United States      Office of Administration    Draff
       Environmental Protection  and Resources Management  December 28,1990
       Agency




EPA  Good  Automated


       Laboratory Practices
       Recommendations For Ensuring

       Data Integrity In Automated;

       Laboratory Operations


       with Implementation Guidance


-------
 GOOD AUTOMATED LABORATORY PRACTICES
                                        DRAFT
                                       December 28,1990
EPA'S RECOMMENDATIONS FOR ENSURING DATA INTEGRITY
          IN AUTOMATED LABORATORY OPERATIONS
               WITH IMPLEMENTATION GUIDANCE
                                  Scientific Systems Staff
                  Office of Information Resources Management
                       U.S. Environmental Protection Agency
                  Research Triangle Park, North Carolina 27711

-------
11

-------
EXECUTIVE SUMMARY
This document describes acceptable data management practices in laboratories that pro-
vide data to EPA. It is divided into two sections. The first section formally establishes
the Agency’s recommended practices for laboratories to follow in automating their
operations — Good Automated Laboratory Practices (GALP). The companion section
provides laboratory management and personnel with recommendations and examples for
complying with the GALP. Compliance with the GALP will assure the reliability of
much of the data EPA uses in reaching decisions on human health and the environment.
The GALP axe a single source to EPA’s established principles for ensuring integrity of
computer resident laboratory data. The Agency’s Information Resource Management
Policies build upon managerial controls that govern manual operations in many private
laboratories that submit data to the Agency. Thus the GALP prescribe practices that will
ensure integrity of health and environmental data for laboratories electing to automate
their operations. This knowledge will improve hardware and software investment deci-
sions of the private sector.
The GALP axe EPA’s response to the need for standardized laboratory data management
practices. Recent evidence of corruption, loss, and inappropriate modification of compu-
terized data provided to EPA prompted an investigation by EPA’s Office of Inspector
General and has underscored the lack of Agency-wide laboratory data management
principles. This evidence also prompted EPA to conduct a detailed survey of automated
laboratory practices and to visit several laboratories to evaluate first-hand the data man-
agement practices employed to protect data integrity.
The survey and the site visits amplified the need for the GALP. The survey found the
integrity of computer-resident data is at risk in many laboratories that provide data to
EPA. Serious gaps in system security, data validation, and basic documentation are re-
sponsible for this risk. During the site visits commercial laboratory staff unanimously
expressed need for EPA guidance in protecting the integrity of computer-resident data.
Staff frequently voiced frustration with their unsuccessful efforts to obtain GALP-type
guidance from EPA.
m

-------
iv

-------
If a man will begin with certainties, he shall
end in doubt; but if he will be content to
begin with doubts, he shall end in
certainties.
— Francis Bacon
V

-------
vi

-------
ACKNOWLEDGEMENTS
This document culminates an intensive two year investigation by EPA’s Office of Information
Resources Management (OIRM). Managers of scientific laboratories, laboratory automation
specialists, experts in national laboratory standards and directors of federal regulatory pro-
grams were employed. Senior management and technical staff in many private companies
generously gave their time, candidly provided critical comments, and freely opened their
operations to inspection by OIRM and its contract staff. A diverse national audience reviewed
the background studies and provided valuable recommendations.
Ms. Terrie Baker’s contributions overshadowed the total support of other individuals and
organizations in developing the GALP requirements and evaluating the background studies.
Her professional experience, symbiotic with the multi-talented needs of this effort; her
dedication, determination and commitment to doing the right thing and on time; and her singular
ability to examine highly charged and sensitive issues from several angles were essential.
Dr. Andy Buchanan and Dr. Sandy Weinberg of Weinberg Associates, Inc. provided significant
recommendations for the guidance in this document. They afforded this document an unpar-
alleled wealth of experience in- assisting laboratories in complying with national/federal
laboratory standards, auditing automated laboratory operations, and translating national
guidelines into laboratory operating standards. They infused this document with well-articulated
explanations and coherent practical implementation guidance.
Several organizations let us into their “kitchens” to observe their staff, review their recipes,
and discuss the soundness and practicality of the directions prescribed here. Waste Management
Incorporated; EA Engineering; Science and Technology; and EPA’s Region V Central Regional
Laboratory went out of their way to have staff meet with EPA and its contractor/consultants.
They permitted a detailed exam of their operations, and openly and methodically critiqued
drafts of GALP requirements.
Mr. Dexter Goldman, Goldman and Associates, generously and enthusiastically supported this
program from its inception. He endowed key phases of this program with an unparalleled
working knowledge of EPA’s Good Laboratory Programs and their implications to standard-
izing the automation of laboratory procedures and practices.
Contractor support was essential in several phases of this effort. Computer Sciences
Corporation (CSC) and Booz, Allen and Hamilton (BAH) staff undertook the background
surveys and technical reviews. Mr. Richard Trilling of CSC and Mrs. Marguerite Jones of
BAH supervised staff support, ensured quality control, prepared draft and final reports, and
recommended program guidance.
Ms. Lynn Laubisch and Mr. Barry Cleveland of Corporate Arts transformed the final product
from monotonous printed pages to this current draft. Their skill in page layout, font selection,
and icon and diagram creation give the reader the chance to grasp such information in a re-
freshing and stimulating way.
vii

-------

-------
TABLE OF CONTENTS
Executive Summary. iii
Acknowledgements vii
SECTION I:
GOODAUTOMATEDLABORATORYPROCEDURES(GALP)...... 1
1.0 1 lirpose 3
2.0 Background 3
2.1 Investigations 4
2.2 Pnmary Findings 4
2.3 Major Recommendations 6
2.4 Initiatives and Actions 6
2.5 Summary 7
3.0 Scope and Applicability 7
4.0 Responsibilities 7
5.0 Authorities 8
6.0 Procedures and Guidelines
7.0 Scope 8
GALPs 8
Appendix A: Inventory of Compliance Documentation 21
SECTION II:
GS LP I1 fIPIjE1%4ENrFItTION GIJII)AI CE ........................................ . 25
Principles 27
Operational Roles 28
GuidanceListing 32
Key to Guidance 36
Guidance 37
Appendix A: EPA OIRM GALP Publications 231
CommentForm 233
i x

-------
x

-------
GOOD AUTOMATED LABORATORY PRACTICES
SECTION I:
EPA’s RECOMMENDATIONS FOR ENSURING DATA INTEGRITY
IN AUTOMATED LABORATORY OPERATIONS
DRAFT
December 28, 1990

-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
RECOMMENDATIONS FOR AUTOMATING
LABORATORY OPERATIONS
TITLE: GOOD AUTOMATED LABORATORY PRACIICES (GALP) DRAFT
APPROVAL: Office of Information Resources Management DATE: December 28, 1990
The GALP are designed to assure a high standard of quality for computer-resident data produced
in support of EPA programs. They are a union of two of EPA’s directives. The GALP extend
regulations that govern laboratory management practice, Good Laboratory Practices (GLP), to
automated operations by incorporating EPA’s established principles for protecting integrity of
computer-resident data. See the diagram on the next page and Appendix A which cross-
references the GALP with EPA’s established requirements.
The GLPs describe acceptable laboratory management practices to ensure the quality and
integrity of health, environmental, and chemical data submitted to the Agency through require-
ments of the Toxic Substances Control Act (TSCA) and the Federal Insecticide, Fungicide, and
Rodenticide Act (FIFRA). Other EPA programs can and have adopted these requirements.
Various situations have arisen in automating operations for which the GLPs provide little or
ambiguous guidance. The GALP help to avoid the confusion and potential problems that such
uncertain situations can create. In laboratories where EPA’s GLPs are in effect the GALP are
an pddition to GLPs. The GALP do not replace the Gil’s.
The GALP also address the urgent need for standardized laboratory data management procedures
This need is discussed in Section 2.0, BACKGROUND. The GALP clarify EPA’s expectations
of performance and control for laboratories electing to use computer systems.
Page lof 19

