computer-resident data produced in support of EPA programs. They are a union of two of EPA’s directives. The GALP extend regulations that govern laboratory management practice, Good Laboratory Practices (GLP), to automated operations by incorporating EPA’s established principles for protecting integrity of computer-resident data. See the diagram on the next page and Appendix A which cross- references the GALP with EPA’s established requirements. The GLPs describe acceptable laboratory management practices to ensure the quality and integrity of health, environmental, and chemical data submitted to the Agency through require- ments of the Toxic Substances Control Act (TSCA) and the Federal Insecticide, Fungicide, and Rodenticide Act (FIFRA). Other EPA programs can and have adopted these requirements. Various situations have arisen in automating operations for which the GLPs provide little or ambiguous guidance. The GALP help to avoid the confusion and potential problems that such uncertain situations can create. In laboratories where EPA’s GLPs are in effect the GALP are an pddition to GLPs. The GALP do not replace the Gil’s. The GALP also address the urgent need for standardized laboratory data management procedures This need is discussed in Section 2.0, BACKGROUND. The GALP clarify EPA’s expectations of performance and control for laboratories electing to use computer systems. Page lof 19 ------- GOOD AUTOMATED LABORATORY PRACTICES Page 2 of 19 PRINCIPLES AND REGULATIONS INCORPORATED INTO THE GALP .1 Statutory Requirements for Environmental Programs: • Superfund • Resource Conservation and Recovery Act • Clean Wat.rAct • Sets Drinking Water Act • Other. • EPAS Data Standards for Electronic Transmission of Laboratory Measurement Results • Findings of EPAs Electronic Reporting Standards Work Group I National Archives and Records Administrations Electronic Records Management Regulations I EPAs Good Laboratory Practice Regulations from Automated Laboratory Standards: Results from Survey of Laboratory Automated Data Management Practices, June 1990 EPA IRM Policy: • EPA System Design and Development Guidance • EPAS Operations and Maintenance Manual • EPA information Security Manual ------- GOOD AUTOMATED LABORATORY PRACTICES Page 3 of 19 1.0 PURPOSE This policy establishes EPA’s recommendations forprotecting the integrity of computer-resident data in laboratories submitting and/or maintaining health and environmental effects studies under Federal environmental programs within the jurisdiction of the Environmental Protection Agency (EPA). This policy recommends procedures for laboratories to follow in automating their operations to assure that computer-resident data are accurate and defensible. This policy draws upon existing policies for automated operations thus providing a single source of guidance for automating laboratory operations. 2.0 BACKGROUND EPA depends heavily on laboratory data to reach decisions on public health and the environ- ment. The accuracy and integrity of these data are fundamental to reaching the right decisions. As a result, several EPA programs have adopted and require laboratories to follow Good Laboratory Practices (GLPs) thereby assuring that laboratory-generated data are accurate and have integrity. EPA has well-developed procedures and practices to assess if manual operations in laboratories comply with the Agency’s GLPs. However, the computer is increasingly replacing many manual operations in the laboratory. It manages operations, interfaces with laboratory equipment, and generates scientific/technical reports. EPA lacks Agency-wide standards to guide laboratories as they replace manual op- erations with computer technology. Similarly, the Agency has no definitive guidelines to aid the Agency’s auditors and inspectors when they inspect laboratories that use computer tech- nology. Newly arising problems of possible corruption, loss, and inappropriate modification in com- puterized data provided to EPA underscored this lack of Agency-wide laboratory data management principles. They also resulted in an investigation by EPA’s Office of Inspector General. Disbarment, suspension, and fines have resulted from this investigation. These concerns prompted EPA to determine if there is a definitive need for standards for automated laboratory operations. As a result EPA initiated an investigation of laboratories that rely on computer systems to develop environmental data for EPA. This investigation under- scored the fact that the integrity of automated laboratory data is at risk: Additional investigations were indicated and undertaken. ------- GOOD AUTOMATED LABORATORY PRACTICES Page 4 of 19 2.1 INVESTIGATIONS EPA’S Office of Information Resources Management (OIRM) initially examined current automated laboratory practices and procedures in both the Superfund Contract Laboratory Program (CLP) and its Regional Office laboratories. OIRM conducted a detailed survey of automated laboratories and visited five laboratories to evaluate, first-hand, the data management practices employed to protect data integrity. The findings are presented in AutomatedLaboratory Standards: Current Automated Laboratory Data Management Practices (Final, June 1990). These findings prompted the need for further review in several areas. The first research project reviewed EPA’s Good Laboratory Practices and examined their applicability to automated laboratory operations. These findings are presented in Automated Laboratory Standards: Good Laboratory Practices for EPA Programs (June 1990) The second project surveyed vendors of laboratory information management systems (LIMS) and researched state-of-the-an automated technology. This project determined if there is an off-the-shelf product that can guarantee integrity of computer-resident data. Automated Laboratory Standards: Survey of Current Automated Technology (June 1990) describes the findings of this survey. The third project examined how automated financial systems assure the integrity of computer- resident data. The findings of this study are presented in Automated Laboratory Standards: Evaluation of the Use of Automated Financial System Procedures (June 1990). The fourth project surveyed standards employed by automated clinical laboratories. Automated Laboratory Standards: Evaluation of the Standards and Procedures Used in Automated Clinical Laboratories (May 1990) details the findings from this survey. 2.2 PRIMARY FINDINGS The integrity of computer-resident data is at risk in many laboratories providing scientific and technical data to EPA. Serious gaps in system security, data validation, and documentation are responsible for this risk (see Table 1 on following page). Commercial laboratory staffs unanimously expressed need for guidance in protecting the integrity of computer-resident data. The laboratories uniformly supported the idea of having a single source of guidance for automated operations. ------- GOOD AUTOMATED LABORATORY PRACTICES Page 5 of 19 In fact, commercial laboratory staff members frequently expressed frustration with their unsuccessful efforts to obtain guidance from EPA. They were told that no written guidance was available and often received no definitive response when they raised specific questions. Where EPA’s Good Laboratory Practice (GLP) requirements apply, they also apply to the computer operation used to conduct the study. Thus, an autonomous quality assurance unit must periodically inspect the computer operations and document their inspection and its results. Vendors of laboratory information management systems do not currently offer computer software that meet all the requirements of EPA’s GLPs; and no computer hardware technology currently exists that will assure data integrity. The main sources of risk to data integrity in automated financial systems also exist in automated laboratory systems; financial systems use time-proven controls that significantly reduce these risks. Clinical laboratories, particularly those doing forensic drug testing, view security as their top priority to assuring data integrity. They use a variety of methods to ensure security in their automated operations. TABLE 1 Data Change Practices Percent of Respondents Following Procedures When logging on, individuals use a personalized password 50% When changes are made to the system, • who authorized the change 10% there is hard-copy documentation of: • who made the change 17% When changes axe made to the • who authorized the change 10% committed database, there is • who made the change 14% hard-copy documentation of: When changes are made to the • who made the change 40% committed database, the system • both the changed and maintains a log of: unchanged data 23% ------- GOOD AUTOMATED LABORATORY PRACTICES Page 6 of 19 2.3 MAJOR RECOMMENDATIONS Data management procedures should be standardized in laboratories supporting EPA programs and the Agency should assume responsibility for establishing these standards. Standardized data management procedure for automated laboratory operations should comply with the requirements of EPA’s Good Laboratory Practices (GLP). Novel technology, such as the use of bar coding, can be useful in automating laboratory operations. This technology can minimize errors in sample identification and other functions. Risks to data integrity in automated laboratory operations may be reduced by adopting controls automated financial systems have proven to be effective. Automated clinical laboratories employ several practical measures to reduce security risks that should be evaluated in developing security control procedures in laboratories providing data to EPA. 2.4 IN1TIATWES AND ACTIONS The Agency responded rapidly and responsibly to these findings and recommendations. — In June 1990, EPA published the draft Automated Laboratory Srandards. A Guide to EPA Requirements for Automated Laboratories. This document is a single source to EPA’s established principles for protecting the integrity of computer-resident data. The Guide draws heavily from the reviews discussed above. It complies with EPA’s GLP requirements and includes applicable requirements from other Agency authori- ties. — In December 1990, EPA prepared this document. It is currently being reviewed within EPA. It is a definitive statement of what EPA considers to be acceptable data man- agement practices for automated laboratory operations and is based almost completely on the Guide discussed above. — The Agency is drafting Compliance Evaluation Guidance for EPA’s Good Automated Laboratory Practices that will describe evaluation criteria for laboratory inspectors to use in auditing automated laboratories. It may alsp help laboratories in developing programs to ensure laboratory compliance with the GALP. ------- GOOD AUTOMATED LABORATORY PRACTICES Page 7 of 19 2.5 SUMMARY The investigations highlighted the urgent need for standardized data management practices in laboratories that provide data to EPA. This document contains EPA’s response to this need. The GALP and Guidance provide EPA with assurance that much of the data the Agency uses in reaching decisions on human health and the environment will be reliable. This document will enable laboratories that provide data to EPA to have a clear understanding of what the Agency considers to be adequate controls to assure data integrity. Future decisions on further automating their operations will be improved because these laboratories will be armed with the knowledge of EPA’s laboratory data management expecations. 3.0 SCOPE AND APPLICABILiTY These recommendations aie directed to all EPA organizations and personnel or agents (including contractors and grantees) of EPA who collect, analyze, process, or maintain laboratory data for health or environmental programs. This includes the Agency’s Regional laboratories, labo- ratories submitting data under the Contract Laboratory Program (CLP), and all other commercial and private laboratories submitting data for regulatory purposes. 4.0 RESPONSIBILITIES a. The Office of Information Resources Management (OIRM) shall: (1) Be responsible for implementing and supporting this policy. (2) Provide guidance and technical assistance where feasible and appropriate in implementing and improving the requirements of this policy. b. Assistant Administrators, Associate Administrators, Regional Administrators, Labora- tory Directors, Contract Officers, ani General Counsel shall establish procedures within their respective organizations to ensure that automated laboratory systems used in the conduct of studies submitting data to the EPA under their direction are in compliance with this policy. ------- GOOD AUTOMATED LABORATORY PRACTICES Page 8 of 19 5.0 AUTHORITIES a. Computer Security Act of 1987. Public Law 100-235, January 8, 1988. b. Environmental Protection Agency System Design and Development Guidance. OIRM 87-02, June, 1989. c. Environmental Protection Agency Data Standards for the Electronic Transmission of Laboratory Measurement Results (EPA Order 2180.2, 12/10/87). d. Environmental Protection Agency Security Manual for Personal Computers, December, 1989. e. Toxic Substances Control Act (TSCA); Good Laboratory Practices. 40 CFR part 160. Vol 54, No. 158, August 17, 1989. f. Federal Fungicide, Insecticide and Rodenticide (FIFRA); Good Laboratory Practices. 40 FR Part 160. Vol 54, No. 158, August 17, 1989. pp. 34052-34074. g. Findings of EPA’s Electronic Reporting Standards Workgroup 6.0 PROCEDURES AND GUIDELINES Implementation guidance is also included in this document. Auditing tools will be issued under separate cover. 7.0 POLICY It is EPA policy that data collected, analyzed, processed or maintained on automated data collection system(s) in support of health and environmental effects studies be accurate and of sufficient integrity to support effective environmental management. The Good Automated Laboratory Practics (GALPs) ensure the integrity of computer-resident data. They recommend minimum practices and procedures for laboratories that provide data to EPA in support of its health and environmental programs to follow when automating their operations ------- GOOD AUTOMATED LABORATORY PRACTICES Page 9 of 19 7.1 Personnel When an automated data collection system is used in the conduct of a laboratory study, all personnel involved in the design or operation of the automated system shall: 1) have adequate education, training, and experience to enable those individuals to perform the assigned system functions. 2) have a current summary of their training, experience, and job description, in- cluding information relevant to system design and operation maintained at the facility. 3) be of sufficient number for timely and proper conduct of the study, including timely and proper operation of the automated data collection system(s). 7.2 Laboratory Management When an automated data collection system is used in the conduct of a study, the laboratory management shall: 1) designate an individual primarily responsible for the automated data collection system(s), as described in Section 7.3. 2) assure that there is a quality assurance unit that oversees the automated data collections system(s), as described in Section 7.4. 3) assure that the personnel, resources, facilities, computer and other equipment, materials, and methodologies are available as scheduled. 4) receive reports of quality assurance inspections or audits of computers and/or computer-resident data and promptly take corrective actions in response to any deficiencies. 5) assure that personnel clearly understand the functions they are to perform on automated data collection system(s). 6) assure that any deviations from this guide for automated data collection system(s) are reported to the designated Responsible Person and that corrective actions are taken and documented. ------- GOOD AUTOMATED LABORATORY PRACTICES Page 10 of 19 73 Responsible Person The laboratory shall designated a computer scientist or other professional of appro- priate education, training, and experience or combination thereof as the individual primarily responsible for the automated data collection system(s) (the Responsible Person). This indi vidual shall ensure that: 1) there are sufficient personnel with adequate training and experience to super- vise and/or conduct, design and operate the automated data collection system(s). 2) the continuing competency of staff who design or use the automated data col- lection system is maintained by documentation of their training, review of work performance, and verification of required skills. 3) a security risk assessment has been made, points of vulnerability of the system have been determined, and all necessary security measures have been imple- mented. 4) the automated data collection system(s) have written operating procedures and appropriate software documentation that are complete, current, and available to all staff. 5) all significant changes to operating procedures and/or software are approved by review and signature. 6) there are adequate acceptance procedures for software and software changes. 7) there are procedures to assure that data are accurately recorded in the auto- mated data collection system. 8) problems with the automated collection system that could affect data quality are documented when they occur, are subject to corrective action, and the cor- rective action is documented. 9) all applicable good laboratory practices are followed. 7.4 Quality Assuranee Unit The laboratory shall have a quality assurance unit that shall be responsible for mon- itoring those aspects of a study where an automated data collection system is used. The quality assurance unit shall be entirely separate from and independent of the personnel engaged in the direction and conduct of a study or contract. The quality ------- GOOD AUTOMATED LABORATORY PRACTICES Page 11 of 19 assurance unit shall inspect and audit the automated data collection system(s) at intervals adequate to ensure the integrity of the study. The quality assurance unit shall: 1) maintain a copy of the written procedures that include operation of the auto- mated data collection system. 2) perform periodic inspections of the laboratory operations that utilize automated data collection system(s) and submit properly signed records of each inspec- tion, the study inspected, the person performing the inspection, findings and problems, action recommended and taken to resolve existing problems, and any scheduled dates for reinspection. Any problems noted in the automated data collection system that are likely to affect study integrity found during the course of an inspection shall be brought to the immediate attention of the des- ignated Responsible Person. 3) determine that no deviations from approved written operating instructions and software were made without proper authorization and sufficient documentation. 4) periodically review final data reports to ensure that results reported by the auto- mated data collection system accurately represent the raw data. 5) ensure that the responsibilities and procedures applicable to the quality assur- ance unit, the records maintained by the quality assurance unit, and the method of indexing such records shall be in writing and shall be maintained. These items include inspection dates of automated data collections systems, name of the individual performing each inspection, and results of the inspection. 7.5 Facilities When an automated data collection system is used in the conduct of a study, the laboratory shall: 1) ensure that the facility used to house the automated data collection system(s) has provisions to regulate the environmental conditions (e.g., temperature, hu- midity, adequacy of electrical requirements) adequate to protect the system(s) against data loss due to environment problems. 2) provide adequate storage capability of the automated data collection system(s) or of the facility itself to provide retention of raw data, including archives of computer-resident data. ------- GOOD AUTOMATED LABORATORY PRACTICES Page 12 of 19 7.6 Equipment 1) Automated data collection equipment used in the generation, measurement, or assessment of data shall be of appropriate design and adequate capacity to function according to specifications and shall be suitable located for operation, inspection, cleaning, and maintenance. There shall be a written description of the computer system(s) hardware. Automated data collection equipment shall be installed in accordance with manufacturer’s recommendations and undergo appropriate acceptance testing following written acceptance criteria at installa- tion. Significant changes to automated data collection system(s) shall be made only by approved review, testing, and signature of the designated Responsible Person and the Quality Assurance Unit. 2) Automated data collection system(s) shall be adequately tested, inspected, cleaned, and maintained. The laboratory shall: 2.1) have written operating procedures for routine maintenance operations. 2.2) designate in writing an individual responsible for performance of each operation. 2.3) maintain written records of all maintenance testing containing the dates of the operation, describing whether the operation was routine and fol- lowed the written procedure. 2.4) maintain records of non-routine repairs performed on the equipment as a result of a failure and/or malfunction. Such records shall document the problem, how and when the problem occurred, and describe the remedial action taken in response to the problem along with acceptance criteria to ensure the return of function of the repaired system. 3) The laboratory shall institute backup and recovery procedures to ensure that op- erating instructions (i.e., software) for the automated data collection system(s) can be recovered after a system failure. 7.7 Security 1) When an automated data collection system is used in the conduct of a study, the laboratory shall evaluate the need for system security. The laboratory shall have procedures that assure that the automated data collection system is se- cured if that system: ------- GOOD AUTOMAThD LABORATORY PRACTICES Page 13 of 19 1.1) contains confidential information that requires protection from unauthorized disclosure. 1.2) contains data whose integrity must be protected against unintentional enor or intentional fraud. 1.3) performs time-critical functions that require that data be available to sample tracking critical to prompt data analysis, monitors quality control criteria critical to timely release of data, or generates reports which are critical to the timely submission of data. 2) When the automated data collection system contains data that must be secured, the laboratory shall ensure that the system is physically secured, that physical and functional access to the system is limited to only authorized personnel, and that introduction of unauthorized external programs/software is prohibited. 2.1) Only personnel with specifically documented authorization shall be al- lowed physical access to areas where automated data collection systems are maintained. 2.2) Log-ons, restricted passwords, call-backs on modems, voiceprints, finger- prints, etc., shall be used to ensure that only personnel with documented authorization can access automated data collection systems. - 2.3) Procedures shall be in place to ensure that only personnel with docu- mented authorization to access automated data collection system func- tions shall be able to access those functions. 2.4) In order to protect the operational integrity of the automated data collec- tion system, the laboratory shall have procedures for protecting the system from introduction of external programs/software (e.g., to prevent introduction of viruses, worms, etc.). 