-------
GOOD AUTOMATED LABORATORY PRACTICES
Page 2 of 19
PRINCIPLES AND REGULATIONS INCORPORATED INTO THE GALP
.1
Statutory Requirements
for Environmental
Programs:
• Superfund
• Resource Conservation
and Recovery Act
• Clean Wat.rAct
• Sets Drinking Water Act
• Other.
• EPAS Data Standards for Electronic
Transmission of Laboratory
Measurement Results
• Findings of EPAs Electronic
Reporting Standards Work Group
I
National Archives and
Records Administrations
Electronic Records
Management Regulations
I
EPAs Good Laboratory
Practice Regulations
from Automated Laboratory Standards: Results from Survey of Laboratory
Automated Data Management Practices, June 1990
EPA IRM Policy:
• EPA System Design and
Development Guidance
• EPAS Operations and
Maintenance Manual
• EPA information Security Manual

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 3 of 19
1.0 PURPOSE
This policy establishes EPA’s recommendations forprotecting the integrity of computer-resident
data in laboratories submitting and/or maintaining health and environmental effects studies
under Federal environmental programs within the jurisdiction of the Environmental Protection
Agency (EPA). This policy recommends procedures for laboratories to follow in automating
their operations to assure that computer-resident data are accurate and defensible. This policy
draws upon existing policies for automated operations thus providing a single source of guidance
for automating laboratory operations.
2.0 BACKGROUND
EPA depends heavily on laboratory data to reach decisions on public health and the environ-
ment. The accuracy and integrity of these data are fundamental to reaching the right decisions.
As a result, several EPA programs have adopted and require laboratories to follow Good
Laboratory Practices (GLPs) thereby assuring that laboratory-generated data are accurate and
have integrity. EPA has well-developed procedures and practices to assess if manual operations
in laboratories comply with the Agency’s GLPs.
However, the computer is increasingly replacing many manual operations in the laboratory.
It manages operations, interfaces with laboratory equipment, and generates scientific/technical
reports. EPA lacks Agency-wide standards to guide laboratories as they replace manual op-
erations with computer technology. Similarly, the Agency has no definitive guidelines to aid
the Agency’s auditors and inspectors when they inspect laboratories that use computer tech-
nology.
Newly arising problems of possible corruption, loss, and inappropriate modification in com-
puterized data provided to EPA underscored this lack of Agency-wide laboratory data
management principles. They also resulted in an investigation by EPA’s Office of Inspector
General. Disbarment, suspension, and fines have resulted from this investigation.
These concerns prompted EPA to determine if there is a definitive need for standards for
automated laboratory operations. As a result EPA initiated an investigation of laboratories that
rely on computer systems to develop environmental data for EPA. This investigation under-
scored the fact that the integrity of automated laboratory data is at risk: Additional investigations
were indicated and undertaken.

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 4 of 19
2.1 INVESTIGATIONS
EPA’S Office of Information Resources Management (OIRM) initially examined current
automated laboratory practices and procedures in both the Superfund Contract Laboratory
Program (CLP) and its Regional Office laboratories. OIRM conducted a detailed survey of
automated laboratories and visited five laboratories to evaluate, first-hand, the data management
practices employed to protect data integrity. The findings are presented in AutomatedLaboratory
Standards: Current Automated Laboratory Data Management Practices (Final, June 1990).
These findings prompted the need for further review in several areas.
The first research project reviewed EPA’s Good Laboratory Practices and examined their
applicability to automated laboratory operations. These findings are presented in Automated
Laboratory Standards: Good Laboratory Practices for EPA Programs (June 1990)
The second project surveyed vendors of laboratory information management systems (LIMS)
and researched state-of-the-an automated technology. This project determined if there is an
off-the-shelf product that can guarantee integrity of computer-resident data. Automated
Laboratory Standards: Survey of Current Automated Technology (June 1990) describes the
findings of this survey.
The third project examined how automated financial systems assure the integrity of computer-
resident data. The findings of this study are presented in Automated Laboratory Standards:
Evaluation of the Use of Automated Financial System Procedures (June 1990).
The fourth project surveyed standards employed by automated clinical laboratories. Automated
Laboratory Standards: Evaluation of the Standards and Procedures Used in Automated Clinical
Laboratories (May 1990) details the findings from this survey.
2.2 PRIMARY FINDINGS
The integrity of computer-resident data is at risk in many laboratories providing scientific and
technical data to EPA. Serious gaps in system security, data validation, and documentation
are responsible for this risk (see Table 1 on following page).
Commercial laboratory staffs unanimously expressed need for guidance in protecting the
integrity of computer-resident data. The laboratories uniformly supported the idea of having
a single source of guidance for automated operations.

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 5 of 19
In fact, commercial laboratory staff members frequently expressed frustration with their
unsuccessful efforts to obtain guidance from EPA. They were told that no written guidance
was available and often received no definitive response when they raised specific questions.
Where EPA’s Good Laboratory Practice (GLP) requirements apply, they also apply to the
computer operation used to conduct the study. Thus, an autonomous quality assurance unit
must periodically inspect the computer operations and document their inspection and its results.
Vendors of laboratory information management systems do not currently offer computer
software that meet all the requirements of EPA’s GLPs; and no computer hardware technology
currently exists that will assure data integrity.
The main sources of risk to data integrity in automated financial systems also exist in automated
laboratory systems; financial systems use time-proven controls that significantly reduce these
risks.
Clinical laboratories, particularly those doing forensic drug testing, view security as their top
priority to assuring data integrity. They use a variety of methods to ensure security in their
automated operations.
TABLE 1
Data Change Practices
Percent of Respondents Following Procedures
When logging on, individuals use a personalized password 50%
When changes are made to the system, • who authorized the change 10%
there is hard-copy documentation of: • who made the change 17%
When changes axe made to the • who authorized the change 10%
committed database, there is • who made the change 14%
hard-copy documentation of:
When changes are made to the • who made the change 40%
committed database, the system • both the changed and
maintains a log of: unchanged data 23%

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 6 of 19
2.3 MAJOR RECOMMENDATIONS
Data management procedures should be standardized in laboratories supporting EPA programs
and the Agency should assume responsibility for establishing these standards.
Standardized data management procedure for automated laboratory operations should comply
with the requirements of EPA’s Good Laboratory Practices (GLP).
Novel technology, such as the use of bar coding, can be useful in automating laboratory
operations. This technology can minimize errors in sample identification and other functions.
Risks to data integrity in automated laboratory operations may be reduced by adopting controls
automated financial systems have proven to be effective.
Automated clinical laboratories employ several practical measures to reduce security risks that
should be evaluated in developing security control procedures in laboratories providing data
to EPA.
2.4 IN1TIATWES AND ACTIONS
The Agency responded rapidly and responsibly to these findings and recommendations.
— In June 1990, EPA published the draft Automated Laboratory Srandards. A Guide
to EPA Requirements for Automated Laboratories. This document is a single source
to EPA’s established principles for protecting the integrity of computer-resident data.
The Guide draws heavily from the reviews discussed above. It complies with EPA’s
GLP requirements and includes applicable requirements from other Agency authori-
ties.
— In December 1990, EPA prepared this document. It is currently being reviewed within
EPA. It is a definitive statement of what EPA considers to be acceptable data man-
agement practices for automated laboratory operations and is based almost completely
on the Guide discussed above.
— The Agency is drafting Compliance Evaluation Guidance for EPA’s Good Automated
Laboratory Practices that will describe evaluation criteria for laboratory inspectors
to use in auditing automated laboratories. It may alsp help laboratories in developing
programs to ensure laboratory compliance with the GALP.

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 7 of 19
2.5 SUMMARY
The investigations highlighted the urgent need for standardized data management practices
in laboratories that provide data to EPA. This document contains EPA’s response to this need.
The GALP and Guidance provide EPA with assurance that much of the data the Agency uses
in reaching decisions on human health and the environment will be reliable.
This document will enable laboratories that provide data to EPA to have a clear understanding
of what the Agency considers to be adequate controls to assure data integrity. Future decisions
on further automating their operations will be improved because these laboratories will be armed
with the knowledge of EPA’s laboratory data management expecations.
3.0 SCOPE AND APPLICABILiTY
These recommendations aie directed to all EPA organizations and personnel or agents (including
contractors and grantees) of EPA who collect, analyze, process, or maintain laboratory data
for health or environmental programs. This includes the Agency’s Regional laboratories, labo-
ratories submitting data under the Contract Laboratory Program (CLP), and all other commercial
and private laboratories submitting data for regulatory purposes.
4.0 RESPONSIBILITIES
a. The Office of Information Resources Management (OIRM) shall:
(1) Be responsible for implementing and supporting this policy.
(2) Provide guidance and technical assistance where feasible and appropriate in
implementing and improving the requirements of this policy.
b. Assistant Administrators, Associate Administrators, Regional Administrators, Labora-
tory Directors, Contract Officers, ani General Counsel shall establish procedures within
their respective organizations to ensure that automated laboratory systems used in the
conduct of studies submitting data to the EPA under their direction are in compliance
with this policy.

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 8 of 19
5.0 AUTHORITIES
a. Computer Security Act of 1987. Public Law 100-235, January 8, 1988.
b. Environmental Protection Agency System Design and Development Guidance.
OIRM 87-02, June, 1989.
c. Environmental Protection Agency Data Standards for the Electronic Transmission
of Laboratory Measurement Results (EPA Order 2180.2, 12/10/87).
d. Environmental Protection Agency Security Manual for Personal Computers,
December, 1989.
e. Toxic Substances Control Act (TSCA); Good Laboratory Practices. 40 CFR part 160.
Vol 54, No. 158, August 17, 1989.
f. Federal Fungicide, Insecticide and Rodenticide (FIFRA); Good Laboratory Practices.
40 FR Part 160. Vol 54, No. 158, August 17, 1989. pp. 34052-34074.
g. Findings of EPA’s Electronic Reporting Standards Workgroup
6.0 PROCEDURES AND GUIDELINES
Implementation guidance is also included in this document. Auditing tools will be issued under
separate cover.
7.0 POLICY
It is EPA policy that data collected, analyzed, processed or maintained on automated data
collection system(s) in support of health and environmental effects studies be accurate and
of sufficient integrity to support effective environmental management.
The Good Automated Laboratory Practics (GALPs) ensure the integrity of computer-resident
data. They recommend minimum practices and procedures for laboratories that provide data
to EPA in support of its health and environmental programs to follow when automating their
operations

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 9 of 19
7.1 Personnel
When an automated data collection system is used in the conduct of a laboratory
study, all personnel involved in the design or operation of the automated system
shall:
1) have adequate education, training, and experience to enable those individuals to
perform the assigned system functions.
2) have a current summary of their training, experience, and job description, in-
cluding information relevant to system design and operation maintained at the
facility.
3) be of sufficient number for timely and proper conduct of the study, including
timely and proper operation of the automated data collection system(s).
7.2 Laboratory Management
When an automated data collection system is used in the conduct of a study, the
laboratory management shall:
1) designate an individual primarily responsible for the automated data collection
system(s), as described in Section 7.3.
2) assure that there is a quality assurance unit that oversees the automated data
collections system(s), as described in Section 7.4.
3) assure that the personnel, resources, facilities, computer and other equipment,
materials, and methodologies are available as scheduled.
4) receive reports of quality assurance inspections or audits of computers and/or
computer-resident data and promptly take corrective actions in response to any
deficiencies.
5) assure that personnel clearly understand the functions they are to perform on
automated data collection system(s).
6) assure that any deviations from this guide for automated data collection
system(s) are reported to the designated Responsible Person and that corrective
actions are taken and documented.

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 10 of 19
73 Responsible Person
The laboratory shall designated a computer scientist or other professional of appro-
priate education, training, and experience or combination thereof as the individual
primarily responsible for the automated data collection system(s) (the Responsible
Person). This indi vidual shall ensure that:
1) there are sufficient personnel with adequate training and experience to super-
vise and/or conduct, design and operate the automated data collection
system(s).
2) the continuing competency of staff who design or use the automated data col-
lection system is maintained by documentation of their training, review of work
performance, and verification of required skills.
3) a security risk assessment has been made, points of vulnerability of the system
have been determined, and all necessary security measures have been imple-
mented.
4) the automated data collection system(s) have written operating procedures and
appropriate software documentation that are complete, current, and available to
all staff.
5) all significant changes to operating procedures and/or software are approved by
review and signature.
6) there are adequate acceptance procedures for software and software changes.
7) there are procedures to assure that data are accurately recorded in the auto-
mated data collection system.
8) problems with the automated collection system that could affect data quality
are documented when they occur, are subject to corrective action, and the cor-
rective action is documented.
9) all applicable good laboratory practices are followed.
7.4 Quality Assuranee Unit
The laboratory shall have a quality assurance unit that shall be responsible for mon-
itoring those aspects of a study where an automated data collection system is used.
The quality assurance unit shall be entirely separate from and independent of the
personnel engaged in the direction and conduct of a study or contract. The quality

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 11 of 19
assurance unit shall inspect and audit the automated data collection system(s) at
intervals adequate to ensure the integrity of the study.
The quality assurance unit shall:
1) maintain a copy of the written procedures that include operation of the auto-
mated data collection system.
2) perform periodic inspections of the laboratory operations that utilize automated
data collection system(s) and submit properly signed records of each inspec-
tion, the study inspected, the person performing the inspection, findings and
problems, action recommended and taken to resolve existing problems, and any
scheduled dates for reinspection. Any problems noted in the automated data
collection system that are likely to affect study integrity found during the
course of an inspection shall be brought to the immediate attention of the des-
ignated Responsible Person.
3) determine that no deviations from approved written operating instructions and
software were made without proper authorization and sufficient documentation.
4) periodically review final data reports to ensure that results reported by the auto-
mated data collection system accurately represent the raw data.
5) ensure that the responsibilities and procedures applicable to the quality assur-
ance unit, the records maintained by the quality assurance unit, and the method
of indexing such records shall be in writing and shall be maintained. These
items include inspection dates of automated data collections systems, name of
the individual performing each inspection, and results of the inspection.
7.5 Facilities
When an automated data collection system is used in the conduct of a study, the
laboratory shall:
1) ensure that the facility used to house the automated data collection system(s)
has provisions to regulate the environmental conditions (e.g., temperature, hu-
midity, adequacy of electrical requirements) adequate to protect the system(s)
against data loss due to environment problems.
2) provide adequate storage capability of the automated data collection system(s)
or of the facility itself to provide retention of raw data, including archives of
computer-resident data.