7.8 Standard Operating Procedures 1) In laboratories where automated data collection systems are used in the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). Standard operating procedures shall be established for, but not limited to: - 1.1) maintaining the security of the automated data collection system(s) (i.e., physical security, securing access to the system and its functions, and restricting installation of external programs/software). ------- GOOD AUTOMATED LABORATORY PRACTICES Page 14 of 19 1.2) defining raw data for the laboratory operation and providing a working definition of raw data. 1.3) entry of data and proper identification of the individual entering the data. 1.4) verification of manually or electronically input data. 1.5) interpretation of error codes or flags and the corrective action to follow when these occur. 1.6) changing data and proper methods for execution of data changes to in- clude the original data element, the changed data element, identification of the data of change, the individual responsible for the change, and the reason for the change. 1.7) data analysis, processing, storage and retrieval. 1.8) backup and recovery of data. 1.9) maintaining automated data collection system(s) hardware. 1.10) electronic reporting, if applicable. 2) In laboratories where automated data collection systems are use4 in the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). Each laboratory or other study area shall have readily available manu- als and standard operating procedures that document the procedures being per- formed. Published literature or vendor documentation may be used as a supple- ment to the standard operating procedures if properly referenced therein. 3) In laboratories where automated data collection systems are used in the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). A historical file of standard operating procedures shall be maintained. All revisions, including the dates of such revisions, shall be maintained within the historical file. 3.9 Software 1) The laboratory shall consider software to be the operational instructions for automated data collection systems and shall, therefore, have written standard operating procedures setting forth methods that management is satisfied are adequate to ensure that the software is accurately performing the intended func- tions. All deviations from the operational instructions for automated data col- ------- GOOD AUTOMATED LABORATORY PRACTICES Page 15 of 19 lection systems shall be authorized by the designated Responsible Person. Changes in the established operational instructions shall be properly authorized, reviewed and accepted in writing by the designated Responsible Person. 2) The laboratory shall have documentation to demonstrate the validity of software used in the conduct of a study as outlined in Section 7.9.3. 2.1) For new systems the laboratory shall have documentation throughout the life cycle of the system (i.e., beginning with identification of user re- quirements and continuing through design, integration, qualification, vali- dations, control, and maintenance, until use of the system is terminated). 2.2) Automated data collection system(s) currently in existence or purchased from a vendor shall be, to the greatest extent possible, similarly docu- mented to demonstrate validity. 3) Documentation of operational instructions (i.e., software) shall be established and maintained for, but not be limited to: 3.1) detailed written description of the software in use and what the software is expected to do or the functional requirements that the system is de- signed to fulfill. 3.2) identification of software development standards used, including coding standards and requirements for adding comments to the code to identify its functions. 3.3) listing or all algorithms or formulas used for data analysis, processing, conversion, or other manipulations. 3.4) acceptance testing that outlines acceptance criteria; identifies when the tests were done and the individual(s) responsible for the testing; summa- rizes the results of the tests; and documents review and written approval of tests performed. 3.5) change control procedures that include instructions for requesting, testing, approving, and issuing software changes. 3.6) procedures that document the version of software used to generate data sets. 3.7) procedures for reporting software problems, evaluation of problems and documentation of corrective actions. ------- GOOD AUTOMATED LABORATORY PRACTICES Page 16 of 19 4) Manuals or written procedures for documentation of operational instructions shall be readily available in the areas where these procedures are performed. Published literature or vendor documentation may be used as a supplement to software documentation if properly referenced therein. 5) A historical file of operating instructions, changes, or version numbers shall be maintained. All software revisions, including the dates of such revisions, shall be maintained within the historical file. The laboratory shall have appropriate historical documentation to determine the software version used for the collec- tion, analysis, processing, or maintenance of all data sets on automated data collection systems. 7.10 Data Entry When a laboratory uses an automated data collection system in the conduct of a study, the laboratory shall ensure integrity of the computer-resident data collected, analyzed, processed, or maintained on the system. The laboratory shall ensure that in automated data collection systems: 1) The individual responsible for direct data input shall be identified at the time of data input. 2) The instruments transmitting data to the automated data collection system shall be identified, and the time and date of transmittal shall be documented. 3) Any change in automated data entries shall not obscure the original entry, shall indicate the reason for the change, shall be dated, and shall identify the indi- vidual making the change. 4) Data integrity in an automated data collection system is most vulnerable during data entry whether done via manual input or by electronic transfer from auto- mated instruments. The laboratory shall have written procedures and practices in place to verify the accuracy of manually entered and electronically trans- feired data collected on automated system(s). 7.11 Raw Data Raw data collected, analyzed, processed, or maintained on automated data collection system(s) are subject to the procedures outlined below for storage and retention of records. Raw data may include microfilm, microfiche, computer printouts, magnetic ------- GOOD AUTOMATED LABORATORY PRACTICES Page 17 of 19 media, and recorded data from automated collection systems. Raw data is defined as data that cannot be easily derived or recalculated from other information. The laboratory shall: 1) defIne raw data for its own laboratory operation. 2) include this definition in the laboratory’s standard operating procedures. 7.12 Records and Archives 1) All raw data, documentation, and records generated in the design and operation of automated data collection system(s) shall be retained. Correspondence and other documents relating to interpretation and evaluation of data collected, analyzed, processed, or maintained on the automated data collection system(s) also shall be retained. Records to be maintained include, but are not limited to: 1.1) a written definition of computer-resident “raw data” (see Section 7.11 of this document). 1.2) A written description of the hardware and software used in the collec- tion, analysis, processing, or maintenance of data on automated data col- lection system(s). This description shall identify expectations of computer system performance and shall list the hardware and software used for data handling. Where multiple automated data collection systems are used, the written description shall include how the systems interact with one another. 1.3) Software and/or hardware acceptance test records which identify the item tested, the method of testing, the date(s) the tests were performed, and the individuals who conducted and reviewed the tests. 1.4) Summaries of training and experience and job descriptions of staff as re- quired by Section 7.1 of this document. 1.5) Records and reports of maintenance of automated data collection system(s). 1.6) Records of problems reported with software and corrective actions taken. 1.7) Records of quality assurance inspections (but not the findings of the in- spections) of computer hardware, software, and computer-resident data. ------- GOOD AUTOMATED LABORATORY PRACTICES Page 18 of 19 1.8) Records of backups and recoveries, including backup schedules or logs, type and storage location of backup media used, and logs of system fail- ures and recoveries. 2) There shall be archives for orderly storage and expedient retrieval of all raw data, documentation, and records generated in the design and operation of the automated data collection system. Conditions of storage shall minimize poten- tial deterioration of documents or magnetic media in accordance with the re- quirements for the retention period and the nature of the document or magnetic media. 3) An individual shall be designated in writing as a records custodian for the archives. 4) Only personnel with documented authorization to access the archives shall be permitted this access. 5) Raw data collected, analyzed, processed, or maintained on automated collection system(s) and documentation and records for the automated data collection system(s) shall be retained for the period specified by EPA contract or EPA statute. 7.13 Reporting A laboratory may choose to report or may be required to report data electronically. If the laboratory reports data electronically, the laboratory shall: 1) Ensure that electronic reporting of data from analytical instruments is reported in accordance with the EPA’s standards for electronic transmission of labora- tory measurements. Electronic reporting of laboratory measurements must be provided on standard magnetic media (i.e., magnetic tapes and/or floppy disks) and shall adhere to standard requirements for record identification, sequence, length, and content as specified in EPA Order 2180.2—Data Standards for Electronic Transmission of Laboratory Measurement Results. 2) Ensure that electronically reported data are transmitted in accordance with the recommendations of the Electronic Reporting St . dards Workgroup (to be iden- tified when the recommendations are finalized). ------- GOOD AUTOMATED LABORATORY PRACTICES Page 19 of 19 7.14 Comprehensive Ongoing Testing Laboratories using automated data collection systems must conduct comprehensive tests of overall system performance, including document review, at least once every 24 months. These tests must be documented and the documentation must be re- tamed and avilable for inspection or audit. ------- 20 ------- APPENDIX A: INVENTORY OF COMPLIANCE DOCUMENTATION RECORD PURPOSE SUBSEC110N REFERENCE Organization and Personnel Personnel Records QualIty Assurance InspectIon Reports Ensure competency of personnel Ensure GA oversight 7.1 7.4 FIFRA GLPs 160.29 TSCA GLPs 729.29 FIFRA GLPs 160.35 TSCA GLPs 792.35 Faculty Environmental SpecifIcations Ensure against data loss from environmental threat 7.5 FIFRA GLPs 160.43 TSCA GLPs 792.43 Equipment Hardware Descnptlon Acceptance Testing Maintenance Records Identify hardware in use Ensure operational integrity of hardware Insure on-going operational integrity of hardware 7.6 7.12 7.6 7.12 7.6 7.12 FIFRA GLPs 160.61 TSCA GLPs 792.61 EPA Information Security Manual for Personal Computers System Design and Development Guidance FIFRA GLPs 160.63 TSCA GLPs 792.63 Laboratory Operations Security Risk Assessment Standard OperatIng Procedures • Security Procedures • Raw Data Definition Identify security risks Ensure consistent use of system Ensure data Integrity secured Define “computer-residenr records subject to GLP5 7.7 7.8 7.8 7.8 Computer Security Act FIFRA GLPs 160.81 TSCA GLPs 792.81 Computer Security Act FIFRA GLPs 160.3 TSCA GLPs 792.3 21 ------- APPENDIX A: INVENTORY OF COMPLIANCE DOCUMENTATION RECORD PURPOSE SUBSEC11ON REFERENCE • Procedures fordata analysis, processing • Procedures for data storage and retrieval • Procedures for backup/recovery • Procedures for main- tenance of computer system hardware Standard Operating Procedures • Procedures for Electronic Reporting • SOPs at bench/ workstation • Historical Files Ensure consistent use of system Ensure consistent use of system Ensure consistent use of system Ensure consistent use of system Ensure consistent use of system Ensure consistent use of system provide historical record of previous procedures in use 7.8 7.8 7.8 7.8 7.8 7.8 7.8 FIFRA GLPs 160.87, 160.107 TSCA GLPs 792.81 • 792.107 FIFRA GLPs 160.81 TSCA GLPs 792.81 EPA Information Security Manual for Personal Computers FIFRA GLPs 160.63 TSCA GLPs 792.63 Transmissions Standards Electronic Reporting Standards Workgroup FIFRA GLPs 160.81(c) TSCA GLPs 792.81 (c) FIFRA GLPs 160.81(d) TSCA GLPs 792.81 (d) Software Documentation Description Life Cycle Documentation • Design Document! I .jnctlonal Specifications Identify software In use Ensure operational integnty of software Ensure operational integrity of software 7.9 7.9 7.9 FIFRA GLPs 160.81 TSCA GLPs 792.81 Computer Secunty Act System Design and Development Guidance see above 22 ------- APPENDIX A: INVENTORY OF COMPLIANCE DOCUMENTATION RECORD PURPOSE SUBSEC11ON REFERENCE Life Cycle Documentation • AcceptanceTesting TestIng • Change Control Procedures • Procedures for Reporting/ResoMng Software Problems • Historical File (version numbers) Ensure operational Integrity of software Ensure operational integrity of software Ensure operational integrity of software Ensure reconstruction of reported data 7.9 7.9 7.9 7.9 EPA Information Secunty Manual for Personal Computers see above see above see above FIFRA GLPs 160.81 TSCA GLPs 792.81 Operations Records/Logs Back-up/Recovery Logs SoftwareAcceptance Test Record Software Maintenance (Change Control) Records Protection from data loss Ensure operational Integrity of software Ensure on-going integrity of software 7.12 7.12 7.12 EPA Information Secunty Manual for Personal Computers System Design and Development Guidance see above 23 ------- 24 ------- GOOD AUTOMATED LABORATORY PRACTICES SECTION II: IMPLEMENTATION GUIDANCE DRAFT December28, 1990 25 ------- 26 ------- GALP IMPLEMENTATION NOTES AND GUIDANCE The GALP Guidance specifically identifies the operative principles upon which each GAL? requirement is developed. These principles are also embraced in EPA’s established data man- agement policies. To meet these principles and to comply with EPA’s GLPs, six operational roles with specific responsibilities are identified and provided in the GALP Guidance. As discussed in detail below, these operational roles are not necessarily intended to imply distinct individuals. Principles Control is the essential objective behind most data management principles. It is the ultimate issue in extending EPA’s GLPs to an automated laboratory. Effective management and operation of an automated laboratory cannot be assured unless use and design of that system are consistent with standards intended to assure system control. The GALP guidance are built on six Principles inherent in both EPA’s GLP and its data management policies. These Principles define the necessary control issue that underlies the GALP. The Principles serve two purposes. First, they are guideposts to understanding the reason behind GALP requirements and to interpreting them. Second, wide variations in computer system designs, technologies, laboratory purposes, and applications are likely to create situations in which appropriate and successful control strategies could evolve that are not anticipated in the GALP Guidance. Thus, these six principles are guidelines for evaluating equivalent options for complying with GALP specifications. 1. DATA: The system must provide a method of assuring the integrity of all entered data. Communication, transfer, manipulation, and the storage/recall process all offer potential for data corruption. The demonstration of control necessitates the collection of evidence to prove that the system provides reasonable protection against data corruption. 2. FORMULAE: The formulas and decision algorithms employed by the system must be accurate and appropriate. Users cannot assume that the test or decision criteria are correct; those formulas must be inspected and verified. 3. AUDiT: An audit trail that tracks data enny and modification to the responsible individual is a critical element in the control process. The trail generally utilizes a password system or equivalent to identify the person or persons entering a data point, and generates a protected file logging all unusual events. 27 ------- GALP IMPLEMENTATION GUIDANCE 4. CHANGE: A consistent and appropriate change control procedure capable of tracking the system operation and application software is a critical element in the control process. All softw are changes should follow carefully planned procedures, including a pre-install test protocol and appropriate documentation update. 5. STANDARD OPERATING PROCEDURES (SOPs): Control of even the most carefully designed and implemented system will be thwarted jf appropriate user procedures are not followed. This principle implies the development of clear directions and Standard Operating Procedures (SOPs); the training of all users; and the availability of appropriate user support documentation. 6. DISASTER: Consistent control of a system requires the development of alternative plans for systemfailure , disaster recovery, and unauthorized access. The principle of control must extend to planning for reasonable unusual events and system stresses. These principles are identified in the Guidance that follows. Each Guidance includes a CODE entry which identifies the “Principle” by its keyword upon which each is formulated. The Principle enables laboratories to understand the theoretical underpinning of each GALP recommendation. The CODE entry also identifies one of six operational roles, listed as RESPONSIBILITY, recommended to assign the duty to oversee compliance with the GALP specification. Operational Roles The GALP Guidance distinguishes six operational roles. These roles are also provided to assist laboratories in meeting GALP requirements. Specific responsibilities are assigned to each role. Except for Quality Assurance (see Quality Assurance discussion in the Guidance Section), these roles do not require distinct individuals to handle them. Also, none of the roles is implied to require someone full time to handle the responsibilities. The Responsible Person (RP) for example, may be theLaboratory Management; sometimes, the Laboratory Management is also a system User. Some Users routinely develop their software and therefore simultaneously ff1 the role of Vendor. The descriptions below highlight the responsibilities assigned to each of the six roles. For an individual assigned to fill that role these descriptions are a blueprint for implementing the GALP. Also, in the CODE entry of the GUIDANCE that follows, the role responsible for handling the requirement is identified. 28 ------- GALP IMPLEMENTATION GUIDANCE Although a role may be assigned specifically to an individual, another individual may actual- lycarry out the specific GALP requirement. The individual assigned the role, however, is responsible for ensuring implementation of the standard(s) involved. A: Laboratory Management: Because laboratory management is responsible for ensuring that the laboratory is licensed, laboratory management has ultimate responsibility for all GALP standards. Specifically, the laboratory management shall designate the Responsible Person (RP), arrange for Quality Assurance (QA) oversight of the system; provide the necessary resources, facilities, and equipment that may be required receive and respond to QA reports and audits; and provide all other laboratory personnel with the guidance, training, or supervision they require to perform successfully in their assigned roles. B: Responsible Person (RP): Most automated laboratory problems involve confusion about exactly who or what organizational unit is ultimately responsible for a specific system. The identification of the system RP eliminates this confusion. The RP is generally a professional with some computer background, in a position of authority related to the control and operation of the automated data system. The RP’s responsibilities include training of users, implementing appropriate security measures, developing or reviewing SOPs for system use, enforcing change control procedures, and responding to emergent problems. C: Quality Assurance Unit (QA): The inclusion of a data and procedural “double check” through a Quality Assurance Unit or individual is established and widespread and is extended here to automated laboratory systems. The legitimacy and credibility of that checking function necessarily must rest with the independence of QA, assured through a separate reporting relationship. While it is possible that QA may have additional responsibilities in the organization, those responsibilities should not compromise this required independence. The QA should not be the RP, and should not report to or through the RP. Specific QA re- sponsibilities include review of system SOPs; inspection and audit of the system; review of final reports for data integrity; and review of archives. D: Archivist: The statutes EPA administers generally require that records be retained. The period of retention can vary by statute and by type of record. The archivist is responsible for the safe storage and retrieval of all records required by EPA statute or legal judgement to be retained. E: Vendor: The organization or individual that designs, codes, supports, licenses, and/or distributes automated systems has some responsibilities specified in the GALP require- mentsThese responsibilities generally impose design, support, notification and documen- tation requirements. If the vendor is an outside source, the laboratory management is 29 ------- GALP IMPLEMENTATION GUIDANCE responsible for informing the vendor of the GALP requirements. If the vendor is an employee or the system is developed in-house, the GALP require the RP to ensure vendor requirements are satisfied. F: Users: All system users are responsible for familiarity with and conformity to SOPs. Though responsibility for the enforcement of security controls and of adequate training are vested elsewhere, all users are expected to comply with and support management policies. These descriptions identify the general scope of responsibility assigned to each GALP Guidance role. These descriptions are not intended to be all inclusive nor exclusive. Ultimately all responsibility falls upon the laboratory licensee (typically the laboratory manager or owner). More importantly, the GALP assume laboratory professionals are personally motivated to follow the principles of their professions and that they will take every practical step to ensure the accuracy and the reliability of the data and analyses produced by their laboratory. 30 ------- GALP IMPLEMENTATION GUIDANCE GUIDANCE LISTING The Guidance is divided into a discussion of each of the eighty-three (83) GALP recommendations. It serves as an implementation tool, providing laboratory management and personnel with valuable information for assuring compliance with the GALP. While atypical situations will no doubt require further recom- mendations and procedures, the explanatory comments, examples, descriptions, coding and special considerations will assist most laboratories to implement successfully and cost effectively the GALP requirements. 