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 12 of 19
7.6 Equipment
1) Automated data collection equipment used in the generation, measurement, or
assessment of data shall be of appropriate design and adequate capacity to
function according to specifications and shall be suitable located for operation,
inspection, cleaning, and maintenance. There shall be a written description of
the computer system(s) hardware. Automated data collection equipment shall be
installed in accordance with manufacturer’s recommendations and undergo
appropriate acceptance testing following written acceptance criteria at installa-
tion. Significant changes to automated data collection system(s) shall be made
only by approved review, testing, and signature of the designated Responsible
Person and the Quality Assurance Unit.
2) Automated data collection system(s) shall be adequately tested, inspected,
cleaned, and maintained. The laboratory shall:
2.1) have written operating procedures for routine maintenance operations.
2.2) designate in writing an individual responsible for performance of each
operation.
2.3) maintain written records of all maintenance testing containing the dates
of the operation, describing whether the operation was routine and fol-
lowed the written procedure.
2.4) maintain records of non-routine repairs performed on the equipment as a
result of a failure and/or malfunction. Such records shall document the
problem, how and when the problem occurred, and describe the remedial
action taken in response to the problem along with acceptance criteria to
ensure the return of function of the repaired system.
3) The laboratory shall institute backup and recovery procedures to ensure that op-
erating instructions (i.e., software) for the automated data collection system(s)
can be recovered after a system failure.
7.7 Security
1) When an automated data collection system is used in the conduct of a study,
the laboratory shall evaluate the need for system security. The laboratory shall
have procedures that assure that the automated data collection system is se-
cured if that system:

-------
GOOD AUTOMAThD LABORATORY PRACTICES Page 13 of 19
1.1) contains confidential information that requires protection from
unauthorized disclosure.
1.2) contains data whose integrity must be protected against unintentional
enor or intentional fraud.
1.3) performs time-critical functions that require that data be available to
sample tracking critical to prompt data analysis, monitors quality control
criteria critical to timely release of data, or generates reports which are
critical to the timely submission of data.
2) When the automated data collection system contains data that must be secured,
the laboratory shall ensure that the system is physically secured, that physical
and functional access to the system is limited to only authorized personnel, and
that introduction of unauthorized external programs/software is prohibited.
2.1) Only personnel with specifically documented authorization shall be al-
lowed physical access to areas where automated data collection systems
are maintained.
2.2) Log-ons, restricted passwords, call-backs on modems, voiceprints, finger-
prints, etc., shall be used to ensure that only personnel with documented
authorization can access automated data collection systems. -
2.3) Procedures shall be in place to ensure that only personnel with docu-
mented authorization to access automated data collection system func-
tions shall be able to access those functions.
2.4) In order to protect the operational integrity of the automated data collec-
tion system, the laboratory shall have procedures for protecting the
system from introduction of external programs/software (e.g., to prevent
introduction of viruses, worms, etc.).
7.8 Standard Operating Procedures
1) In laboratories where automated data collection systems are used in the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). Standard operating procedures shall be established for, but not limited
to: -
1.1) maintaining the security of the automated data collection system(s) (i.e.,
physical security, securing access to the system and its functions, and
restricting installation of external programs/software).

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 14 of 19
1.2) defining raw data for the laboratory operation and providing a working
definition of raw data.
1.3) entry of data and proper identification of the individual entering the data.
1.4) verification of manually or electronically input data.
1.5) interpretation of error codes or flags and the corrective action to follow
when these occur.
1.6) changing data and proper methods for execution of data changes to in-
clude the original data element, the changed data element, identification
of the data of change, the individual responsible for the change, and the
reason for the change.
1.7) data analysis, processing, storage and retrieval.
1.8) backup and recovery of data.
1.9) maintaining automated data collection system(s) hardware.
1.10) electronic reporting, if applicable.
2) In laboratories where automated data collection systems are use4 in the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). Each laboratory or other study area shall have readily available manu-
als and standard operating procedures that document the procedures being per-
formed. Published literature or vendor documentation may be used as a supple-
ment to the standard operating procedures if properly referenced therein.
3) In laboratories where automated data collection systems are used in the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). A historical file of standard operating procedures shall be maintained.
All revisions, including the dates of such revisions, shall be maintained within
the historical file.
3.9 Software
1) The laboratory shall consider software to be the operational instructions for
automated data collection systems and shall, therefore, have written standard
operating procedures setting forth methods that management is satisfied are
adequate to ensure that the software is accurately performing the intended func-
tions. All deviations from the operational instructions for automated data col-

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 15 of 19
lection systems shall be authorized by the designated Responsible Person.
Changes in the established operational instructions shall be properly authorized,
reviewed and accepted in writing by the designated Responsible Person.
2) The laboratory shall have documentation to demonstrate the validity of software
used in the conduct of a study as outlined in Section 7.9.3.
2.1) For new systems the laboratory shall have documentation throughout the
life cycle of the system (i.e., beginning with identification of user re-
quirements and continuing through design, integration, qualification, vali-
dations, control, and maintenance, until use of the system is terminated).
2.2) Automated data collection system(s) currently in existence or purchased
from a vendor shall be, to the greatest extent possible, similarly docu-
mented to demonstrate validity.
3) Documentation of operational instructions (i.e., software) shall be established
and maintained for, but not be limited to:
3.1) detailed written description of the software in use and what the software
is expected to do or the functional requirements that the system is de-
signed to fulfill.
3.2) identification of software development standards used, including coding
standards and requirements for adding comments to the code to identify
its functions.
3.3) listing or all algorithms or formulas used for data analysis, processing,
conversion, or other manipulations.
3.4) acceptance testing that outlines acceptance criteria; identifies when the
tests were done and the individual(s) responsible for the testing; summa-
rizes the results of the tests; and documents review and written approval
of tests performed.
3.5) change control procedures that include instructions for requesting, testing,
approving, and issuing software changes.
3.6) procedures that document the version of software used to generate data
sets.
3.7) procedures for reporting software problems, evaluation of problems and
documentation of corrective actions.

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 16 of 19
4) Manuals or written procedures for documentation of operational instructions
shall be readily available in the areas where these procedures are performed.
Published literature or vendor documentation may be used as a supplement to
software documentation if properly referenced therein.
5) A historical file of operating instructions, changes, or version numbers shall be
maintained. All software revisions, including the dates of such revisions, shall
be maintained within the historical file. The laboratory shall have appropriate
historical documentation to determine the software version used for the collec-
tion, analysis, processing, or maintenance of all data sets on automated data
collection systems.
7.10 Data Entry
When a laboratory uses an automated data collection system in the conduct of a
study, the laboratory shall ensure integrity of the computer-resident data collected,
analyzed, processed, or maintained on the system. The laboratory shall ensure that
in automated data collection systems:
1) The individual responsible for direct data input shall be identified at the time
of data input.
2) The instruments transmitting data to the automated data collection system shall
be identified, and the time and date of transmittal shall be documented.
3) Any change in automated data entries shall not obscure the original entry, shall
indicate the reason for the change, shall be dated, and shall identify the indi-
vidual making the change.
4) Data integrity in an automated data collection system is most vulnerable during
data entry whether done via manual input or by electronic transfer from auto-
mated instruments. The laboratory shall have written procedures and practices
in place to verify the accuracy of manually entered and electronically trans-
feired data collected on automated system(s).
7.11 Raw Data
Raw data collected, analyzed, processed, or maintained on automated data collection
system(s) are subject to the procedures outlined below for storage and retention of
records. Raw data may include microfilm, microfiche, computer printouts, magnetic

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 17 of 19
media, and recorded data from automated collection systems. Raw data is defined
as data that cannot be easily derived or recalculated from other information. The
laboratory shall:
1) defIne raw data for its own laboratory operation.
2) include this definition in the laboratory’s standard operating procedures.
7.12 Records and Archives
1) All raw data, documentation, and records generated in the design and operation
of automated data collection system(s) shall be retained. Correspondence and
other documents relating to interpretation and evaluation of data collected,
analyzed, processed, or maintained on the automated data collection system(s)
also shall be retained. Records to be maintained include, but are not limited to:
1.1) a written definition of computer-resident “raw data” (see Section 7.11 of
this document).
1.2) A written description of the hardware and software used in the collec-
tion, analysis, processing, or maintenance of data on automated data col-
lection system(s). This description shall identify expectations of computer
system performance and shall list the hardware and software used for
data handling. Where multiple automated data collection systems are
used, the written description shall include how the systems interact with
one another.
1.3) Software and/or hardware acceptance test records which identify the item
tested, the method of testing, the date(s) the tests were performed, and
the individuals who conducted and reviewed the tests.
1.4) Summaries of training and experience and job descriptions of staff as re-
quired by Section 7.1 of this document.
1.5) Records and reports of maintenance of automated data collection
system(s).
1.6) Records of problems reported with software and corrective actions taken.
1.7) Records of quality assurance inspections (but not the findings of the in-
spections) of computer hardware, software, and computer-resident data.

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 18 of 19
1.8) Records of backups and recoveries, including backup schedules or logs,
type and storage location of backup media used, and logs of system fail-
ures and recoveries.
2) There shall be archives for orderly storage and expedient retrieval of all raw
data, documentation, and records generated in the design and operation of the
automated data collection system. Conditions of storage shall minimize poten-
tial deterioration of documents or magnetic media in accordance with the re-
quirements for the retention period and the nature of the document or magnetic
media.
3) An individual shall be designated in writing as a records custodian for the
archives.
4) Only personnel with documented authorization to access the archives shall be
permitted this access.
5) Raw data collected, analyzed, processed, or maintained on automated collection
system(s) and documentation and records for the automated data collection
system(s) shall be retained for the period specified by EPA contract or EPA
statute.
7.13 Reporting
A laboratory may choose to report or may be required to report data electronically.
If the laboratory reports data electronically, the laboratory shall:
1) Ensure that electronic reporting of data from analytical instruments is reported
in accordance with the EPA’s standards for electronic transmission of labora-
tory measurements. Electronic reporting of laboratory measurements must be
provided on standard magnetic media (i.e., magnetic tapes and/or floppy disks)
and shall adhere to standard requirements for record identification, sequence,
length, and content as specified in EPA Order 2180.2—Data Standards for
Electronic Transmission of Laboratory Measurement Results.
2) Ensure that electronically reported data are transmitted in accordance with the
recommendations of the Electronic Reporting St . dards Workgroup (to be iden-
tified when the recommendations are finalized).

-------
GOOD AUTOMATED LABORATORY PRACTICES Page 19 of 19
7.14 Comprehensive Ongoing Testing
Laboratories using automated data collection systems must conduct comprehensive
tests of overall system performance, including document review, at least once every
24 months. These tests must be documented and the documentation must be re-
tamed and avilable for inspection or audit.

-------
20

-------
APPENDIX A: INVENTORY OF COMPLIANCE DOCUMENTATION
RECORD PURPOSE SUBSEC110N REFERENCE
Organization and Personnel
Personnel Records
QualIty Assurance
InspectIon Reports
Ensure competency of
personnel
Ensure GA oversight
7.1
7.4
FIFRA GLPs 160.29
TSCA GLPs 729.29
FIFRA GLPs 160.35
TSCA GLPs 792.35
Faculty
Environmental
SpecifIcations
Ensure against data loss
from environmental threat
7.5
FIFRA GLPs 160.43
TSCA GLPs 792.43
Equipment
Hardware Descnptlon
Acceptance Testing
Maintenance Records
Identify hardware in use
Ensure operational
integrity of hardware
Insure on-going operational
integrity of hardware
7.6
7.12
7.6
7.12
7.6
7.12
FIFRA GLPs 160.61
TSCA GLPs 792.61
EPA Information Security
Manual for Personal
Computers
System Design and
Development Guidance
FIFRA GLPs 160.63
TSCA GLPs 792.63
Laboratory Operations
Security Risk
Assessment
Standard OperatIng
Procedures
• Security Procedures
• Raw Data
Definition
Identify security risks
Ensure consistent use of system
Ensure data Integrity secured
Define “computer-residenr
records subject to GLP5
7.7
7.8
7.8
7.8
Computer Security Act
FIFRA GLPs 160.81
TSCA GLPs 792.81
Computer Security Act
FIFRA GLPs 160.3
TSCA GLPs 792.3
21

-------
APPENDIX A: INVENTORY OF COMPLIANCE DOCUMENTATION
RECORD PURPOSE SUBSEC11ON REFERENCE
• Procedures fordata
analysis, processing
• Procedures for data
storage and retrieval
• Procedures for
backup/recovery
• Procedures for main-
tenance of computer
system hardware
Standard Operating
Procedures
• Procedures for
Electronic Reporting
• SOPs at bench/
workstation
• Historical Files
Ensure consistent use of system
Ensure consistent use of system
Ensure consistent use of system
Ensure consistent use of system
Ensure consistent use of system
Ensure consistent use of system
provide historical record of
previous procedures in use
7.8
7.8
7.8
7.8
7.8
7.8
7.8
FIFRA GLPs 160.87, 160.107
TSCA GLPs 792.81 • 792.107
FIFRA GLPs 160.81
TSCA GLPs 792.81
EPA Information Security
Manual for Personal
Computers
FIFRA GLPs 160.63
TSCA GLPs 792.63
Transmissions Standards
Electronic Reporting
Standards Workgroup
FIFRA GLPs 160.81(c)
TSCA GLPs 792.81 (c)
FIFRA GLPs 160.81(d)
TSCA GLPs 792.81 (d)
Software Documentation
Description
Life Cycle Documentation
• Design Document!
I .jnctlonal
Specifications
Identify software In use
Ensure operational integnty
of software
Ensure operational integrity
of software
7.9
7.9
7.9
FIFRA GLPs 160.81
TSCA GLPs 792.81
Computer Secunty Act
System Design and
Development Guidance
see above
22

-------
APPENDIX A: INVENTORY OF COMPLIANCE DOCUMENTATION
RECORD PURPOSE SUBSEC11ON REFERENCE
Life Cycle
Documentation
• AcceptanceTesting
TestIng
• Change Control
Procedures
• Procedures for
Reporting/ResoMng
Software Problems
• Historical File
(version numbers)
Ensure operational Integrity
of software
Ensure operational integrity
of software
Ensure operational integrity
of software
Ensure reconstruction of
reported data
7.9
7.9
7.9
7.9
EPA Information Secunty
Manual for Personal
Computers
see above
see above
see above
FIFRA GLPs 160.81
TSCA GLPs 792.81
Operations Records/Logs
Back-up/Recovery Logs
SoftwareAcceptance
Test Record
Software Maintenance
(Change Control) Records
Protection from data loss
Ensure operational Integrity
of software
Ensure on-going integrity
of software
7.12
7.12
7.12
EPA Information Secunty
Manual for Personal
Computers
System Design and
Development Guidance
see above
23

-------
24

-------
GOOD AUTOMATED LABORATORY PRACTICES
SECTION II:
IMPLEMENTATION GUIDANCE
DRAFT
December28, 1990
25

-------
26

-------
GALP IMPLEMENTATION NOTES AND GUIDANCE
The GALP Guidance specifically identifies the operative principles upon which each GAL?
requirement is developed. These principles are also embraced in EPA’s established data man-
agement policies.
To meet these principles and to comply with EPA’s GLPs, six operational roles with specific
responsibilities are identified and provided in the GALP Guidance. As discussed in detail below,
these operational roles are not necessarily intended to imply distinct individuals.
Principles
Control is the essential objective behind most data management principles. It is the ultimate issue
in extending EPA’s GLPs to an automated laboratory. Effective management and operation of
an automated laboratory cannot be assured unless use and design of that system are consistent
with standards intended to assure system control.
The GALP guidance are built on six Principles inherent in both EPA’s GLP and its data
management policies. These Principles define the necessary control issue that underlies the
GALP.
The Principles serve two purposes. First, they are guideposts to understanding the reason behind
GALP requirements and to interpreting them. Second, wide variations in computer system
designs, technologies, laboratory purposes, and applications are likely to create situations in
which appropriate and successful control strategies could evolve that are not anticipated in the
GALP Guidance. Thus, these six principles are guidelines for evaluating equivalent options for
complying with GALP specifications.
1. DATA: The system must provide a method of assuring the integrity of all entered data.
Communication, transfer, manipulation, and the storage/recall process all offer potential for
data corruption. The demonstration of control necessitates the collection of evidence to prove
that the system provides reasonable protection against data corruption.
2. FORMULAE: The formulas and decision algorithms employed by the system must be
accurate and appropriate. Users cannot assume that the test or decision criteria are correct;
those formulas must be inspected and verified.
3. AUDiT: An audit trail that tracks data enny and modification to the responsible
individual is a critical element in the control process. The trail generally utilizes a password
system or equivalent to identify the person or persons entering a data point, and generates
a protected file logging all unusual events.
27