31 ------- GALP IMPLEMENTATION GUIDANCE 7.1 Personnel [ 1 1 Background 38 2 Training 40 3 Number of Persons 42 MANAGEMENT 7.2 La 1 boratory Management 46 Designee 2 QA 48 3 Resources 5(J 4 Reporting 52 5 Training 54 6 Deviations 56 7.3 Res ponsible Person 1 Personnel 60 2 Training 62 3 Security 64 4 SOPs 66 5 SOP Reviews 68 6 change Control 70 7 Data Recording 72 8 Problem Reporting 74 9 GALP Compliance 76 7.4 Qu ality Assurance Unit 1 SOPs 80 2 Inspections 82 3 Deviations 84 4 Final Data Report Reviews 86 5 Archiving Records 88 32 ------- GALP IMPLEMENTATION GUIDANCE 7.5 Facilities 1 Environment 92 2 Archives 94 7.6 Equipment 1 Design 98 2 Maintenance: 2.1 SOPs 2.2 Responsibility 2.3 Records 2.4 Problems 3 Operating Instructions 1 Risk Assessment 1.1 Confidential Information 1.2 Data Integrity 1.3 Critical Functions 2 Security Requirements 2.1 Physical Security 2.2 System Access 2.3 Functional Access 2.4 External Programs/Software ii 7.7 Security 1 Scope Security Raw Data Data Entry Verification Error Codes 100 102 104 106 108 112 114 116 118 120 122 124 7.8 Standard Operating Procedures 1.1 1.2 1.3 1.4 1.5 128 130 132 134 136 33 ------- GALP IMPLEMENTATION GUIDANCE 1.6 Change Control 138 1.7 Archiving 140 1.8 Backup and Recovery 142 1.9 Maintenance 144 1.10 Electronic Reporting 146 2 Document Availability 148 3 Historical Files 150 7.9 Software 1 Purpose and Use 154 2 Life Cycle 2.1 Development 156 2.2 Retrospective 158 3 Scope 3.1 Inventory 160 3.2 Coding Standards 162 3.3 Formulas 164 3.4 Acceptance Testing 166 3.5 Change Control 168 3.6 Version Control 170 3.7 Problem Reporting 172 4 Document Availability 174 5 Historical Files 176 7.10 Data Entry 1 Integrity of Data 1.1 Tracking Person 180 1.2 Tracking Equip, Time, Date 182 1.3 Data Change 184 2 Data Verificiation 186 1 Definition 190 2 SOPs 192 7.11 Raw Data 34 ------- GALP IMPLEMENTATION GUIDANCE 1 Records to be Maintained 1.1 RawData 196 1.2 Hardware and Software 198 1.3 Acceptance Test Records 200 1.4 Training and Experience 202 1.5 Maintenance 204 1.6 Problem Reporting 206 1.7 QA Inspections 208 1.8 Backup and Recovery 210 2 Conditions of Archives 212 3 Records Custodian 214 4 Limited Access 216 5 Retention Period for Records 218 7.13 Reporting 1 Standards 222 2 Other Data 224 7.12 Records and Archives 7.14 Comprehensi Ongoing Testing 228 35 ------- GALP IMPLEMENTATION GUIDANCE This section is intended as a key to using the Guidance. The model below, with commentary footnotes, illustrates the implementation guidelines provided for each of the standards. GALP Category Name - GA!.? subsection Icon depicting the GALP category Specific and officially approved wording of the particular GALP standards. In cases where a GALP has general specifications with distinct subsections or subspeci- fications, the general specification will always appear with each subspecitication with two or three pages of discussion of that subspecification; the next subspecification will repeat the general specification, and follow with its discussion. EXPLANATION EXAMPLE CODE SPECIAL CONSIDERATIONS A paragraph exposition defming the key terms of the standards and explaining the intent of the standards. Discusses the kind of compliance evidence that might be gathered or acceptable ways in which the standards has been or may be met. Twocodesareprovided: the RESPONSIBILITY code identifying the role (or persons(s) assigned the role) expected to implement the standards; and the PRINCIPLES code; providing general guidance into the theoretical intent of the standard. Provides potentially relevant facts or noteworthy factors that may be relevant for certain laboratory settings, computer equipment, EPA statutes, or court decisions that may take precedence. NOTES: The GALP Guidance is a working document. An area on the right-hand page is provided to allow annotation as needed. The size of this area is determined by the space available to complete a page. This variation is not meant to imply any difference in the extent of comment anticipated. Sources for additional guidance are also listed here. 36 ------- 7.1 PERS ONNEL 37 ------- - — 7.1 Personnel 1) Background L jJ EXPLANATION This standard encompasses all computer systems used to collect, transmit, report, analyze, summarize, store, or otherwise manipu- late data. Such systems are generally referred to generically as “LIMS” (laboratory information management systems), or “LDS” (laboratory data systems). Laboratory licensees are expected to utilize appropriate professional hiring and assignment criteria, coupled with appropriate training, to ensure that all users are able to use the system effectively. If design of the system is left to outside vendors, laboratory management may presume that the design personnel involved meet education and experience criteria if other system performance standards are met, barring any specific indica- tion that vendor personnel lack appropriate competence. EXAMPLE Since there are not widespread academic certifications or criteria that assure system usei competence, most laboratories rely on a three part strategy for compliance: a) Users are provided with clear operating instructions, manuals and SOPs to enable them to perform assigned system functions; b) Sufficient training to clarify these instructions is provided to users; c) Users unable to meet the performance criteria axe screened out of automated responsibilities prior to hiring or subsequent to a probationary revie . Designer competence is generally demonstrated through the selec- tion of a project leader whose resume demonstrates some formal computer training, coupled with prior experience in the design or coding of similar systems. When an automated data collection system is used in the conduct of a laboratory study, all personnel involved in the design or operation of the automated system shall: 1) have adequate education, training, and experience to enable individuals to perform the assigned system function. 38 ------- 7.1 Personnel 1) Background Attendance at special courses and certification based thereon may substitute for formal education requirements. Experience may substitute for formal education requirements. Either basis for sub- stitution should be thoroughly and accurately documented. Responsibility: Principle: Management 5. SOP SPECIAL CONSIDERATIONS In light of the need for auditors to verify the qualifications of laboratory personnel, laboratories may consider a separate educa- tion and training file for each employee that documents job descrip- tion, job requirements, skills, education, and training, but excludes private personnel information. Notes... CODE For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 39 ------- 7.1 Personnel 2) Training This standard requires documentation of personnel backgrounds, including education, training, and experience, be available to labo- ratory management. Pertinent systems design and operations knowledge should be indicated. Evidence of training and experi- ence, which indicates knowledge sufficient for job requirements, is the important issue. When outside vendors are involved, they may be presumed to have the required education, training, knowledge and experience. With in-house personnel, evidence of prior success in similar responsibilities is sufficient. EXAMPLE Resumes (including references to education and degrees obtained, professional certificates and job titles previously held), reports of completed training, and up-to-date job descriptions may be filed centrally in the lab Personnel Office. Alternatively, successful job performance evaluations which demonstrate proper levels of job knowledge and experience can be considered sufficient. Responsibility: Principle: Management 5. SOP L J When an automated data collection system is used in the conduct of a laboratory study, all personnel involved in the design or operation of the automated system shall: 2) have a current summary of their training, experience, and job description, including information relevant to system design and operation maintained at the facility. EXPLANATION CODE 40 ------- 7.1 Personnel 2) Training Notes... For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 41 ------- F—— - 7.1 Personnel 3) Number of Persons EXPLANATION EXAMPLE CODE Laboratory licensees are expected to maintain a staff which will be adequate in size to ensure that studies can be performed in an accurate and timely manner, including all system-related tasks. Multiple responsibilities of system operation may be assigned to individuals; however, the person to whom QA is assigned must remain independent of the laboratory unit. By designing and following a work plan for any particular study, the experienced Laboratory Manager, or designee, can anticipate staff- ing requirements necessary for a particular need. In general, it is expected that an automated laboratory be staffed (or maintain consulting contracts) with at least two individuals whose qualifica- tions satisfy Standard 7.1 #1 above. The Laboratory Manager must be cognizant of any delays in operations due to inadequate staffing and take proper action. As a rule of thumb, persistent and excessive overtime may indicate insufficient staffing. Responsibility: Management Principle: 5. SOP When an automated data collection system is used in the conduct of a laboratory study, all personnel involved in the design or operation of the automated system shall: 3) be of sufficient number for timely and proper conduct of the study, including timely and proper operation of the automated data collection system(s). 42 ------- Notes... 7.1 Personnel 3) Number of Persons J 43 ------- 44 ------- 7.2 LAB ORATORY MANAGEMENT MANAGEMENT 45 ------- 7.2 Laboratory Management 1) Designee EXPLANATION EXAMPLE A single individual must be designated as the Responsible Person, the person to whom the integrity of the data base can be entrusted. This person should immediately appoint an associate as a back-up who can manage the automated system if the Responsible Person is not available. An organizational plan must be developed to define lines of com- munication and reporting within the laboratory structure. In smaller labs, a single individual may have many managerial responsibili- ties; the Responsible Person may very well be the Laboratory Manager. However, one person must be designated as the “owner” ultimately responsible for the automated data collection system and its database. It is advisable for the Responsible Person to designate a knowledgeable person as a back-up for those times when the Responsible Person is not available. Responsibility: Principle: Management 5. SOP When an automated data collection system is used in the conduct of a study, the laboratory management shall: 1) designate an individual primarily responsible for the automated data collection system(s), as described in Section 7.3. CODE 46 ------- Notes... 7.2 Laboratory Management 1) Designee J 47 ------- 7.2 Laboratory Management 2) Quality Assurance EXPLANATION EXAMPLE Laboratory licensees must designate a group or individual as Quality Assurance. This designation must be consistent with the guidelines set forth in Section 7.4. The Quality Assurance team responsibilities are primarily those of system and data inspection, audit andreview. The QA team or individual must maintain adegree of independence and, therefore, should not report to, or be, the System Responsible Person. An organizational plan must be developed to define lines ofcommu- nication and reporting within the laboratory smicture. In smaller labs, a single individual may have many managerial responsibili- ties. The QA individual (orQA head, if a team is selected) may never be the Responsible Person. Responsibility: Principle: Management 3. Audit When an automated data collection system is used in the conduct of a study, the laboratory management shall: 2) assure that there is a quality assurance unit that oversees the automated data collection system(s), as described in Section 7.4. CODE 48 ------- 7.2 Laboratory Management 2) Quality Assurance Notes... For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 49 ------- 7.2 Laboratory Management 3) Resources MANAGEMENT When an automated data collection system is used in the conduct of a study, the laboratory management shall: 3) assure that the personnel, resources, facilities, computer and other equipment, materials, and methodologies are available as scheduled. EXPLANATION EXAMPLE CODE The Laboratory Manager must guarantee that the resources neces- sary to accurately run a given study in a timely fashion . are acces- sible. These resources include personnel, facilities, computer and other equipment, materials and related methodologies. This policy of preparedness should be clearly stated in written format and adhered to. The experienced Laboratory Manager should possess the acumen and skills necessary such that resources adequate to the successful study are always available. Laboratories should take care to provide backup staffing for critical functions such as system backup. Responsibility: Management Principle: 5. SOP 50 ------- 7.2 Laboratory Management Notes... 51 3) Resources MATERIAL BELONGS TO: 1 US EPA rOXICS !J A Y 401 M F ; SW / TS-7 3 WAS- NGT’YJ, D C 20460 (202) 2 9- 4 ------- 7.2 Laboratory Management 4) Reporting EXPLANATION EXAMPLE The flow of information concerning all laboratory operations, including system review and audits, must effortlessly move to upper managerial levels. The Laboratory Manager must guarantee that the reports generated as a result of Quality Assurance audits are presented for review. It is the ultimate responsibility of the Lab Manager to assure that any errors or deficiencies that have been discovered through QA activities be acted upon and rectified in a prompt manner. It must be clearly stated in a laboratory policy or SOP that all QA review or audit reports be presented to the Laboratory Manager for review. The review document must have a cover sheet (or similar) which the Manager can sign and date. Likewise, an SOP or policy should be in place that defines the responsibility of the Manager to follow-up on all deficiencies found in said report. Responsibility: Principle: Management 5. SOP When an automated data collection system is used in the conduct of a study, the laboratory management shall: 4) receive reports of quality assurance inspections or audits of computers and/or computer-resident data and promptly take corrective actions in response to any deficiencies. CODE 52 ------- 7.2 Laboratory Management ,— Notes... 4) Reporting For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laboratorj Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 53 ------- 7.2 Laboratory Management 5) Training EXPLANATION EXAMPLE The Laboratory Manager is ultimately responsible for the training of the laboratory employees. It is possible that in a small laboratory setting, the laboratory manager may train the other personnel. Regardless, the manager must guarantee that all lab personnel are fully trained in their responsibilities. This includes the establish- ment of a comprehensive employee training program, training personnel (as needed), and the review of both training “check-off” sheets and annual assessment of employee skills and performance. Additionally, all training procedures must undergo periodic review at least yearly, or whenever new or upgraded equipment or method- ologies are installed. A computer system will perform best if its operators are familiar with its functioning. The comprehensive and complete training of all individuals interfacing with the automated data collection sys- tem must therefore be delineated in a laboratory policy or SOP. Even in the case of smaller laboratories, the basic operational skills of the system users should be clearly defined. The training must fully document all phases of normal system function as they pertain to the particular user such that each user clearly understands the functions they perform on said system . It is equally important that the users understand enough about normal system function such that they can recognize any abnormal system function and report it to the appropriate laboratory individual. When an automated data collection system is used in the conduct of a study, the laboratory management shall: 5) assure that personnel clearly understand the functions they are to perform on automated data collection system(s). 54 ------- 7.2 Laboratory Management CODE 5) Training Routine review of problems, whether their frequency has increased or decreased, and how they have been resolved, may alert laboratory staff to the need for more or better testing. Responsibility: Principle: Management 5. SOP Notes... For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 55 ------- 7.2 Laboratory Management 6) Deviations EXPLANATION. EXAMPLE The Guide for Auwma:ed Data Collection System(s) is predicated upon the principles of GLP. The Laboratoiy Manager(s) is, there- fore, ultimately responsible for all activity within the confines of the lab. In must be stated in either SOP or general policy that any depar- tare from the standards listed within the Guide will be reported to the designated Responsible Person or designee. That person must then make sure that the deviation was properly documented and that appropriate corrective actions have been taken and similarly docu- mented. As part of a comprehensive system policy, there must be written assurance that responsible parties be made aware of deficiencies or departures from the standards set forth in the Guide. This policy must state that the Responsible Person will handle all of these deviations and satisfactorily document these actions. The documen- tation described above should include an indication of the violating party, the date of the violation (if known) and the corrective action and date. There should also be an area for the signature of the Responsible Person or other reviewer. CODE Responsibility: Principle: When an automated data collection system is used in the conduct of a study, the laboratory management shall: 6) assure that any deviations from this guide for automated data collection system(s) are reported to the designated Responsible Person and that corrective actions are taken and documented. Management 5. SOP 56 ------- ,— Notes... 7.2 Laboratory Management 6) Deviations 57 ------- 58 ------- 7.3 RESPONSIBLE PERSON 59 ------- 7.3 Responsible Person 1) Personnel EXPLANATION EXAMPLE The Responsible Person must ensure that the facility is properly staffed with personnel qualified for the systems tasks pertinent to the site and that such personnel are properly managed. The Respon- sible Person ensures that staff levels are appropriate, that the staff receives all necessary training (including knowledge of SOPs, regulatory requirements, system-related workfiow, procedures, and conventions), and that they adequately perform all required system activity. Adequacy of staffing levels for system supervision, support, and operation can be assessed periodically by the proper Operations and Personnel management to determine if established levels need to be changed. The Responsible Person may review training records to maintain awareness of current status of training received and needed. Observation of job performance will also indicate perform- ance levels of current staff and possible needs for additional help. Examination of project schedules and work backlogs can help to determine adequacy of current staff and whether the system is receiving proper staffing support. CODE Responsibility: Principle: Responsible Person 5. SOP The laboratory shall designate a comluter scientist or other professional of appropriate education, training, and experience or combination thereof as the individual primarily responsible for the automated data collection system(s) (the Responsible Person). This individual shall ensure that: 1) there are sufficient personnel with adequate training and experience to super- vise and/or conduct, design and operate the automated data collection system(s). 60 ------- 7.3 Responsible Person Notes... 1) Personnel For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 61 ------- 7.3 Responsible Person 2) Training EXPLANATION EXAMPLE The Responsible Person must make sure that personnel who use or support the system maintain the skills and knowledge necessary for the proper performance of their responsibilities. On-going training and training necessitated by changes in the system may be necessary to ensure that sl 5 ills do not become outdated or forgotten. The Re- sponsible Person should determine that job performance reviews indicate proper skill levels and that any recommended training is conducted prompdy. Written procedures can be established requiring that all training needs identified by job performance reviews or observations of job activities be reported to the Responsible Person. SOPs requiring documentation of training and testing could also be created. Em- ployees can be encouraged to obtain training in use of system utilities, the operating system, proper use of available program libraries and databases for testing and production purposes, sort tools and options, end-user programming languages or report writ- ers or education they believe is needed. The Responsible Person can call to the attention of staff and users any available in-house or vendor-provided t aining that might be pertinent. CODE Resi,onsible Person 5. SOP The laboratory shall designate a computer scientist or other professional of appropriate education, training, and experience or combination thereof as the individual primarily responsible for the automated data collection system(s) (the Responsible Person). This individual shall ensure that: 2) the continuing competency of staff who design or use the automated data col- lection system is maintained by documentation of their training, review of work performance, and verification of required skills. Resoonsibilitv: Principle: 62 ------- 7.3 Responsible Person 2) Training TRAINING Notes... DOCUMENTATION, REVIEW, VERIFICATION For additional guidance, see: Federal Fungicide, Insecticide, and Rodenricide Act (FIFRA), Good Laboratory Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). RESPONSIBLE PERSON EMPLOYEES J 63 ------- 7.3 Responsible Person 3) Security EXPLANATION EXAMPLE The Responsible Person is responsible for ensuring that an analysis of system vulnerability is performed and reasonable measures for preventing unauthorized system access have been taken, as war- ranted by the degree of exposure that exists. All aspects of system input, processing, and output requiring security control must be identified and measures for restricting access to these system functions should be established and operating in a way that satisfies the stated objectives. An analysis of all entry methods to the system, especially any remote modem access by vendors or other users, all persons and methods involved in initiating processing, and all persons receiving system output, should be conducted to determine possible areas of exposure. Precautionary measures to prevent intentional or unintentional data comiption or disruption of system performance should be taken. These can consist of password security, dial-back procedures for remote access, and procedures for updating security files and distribution of system output to authorized persons only. Physical access to sensitive records stored magnetically or in hard copy format must also be controlled appropriately. A system for updating passwords periodically, such as every six months, might be used and automatic system logging of unauthorized access attempts should be utilized. Notification procedures should be The laboratory shall designate a computer scientist or other professional of appropriate education, training, and experience or combination thereof as the individual primarily responsible for the automated data collection system(s) (the Responsible Person). This individual shall ensure that: 3) a security risk assessment has been made, points of vulnerability of the system have been determined, and all necessary security measures to resolve the vulnera- bility have been implemented. 64 ------- 7.3 Responsible Person 3) Security L established for updating security when users resign or their job responsibilities change. EPA’s Informanon Security Manual for Personal Computers (December 1989) provides guidance on how to perfonn a risk assessment and how to assess potential points of vulnerability to system security. Responsibility: Principle: Responsible Person 1. Data Notes... For additional guidance, see: Computer Security Act of 1987, and Information Security Manual for Personal Computers (December 1989). 