-------
GALP IMPLEMENTATION GUIDANCE
4. CHANGE: A consistent and appropriate change control procedure capable of tracking
the system operation and application software is a critical element in the control process.
All softw are changes should follow carefully planned procedures, including a pre-install test
protocol and appropriate documentation update.
5. STANDARD OPERATING PROCEDURES (SOPs): Control of even the most
carefully designed and implemented system will be thwarted jf appropriate user procedures
are not followed. This principle implies the development of clear directions and Standard
Operating Procedures (SOPs); the training of all users; and the availability of appropriate
user support documentation.
6. DISASTER: Consistent control of a system requires the development of alternative plans
for systemfailure , disaster recovery, and unauthorized access. The principle of control must
extend to planning for reasonable unusual events and system stresses.
These principles are identified in the Guidance that follows. Each Guidance includes a CODE
entry which identifies the “Principle” by its keyword upon which each is formulated. The
Principle enables laboratories to understand the theoretical underpinning of each GALP
recommendation.
The CODE entry also identifies one of six operational roles, listed as RESPONSIBILITY,
recommended to assign the duty to oversee compliance with the GALP specification.
Operational Roles
The GALP Guidance distinguishes six operational roles. These roles are also provided to assist
laboratories in meeting GALP requirements. Specific responsibilities are assigned to each role.
Except for Quality Assurance (see Quality Assurance discussion in the Guidance Section), these
roles do not require distinct individuals to handle them. Also, none of the roles is implied to
require someone full time to handle the responsibilities. The Responsible Person (RP) for
example, may be theLaboratory Management; sometimes, the Laboratory Management is also
a system User. Some Users routinely develop their software and therefore simultaneously ff1
the role of Vendor.
The descriptions below highlight the responsibilities assigned to each of the six roles. For an
individual assigned to fill that role these descriptions are a blueprint for implementing the GALP.
Also, in the CODE entry of the GUIDANCE that follows, the role responsible for handling the
requirement is identified.
28

-------
GALP IMPLEMENTATION GUIDANCE
Although a role may be assigned specifically to an individual, another individual may actual-
lycarry out the specific GALP requirement. The individual assigned the role, however, is
responsible for ensuring implementation of the standard(s) involved.
A: Laboratory Management: Because laboratory management is responsible for ensuring
that the laboratory is licensed, laboratory management has ultimate responsibility for all
GALP standards. Specifically, the laboratory management shall designate the Responsible
Person (RP), arrange for Quality Assurance (QA) oversight of the system; provide the
necessary resources, facilities, and equipment that may be required receive and respond to
QA reports and audits; and provide all other laboratory personnel with the guidance, training,
or supervision they require to perform successfully in their assigned roles.
B: Responsible Person (RP): Most automated laboratory problems involve confusion about
exactly who or what organizational unit is ultimately responsible for a specific system. The
identification of the system RP eliminates this confusion. The RP is generally a professional
with some computer background, in a position of authority related to the control and
operation of the automated data system. The RP’s responsibilities include training of users,
implementing appropriate security measures, developing or reviewing SOPs for system use,
enforcing change control procedures, and responding to emergent problems.
C: Quality Assurance Unit (QA): The inclusion of a data and procedural “double check”
through a Quality Assurance Unit or individual is established and widespread and is extended
here to automated laboratory systems. The legitimacy and credibility of that checking
function necessarily must rest with the independence of QA, assured through a separate
reporting relationship. While it is possible that QA may have additional responsibilities in
the organization, those responsibilities should not compromise this required independence.
The QA should not be the RP, and should not report to or through the RP. Specific QA re-
sponsibilities include review of system SOPs; inspection and audit of the system; review
of final reports for data integrity; and review of archives.
D: Archivist: The statutes EPA administers generally require that records be retained. The
period of retention can vary by statute and by type of record. The archivist is responsible
for the safe storage and retrieval of all records required by EPA statute or legal judgement
to be retained.
E: Vendor: The organization or individual that designs, codes, supports, licenses, and/or
distributes automated systems has some responsibilities specified in the GALP require-
mentsThese responsibilities generally impose design, support, notification and documen-
tation requirements. If the vendor is an outside source, the laboratory management is
29

-------
GALP IMPLEMENTATION GUIDANCE
responsible for informing the vendor of the GALP requirements. If the vendor is an employee
or the system is developed in-house, the GALP require the RP to ensure vendor requirements
are satisfied.
F: Users: All system users are responsible for familiarity with and conformity to SOPs.
Though responsibility for the enforcement of security controls and of adequate training are
vested elsewhere, all users are expected to comply with and support management policies.
These descriptions identify the general scope of responsibility assigned to each GALP Guidance
role. These descriptions are not intended to be all inclusive nor exclusive. Ultimately all
responsibility falls upon the laboratory licensee (typically the laboratory manager or owner).
More importantly, the GALP assume laboratory professionals are personally motivated to follow
the principles of their professions and that they will take every practical step to ensure the
accuracy and the reliability of the data and analyses produced by their laboratory.
30

-------
GALP IMPLEMENTATION GUIDANCE
GUIDANCE
LISTING
The Guidance is divided into a discussion of each of the eighty-three (83) GALP
recommendations. It serves as an implementation tool, providing laboratory
management and personnel with valuable information for assuring compliance
with the GALP. While atypical situations will no doubt require further recom-
mendations and procedures, the explanatory comments, examples, descriptions,
coding and special considerations will assist most laboratories to implement
successfully and cost effectively the GALP requirements.
31

-------
GALP IMPLEMENTATION GUIDANCE
7.1 Personnel
[ 1
1
Background
38
2
Training
40
3
Number of Persons
42
MANAGEMENT
7.2 La
1
boratory Management
46
Designee
2
QA
48
3
Resources
5(J
4
Reporting
52
5
Training
54
6
Deviations
56
7.3 Res
ponsible Person
1
Personnel
60
2
Training
62
3
Security
64
4
SOPs
66
5
SOP Reviews
68
6
change Control
70
7
Data Recording
72
8
Problem Reporting
74
9
GALP Compliance
76
7.4 Qu
ality Assurance Unit
1
SOPs
80
2
Inspections
82
3
Deviations
84
4
Final Data Report Reviews
86
5
Archiving Records
88
32

-------
GALP IMPLEMENTATION GUIDANCE
7.5 Facilities
1 Environment 92
2 Archives 94
7.6 Equipment
1 Design 98
2 Maintenance:
2.1 SOPs
2.2 Responsibility
2.3 Records
2.4 Problems
3 Operating Instructions
1 Risk Assessment
1.1 Confidential Information
1.2 Data Integrity
1.3 Critical Functions
2 Security Requirements
2.1 Physical Security
2.2 System Access
2.3 Functional Access
2.4 External Programs/Software
ii 7.7 Security
1 Scope
Security
Raw Data
Data Entry
Verification
Error Codes
100
102
104
106
108
112
114
116
118
120
122
124
7.8 Standard Operating Procedures
1.1
1.2
1.3
1.4
1.5
128
130
132
134
136
33

-------
GALP IMPLEMENTATION GUIDANCE
1.6 Change Control 138
1.7 Archiving 140
1.8 Backup and Recovery 142
1.9 Maintenance 144
1.10 Electronic Reporting 146
2 Document Availability 148
3 Historical Files 150
7.9 Software
1 Purpose and Use 154
2 Life Cycle
2.1 Development 156
2.2 Retrospective 158
3 Scope
3.1 Inventory 160
3.2 Coding Standards 162
3.3 Formulas 164
3.4 Acceptance Testing 166
3.5 Change Control 168
3.6 Version Control 170
3.7 Problem Reporting 172
4 Document Availability 174
5 Historical Files 176
7.10 Data Entry
1 Integrity of Data
1.1 Tracking Person 180
1.2 Tracking Equip, Time, Date 182
1.3 Data Change 184
2 Data Verificiation 186
1 Definition 190
2 SOPs 192
7.11 Raw Data
34

-------
GALP IMPLEMENTATION GUIDANCE
1 Records to be Maintained
1.1 RawData 196
1.2 Hardware and Software 198
1.3 Acceptance Test Records 200
1.4 Training and Experience 202
1.5 Maintenance 204
1.6 Problem Reporting 206
1.7 QA Inspections 208
1.8 Backup and Recovery 210
2 Conditions of Archives 212
3 Records Custodian 214
4 Limited Access 216
5 Retention Period for Records 218
7.13 Reporting
1 Standards 222
2 Other Data 224
7.12 Records and Archives
7.14 Comprehensi
Ongoing Testing 228
35

-------
GALP IMPLEMENTATION GUIDANCE
This section is intended as a key to using the Guidance. The model below, with commentary
footnotes, illustrates the implementation guidelines provided for each of the standards.
GALP Category Name
- GA!.? subsection
Icon depicting the
GALP category
Specific and officially approved wording of the particular GALP standards.
In cases where a GALP has general specifications with distinct subsections or subspeci-
fications, the general specification will always appear with each subspecitication with two or
three pages of discussion of that subspecification; the next subspecification will repeat the
general specification, and follow with its discussion.
EXPLANATION
EXAMPLE
CODE
SPECIAL
CONSIDERATIONS
A paragraph exposition defming the key terms of the standards and
explaining the intent of the standards.
Discusses the kind of compliance evidence that might be gathered or
acceptable ways in which the standards has been or may be met.
Twocodesareprovided: the RESPONSIBILITY code identifying the role
(or persons(s) assigned the role) expected to implement the standards; and
the PRINCIPLES code; providing general guidance into the theoretical
intent of the standard.
Provides potentially relevant facts or noteworthy factors that may be
relevant for certain laboratory settings, computer equipment, EPA
statutes, or court decisions that may take precedence.
NOTES: The GALP Guidance is a working document. An area on the right-hand page is provided
to allow annotation as needed. The size of this area is determined by the space available to
complete a page. This variation is not meant to imply any difference in the extent of comment
anticipated. Sources for additional guidance are also listed here.
36

-------
7.1
PERS ONNEL
37

-------
- — 7.1 Personnel
1) Background
L jJ
EXPLANATION
This standard encompasses all computer systems used to collect,
transmit, report, analyze, summarize, store, or otherwise manipu-
late data. Such systems are generally referred to generically as
“LIMS” (laboratory information management systems), or “LDS”
(laboratory data systems). Laboratory licensees are expected to
utilize appropriate professional hiring and assignment criteria,
coupled with appropriate training, to ensure that all users are able to
use the system effectively. If design of the system is left to outside
vendors, laboratory management may presume that the design
personnel involved meet education and experience criteria if other
system performance standards are met, barring any specific indica-
tion that vendor personnel lack appropriate competence.
EXAMPLE
Since there are not widespread academic certifications or criteria
that assure system usei competence, most laboratories rely on a
three part strategy for compliance: a) Users are provided with clear
operating instructions, manuals and SOPs to enable them to perform
assigned system functions; b) Sufficient training to clarify these
instructions is provided to users; c) Users unable to meet the
performance criteria axe screened out of automated responsibilities
prior to hiring or subsequent to a probationary revie .
Designer competence is generally demonstrated through the selec-
tion of a project leader whose resume demonstrates some formal
computer training, coupled with prior experience in the design or
coding of similar systems.
When an automated data collection system is used in the conduct of a laboratory
study, all personnel involved in the design or operation of the automated system
shall:
1) have adequate education, training, and experience to enable individuals to
perform the assigned system function.
38

-------
7.1 Personnel
1) Background
Attendance at special courses and certification based thereon may
substitute for formal education requirements. Experience may
substitute for formal education requirements. Either basis for sub-
stitution should be thoroughly and accurately documented.
Responsibility:
Principle:
Management
5. SOP
SPECIAL
CONSIDERATIONS
In light of the need for auditors to verify the qualifications of
laboratory personnel, laboratories may consider a separate educa-
tion and training file for each employee that documents job descrip-
tion, job requirements, skills, education, and training, but excludes
private personnel information.
Notes...
CODE
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
39

-------
7.1 Personnel
2) Training
This standard requires documentation of personnel backgrounds,
including education, training, and experience, be available to labo-
ratory management. Pertinent systems design and operations
knowledge should be indicated. Evidence of training and experi-
ence, which indicates knowledge sufficient for job requirements, is
the important issue. When outside vendors are involved, they may
be presumed to have the required education, training, knowledge
and experience. With in-house personnel, evidence of prior success
in similar responsibilities is sufficient.
EXAMPLE
Resumes (including references to education and degrees obtained,
professional certificates and job titles previously held), reports of
completed training, and up-to-date job descriptions may be filed
centrally in the lab Personnel Office. Alternatively, successful job
performance evaluations which demonstrate proper levels of job
knowledge and experience can be considered sufficient.
Responsibility:
Principle:
Management
5. SOP
L J
When an automated data collection system is used in the conduct of a laboratory
study, all personnel involved in the design or operation of the automated system
shall:
2) have a current summary of their training, experience, and job description,
including information relevant to system design and operation maintained at the
facility.
EXPLANATION
CODE
40

-------
7.1 Personnel
2) Training
Notes...
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
41

-------
F—— -
7.1 Personnel
3) Number of Persons
EXPLANATION
EXAMPLE
CODE
Laboratory licensees are expected to maintain a staff which will be
adequate in size to ensure that studies can be performed in an
accurate and timely manner, including all system-related tasks.
Multiple responsibilities of system operation may be assigned to
individuals; however, the person to whom QA is assigned must
remain independent of the laboratory unit.
By designing and following a work plan for any particular study, the
experienced Laboratory Manager, or designee, can anticipate staff-
ing requirements necessary for a particular need. In general, it is
expected that an automated laboratory be staffed (or maintain
consulting contracts) with at least two individuals whose qualifica-
tions satisfy Standard 7.1 #1 above. The Laboratory Manager must
be cognizant of any delays in operations due to inadequate staffing
and take proper action.
As a rule of thumb, persistent and excessive overtime may indicate
insufficient staffing.
Responsibility: Management
Principle: 5. SOP
When an automated data collection system is used in the conduct of a laboratory
study, all personnel involved in the design or operation of the automated system
shall:
3) be of sufficient number for timely and proper conduct of the study, including
timely and proper operation of the automated data collection system(s).
42

-------
Notes...
7.1 Personnel
3) Number of Persons
J
43

-------
44

-------
7.2
LAB ORATORY
MANAGEMENT
MANAGEMENT
45

-------
7.2 Laboratory Management
1) Designee
EXPLANATION
EXAMPLE
A single individual must be designated as the Responsible Person,
the person to whom the integrity of the data base can be entrusted.
This person should immediately appoint an associate as a back-up
who can manage the automated system if the Responsible Person is
not available.
An organizational plan must be developed to define lines of com-
munication and reporting within the laboratory structure. In smaller
labs, a single individual may have many managerial responsibili-
ties; the Responsible Person may very well be the Laboratory
Manager. However, one person must be designated as the “owner”
ultimately responsible for the automated data collection system and
its database. It is advisable for the Responsible Person to designate
a knowledgeable person as a back-up for those times when the
Responsible Person is not available.
Responsibility:
Principle:
Management
5. SOP
When an automated data collection system is used in the conduct of a study, the
laboratory management shall:
1) designate an individual primarily responsible for the automated data collection
system(s), as described in Section 7.3.
CODE
46