65 ------- 7.3 Responsible Person 4) SOPs EXPLANATION EXAMPLE The Responsible Person must ensure that system documentation is comprehensive, current (showing evidence of management review and approval within the last 12 months), and readily accessible to users. For purchased systems, documentation may be provided by the vendor but may still require supplementing and tailoring to the environment. Technical documentation should be developed in accordance with in-house standards and available to Operations and support personnel. A User’s Manual should provide all pertinent information for proper system use. Written procedures for control of the system should be available to all persons whose duties involve them with the system. SOPs supporting system activity can be developed covering sub- jects such as system security, training, hardware and software change control, data change procedures and audit trails, procedures for manual operation during system downtime, disaster recovery, backup and restore procedures, and general system safety. In addition, documentation of the software and hardware can be made available either through on-line help text or manuals, which should be numbered and logged out to departments or individuals in order to facilitate the update process. CODE • Responsible Person 5. SOP The laboratory shall designate a computer scientist or other professional of appropriate education, training, and experience or combination thereof as the individual primarily responsible for the automated data collection system(s) (the Responsible Person). This individual shall ensure that: 4) the automated data collection system(s) have written operating procedures and appropriate software documentation that are complete, current, and avail- able to all staff. Responsibility Principle: 66 ------- 7.3 Responsible Person Notes... 4) SOPs For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). I 67 ------- 7.3 Responsible Person 5) SOP Review EXPLANATIONI System-related SOPs and software changes are to be subject to a formal approval process that itself is to be defined in written SOPs. The Responsible Person must ensure that no changes are made to operating procedures or software without proper approval and documentation. Software changes are to be made only in accor- dance with an approved Change Control Procedure. - EXAMPLE The Responsible Person can establish a Change Control Procedure that creates a mechanism for requesting software changes and defines review and approval measures for changes. The Respon- sible Person can be part of the approval process and can prohibit any software change from moving to the production environment with- out his signed approval. The Responsible Person should also be included in the approval process for system-related procedures; re- quirements can be established that no changes should be instituted without his signature. CODE Responsible Person 4. Change The laboratory shall designate a computer scientist or other professional of appropriate education, training, and experience or combination thereof as the individual primarily responsible for the automated data collection system(s) (the Responsible Person). This individual shall ensure that: 5) all significant changes to operating procedures and/or software are approved by review and signature. Responsibility: Principle: 68 ------- Notes... 7.3 Responsible Person 5) SOP Review 69 ------- 7.3 Responsible Person 6) Change Control EXPLANATION EXAMPLE Before software changes or new software are put into the production environment, the Responsible Person must ascertain that the soft- ware is performing in accordance with the needs of the users, and that they have had adequate opportunity to evaluate it in a test environment. Documentation of acceptance testing can be part of the approval process that must precede putting new or changed software into production. A Software Change Control SOP can be instituted, requiring that test protocols be created, tests be conducted in accor- dance with the protocols, and test data with anticipated and actual results be permanently filed. The SOP can also require written approvals from users and MIS before changes are put into produc- tion and indicate procedures and conventions to be followed for ver- sion control of programs maintained. A test environment can be established for users to test whether new software or software changes meet their needs or requests. User sign-off can be obtained to indicate that new program versions are working satisfactorily. CODE Responsible Person 4. change The laboratory shall designate a computer scientist or other professional of appropriate education, training, and experience or combination thereof as the individual primarily responsible for the automated data collection system(s) (the Responsible Person). This individual shall ensure that: 6) there are adequate acceptance procedures for software and software changes. Responsibility: Principle: 70 ------- Notes... 73.3 Responsible Person 6) Change Control For additional guidance, see: EPA System Design & Development Guidance (June 1989). LI: 71 ------- 7.3 Responsible Person 7) Data Recording EXPLANATION EXAMPLE The Responsible Person must institute practical methods and pro- cedures that will control data entry, change, and storage, resulting in data integrity. Procedures can be established to require that audit trails are pro- duced indicating all data entered, changed, or deleted, and that these reports are reviewed thoroughly by appropriate personnel. Data changes can require reason comments or codes. Audit trails can indicate user identification, date and time stamps, field names, plus old and new values, and authorization codes. Access to data entry/ change/delete functions can be restricted. Double keying can be required where appropriate. Audit trails for data passing through interfaces can produce batch control totals of records. Automatic entry of data by test devices may be checked by means of audit trail reports. Manual rechecking of data entered against source docu- ments may be appropriate in some cases; spot-checking of inputs randomly selected may be helpful in other situations. CODE Responsible Person 1. Data H The laboratory shall designate a computer scientist or other professional of appropriate education, training, and experience or combination thereof as the individual primarily responsible for the automated data collection system(s) (the Responsible Person). This individual shall ensure that: 7) there are procedures to assure that data are accurately recorded in the automated data collection system. Responsibility: Principle: 72 ------- Notes... 7.3 Responsible Person 7) Data Recording 73 ------- 7.3 Responsible Person 8) Problem Reporting EXPLANATION The Responsible Person must ensure that a problem reporting procedure or method is in effect to log system problems that could impact data integrity, actions taken on those problems, and resolu- tions. Problem Log documentation should be kept on file. EXAMPLE A written Problem Reporting procedure and forms for reporting and describing such problems are normally used. Actions taken and resolutions can be documented on the same forms, which can be retained for later reference and inspection. The Responsible Person can monitor compliance with the procedures by periodically re- viewing the log and signing it. Summaries can be prepared for management review. CODE Responsible Person 1. Data The laboratory shall designate a computer scientist or other professional of appropriate education, training, and experience or combination thereof as the individual primarily responsible for the automated data collection system(s) (the Responsible Person). This individual shall ensure that: 8) problems with the automated collection system that could affect data quality are documented when they occur, are subject to corrective action, and the action is documented. Responsibility: Principle: 74 ------- 7.3 Responsible Person Notes... 8) Problem Reporting For additional guidance, see: Computer Security Act of 1987, and EPA System Design & Development Guidance (June 1989). J 75 ------- 7.3 Responsible Person 9) GALP Compliance EXPLANATION EXAMPLE The Responsible Person must ensure that all lab personnel are familiar with pertinent current GLPs, that GLPs should be easily accessible, and that the lab activities are conducted in accordance with them. Copies of GLPs should be easily accessible to lab per- sonnel. The Responsible Person can periodically review all perti- nent GLPs with lab personnel and the Quality Assurance Unit can inspect periodically for compliance with them. Training sessions can cover applicable GLPs and testing can be used to confirm knowledge and understanding of them. Typically, copies of relevant GLPs will be kept in a designated area for reference by lab personnel. CODE Responsible Person 5. SOP H The laboratory shall designate a computer scientist or other professional of appropriate education, training, and experience or combination thereof as the individual primarily responsible for the automated data collection system(s) (the Responsible Person). This individual shall ensure that: 9) all applicable good laboratory practices are followed. Res onsibii r Principle: •1 76 ------- Notes... 7.3 Responsible !erson 9) GALP Compliance 77 ------- 78 ------- 7.4 QUALITY ASSURANCE UNIT 79 ------- QA -. . . 7.4 Quality Assurance Unit 1) SOPs The laboratory shall have a quality assurance unit that shall be responsible for monitoring those aspects of a study where an automated data collection system is used. The quality assurance unit shall be entirely separate from and independent of the personnel engaged in the direction and conduct of a study or contract. The quality assurance unit shall inspect and audit the automated data collection system(s) at intervals adequate to ensure the integrity of the study. The quality assurance unit shall: 1) maintain a copy of the written procedures that include operation of the automated data collection system. EXPLANATION EXAMPLE CODE SPECIAL CONSIDERATIONS One of the responsibilities of the Quality Assurance Unit (QAU) is providing proof that the automated data collection system(s) operates in an accurate and cqrrect manner consistent with its recommended function. It is imperative that a complete and current set of Standard Operating Procedures is available and accessible at all times to the QAU. The QAU must also have access to the most current and version-specific set of system operations technical manuals. A complete and current copy of system SOPs and technical docu- mentation should exist as part of standard documentation found in the office of the QAU head (or individual). This must be written and formalized as standard lab (QAU) policy. Responsibility: Quality Assurance Principle: 5. SOP If SOPs are maintained online, the QAU shall be responsible for keeping a hardcopy version and for verifying that the machine- readable and hardcopy versions are identical. 80 ------- 7.4 Quality Assurance Unit 1) SOPs Notes... For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laboratory Practices (1989), and Toxic Substances ControlAct (TSCA); Good Laboratory Practices (1989). 81 ------- 7.4 Quality Assurance Unit 2) Inspections EXPLANATION EXAMPLE A system that is consistently reliable and accurate is a major focus of validation. To ensure that consistency and reliability, the system must be audited and/or validated on a regular basis; at least once yearly, or immediately after any change that affects overall system operation or function. As set by SOP, the periodic inspection policy must include provi- sions for description of the inspection study, the personnel involved in the inspection activities, findings and recommended resolutions to any discovered problems. All documentation of the inspection must be properly signed-off by the inspection unit (QAU). If problems are detected, the Responsible Person must be immediately notified and a date for reinspection should be established. CODE Responsibility: Principle: Quality Assurance 5. SOP ‘The laboratory shall have a quality assurance unit that shall be responsible for monitoring those aspects of a study where an automated data collection system is used. The quality assurance unit shall be entirely separate from and independent of the personnel engaged in the direction and conduct of a study or contract. The quality assurance unit shall inspect and audit the automated data collection system(s) at intervals adequate to ensure the integrity of the study. The quality assurance unit shall: 2) perform periodic inspections of the laboratory operations that utilize auto- mated data collection system(s) and submit properly signed records of each inspection, the study inspected, the person performing the inspection, findings and problems, action recommended and taken to resolve existing problems, and any scheduled dates for reinspection. Any problems noted in the automated data collection system that are likely to affect study integrity found during the course of an inspection shall be brought to the immediate attention of the designated Responsible Person. 82 ------- 7.4 Quality Assurance Unit 2) Inspections Notes... For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 83 ------- 7.4 Quality Assurance Unit 3) Deviations EXPLANATION EXAMPLE In order to maintain complete control over system operations and function, it is important to m ike sure that the automated data collection system is consistently being operated in a manner con- gruous with its recommended functionality. It is equally important that no changes be made to the existing software package that are inconsistent with accepted change authorization procedures. As set by SOP, the QAU must insure that no changes have been made to either software or system operations instructions without prior consent and full documentation of the change. Changes to either are, of course, permitted as long as the proper change control procedures are followed (refer to 7.3,7.8 and 7.9: Change Control). CODE Responsibility: Principle: Quality Assurance 5. SOP The laboratory shall have a quality assurance unit that shall be responsible for monitoring those aspects of a study where an automated data collection system is used. The quality assurance unit shall be entirely separate from and independent of the personnel engaged in the direction and conduct of a study or contract. The quality assurance unit shall inspect and audit the automated data collection system(s) at intervals adequate to ensure the integrity of the study. The quality assurance unit shall: 3) ‘determine that no deviations from approved written operating instructions and software were made without proper authorization and sufficient documentation. 84 ------- Notes... 7.4 Quality Assurance Unit 3) Deviations 85 ------- 7.4 Quality Assurance Unit 4) Final Data Report Reviews EXPLANATION EXAMPLE Periodic system performance review is a method of ensuring data integrity and reliability. By examining a final data report and correlating it with the raw data for a specific system run, the QAU may check system accuracy. An SOP must be written requiring a weekly review of several final data reports and their corresponding raw data. Problems or devia- tions arising from this review should be handled as mentioned in Section 7.4 #3. Although a performance review of this nature is part of a system validation study, it should not be construed to comprise the entire study. CODE Responsibility: Principle: Quality Assurance 5. SOP The laboratory shall have a quality assurance unit that shall be responsible for monitoring those aspects of a study where an automated data collection system is used. The quality assurance unit shall be entirely separate from and independent of the personnel engaged in the direction and conduct of a study or contract. The quality assurance unit shall inspect and audit the automated data collection system(s) at intervals adequate to ensure the integrity of the study. The quality assurance unit shall: 4) periodically review final data reports to ensure that results reported by the automated data collection system accurately represent the raw data. 86 ------- Notes... 7.4 Quality Assurance Unit 4) Final Data Report Reviews 87 ------- 7.4 Quality Assurance Unit 5) Archiving Records EXPLANATION EXAMPLE To ensure a consistency of effort, it is imperative that all of the QAU’s methods and procedures be fully documented and perfectly followed. It is equally important that the unit’s inspections and results are labeled and identified by date, time and investigator(s), and are easily accessible. The ease of accessibility is determined by the filing and/or index system under which the document is stored. This indexing system must be fully described as well. A policy must be set that requires the QAU to maintain all records and documentation pertaining to their activities, methodologies and investigations (including results). The documentation may well include all SOPs that pertain to the unit. The complete set of documents will include an index or description of the indexing method used, to act as a guide for those individuals who need quick access to the information contained within those archived files. CODE Quality Assurance 5. SOP The laboratory shall have a quality assurance unit that shall be responsible for monitoring those aspects of a study where an automated data collection system is used. The quality assurance unit shall be entirely separate from and independent of the personnel engaged in the direction and conduct of a study or contract. The quality assurance unit shall inspect and audit the automated data collection system(s) at intervals adequate to ensure the integrity of the study. The quality assurance unit shall: 5) ensure that the responsibilities and procedures applicable to the quality assurance unit, the records maintained by the quality assurance unit, and the method of indexing such records shall be in writing and shall be maintained. These items include inspection dates of automated data collection systems, name of the individual performing each inspection, and results of the inspection. Responsibility: Principle: 88 ------- Notes... 7.4 Quality Assurance Unit 5) Archiving Records 89 ------- 90 ------- 7.5 FACILITIES 91 ------- 7.5 Facilities 1) EnvironmeiU The system must be provided with the environment it needs to operate correctly; this applies to all environmental factors that might impact data loss, such as proper temperature, freedom from dust and debris, adequate power supply and grounding. System hardware should be installed in accordance with the environmental standards specified by the nl2nufacturer. EXAMPLE Climpte control systems adequate to provide the proper operating environment should be dedicated to the computer room or other location of the hardware. Backup clinl2te control systems are also provided in many cases. Hardware should be installed in accordance with the manufacturer’s specifications concerning climpte and power requirements. Typically, these are stated in the manufac- turer’s site pLeparatlon manual and the equipment is normally installed by the manufacturer. Control devices and alarms should be installed to warn against variances from acceptable temperature ranges and UPS devices may be used to protect against loss of power. Resnonsibilitv: Principle: -C Management 6. Disaster When an automated data collection system is used in the conduct of a study, the laboratory shall: 1) ensure that the facility used to house the automated data collection system(s) has provisions to regulate the environmental conditions (e.g., temperature, humid- ity, adequacy of electrical requirements) adequate to protect the system(s) against data loss due to environmental problems. EXPLANATION CODE 92 ------- 7.5 Facilities 1) Environme,u Notes... — For additional guidance, see: Federal Fungicide, Insecticide, and Rode,uicide Act (FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 93 ------- 7.5 Facilities 2) Archives When an automated data collection system is used in the conduct of a study, the laboratory shall: 2) provide adequate storage capability of the automated data collection system(s) or of the facility itself to provide for retention of raw data, including archives of computer-resident data. EXPLANATION EXAMPLE CODE SPECIt4L CONSID$HATIONS Adequate storage space must be available forraw data to be retained in hard-copy format or on magnetic media. Storage for system- related records, both elecn onic and hard-copy, must be sufficient to allow orderly conduct of laboratory activities, including complying with reporting and records retention requirements. For the system, this pertains to both on and off-line storage. Physical file space re- quirements (hard copy, microfilm, microfiche) must be properly planned and managed to meet lab needs and responsibilities. Operations personnel must mpintain an adequate supply of required tapes or disks and ensure that space to store them is sufficient to meet current and anticipated needs. Storage facilities for retention of raw data in hardcopy orelecuonic format must be planned and available. Procedures defining how raw data is to be retained can be instituted. Responsibility: Responsible Person Principle: 1. Data Offsite storage is recommended for backup tapes or other media. Backups can be cycled through the offsite location. For example, the most recent backup may be kept on the premises while the prior backup is kept offsite. This procedure retains the most recent version in-house for convenience while securing another version offsite for use in the event of disaster. 94 ------- Notes... 95 ------- 96 ------- 7.6 EQUIPMENT 97 ------- 7.6 Equipment •• 1) Desi ‘ H ’ Automated data collection equipment used in the generation, measurement, or assessment of data shall be of appropriate design and adequate capacity to function according to specifications and shall be suitably located for operation, inspection, cleaning, and maintenance. There shall be a written description of the computer system(s) hardware. Automated data collection equipment shall be installed in accordance with manufacturer’s recommendations and undergo appropriate acceptance testing following written acceptance criteria at installation. Significant changes to automated data collection system(s) shall be made only by approved review, testing, and signature of the designated Responsible Person and the Quality Assurance Unit. EXPLANATION EXAMPLE The system’s hardware should perform in accordance with specifi- cations provided by the vtmnufacturer and should be appropriately configured to meet task requirements. Storage capacity and re- sponse dines must meet user needs. The installation site should be planned to facilitate use and maintenance. A current system con- figuration chart should be ni intained. Vendor manuals describing system hardware components, including their installation specifi- cations, functions, and usage, should be available to proper lab personnel and should be kept current. Inst2Il tion should be accord- ing to manufacturer’s specifications and should meet formal, writ- ten acceptance test criteria before being used in production mode. The Responsible Person must ensure that a hardware change control procedure, involving formal appiuvals and testing, is followed before hardware changes are permitted. Manufacturer’s manuals can be obtained for guidance with instal- lation and initial acceptance testing diagnostics provided with equipment and normally indicated in the documentation can dem- onstrate performance in accordance with specifli.ations. Suitability to the task is typically determined through acceptance testing, and adequacy might be addressed as part of capacity planning. A formal SOP for Hardware Change Control can be used to require accep- tance testing and recommend ways to structure it; such a procedure normally also indicates reviews and authorizations required. 98 ------- CODE. Notes... For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Ac: (FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 7.6 Equipment 1)Desin I’ll Responsibility: Responsible Person Principle: 4. Change 99 ------- 7.6 Equipment 2) Maintenance 1) SOPs EXPLANATION EXAMPLE SOPs must be established to ensure that hardware is nl2intained, tested, and cleaned on a schedule that will minimize problems and downtime. The procedures should be reviewed and signed at least eveiy 12 months by the Responsible Person and appropriate man- agement. A Hardware Maintenance SOP might address the feasibility of contracting for mpintenance through the manufacturer or other outside vendor as well as what testing, cleaning and nl2intenance should be performed in-house by users or Operations personnel. The procedure may state objectives of mpintaining equipment per- formance in accordance with specifications and minimi7ing down- time and data loss or corruption. CODE Responsible Person 5. SOP Automated data collection system(s) shall be adequately tested, inspected, cleaned and maintained. The laboratory shall: 1) have written operating procedures for routine Responsibility: Principle: 100 ------- 7.6 Equipment Notes... 2) Maintenance 1) SOPs For additional guidance, see: Federal Fungicide, 1,isecticide, and Rodenticide Ac: (FIFRA); Good Laborauny Practices (1989), and Toxic Substances Control Ac: (TSCA); Good Laboraw,y Practices (1989). 101 ------- •IiIi 7.6 Equipment •••• 2) Maintenance liii 2) Responsibility Automated data collection system(s) shall be adequately tested, inspected, cleaned and maintained. The laboratory shall: 2) designate in writing an individual responsible for performance of each operation. EXPLANATION EXAMPLE CODE Specific responsibilities for testing, inspection, cleaning, and main- tenance must be assigned in writing and should distinguish between the various hardware devices on site. Those responsible must ensure that the tasks are accomplished by themselves or their subordinates. Operations personnel are normally responsible for inspecting and cleaning most mainframe and mini-computer equipment, and at times are responsible for a degree of maintenance. Contracts with the manufacturer typically cover major hardware performance problems and preventative maintenance; third-party maintenance contractors can also provide such services. Terminal users can be required to clean their own terminals and personal printers and PC users typically test, inspect, and clean their own equipment, which might be under a maintenance contract with an outside vendor or could be repaired by in-house personnel, if such skills are available. Responsibility: Responsible Person Principle: 5. SOP 102 ------- 7.6 Equipment iII IiII 2) Maintenance 2) Responsibility I Iiiiii Notes... 103 ------- 7.6 Equipment 2) Maintenance 3) Records EXPLANATION EXAMPLE A log of the regularly-scheduled hardware tests, n nies of persons who conducted them, dates, and indication of results, must be m2intained. Written test procedures with anticipated results must be followed and the log must document any deviations from these. This log should be reviewed and signed at least annually byni nagement the Responsible Person should review it regularly. For each type of hardware device utilized on-site, an appropriate test schedule can be developed and this on-going testing can be con- ducted accordingly by the persons assigned. A log of these tests, including their schedule and results can be kept cenu aliy by Operations personnel or the Responsible Person. Testing perfonned by outside vendors as part of preventative nl2intenance can also be documented in the log along with results. CODE Responsible Person 5. SOP Automated data collection system(s) shall be adequately tested, inspected, cleaned and maintained. The laboratory shall: 3) maintain written records of all maintenance testing containing the dates of the operation, describing whether the operation was routine and followed the written procedure. Responsibility: Principle: 104 ------- 7.6 Equipment 2) Maintenance 3) Records Notes... For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laborato,y Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 105 ------- 7.6 Equipment • U 2) Maintenance liii 4) Problems Automated data collection system(s) shall be adequately tested, inspected, cleaned and maintained. The laboratory shall: 4) maintain records of non-routine repairs performed on the equipment as a result of a failure and/or malfunction. Such records shall document the problem, how and when the problem occurred, and describe the remedial action taken in response to the problem along with acceptance criteria to ensure the return of function of the repaired system. EXPLANATION EXAMPLE CODE All repairs of malfunctioning or inoperable hardware must be logged; this log should be retained permanently and reviewed on a regular basis by m2nagement. All substantive information relevant to problems and their resolutions should be recorded. Formal acceptance testing with documented criteria must be conducted to ensure proper performance prior to returning repaired devices to normal operations. Operations can maintain an Equipment Repair Log cenually. If repairs are performed by the manufacturer or other vendors, nor- m IIy a written report is provided by the serviceman which can help to document the problem and should be retained but will usually have to be supplemented with iMitional information provided by the user or operator. Cenu alizing responsibility for contacting outside service support can help to keep records of such service comprehensive. When repairs are performed in-house by Operations personnel or users, a form can be implemented to obtain the necessary information for the Log. Responsibility: Responsible Person Principle: 5. SOP 106 ------- 7.6 Equipment 2) Maintenance 4) Problems ________ Notes... For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laboraroiy Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 107 ------- 7.6 Equipment 3) Operating Instructions EXPLANATION EXAMPLE Applications software and systems software (including the operat- ing system) must be backed up (i.e., saved to off-line storage on disk or tape) to prevent complete loss due to a system problem. This pertains to software versions currently in use at the laboratory; at least one generation of each software system should be stored off- line. Procedures for backups and restores must be established, and personnel responsible for performing these t ck c must be properly wained. Copyrights pertinent to vendor-supplied software are to be observed and backups should serve only the purpose intended. Typically, one generation of each software system used by the lab is stored off-line in a usable format Normally, this will be on magneticdiskortapeandwillbekeptinasecurevaultoroff-site location. Written procedures can indicate reasons for which back- ups other than initial ones should be taken, such as changes to the software. Operations personnel are usually responsible for backups and restores to mainframe, mini-computer, and network software. Users of stand-alone PCs may be required to perform their own backups and restores of any software they have developed or modified. CODE Responsible Person 6. Disaster The laboratory shall institute backup and recovery procedures to ensure that operating instructions (Le., softwdre) for the automated data collection system(s) can be recovered after a system failure. Responsibility: Principle: 108 ------- Notes... 7.6 Equipment 3) Operating Instructions For ‘Mitiona1 guidance, see: Computer Security Act of 1987, and EPA System Design & Development Guidance (June 1989). 109 ------- 110 ------- 7.7 SECURITY 111 ------- 7.7 Security 1) Risk Assessment 1) Confidential Information EXPLANATION Laboratories using automated data collection systems must evalu- ate the need for systems security by determining whether their systems contain confidential data to which access must be re- s icted. If this is the case, security procedures must be instituted. EXAMPLE Management is usually f2nhiliar with studies being conducted at its laboratories and typically is sensitive to issues requiring confiden- tiality. Management can also survey users, when necessary, to assist in determining this. The Responsible Person can assist in this respect by ensuring that all parties are communicating sufficiently about security needs and tools available to meet such needs. Access categories can be established at various levels and persons can then be assigned the appropriate access level according to their needs. Rest,onsibilitv! Principle: Management 1. Data When an automated data collection system is used in the conduct of a study, the laboratory shall evaluate the need for system security. The laboratory shall have procedures that azure that the automated data collection system is secured if that system: 1) contains confidential information that requires protection from unauthorized disclosure. CODE 112 ------- 7.7 Security 1) Risk Assessment 1) Coi flde,uia1 Information from EPA Information Security Manual for Personal Computers, December 1989. Notes... For additional guidance, see: Computer Security Act of 1987; EPA Jiy’brmation Security Manual for Personal Computers (December 1989); Automated Laboratory Standards: Evaluation of the Standards and Procedures Used in Automated Clinical Laboratories (Ma’j 1990); and Automated laboratory Standards: Evaluation of rhe Use of Automated Financial System Procedures (June 1990). 113 ------- 7.7 Security 1) RLsk Assessment 2) Data Integrfty EXPLANATION EXAMPLE CODE Security must be instituted on automated data collection systems at labs if data integrity is deemed to be an area of exposure and potential hazard. If data loss or corruption could negate or degrade the value of a laboraxbiy study, security measures, such as those indicated in 3.7 #2 below or reswicting the degree of access through use of various levels of passwordprivileges, should be established on the software systems to which this pertains. Security built-in to lab applications can be used, if adequate, or this can be supplemented orreplaced by use of software dedicated specifically to security. A double level of protection against intentional security breaches is desirable. For more information on risk assessment, see EPA’s Information Secu- rity Manual for Personal Computers (December 1989). Responsibility: Principle: Management 1. Data When an automated data collection system is used in the conduct of a study, the laboratory shall evaluate the need for system security. The laboratory shall have procedures that assure that the automated data collection system is secured if that system: 2) contains data whose integrity must be protected against unintentional error or intentional fraud. 114 ------- 7.7 Security 1) Risk Assessment 2) Data Integrity ENVIRONMENTAL MALICIOUS ThREATS ACTIONS USER ERROR SOFIWARE HARDWARE & ERRORS PROGRAMS DATA EQUIPMENT from EPA Irformation Security Manual for Personal Computers 1 December 1989. Notes... For additional guidance, see: Computer Security Act of 1987; EPA Information Security Manual for Personal Computers (December 1989); Automated Laboratory Standards: Evaluation of the Standards and Procedures Used in Automated Clinical Laboratories (May 1990); and Automated laboratory Standards: Evaluation of the Use of. utomated Financial System Procedures (June 1990). 4.4 115 ------- 7.7 Security 1) Risk Assess,nent 3) Critical Functions EXPLANATION EXAMPLE Security must be instituted on automated data collection systems at laboratories if such systems are used for tune-critical functions of lab studies or reporting of study results. If system functions are critical to the performance of lab studies, a measure of protection can be added by implementing security procedures, such as user IDs, passwords, callback modems, and similar restrictions (locked devices, limited access to computer rooms) that could prevent loss of system use resulting from access by 1 Responsibility: Principle: Management 5. Data When an automated data collection system is used in the conduct of a study, the laboratory shall evaluate the need for system security. The laboratory shall have procedures that asaure that the automated data collection system is secured if that system: 3) performs time-critical functions that require that data be available for sample tracking critical to prompt data analysis, monitors quality control criteria critical to timely release of data, or generates reports which are critical to timely submis- sion of the data. CODE 116 ------- 7.7 Security 1) Risk Assessment 3) Critical Functions jt Notes... For ditiona1 guidance, see: Computer Security Act of 1987; EPA Information Security Manual/or Personal Computers (December 1989); Automated Laborato,y Standards: Evaluation of the Standards and Procedures Used in Automated Clinical Zthoratories (May 1990); and Automated laboratorj Standards: Evaluation of the Use 0/Automated Financial System Procedures (June 1990). 117 ------- 7.7 Security 2) Security Requirements 1) Physical Security EXPLANATION EXAMPLE Physical security of the system is required when it stores data that must be secured. This means restricting access to the hardware devices which physically comprise the system; only those persons with documented authorization may be allowed to gain such access. Of primary concern is physical access to the area housing the central processing unit(s) (CPU) and storage devices rather than access to terminals, printers, or other user input/output devices. Physical access to systems is typically restricted to Operations personnel, to the extent possible. Generally, this is accomplished by housing CPUs, disk drives, and media on which backups are stored, in a locked computer room. Access to such rooms can be card- controlled rather than key-controlled, for added protection, and alarm systems can be installed to prevent unauthorized access. Visitors logs can be used to log in and out all personnel accessing the computer room other than those assigned to work in that area. When CPUs or storage media must be located in other areas, such as when PCs are utilized, use of such systems may be restricted to non-critical functions, or user access to these areas can be controlled through measures similar to those used for computer zoom access. CODE Responsible Person 1. Data When the automated data collection system contains data that must be secured, the laboratory shall ensure that the system is physically secured, that physical and functional access to the system is limited to only authorized personnel, and that introduction of unauthorized external programs/software is prohibited. 1) Only personnel with specifically documented authorization shall be allowed physical access to areas where automated data collection systems are maintained. Resoonsibilitir Principle: .J. 118 ------- 7.7 Security 2) Security Requirements 1) Physical Security Notes... For 2Mitlonal guidance, see: Computer Security Act of 1987; EPA Information Security Manual for Personal Computers (December 1989); Automated Laboratorj Standards: Evaluation of the Standards and Procedures Used in Automated Clinical Laboratories (May 1990); and Automated laboratory Standards: Evaluation of the Use of Automated Financial System Procedures (June 1990). 119 ------- 7.7 Security 2) Security Requirements 2) System Access Security EXPLANATION EXAMPLE System access security is required when the system stores data that must be secured. All necessary and reasonable measures of restricting logical access to the system should be instituted to prevent loss or corruption of secured data. Procedures can be established for management authorization of system access, restricting access to persons requiring it for the performance of their jobs. Multiple levels of system access can be established and users can be assigned to the level appropriate to their work needs. A Security Administrator can be appointed with the responsibility and sole authority to update system security files. CODE Responsibility: Principle: Responsible Person 1. Data SPECIAL CONSIDERATIONS If it is not possible to restrict access to personal computers through log-ons or otherwi se, the PCs should be physically secured so that only authorized individuals can gain access. See EPA’s Information Security Ma,uwj for Personal Computers (December 1989). When the automated data collection system contains data that must be secured, the laboratory shall ensure that the system is physically secured, that physical and functional access to the system is limited to only authorized personnel, and that introduction of unauthorized external programs/software is prohibited. 2) Log-ons, restricted passwords, call-backs on modems, voiceprints, fingerprints, etc., shall be used to ensure that only personnel with documented authorization can access automated data collection systems. 120 ------- 7.7 Security 2) Security Requirements 2) System Access Security Notes... For &lidonaI guidance, see: Computer Security Act of 1987; EPA Information Security Manual for Personal Computers (December 1989); Automated Laboratory Standards: Evalu7uion of the Standards and Procedures Used in Automated Clinical Laboratories (May 1990); and Automated laboratory Standards: Evaluation of the Use of Automated Financial System Procedures (June 1990). 121 ------- 7.7 Security 2) Security Requirements 3) Functional Access EXPLANATION When the system stores data that must be secured, the lab must establish a hierarchy of passwords which limit access, by function, to those who need to use such functions in the perfonnance of their jobs and are properly authorized. Security must be smictured in a way that allows access to needed functions and restricts access to functions not needed or authorized. EXAMPLE Security functions of most software systems permit establishment of passwords which allow limited access to system functions; some systems permit screen and field level security also. Labs can utilize such security features to limit exposure to system problems and data corruption by restricting users to only the functions or screens they need. CODE Responsible Person 1. Data When the automated data collection system contains data that must be secured, the laboratory shall ensure that the system is physically secured, that physical and fUnctional access to the system is limited to only authorized personnel, and that introduction of unauthorized external programs/software is prohibited. 3) Procedures shall be in place to ensure that only personnel with documented authorization to access automated data collection system functions shall be able to access those functions. Restonsibilitv: Principle: 122 ------- 7.7 Security 2) Security Requirements 3) Functional Access Notes... For additional guidance, see: Computer Security Act of 1987; EPA Information Security Manual for Personal Computers (December 1989); Automated Laborato y Standards: Evaluation of the Standards and Procedures Used in Automated Clinical Laboratories (May 1990); and Automated laboratory Standards: Evaluation of the Use of Automated Financial System Procedures (June 1990). 123 ------- 7.7 Security 2) Security Requirements 4) External Programs/Soft vare EXPLANATION EXAMPLE CODE If the system stores data that must be secured, the laboratories must establish procedures that protect the system against software sabo- tage in the form of intentionally introduced software bugs that might corrupt ordestroy programs, rI itn , or system directories. No external software should intentionally be imported to the system and meas- ures to ensure that external software is not transferred to the system through telecommunications lines, modems, disk packs, tapes, or other media must be instituted and enforced. These potential problems are usually controlled by having SOPs in place requiring that dedicated telecom lines be used, where practi- cal, instead of dial-in access; that usage of modems be tightly controlled; that modems be switched off when usage is not required; that call-back systems arc used to grant dial-in access; and that all system access from external sources is documented and confined to persons or organizations on an authorized list maintained by man- agement. Use of disk packs, diskettes, or tapes from external sources can be prohibited or permitted only after all reasonable precautions are taken (back-ups, identification of source and con- tent of disks, dun ping the contents of the media on a backup system, etc.) Responsibility: Principle: Responsible Person 1. Data When the automated data collection system contains data that must be secured, the laboratory shall ensure that the system is physically secured, that physical and functional acce to the system is limited to only authorized personnel, and that introduction of unauthorized external programs/software is prohibited. 4) In order to protect the operational integrity of the automated data collection system, the laboratory shall have procedures for protecting the system from introduction of external programs/software (e.g., to prevent introduction of viruses, worms, etc.). 124 ------- 7.7 Security 2) Security Requirements 4) External Programs/Software Notes... For additional guidance, see: Computer Security Act of 1987; EFA Information Security Manual for Personal Computers (December 1989); Automated Laboratory Standards: Evaluation of the Standards and Procedures Used in Automated Clinical Laboratories (May 1990); and Automated Lczborato,y Standards: Evaluation of the Use of Automated Financial System Procedures (June 1990). 125 ------- 126 ------- 7.8 S TANDARD OPERATING PROCEDURES 127 ------- 7.8 Standard Operating Procedures 1) Scope 1) Security EXPLANATION The system programs and its database must be protected at all costs. Inst ilIing SOPs to maintain security may only partly protect the system (physical and in-program system security still need to be implemented). However, management can exercise some degree of control by specifying exactly which - enacted and maintained . , t.M1b 1 EXAMPLE. CODE SOPs need to be written to establish security of the automated data system. System security encompasses three components. 1) The software and data must be made secure through program (logical) locks, such as secure levels of password protection. 2) Hardware may also be protected through passwords. In some cases, physical security may be enacted (e.g., keyboard and disk drive locks). 3) A final level of security is the purely physical protection of the system(s) and/or computer room. At the very least, each system user must have a unique identification or password. SOPs defining password protection should be detailed enough to cover levels of system access and user privileges. SOPs must also describe the extent of physical protection of the system hardware or equipment. Users 5. SOP Responsibility: Principle: In laboratories where automated data collection systems are used in the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). Standard operating procedures shall be established for, but not limited to: 1) maintaining the security of the automated data collection system(s) (i.e., physical security, securing access to the system and its functions, and restricting installation of external programs/software) 128 ------- 7.8 Standard Operating Procedures ,.-____ Notes... 1) Scope 1) Security For idditiona1 guidance, see: Computer Security Act of 1987; EPA Information Security Manual for Personal Computers (December 1989); Automated Laboratorj Standards: Evaluation of the Standards and Procedures Used in Automated Clinical Laboratories (May 1990); and Automated laboratorj Standards: Evaluation of the Use of Automated Financial System Procedures (June 1990). J 129 ------- 7.8 Standard Operating Procedures 1) Scope 2) Raw Data EXPLANATION EXAMPLE Whether entered to the system automatically or ni nually, the raw d it2 itself must be clearly identified and characterized. A distinction needs to be made about what constitutes raw data vs. processed data (see also Section 7.11). Analyzerreadings of specific samples may be considered raw data . The conelation or demography of many such samples would be regarded as processed data . Hand written data collections (such as field readings or reports) are raw data. After this information is entered into the automated data collection system and is manipu- bitMhy 1r iibatinnc inti fnrmi isit nnsi ss”! 1 . CODE Responsibility: Principle: In laboratories where automated data collection systems are used in the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). Standard operating procedures shall be established for, but not limited to: 2) defining raw data for the laboratory operation and providing a working definition of raw data. Users 5. SOP 130 ------- 7.8 Standard Operating Procedures 1) Scope 2) Raw Data Notes... For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laborato,y Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 131 ------- 7.8 Standard Operating Procedures 1) Scope 3) Data Enny EXPLANATION EXAMPLE CODE There may be special requirements pertaining to the entry of data into the automated data entry system(s). If this is the case, then SOPs must clearly define these requirements. In any case, all system users entering data must be identifiable to the system via a unique user identification andlor password. Some systems require very specific methods for the entry of the data. Operators must be aware of these requirements and have guidelines so that the data is always entered in the same (conect) manner. This procedure will coniribute greatly to the integrity of the system and the results produced. Methods must exist whereby the operator actually entering the data may be easily identified. A unique user ID is such a method. Resoonsibilitv: Principle: Users 5. SOP In laboratories where automated data collection systems are used in the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). Standard operating procedures shall be established for, but not limited to: 3) entry of data and proper identification of the individual entering the data. 132 ------- 7.8 Standard Operating Procedures 1) Scope 3) Dwa Eiurj Notes... For r 1 ditiona1 guidance, see: Federal Fungicide, lMecdcide, and Rode,uicide Ac: (FIFRA); Good Laboratory Practices (1989), Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989), and Automated Laboratory Standards: Evaluation of the Use of Automated Financial System Procedures (June 1990). 133 ------- 7.8 Standard Operating Procedures 1) Scope 4) Verification EXPLANATION A technique must exist that permits an analysis of entered data to conflim that this data is accurate. Verification, here, may be defined as the correcmess of the entered d2hi EXAMPLE The double-blind method of data enny, where two people independ- ently enter the same data, is one technique that can be used for data verification. A similar method involves simple double entry of data by the same user. A third methodology consists of program edits, whereby input is checked against specific parameters or system tables. CODE Responsibility: Principle: In laboratories where automated data collection systeuLs are used in the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). Standard operating procedures shall be established for, but not limited to: 4) verification of manually or electronically Input data. Users 5. SOP 134 ------- 7.8 Standard Operating Procedures Notes... 1) Scope 4) Verification For additional guidance, see: Automated Laboratory Standards: Evaluation of:he Use of Automated Financial System Procedures (June 1990). 135 ------- 7.8 Standard Operating Procedures 1) Scope 5) Error Codes EXPLANATION EXAMPLE Error codes are messages that appear in printed form or on-screen to let the user know that there is an inconsistency or problem. An SOP must be formalized listing possible error messages along with their probable causes. This SOP should also document the method- ology by which the euors are corrected, and who, if anybody, should be notified. A chart could be used to cross-reference potential error messages, their cause and methodology for correction. CODE Responsibility: Principle: In laboratories where automated data collection systems are used in the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). Standard operating procedures shall be established for, but not limited to: 5) interpretation of error codes or flags and the corrective action to follow when these occur. Usei 5. SOP 136 ------- Notes... 7.8 Standard Operating Procedures 1) Scope 5) Error Codes 137 ------- 7.8 Standard Operating Procedures 1) Scope 6) Change Control EXPLANATION Safeguards must be in place to protect against unauthorized change of data (either raw or processed). Audit wails can be installed into automated systems that will show both changed and original data elements, with the date and user nl2king the change; SOPs should be written to ensure that these audit wails for such changes are m2ilnained. Any time data is changed, for whatever reason . the date of the change, reason for the change and individual mpking the change must be indicated along with the old and new values of the data elements that have been changed. EXAMPLE Separate programs can be used for data eniry and data maintenance, or separate modules within the same program may be used for these purposes; this approach may facilitate capturing the required informa- don for data changes. The system can be programmed to produce audit wails in the form of change logs. The SOP can require that these be printed on a regular basis for review by proper supervisors or manage- ment. All records 2dded , changed or deleted can either be flagged or audit wail records for these updates can be written to an audit wail file for printing. A print program could provide the option of listing all updates or only selected records, such as deletes; sort options could also be provided to show the updates chronologically or by record type or both. Someone could be assigned the’ esponsibility of’n iv1taining the copy of record for these reports. Audit Trail Reports for sensitive records could then be microfilmed for archive purposes. In laboratories where automated data collection systems are used in the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). Standard operating procedures shall be established for, but not limited to: 6) chnnging data and proper methods for execution of data changes to include the original data element, the changed data element, identification of the date of chnnge, the individual responsible for the change, and the reason for the change. 138 ------- 7.8 Standard Operating Procedures 1) Scope 6) Change Control Res ons biljf 1! Principk: - Users 5. SOP SPECIAL CONSIDERATIONS In the audit wail, it is useful to capture the identity of the software module or pzo am ni lthig the thange 134.7 NAME OP PERSON ENTERING DATA •DATEOF ENTRY I ORIGINAL DATA AUDiT TRAIL — — — — CHANGE PROCESS 144.7 134.7 • NAME OF PERSON MAKING CHANGE . .. .DATEOFCHANGE • REASON FOR CHANGE CHANGED DATA CODE. Notes... For a$ditional guidance, see: FIFRA GLPs 40CFR 792.130(e): TSCA GLPs 4OCFR 160.130(e); Automated Labo ratory Standards. Evaluation of Good Laboratory Practices for EPA Programs, Draft (June 1990); Automated Laboratory Standards: Evaluation of the Standard$ and Procedures Used in Automated Clinical Laboratories, Draft (May 1990); and Automated Laborawrg Standarcif: Evaluation of the Use of Automated Financial System Procedures (June 1990). 139 ------- 7.8 Standard Operating Procedures 1) Scope 7) Archiving EXPLANATION EXAMPLE CODE Data processing encompasses all manners of manipulating raw data into information that may be easily ntcqneted. Data analysis is that int qnctauon itself. There must be a consistency in methodologies used, therefore it is necessary to produce standard operating proce- dures that clearly describe the techniques used for data processing and analysis. Similar methodologies must be formalized that detail how data is stored, and on what media, and how this data may be brought back into the automated system for further processing. “Storage” may also encompass the physical storage of data saved to various magnetic media (such as diskettes, tapes, etc.). The SOP can indicate how formulas used to analyze or process data must be verified, how standard routines to perform processing or analysis could be utilized, how storage of magnetic media must minimize deterioration and how archived computer records are to be indexed. It can also set up authorization mechanisms for access- ing or retrieving stored data and indicate responsibilities for m2in- t2ining the system archives. Users 5. SOP Responsibility: Principle: In laboratories where automated data collection systems are used in the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). Standard operating procedures shall be established for, but not limited to: 7) data analysis, processing, storage, and retrieval. 140 ------- 7.8 Standard Operating Procedures 1) Scope 7) Archiving Notes... For additional guidance, see: Federal Fungicide, Insecticide, and Rodensicide Act (FIFRA); Good Laborato y Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratoiy Practices (1989). 141 ------- 7.8 Standard Operating Procedures 1) Scope 8) Backup and Recoverj EXPLANATION EXAMPLE Proper ni intenance of files critical to the system will ensure a quick return to operation in the event of corruption or loss of any of these files. Therefore, an SOP documenting procedures for system data backup and recovery must exist. The SOP should clearly describe the procedure(s) necessary to create and store a backup copy of system data. Data backup frequency should be established; a daily, weekly, monthly, and annual schedule per system or file can be required by the SOP. The SOP should also delineate where both on-site and off-site backup copies are to be stored, as well as which individual is responsible for m lcing the backup copies. A Backup Logbook, such as illustrated below, can be used to track the backups if no system utility generates such recoids automati- cally. BACKUP LOG Serial # Date Initials Notes In laboratories where automated data collection systeim are used in the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). Standard operating procedures shall be established for, but not limited to: 8) backup and recovery of data. 142 ------- 7.8 Standard Operating Procedures CODE SPECIt L CONSIDERATIONS Users 5. SOP 1) Scope 8) Backup and Recove,y The laboratory should develop procedures for applying “work arounds” in case of temporary failure or inaccessibility of the arn ited data collection system. These procedures should cover 1) “rolling back” or “undoing” changes that have not been com- pleted, to a previous, stable documented state of the database, and 2) “rolling forward” the automated system or applying changes to the automated system that were implemented manually during the temporary failure of the automated system. In database management terminology, the laboratory should estab- lish and implement procedures that rollback uncommitted uansac- tions or roll the database forward to synchronize it with changes nwI manually, so that at all times the “current state” of the database is known and valid. Responsibility: Principle: Notes... For additional guidance, see: Computer Security Act of 1987 and EPA System Design and Devlopmeat Guidance (June 1989). 143 ------- 7.8 Standard Operating Procedures 1) Scope 9) Maintenance EXPLANATION To be assured of the consistently acciu te operation of all automated equipment, proper upkeep and preventative maintenance of that equipment is vital. An SOP must be established that institutes a preventive maintenance plan for all units of automated data collec- tion hardware and generally identifies how such na intenance is to be documented. EXAMPLE For most hardware units, there are vendor-prescribed schedules for preventive mpintenance. An Operations person, or whoever nor- ni 11y has primary responsibility for hardware m2intenance, can be m it1e responsible for follow-up with the vendor or whoever is performing the i mintenance to ensure that it is accomplished at the proper time and documented according to the requirements of the SOP. CODE. Responsibility: Principle: In laboratories where automated data collection systeim are used In the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). Standard operating procedures shall be established for, but not limited to: 9) maintain*na automated data coilection system(s) hardware. Users 5. SOP 144 ------- 7.8 Standard Operating Procedures 1) Scope 9) Mainenance Notes... For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act (rSCA); Good Laborawrj Practices (1989). 145 ------- 7.8 Standard Operating Procedures 1) Scope 10) Elecwonic Reporting EXPLANATION EXAMPLE CODE If elecuonic reporting will be used by labs, an SOP must exist to establish conuDis for this process. Standards, protocols, and proce- dures to be used can be indicated and uniformity of such reporting can be suuctured through such an SOP. The SOP can address issues such as when elecuDnic reporting is to be done, which records are involved, and how and by whom wansmission is to be performed. Guidance in determining the standards to be followed in the process and what audit uails are necessary can also be provided (see also Section 7.13 of this manual). Responsibility: Principle: Users 5. SOp In laboratories where automated data collection systetus are used in the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). Standard operating procedures shall be established for, but not limited to: 10) electronic reporting, if applicable. 146 ------- 7.8 Standard Operating Procedures Notes... 1) Scope 10) Electronic Repordng For additional guidance, see: Standards Workgroup. of the E1ec onic Reporting I 147 ------- 7.8 Standard Operating Procedures 2) Docwnent Availability EXPLANA11ON Written documentation of the procedures being performed must be kept available. If vendor-supplied documentation is used to supple- ment these written procedures, that documentation must be properly referenced in the SOPs. EXAMPLE tion su ulied by vendors can Resnonsibilitv: Ptincip : - C Management 5. SOP In laboratories where automated data collection systems are used in the conduct of a study, the laboratory shall have written standard operating procedures (SOPs). Each laboratory or other study area shall have readily available manuals and standard operating procedures that document the procedures being per- formed. Published literature or vendor documentation may be used as a supple- ment to the standard operating procedures if properly referenced therein. CODE be made in SOPs developed in-house. 148 ------- 7.8 Standard Operating Procedures 2) Docwnent Availability Notes... For additional guidance, see: Federal Fungicide, lnsecdcide, and Rodenticide Act (FIFRA); Good Laboratorj Practices (1989), and Toxic Substances ControlAc: (rSCA); Good Laboratory Practices (1989). 149 ------- 7.8 Standard Operating Procedures 3) Historical Files EXPLANATION EXAMPLE All versions of SOPs, including expired ones, must be retained in historical files. The effective dates of each must be indicated. A chronological file of SOPs can be retained in hardcopy format; effective dates can be indicated on the forms. CODE Responsibility: Principle: Archivist 3. Audit In laboratories where automated data collection systems are used in the conduct of a study, the laboratory 5h21l have written standard operating procedures (SOPs). A historical file of standard operating procedures shall be maintained. All revisions, Including the dates of such revisions, shall be maintained within the historical file. 150 ------- 7.8 Standard Operating Procedures 3) Historical Files Notes... For MitionaI guidance, see: Federal Fungicide, I,§icide, and Rodenticide Ac: (FIFRA); Good Laboratory Practices (1989), and Toxic Substances ControlAc: (rSCA); Good Laboratory Practices (1989). 151 ------- 152 ------- 7.9 S OFT WARE I till 153 ------- 7.9 Software 1) Purpose and Use EXPLANATION EXAMPLE Methods for determining that software is performing its functions properly must be documented in SOPs and followed. The Respon- sible Person must control the software change process to prevent any changes which have not been documented, reviewed, author- fred and accepted in writing by the Responsible Person. Variances from any instructions relevant to the system must first be authorized by the Responsible Person before they can be instituted. Formulas should be checked and source code reviewed as part of this process. A Software Change Control SOP can require that no software changes to the system be implemented unless proper request, review, authorization, and acceptance procedures are followed. Control of program libraries can be restricted to a small number of Operations personnel, where practical, so that no programmers or users are allowed to move changed software into the production environment without following required procedures. User surveys and post-implementation reviews of software performance can be required to evaluate whether software is properly performing its functions, as documented. CODE Responsible Person 4. O nge The laboratory shall consider software to be the operational instructions for automated data collection systents and shall, therefore, have written standard operating procedures setting forth methods that management is satisfied are adequate to ensure that the software is accurately performing the intended fUnctions. All deviations from the operational instructions for automated data collection systeme shall be authorized by the designated Responsible Person. Changes in the established operational instructions shall be properly authorized, reviewed and accepted in writing by the designated Responsible Person. Rest ,onsibilitv: Principle: 154 ------- 7.9 Software 1) Purpose and Use SPECIAL CONSIDERATIONS It may be useful for the laboratory to distinguish among different categories of software: operating systems; “layered software prod- ucts” such as programming languages, with which applications are developed; and actual applications. Procedures for authorization, review, and acceptance of changes in software may differ across these different categories of software. RESPONSIBLE TEST/REVIEW PERSON Notes... For 2ddidonal guidance, see: Computer Security Act of 1987, and EPA System Design & Development Guidance (June 1989). 155 ------- 7.9 Software 2) Life Cycle 1) Development EXPLANATION EXAMPLE For all new systems (systems not in a production mode at the time of publication of this Guide) to be used in the conduct of an EPA study, labs must establish and maintain documentation for all steps of the system’s life cycle, in accordance with the EPA’s System Design and Development Guide and Section 7.9 #3 below. These include documentation of user requirements, design documents (such as functional specifications, pro am specifications, file layouts, database design, and hardware configurations), documen- tation of unit testing, qualification, and validation procedures and testing, control of production stan-up, software versions and change through maintenance, post-implementation reviews, and on-going support procedures. SOPs can require that each system development life cycle phase of a software project be properly documented before that phase can be regarded as complete. Management review of development project milestones can ensure that required documentation is available before giving approval for projects to proceed. Responsibility: Principle: Management 3. Audit SPECIAL CONSIDERATIONS Laboratories that rely on off-the-shelf software or third-party prod- ucts may not have the same obligations to document these products over their life cycle. This obligation may depend on how widely The laboratory shall have documentation to demonstrate the validity of software used in the conduct of a study as outlined in Section 7.9 #3. 1) For new systems the laboratory shall have documentation throughout the life cycle of the system (i.e., beginning with identification of user requirements and continuing through design, integration, qualification, validation, control, and mnintenance, until use of the system is terminated) CODE 156 ------- 7.9 Software 2) Life Cycle 1) Development these third-party products are utilized and how well respected they are in the industry. Where third-party software is used, the Labora- tory data sets must reference the version of software used. Notes... from EPA System Design & Development Guidance. June 1989. For additional guidance, see: EPA System Design & Development Guidance (June 1989). 157 ------- 7.9 Software 2) Life Cycle 2) Docwne,uarion EXPLANATION EXAMPLE CODE Systems existing in a production mode prior to publication of this Guide and purchased systems should be documented in the same way as systems developed in accordance with EPA’s System Design and Development Guide and 7.9 #2 above, to the degree possible. Documentation relevant to certain phases of the system life cycle, such as validation, change control, acceptance testing, and mpintenance, for example, should be similar for all systems. For systems ihat already exist in a production mode prior to pub- lication of this guide, reconstruction of documentation for user requirements and design documents may not be possible, but should be done when possible. System descriptions and flow charts can also be developed, if unavailable. Evidence of integration and val- idation testing should be maintained for inspection purposes. For vendor-supplied software, user requirements would normally be developed prior to software evaluation and selection. Systems de- sign documentation may be provided, to a degree (file layouts, sys- tem descriptions), but may often be unavailable to the same extent that systems developed in-house are documented (file layouts, system descriptions, and functional specs may be provided but pro- gram specs or source code may be unavailable). If critical documen- tation is not provided, it may be necessary to attempt to obtain it from the vendor or re-construct it in-house, to the degree possible. Responsibility: Principle: 3. Audit The laboratory shall have documentation to demonstrate the validity of software used in the conduct of a study as outlined in Section 7.9 #3. 2) Automated data collection system(s) currently In existence or purchased from a vendor shall be, to the greatest extent possible, similnrly documented to demon- strate validity. 158 ------- 7.9 Software 2) Life Cycle 2) Documentation ,— Notes... For additional guidance, see: EPA System Design & Development Guidance (June 1989). 159 ------- _____ I 7.9Software 3) Scope 1) Inventory EXPLANATION EXAMPLE A written system description, which provides detailed information on the software’s functionality, must be developed and maintained for each software application in use at the lab. Functional require- ments which document what the system is designed to accomplish may be substituted for the system description. System flowcharts, work flow charts and data flow charts can be developed by those most knowledgeable about the system if they are not provided by the software vendor (for purchased software). A written system description is generally provided by vendors for purchased systems or will normally be developed in the design phase of in-house software projects. Such documentation should be made available in a designated area within the lab. Responsibility: Principle: Management 3. Audit Documentation of operational instructions (i.e., software) shall be established and maintained for, but not be limited to: 1) detailed written description of the software in use and what the software is expected to do or the f inctional requirements that the system is designed to fulfill. CODE 160 ------- Notes... 7.9 Software 3) Scope 1) Inventory For 2Midonal guidance, see: EPA System Design & Development Guidance (June 1989). J 161 ------- 7.9 Software 3) Scope 2) Coding Standards - EXPLANATION: EXAMPLE. Written documentation of software development standards must exist, which includes programming conventions, shop program- ming standards, and development standards to be followed by design and development staff at the site. Standards for internal documentation of programs developed or modified at the site must also be included. Programming and design standards can be established to ensure that minimum requirements are met and to foster consistency and uniformity in the software. In the area of design, issues such as consistency of file layout formats, screen formats, and report formats can be addressed. Other design issues such as docurnenta- ton standards for user requirements definition, functional specifi- cations, and system descriptions can be included. With regard to programming standards, requirements for the documentation of programs internally are important; explanatory comments, section and function labels, indications of programming language, pro- grammer name, dates of original writing and all changes, and use of logical variable names can all be required. CODE Responsible Person 5. SOP Documentation of operational instructions (i.e., software) shall be established and maintained for, but not be limited to: 2) identification of software development standards used, including coding Stan- dards and requirements for adding comments to the code to identify its functions. Responsibility: Principle: 162 ------- Notes... 7.9 Software 3) Scope 2) Coding Standards J 163 ------- 7.9 Software 3) Scope 3) Formulas EXPLANATION EXAMPLE All algorithms or formulas used in programs run at the lab, including user-developed programs and purchased software p ck ges which allow user enuy of formulas or algorithms, must be documented and retained for reference and inspection. The intent is to establish a source for locating such algorithms or formulas easily. Files of all program listings or specifications are insufficient listings of the algorithms and formulas should exclude all other information. These listings should identify the programs in which the formulas and algorithms occur. A file or log of all such formulas or algorithms can be maintained centrally in a location designated by the Responsible Person. For purchased software, formulas and algorithms may be obtained from vendor-provided documentation, in some cases. For most software currently in use, it is probable that formulas and algorithms will have to be abstracted. Documentation of algorithms and formulas in the a 1 p oyuate listings can then be made a required part of the design and development process to insure compliance. CODE Resnonsibilitv: Principle: -e Responsible Person 5. Formulas Documentation of operational instructions (i.e., software) shall be established and mnintained for, but not be limited to: 3) listing of all algorithms or formulas used for data analysis, processing, conversion, or other manipulations. 164 ------- Notes... 7.9 Software 3) Scope 3) Formulas 165 ------- 7.9 Software 3) Scope 4) Acceptance Testing EXPLANATION EXAMPLE Acceptance testing, which involves responsible users testing new or changed software to determine that it performs colTectly and meets their requirements, must be conducted and documented. Written procedures should indicate when such testing is required as well as how it is tobe conducted, and that documentation of such testing must include the acceptance criteria, summary of results, names of persons who performed testing, indication of review and written approval. Acceptance testing procedures are commonly integral parts of the change control process, which should also apply to implementation of new software. Users should be given the opportunity to test programs for which they have requested changes in a test environ- ment that will not impact the production system. New software shouldalsobetestedinasimilarwaybyuserswhowillbeexpected to work with it. Acceptance criteria should be documented before testing begins to ensure that testing is predicated on meeting those standards. Quality assurance units or management can review the tests and results to ascertain that criteria are appropriate and are met to their satisfaction. Resnonsibilitv: Principle: Users 4. Oi nge uocumentation or operational instructions (i.e., software) shall be established and maintained for, but not be limited to: 4) acceptance testing that outlines acceptance criteria; identifies when the tests were done and the individual(s) responsible for the testing; summarizes the results of the tests; and documents review and written approval of tests performed. CODE 166 ------- 7.9 Software MANAGEMENT Notes... 3) Scope 4) Acceptance Testing USERS PROGRAMMERS SCIENTISTS OUALITV ASSURANCE UNIT For additional guidance, see: EPA System Design & Development Guidance (June 1989). 167 ------- 7.9 Software 3) Scope 5) Change Control EXPLANATION EXAMPLE Written documentation of Change Control Procedures must exist to provide a reference and guidance to MIS and users for management of the on-going software change and maintenance process. All steps in this process should be explained or clarified and the procedures should be available to all system users and MIS personnel at the laboratory. Software or software changes that have not been imple- mented in compliance with the Change Control Procedures cannot be utilized at the laboratory, except in test mode. Change Control Procedures can refer to persons authorized to request software changes, forms designed for that purpose, require- ments to be met before approval of such requests, prioritizing methods for change requests, program libraries from which to take copies of programs to be amended, libraries for program copies undergoing change, responsibilities for documenting testing, ap- proving of changed versions, and moving changed versions to the production environment. Restricting access to the function of moving changed versions to production will assist in enforcing compliance. CODE Responsibility: Principle: Responsible Person 4. Change Documentation of operational instructions (i.e., software) shall be established and maintained for, but not be limited to: 5) drnnge control procedures that include instructions for requesting, testing, approving, and issuing software changes. 168 ------- Notes... 7.9 Software 3) Scope 5) Change Control For additional guidance, see: EPA System Design & Development Guidance (June 1989). I 169 ------- 7.9 Software 3) Scope 6) Version Control EXPLANATION EXAMPLE An audit tail must be established and retained that permits identi- fication of the software version in use at the time each data set was created. This requirement is normally met by insuring that the date and time of generation of all data sets is documented (usually within the data record itself), and that the software system generating the data set is identifiable. Also, the lab can ensure that historical files are established and maintained to indicate the current and all previous versions of the software releases and individual programs, includ- ing dates and times they were put into and removed from the 1 MW PLi flA J 7 CODE Responsibility: Principle: Responsible Person 3. Audit 6) data sets. Documentation of operational instructions (i.e., software) shall be established and malntained for, but not be limited to: procedures that document the version of software used to create or update 170 ------- , ØP ___ Notes... 7.9 Software 3) Scope 6) Version Coiizrol 171 ------- 7.9 Software 3) Scope 7) Problem Reporting EXPLANATION. EXAMPLE A written Pioblem Reporting Procedure should exist to structure the process of documenting software problems encountered by users and MIS staff, as well as the recording, follow-up and resolution of such problems. Problem Report forms with written instructions for completion can be developed and Problem Logs can be maintained by a person designated by the Responsible Person. Analysis and initial report- ing can be required within a specific time frame and periodic follow- up of open problems can be done by the Responsible Person until resolution is reached. Documentation of resolved problems can be retained in case of recurrences. CODE Responsible Person 4. Audit Documentation of operational instructions (i.e., software) shall be established and maintained for, but not be limited to: 7) procedures for reporting software problems, evaluation of problems, and documentation of corrective actions. Responsibility: Principle: 172 ------- 7.9 Software 3) Scope 7) Problem Reporting Notes... For additional guidance, see: EPA System Design & Development Guidance (June 1989). 173 ------- 7.9 Software 4) DocuuAvailabiir EXPLANATION EXAMPLE All written SOPs or software documentation mentioned in para- graph 7.3, subparagraphs 4-10 above, should be available, in their work areas, to system users or persons involved in software devel- opment or maintenance, as applicable. For purchased systems. vendor-supplied documentation, if properly referenced, may sup- plement documentation developed in-house. SOP manuals are normally available to each department or work group within a lab. Persons responsible forproducing SOP manuals may maintain a log of manuals issued, by number, and to whom they were issued in order to ensure that all manual holders receive updates. A distribution key, indicating departments or persons receiving SOPs, and the SOPs which were issued to them (not all users need all SOPs), can be useful. SOPs pertinent only to design, development, and maintenance personnel can be made available centrally at a specified location in the systems area. User manuals should be provided to all user departments or kept in a central documentation area; sign-out procedures can help prevent loss or misplacement. CODE Responsibility: Principle: Man” E or written procedures for documentation of operational instructions shall be readily available in the areas where these procedures are performed. Published literature or vendor documentation may be used as a supplement to software documentation if properly referenced therein. Archivist 5. SOP 174 ------- 7.9 Software 4) Document Availability Notes... 175 ------- 7.9 Software 5) Historical Files EXPLANATION EXAMPLE Files of all versions of software programs must be created and maintained so that the history of each program is evident. Differ- ences between the various versions and the dine of their use should be evident. An audit tail must be established and retained that permits identification of the software version in use at the time each set was created. The lab can ensure that historical files are established and main- tained to indicate the current and all previous versions of the software releases and individual programs, including dates and dines they were put into and removed from the production system environment. Program listings with sufficient internal documenta- tion of changes, dates, and persons making changes can be used; internal references back to a project number or change request form can also be useful. Labs can also log the date and dine of generation of all data sets within the data record itself and make sure the software system generating the data set is identifiable. Responsible Person 3. Audit A historical file of operating instructions, changes, or version numbers shall be maintained. All software revisions, induding the dates of such revisions, shall be innintained within the historical file. The laboratory shall have appropriate historical documentation to determine the software version used for the collection, analysis, processing, or maintenance of all data sets on automated data collection systems. Responsibility: Principle: 176 ------- 7.9 Software 5) Historical Files ,.— Notes... For additional guidance, see: EPA System Design & Development Guidance (June 1989). 177 ------- 178 ------- 7.10 DATA ENTRY 179 ------- 7.10 Data Entry 1) Integrity of Data 1) Tracking Person EXPLANATION EXAM PLE Labs using automated data collection systems must ensure that data input is traceable to the person who entered it, i.e., the person responsible for the data entered can be identified. The usual method for accomplishing this is to have the system record the user identification code as part of all records entered. The user ID code can then be referenced back to the associated data entry person to allow identification per each record entered. CODE Responsible Person 3. Audit When a laboratory uses an automated data collection system in the conduct of a study, the laboratory hnI1 ensure integrity of the computer-resident data col- lected, nnalyzed, processed, or maintained on the system. The laboratory shall ensure that in automated data collection systems: 1) The individual responsible for direct data input shall be Identified at the time of data input. Resnonsibilirv: Principle: 180 ------- 7.10 Data Entry 1) Integrity of Data 1) Tracking Person :‘T ’ L Notes... For additional guidance, see: Automated Laboratorj Standards: Evaluation of the Use of Automated Financial System Procedures (June 1990). 181 ------- 7.10 Data Entry 1) Integrity of Data 2) Tracking Equipment, Time, Daze EXPLANATION Labs using instruments which transmit data to automated data collection systems must ensure that an audit trail exists and is maintained, indicating date and time stamps for each record nans- mined and which instrument was the source for each entry. It must be possible to trace each record transmitted back to the source instrument, and date and time of generation. EXAMPLE This àan be accomplished by entering an instrument identification code along with a date and tune stamp into each record transmitted to the system and storing this information as part of those records or by generating an audit nail report with similar information. CODE Responsibility: Principle: Responsible Person 3. Audit When a laboratory uses an automated data collection system in the conduct of a study, the laboratory shall ensure integrity of the computer-resident data col- lected, analyzed, processed, or maintained on the system. The laboratory shall ensure that in automated data collection systems: 2) The instruments transmitting data to the automated data collection system shall be identified, and the time and date of transmittal shall be documented. 182 ------- 7.10 Data Entry 1) Integrity of Data 2) Tracking Equipment, Time, Date Notes... For additional guidance, see: Automated Laboratory Standardc: Evaluation of the Use of Automated Financial System Procedures (June 1990). 183 ------- 7.10 Data Entry 1) huegrity of Data 3) Data Change EXPLANATIO N EXAMPLE When data in the system is changed after initial entry, an audit trail must exist which indicates the new value entered, the old value, a reason for change, date of change, and person who entered the change. This normally requires storing all the values needed in the record changed or an audit trail file and keeping them permanently so that the history of any data record can always be reconstructed. Audit• Trail reports may be required and, if any electronic data is purged, the reports may have to be kept permanently on microfiche or microfilm. CODE Responsible Person 3. Audit SPECIAL CONSIDERATIONS Laboratories may consider adopting the policy by which only one individual may be authorized to change data, rather than implement- ing a system that records the name of any and all individuals making data changes. When a laboratory uses an automated data collection system in the conduct of a study, the laboratory ch Il ensure integrity of the computer-resident data col- lected, analyzed, processed, or maintained on the system. The laboratory shall ensure that in automated data collection systems: 3) Any change in automated data entries shall not obscure the original entry, sh Il indicate the reason for change, shall be dated, and shall identify the individual making the th nge. ResDonsibilitv: Principle: 184 ------- 134.7 • NAME OF PERSON ENTERING DATA • DATE OF ENTRY I 7.10 Data Entry 1) Integrity of Data 3) Data Change • NAME OF PERSON MAKING CHANGE • DATE OF CHANGE • REASON FOR CHANGE AUDIT TRAil. — — — — — CHANGE PROCESS 144.7 134.7 ORIGINAL DATA CHANGED DATA Notes... For additional guidance, see: FIFRA GLFs 4OCFR 792 .130(e); TSCA GLPs 4OCFR 160.130(e); Automated Laboratory Standards: Evaluation of Good Laboratory Practices for EPA Programs, Draft (June 1990); Automated Laboratory Standards: Evaluation of the Standards and Procedures Used in Automated Clinical Laboratories, Draft (May 1990): and Awomated Laboratory Standards: Evaluation of the Use of Automated Financial System Procedures (June 1990). 185 ------- 7.10 Data Entry 2) Data Verification EXPLANATION EXAMPLE CODE Written SOPs must exist for validating the data entered manually or automatically to the lab’s automated data collection systems. The practice of these procedures must be enforced. Data v lid2tion methods, such as double-keying of manually en- tered data, blind re-keying of data entered automatically, or other proven methods, can be practiced to ensure data integrity. Responsibility: Responsible Person Principle: 1. Data Data integrity In an automated data collection system is most vulnerable during data entry ‘whether done via manual input or by electronic transfer from auto- mated Instruments. The laboratory shaH have written procedures and practices in place to verify the accuracy of manually entered and electronically transferred data collected on automated system(s). 186 ------- Notes... 7.10 Data Entry 2) Data Ver flcarion For *dtiitional guidance, see: Automated Laboratory Standards: Evaluation of the Use of Automated Financial System Procgdures (June 1990). 187 ------- 188 ------- 7.11 RAW DATA 189 ------- 7.11 Raw Data 1) Definition EXPLANAT1ON EXAMPLE The operational definition of raw data for the lab, especially as it relates to automated data collection systems used, must be docu- mented by the lab and made known to employees. Raw data can be original records of environmental conditions, animal weights, food consumed by study animals throughout the course of a study or imi12r original records-or documentation necessary for the recon- struction of a study and which cannot be recalculated, as can a statistical value such as a mean or median, given all the original raw data of the study. It can include data stored on the system or output on various media. The definition of raw data in GLP regulations is: “... [ A]ny labora- tory worksheets, records, memoranda, notes, or exact copies thereof, that are the result of original observations and activities of a study and are necessary for the reconstruction and evaluation of that study... “Raw data” may include photographs, microfilm or microfiche copies, computer printouts, magnetic media, ... and recorded data from automated instruments.” (40 CFR 792.3). Data entered into the system directly (not from a source document) by keyboard or automatically by lab test devices is considered raw djIr2 A microscope slide is not raw data since it is not an original record of an observation, but a pathologist’s written diagnosis .,f the slide would be considered raw data. Resnonsibilitv: Principle: Management 1. Data Raw data collected, analyzed, processed, or maintained on automated data collection system(s) are subject to the procedures outlined below for storage and retention of records. Raw data may include microfilm, microfiche, computer printouts, magnetic media, and recorded data from automated collection systems. Raw data is defined as data that cannot be easily derived or recalculated from other information. The laboratory shall: 1) Define raw data for its own laboratory operation. CODE 190 ------- 7.11 Raw Data 1) Definition SPECIAL CONSIDERATIONS Notes... 1. A recent court ruling may supercede federal requirements. A review of the US Court of Appeals ruling on the A.H. Robins Dalkon Shield case is recommended. The Court ruled that compliance with the Food and Drug Administration’s (FDA) retention guidelines did not free the company from obligation to produce records. In this case the company failed to produce test evidence that it claimed it de- stroyed after the FDA retention date passed and before the law suit was filed. 2. Some computer-controlled devices including some spec trome- ters, chromatography devices, and titration measurement devices provide intermediary or “tentative” data. In these situations, the scientist interprets these tentative data typically through a number of preliminary curve sets. After several iterations, he determines an appropriate curve fit. While several hundred thousand data points are generated only the final fit is the raw data. In this unique setting, it is the scientist’s professional determina- tion of what are acceptable data that determines what the raw data are. 3. In practice, this regulation is interpreted to mean that a regulated industry has an obligation to retain (and, within certain periods of tune, produce) all records that may be subject to alternate expert inter- pretation,or that demonstrate compliance (or non-compliance) with a specific regulation. Most laboratories treat as raw data all scientists’ notebooks, printouts of databases summarizing the results of testing equipment output, and electronic copies of said databases, including any statistical manipulation of the data contained therein. For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratoty Practices (1989). 191 ------- 7.11 Raw Data 2) Standard Operating Procedures EXPLANATION EXAMPLE The lab must include its definition of raw data in the SOPs it publishes and makes available to its personnel so that interpretation of what constitutes raw data and retention procedures for such data are uniform for all lab studies performed. A policy statement can be issued by the lab to make this definition clear to employees. Consideration can be given to preferred storage media and retention requirements. Responsibility: Principle: Management 5. SOP Raw data collected, analyzed, processed, or maintained on automated data collection system(s) are subject to the procedures outlined below for storage and retention of records. Raw data may include microfilm, microfiche, computer printouts, magnetic media, and recorded data from automated collection systems. Raw data is defined as data that cannot be easily derived or recalculated from other information. The laboratory shall: 2) Include this definition in the laboratory’s standard operating procedures. CODE 192 ------- 7.11 Raw Data , — Notes... 2) Standard Operating Procedures For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFR.A); Good Laboraorj Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 193 ------- 194 ------- 7.12 RECORDS AND ARCHIVES 195 ------- 7.12 Records and Archives 1) Records to be Maintained 1) RawData EXPLANATION EXAMPLE Labs must retain their written definition of computer resident raw data for inspection or audit. The policy or SOP containing the raw data definition, including all prior versions of it, can be permanently retained in the office or department responsible for publishing it that version may be considered the copy of record and it can be made available there for inspection or audit. Responsibility: Principle: Management 1. Data All raw data, documentation, and records generated in the design and operation of automated data collection system(s) shall be retained. Correspondence and other documents relating to interpretation and evaluation of data collected, analyzed, processed, or maintained on the automated data collection system(s) also shall be retained. Records to be maintained indude, but are not limited to: 1) A written definition of computer-resident “raw data” (see Section 7.11 of this document). CODE 196 ------- 7.12 Records and Archives 1) Records to be Maintained 1) Raw Data Notes... For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act (FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act (TSCA); Good Laboratory Practices (1989). 197 ------- 7.12 Records and Archives 1) Records to be Mai,uained 2) Hardware and Software EXPLANATION EXAMPLE. The lab must retain written descriptions of all hardware and soft- ware used in data handling on the system. Overall descriptions of the purpose and use of the system and specific listing of hardware and software involved in data handling are required. If more than one system exists, the relationships between them, including what data is passed from one system to another, must be documented and retained. Hardware descriptions are usually provided by the vendor but system configurations can be documented in-house; general de- scriptions of software are available from the vendor for purchased software but will have to be enhanced in-house if the software is modified or to describe how important software options are being used. For software developed in-house, the required descriptions will have to be developed as part of the design documentation. CODE. Responsibility: Principle: Responsible Person 3. Audit All raw data, documentation, and records generated in the design and operation of automated data collection system(s) shall be retained. Correspondence and other documents relating to interpretation and evaluation of data collected, analyzed, processed, or maintained on the automated data collection system(s) also shall be retained. Records to be maintained include, but are not limited to: 2) A written description of the hardware and software used in the collection, analysis, processing, or maintenance of data on automated data collection system(s). This description shall identify expectations of computer system perform- ance and shall list the hardware and software used for data handling. Where mul- tiple automated data collection systems are used, the written description shall include how the systems interact with one another. 198 ------- 7.12 Records and Archives A 1) Records to be Maintained 2) Hardware and Software Notes... For dditiona1 guidance, see: EPA System Design & Development Guidance (June 1989), and EPA Information Security Manual for Personal Computers (December 1989). 199 ------- 7.12 Records and Archives 1) Records to be Maintained 3) Acceptance Test Records EXPLANATION Acceptance testing must be performed and documented for new or changed software. Documentation of that testing, including the information mentioned above, must be permanently retained. EXAMPLE Normally such documentation of acceptance testing by users is made a part of the project file associated with the new or changed software, which is typically retained in the MIS department or other designated area, for audit purposes. CODE - Responsible Person 3. Audit All raw data, documentation, and records generated in the design and operation of automated data collection system(s) shall be retained. Correspondence and other documents relating to interpretation and evaluation of data collected, analyzed, processed, or maintained on the automated data collection system(s) also shall be retained. Records to be maintained include, but are not limited to: 3) Software and/or hardware acceptance test records which identify the item tested, the method of testing, the date(s) the tests were performed, and the mdi- ‘viduals who conducted and reviewed the tests. Responsibility: Principle: 200 ------- 7.12 Records and Archives 1) Records to be Maintained 3) Acceptance Test Records Notes... For additional guidance, see: EPA System Design & Development Guidance (June 1989), and EPA Information Security Manual for Personal Computers (December 1989). 201 ------- 7.12 Records and Archives 1) Records to be Maintained 4) Training and Experience EXPLANATION EXAMPLE Laboratoriess must retain summary records for their personnel of their job descriptions, experience, qualifications, and training re- ceived. Documentation of personnel backgrounds, including education, aining, and experience, can be retained cen ally, by Personnel for example, and kept available to laboratory management and inspec- tors or auditors. Any pertinent systems design and operations knowledge should be indicated, in accordance with Section 7.1 of this manual. CODE Responsibility: Principle: Archivist 3. Audit All raw data, documentation, and records generated in the design and operation of automated data collection system(s) shall be retained. Correspondence and other documents relating to interpretation and evaluation of data collected, analyzed, processed, or maintained on the automated data collection system(s) also shall be retained. Records to be maintained include, but are not limited to: 4) Sununaries of training and experience and job descriptions of staff as required by Section 7.1. of this document. 202 ------- Notes... 7.12 Records and Archives 1) Records to be Maintained 4) Training and Experience 203 ------- 7.12 Records and Archives 1) Records to be Maintained 5) Maintenance EXPLANA11ON All written documentation or logs of repair or preventative mainte- nance to automated data collection system hardware must be retained by labs for subsequent reference, inspection, or audit. Such documentation should indicate the devices repaired or maintained (preferably with model and serial numbers), dates, nature of the problem forrepairs, resolutions, indications of testing, when appro- priate, and authorizations for return of devices to service. Mainte- nance documentation should include records pertaining to work performed by in-house personnel as well as that done by vendors or outside service contractors. See also Section 7.6 of this manual. EXAMPLE CODE Policies can be implemented to ensure that all required documenta- tion is forwarded to a central archive point, including that for peripheral devices or PCs, even if remotely located. Accounts Payable can be alerted to check that documentation of repairs and maintenance has been updated before paying any related invoices, or special General Ledger accounts can be created for these kinds of payments to aid in tracing them. Responsible Person 3. Audit Responsibility: Principle: All raw data, documentation, and records generated in the design and operation of automated data collection system(s) shall be retained. Correspondence and other documents relating to interpretation and evaluation of data collected, analyzed, processed, or maintained on the automated data collection system(s) also shall be retained. Records to be maintained include, but are not limited to: 5) Records and reports of of automated data collection system(s) 204 ------- 7.12 Records and Archives 1) Records to be Maintained 5) Maintenance Notes... For additional guidance, see: EPA System Design & D evelopmen Guidance (June 1989). 205 ------- 7.12 Records and Archives 1) Records to be Maintained 6) Problem Reporting EXPLANAT1ON EXAMPLE CODE Labs must retain all soft e-related Problem Reports and Problem Logs for subsequent reference and inspection. These should include all information pertinent to the problems and the actions taken to resolve the problems. See also Section 7.9 #3, of this manual. Software problems are typically reported cen ally to a system sup- port group or person; they can be reported by both users and Operations personnel. In the written procedures required by the above referenced section of this manual, guidelines can be estab- lished for documenting, filing, and retention of such problems. Primary responsibility for maintenance and retention of these records can be specifically delegated to a designated person. Responsibility: Principle: Archivist 5. SOP All raw data, documentation, and records generated in the design and operation of automated data collection system(s) shall be retained. Correspondence and other documents relating to interpretation and evaluation of data collected, analyzed, processed, or maintained on the automated data collection system(s) also shall be retained. Records to be maintained include, but are not limited to: 6) Records of problems reported with software and corrective actions taken. 206 ------- 7.12 Records and Archives 1) Records to be Maintained 6) Problem Reporting Notes... For additional guidance, see: EPA System Design & Development Guidance (June 1989), and EPA Information Security Manual for Personal Computers (December 1989). 207 ------- 7.12 Records and Archives 1) Records to be Maintained 7) QA Inspections EXPLANATION EXAMPLE In automated laboratories, the Quality Assurance Unit is respon- sible for conducting periodic inspections of lab operations, to include the hardware, software and computer-resident data to en- sure that no deviations from proper design or use, as documented in written procedures or pertinent manuals, is evident The QAU must also document these inspections and this documentation of inspec- tions must be retained. The QAU can create suitable forms or checklists to document such inspections and retain them in appropriate files or on microfilm. The QAU staff does not have to become expert in systems hardware or software but can inspect automated operations for compliance with applicable GLPs and SOPs and evidence of proper authorization and documentation for deviations from these. CODE Responsibility: Principle: Quality Assurance 3. Audit All raw data, documentation, and records generated in the design and operation of automated data collection system(s) shall be retained. Correspondence and other documents relating to interpretation and evaluation of data collected, analyzed, processed, or maintained on the automated data collection system(s) also shall be retained. Records to be maintained indude, but are not limited to: 7) Records of quality assurance inspections (but not the findings of the inspec- tions) of computer hardware, software, and computer-resident data. 208 ------- ,._____ Notes... 7.12 Records and Archives A 1) Records to be Maintained 7) QA Inspeaions 209 ------- 7.12 Records and Archives 1) Records to be Maintained 8) Backup and Recovery EXPLANATION EXAMPLE Labs must retain all schedules, logs, and reports of system backups (data and programs), system failures, and recoveries or restores. These records should indicate the type of activity (e.g., normal backup, recovery due to system failure, restore of a particular file due to data comiption) and location of backup storage media. Binders or other suitable files can be established in the Operations Department for retention of the forms on which all backups and recoveries or restores can be documented. This documentation is typically subject to scheduled managerial review when operations are centralized and as a result is usually easily consolidated under such conditions. When operations are distributed or when PCs are involved, persons responsible for backup, recovery, and for docu- menting backup and recovery, may also be subject to frequent managerial review or follow-up to ensure all necessary records are generated and retained, according to SOPs. CODE ResDonsibilitv: Principle: Responsible Person 3. Audit All raw data, documentation, and records generated in the design and operation of automated data collection system(s) shall be retained. Correspondence and other documents relating to interpretation and evaluation of data collected, analyzed, processed, or maintained on the automated data collection system(s) also shall be retained. Records to be maintained include, but are not limited to: 8) Records of backups and recoveries, including backup schedules or logs, type and storage location of backup media used, and logs of system failures and recoveries. 210 ------- 7.12 Records and Archives 1) Records to be Maintained 8) Backup and Recovery Notes... For additional guidance, see: Computer Security Ac: of 1987, and EPA System Design & Development Guidance (June 1989). 211 ------- 7.12 Records and Archives 2) Conditions of Archives EXPLANA11ON EXAMPLE CODE All raw data, documentation, and records generated in the design and operation of the automated data collection system must be archived in a manner that is orderly and facilitates retrieval. Filing logic and sequences should be easily understood. If stored on the system, such data must be backed up at intervals appropriate to the importance of the data and potential difficulty of reconstructing it, and the backups must be retained. The storage environment should be suitable to accommodate the media involved and prolong the usefulness of the backups or documents in accordance with their retention period requirements. Backup tapes or disks can be stored in the computer room, if available, which normally provides the proper environment to prevent deterioration due to temperature, dust, or other potentially harmful conditions. Documents which must be retained can be filed in cabinets that are water- and fireproof and located in areas appropriately protected from water and fire damage. If retention requirements for data stored on magnetic tape exceed two years, procedures for periodically copying such tapes can be established. Filing procedures and sequences can be documented to ensure uniformity. Responsibility: Principle: Archivist 1. Data There shall be archives for orderly storage and expedient retrieval of all raw data, documentation, and records generated in the design and operation of the auto- mated data collection system. Conditions of storage shall minimize potential dete- rioration of documents or magnetic media in accordance with the requirements for the retention period and the nature of the documents or magnetic media. 212 ------- Notes... 7.12 Records and Archives 2) Conditions of Archives 213 ------- 7.12 Records and Archives 3) Records Custodian :ON Ltbs must assign responsibility, in writing, for maintenance and security of archives to a designated individual. The job description for a particular position in the lab can contain, among other duties, the responsibilities of archivist. This person will normally require a backup person to assume such duties in case of absence. Responsibility: Principle: Management 1. Data An individual shall be designated in writing as a records custodian for the archives. 214 ------- Notes... 7.12 Records and Archives 3) Records Custodian 215 ------- 7.12 Records and Archives 4) Limited Access EXPLANA11ON Access to all data and documentation archived in accordance with Section 7.12 and zelated subparagraphs of this manual shall be limited to those with documented authorization. EXAMPLE Archived data and documentation should be accorded the same level of protection as data stored on the system. Procedures defining how access authorization is granted and the proper use of the archived data, including restrictions on how and where it can be used by authorized persons, can be established. Logs can be main- tained indicating when, to whom, and for what reasons access was granted to the archives; the particular records accessed may also be identified. If removal of records from the archive aiea is to be permitted, strictly enforced sign-out and return procedures should be documented and implemented. CODE Responsibility: Principle: Only personnel with documented authorization to access the archives shall be Permitted this access. Archivist 1. Data 216 ------- Notes... 7.12 Records and Archives 4) Limited Access 217 ------- 7.12 Records and Archives 5) Retention Periods for Records EXPLANATION: EXAMPLE Raw data and all system-related data or documentation pertaining to laboratory work submitted in support of health or environmental pro ains must be retained by the labs for the period specified in the conuact or by EPA statute. Coniract clauses or EPA statutes pertinent to record retention periods can be copied and forwarded to the Archivist, who then can ensure compliance and disposal or desiruction, as appropriate, when retention periods have expired. The Archivist can follow-up to determine retention periods for any records lacking such inform a- ton. The Archivist can ensure that the storage media used is adequate to meet retention requirements and can institute proce- dures to periodically copy data stored on magnetic media whose retention capabilities do not meet requirements. CODE SPECIAL CONSIDERATIONS Responsibility: Principle: Archivist 1. Data Arecentcourtru]ingniay supercede federairequirements. A review of the US Court of Appeals ruling on the A.H. Robins Da]kon Shield case is recommended. The Court ruled that compliance with the FoodandDrugAdminiciration’s (FDA)retention guidelines didnot free the company from obligation to produce records. In this case the company failed to produce test evidence that it claimed it desiroyed after the FDA retention date passed and before the law suit was filed. Raw data collected, analyzed, processed, or maintained on automated data collec- tions systems and documentation and records pertaining to automated data collec- tion system(s) shall be retained for the period specified by EPA contract or EPA statute. 218 ------- Notes... 7.12 Records and Archives 5) Retention Periods for Records 219 ------- 220 ------- 7.13 REPORTING 221 ------- 7.13 Reporting 1) Standards EXPLANATION. EXAMPLE When a lab reports data from analytical instruments electronically to the EPA, that data must be submitted on standard magnetic media, such as tapes or diskettes, and conform to all requirements of EPA Order 2180.2, such as those for record identification, length, and content. Although the EPA Order 2180.2 should be consulted directly for specific information, these general requirements are noted: 1. All character data are to be upper case, with two exceptions: 1.1 When using the symbols for chemical elements, they must be shown as one upper case letter or one upper case letter followed by a lower case letter. 1.2 In comment fields, no restrictions are made. 2. Missing or unknown values must be left blank. 3. All character fields must be left-justified. 4. All numeric fields must be right-justified. A decimal point is to be used with a non-integer if exponential notation is not used. Commas are not allowed. 5. All temperature fields are in degrees centigrade, and values are presumed non-negative unless preceded by a minus sign (-). 6. Records must be 80 bytes in length, ASCII format. A laboratory may choose to report or may be required to report data electroni- cally. If the laboratory reports data electronically, the laboratory shall: 1) Ensure that electronic reporting of data from analytical instruments is reported in accordance with the EPA’s standards for electronic transmission of laboratory measurements. Electronic reporting of laboratory measurements must be provided on standard magnetic media (i.e., magnetic tapes and/or floppy disks) and shall adhere to standard requirements for record identification, sequence, length, and content as specified in EPA Order 2180.2 - Data Standards for Electronic Trans- mission of Laboratory Measurement Results. 222 ------- 7.13 Reporting 1) Standards CODE. 7. Disks or diskettes must have a parent directoty listing all files present. 8. Tape files must be separated by single tape marks with the last file ending with two tape marks. 9. External labels must indicate volume ID, number of files, creation date, name, address, and phone number of submitter. 10. Tape labels must also contain density, block size, and record length. The Order also provides the formats for six different record types and gives other important definitions and information that must be noted and followed by all labs submitting data electronically. Responsibility: Responsible Person Principle: 1. Data Notes... 223 ------- 7.13 Reporting 2) Other Data EXPLANA11ON EXAMPLE If labs electronically report data other than that from analytical insmnnents (covered in subparagraph 1 above), that data must be transmitted in accordance with the recommendations made by the ERS Workgroup mentioned above. A policy statement concerning all aspects of electronic data inter- change (EDI) has been developed by the ERS Workgroup but has not yet become effective. This policy provides guidance in adopting the same Federal Information Process Standard (FIPS) proposed by the National Institute of Standards and Technology (NIST) relative to EDI (Federal Register, Vol. 54, pp. 38424-6, September 18, 1989). When the policy becomes effective, labs will want to obtain copies to guide them in submitting reports electronically; in the meantime, an indication of what to expect or how to prepare can be probably be derived from the FIPS. CODE Rest,onsibilitv: Principle: Responsiblà Person 1. Data A laboratory may choose to report or may be required to report data electroni- cally. If the laboratory reports data electronically, the laboratory shall: 2) Ensure that other electronically reported data are transmitted in accordance with the recommendations of the Electronic Reporting Standards Workgroup (to be identified when the recommendations are finalized). 224 ------- Notes... 7.13 Reporting 2) Other Data 225 ------- 226 ------- 7.14 C OMPREHENS lYE ONGOING TESTING 227 ------- 7.14 Comprehensive Ongoing Testing EXPLANA11ON EXAMPLE In order to ensure ongoing compliance with EPA requirements for secárity and integrity of data and continued system reliability and accuracy, a complete systems test of laboratory systems must be conducted at least once very 24 months. This test must also include a complete document review (SOPs, change, security, and uaining documentation, audit trails, error logs, problem reports, disaster plans, etc. See Appendix B of A Guide to EPA Requirements for Automated Laboratories; “Inventory of Compliance Docuinenta- tion”). A test team can be assembled which could include users, QAU personnel, data processing personnel, and management so that the interests, skills and backgrounds of individuals from these different areas can best be drawn into the testing process. A system test data set can be developed which significantly exercises all important functions of the system. This test data set can then be retained and re-used for future systems tests. It may have to be enhanced periodi- cally if new functionality is added to the system. System test protocols and test objectives can be developed and re-used also. A checklist can be developed to ensure that all important areas of testing and document review are addressed. Responsibility: Principle: Management 4. change SPECIAL CONSIDERATIONS If it is determined that there have been no changes to the system within the previous 24 months, actual retesting and review can be of a limited scope. It should at least be determined that documenta- tion is current and accurate. Laboratories using automated data collection systems must conduct comprehensive tests of overall system performance, induding document review, at least once every 24 months. These tests must be documented and the documentation must be re- tained and available for inspection or audit. CODE 228 ------- r rotes... 7.14.Comprehensive Ongoing Testing 229 ------- 230 ------- APPENDIX A EPA OIRM GALP Publications AutomatedLaboratory Standards: Current Automated Laboratory Data Management Practices (Firi 1, June 1990) Automated Laboratory Standards: Good Laboratory Practices for EPA Programs (Draft, June 1990) Automated Laboratory Standards: Survey of Current Automated Technology (Fin 1, June 1990) Automated Laboratory Standards: Evaluation of the Use of Automated Financial System Procedures (Final, June 1990) Automated Laboratory Standards: Evaluation of the Standards and Procedures used in Automated Clinical Laboratories (Draft, May 1990) 231 ------- Notes... 232 ------- COMMENT FORM Please use this form to forward any comments you may have on this Implementation Gu*Ie. Send the form to: Richard Johnson U.S.E.P.A. MD-34 RescarchTrianglePark,NC 27711 Name: _____________________________________________ Title: _____________________________________ Org ni tion: Address: ___________________________ Phone:_______________________________ Date: Comments: 233 ------- |