-------
Notes...
7.2 Laboratory Management
1) Designee
J
47

-------
7.2 Laboratory Management
2) Quality Assurance
EXPLANATION
EXAMPLE
Laboratory licensees must designate a group or individual as
Quality Assurance. This designation must be consistent with the
guidelines set forth in Section 7.4. The Quality Assurance team
responsibilities are primarily those of system and data inspection,
audit andreview. The QA team or individual must maintain adegree
of independence and, therefore, should not report to, or be, the
System Responsible Person.
An organizational plan must be developed to define lines ofcommu-
nication and reporting within the laboratory smicture. In smaller
labs, a single individual may have many managerial responsibili-
ties. The QA individual (orQA head, if a team is selected) may never
be the Responsible Person.
Responsibility:
Principle:
Management
3. Audit
When an automated data collection system is used in the conduct of a study, the
laboratory management shall:
2) assure that there is a quality assurance unit that oversees the automated data
collection system(s), as described in Section 7.4.
CODE
48

-------
7.2 Laboratory Management
2) Quality Assurance
Notes...
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
49

-------
7.2 Laboratory Management
3) Resources
MANAGEMENT
When an automated data collection system is used in the conduct of a study, the
laboratory management shall:
3) assure that the personnel, resources, facilities, computer and other equipment,
materials, and methodologies are available as scheduled.
EXPLANATION
EXAMPLE
CODE
The Laboratory Manager must guarantee that the resources neces-
sary to accurately run a given study in a timely fashion . are acces-
sible. These resources include personnel, facilities, computer and
other equipment, materials and related methodologies. This policy
of preparedness should be clearly stated in written format and
adhered to.
The experienced Laboratory Manager should possess the acumen
and skills necessary such that resources adequate to the successful
study are always available.
Laboratories should take care to provide backup staffing for critical
functions such as system backup.
Responsibility: Management
Principle: 5. SOP
50

-------
7.2 Laboratory Management
Notes...
51
3) Resources
MATERIAL BELONGS TO: 1
US EPA rOXICS !J A Y
401 M F ; SW / TS-7 3
WAS- NGT’YJ, D C 20460
(202) 2 9- 4

-------
7.2 Laboratory Management
4) Reporting
EXPLANATION
EXAMPLE
The flow of information concerning all laboratory operations,
including system review and audits, must effortlessly move to upper
managerial levels. The Laboratory Manager must guarantee that the
reports generated as a result of Quality Assurance audits are
presented for review. It is the ultimate responsibility of the Lab
Manager to assure that any errors or deficiencies that have been
discovered through QA activities be acted upon and rectified in a
prompt manner.
It must be clearly stated in a laboratory policy or SOP that all QA
review or audit reports be presented to the Laboratory Manager for
review. The review document must have a cover sheet (or similar)
which the Manager can sign and date. Likewise, an SOP or policy
should be in place that defines the responsibility of the Manager to
follow-up on all deficiencies found in said report.
Responsibility:
Principle:
Management
5. SOP
When an automated data collection system is used in the conduct of a study, the
laboratory management shall:
4) receive reports of quality assurance inspections or audits of computers and/or
computer-resident data and promptly take corrective actions in response to any
deficiencies.
CODE
52

-------
7.2 Laboratory Management
,— Notes...
4) Reporting
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laboratorj Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
53

-------
7.2 Laboratory Management
5) Training
EXPLANATION
EXAMPLE
The Laboratory Manager is ultimately responsible for the training
of the laboratory employees. It is possible that in a small laboratory
setting, the laboratory manager may train the other personnel.
Regardless, the manager must guarantee that all lab personnel are
fully trained in their responsibilities. This includes the establish-
ment of a comprehensive employee training program, training
personnel (as needed), and the review of both training “check-off”
sheets and annual assessment of employee skills and performance.
Additionally, all training procedures must undergo periodic review
at least yearly, or whenever new or upgraded equipment or method-
ologies are installed.
A computer system will perform best if its operators are familiar
with its functioning. The comprehensive and complete training of
all individuals interfacing with the automated data collection sys-
tem must therefore be delineated in a laboratory policy or SOP.
Even in the case of smaller laboratories, the basic operational skills
of the system users should be clearly defined. The training must
fully document all phases of normal system function as they pertain
to the particular user such that each user clearly understands the
functions they perform on said system . It is equally important that
the users understand enough about normal system function such that
they can recognize any abnormal system function and report it to the
appropriate laboratory individual.
When an automated data collection system is used in the conduct of a study, the
laboratory management shall:
5) assure that personnel clearly understand the functions they are to perform on
automated data collection system(s).
54

-------
7.2 Laboratory Management
CODE
5) Training
Routine review of problems, whether their frequency has increased
or decreased, and how they have been resolved, may alert laboratory
staff to the need for more or better testing.
Responsibility:
Principle:
Management
5. SOP
Notes...
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
55

-------
7.2 Laboratory Management
6) Deviations
EXPLANATION.
EXAMPLE
The Guide for Auwma:ed Data Collection System(s) is predicated
upon the principles of GLP. The Laboratoiy Manager(s) is, there-
fore, ultimately responsible for all activity within the confines of the
lab. In must be stated in either SOP or general policy that any depar-
tare from the standards listed within the Guide will be reported to the
designated Responsible Person or designee. That person must then
make sure that the deviation was properly documented and that
appropriate corrective actions have been taken and similarly docu-
mented.
As part of a comprehensive system policy, there must be written
assurance that responsible parties be made aware of deficiencies or
departures from the standards set forth in the Guide. This policy
must state that the Responsible Person will handle all of these
deviations and satisfactorily document these actions. The documen-
tation described above should include an indication of the violating
party, the date of the violation (if known) and the corrective action
and date. There should also be an area for the signature of the
Responsible Person or other reviewer.
CODE
Responsibility:
Principle:
When an automated data collection system is used in the conduct of a study, the
laboratory management shall:
6) assure that any deviations from this guide for automated data collection
system(s) are reported to the designated Responsible Person and that corrective
actions are taken and documented.
Management
5. SOP
56

-------
,— Notes...
7.2 Laboratory Management
6) Deviations
57

-------
58

-------
7.3
RESPONSIBLE
PERSON
59

-------
7.3 Responsible Person
1) Personnel
EXPLANATION
EXAMPLE
The Responsible Person must ensure that the facility is properly
staffed with personnel qualified for the systems tasks pertinent to
the site and that such personnel are properly managed. The Respon-
sible Person ensures that staff levels are appropriate, that the staff
receives all necessary training (including knowledge of SOPs,
regulatory requirements, system-related workfiow, procedures, and
conventions), and that they adequately perform all required system
activity.
Adequacy of staffing levels for system supervision, support, and
operation can be assessed periodically by the proper Operations and
Personnel management to determine if established levels need to be
changed. The Responsible Person may review training records to
maintain awareness of current status of training received and
needed. Observation of job performance will also indicate perform-
ance levels of current staff and possible needs for additional help.
Examination of project schedules and work backlogs can help to
determine adequacy of current staff and whether the system is
receiving proper staffing support.
CODE
Responsibility:
Principle:
Responsible Person
5. SOP
The laboratory shall designate a comluter scientist or other professional of
appropriate education, training, and experience or combination thereof as the
individual primarily responsible for the automated data collection system(s)
(the Responsible Person). This individual shall ensure that:
1) there are sufficient personnel with adequate training and experience to super-
vise and/or conduct, design and operate the automated data collection system(s).
60

-------
7.3 Responsible Person
Notes...
1) Personnel
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
61

-------
7.3 Responsible Person
2) Training
EXPLANATION
EXAMPLE
The Responsible Person must make sure that personnel who use or
support the system maintain the skills and knowledge necessary for
the proper performance of their responsibilities. On-going training
and training necessitated by changes in the system may be necessary
to ensure that sl 5 ills do not become outdated or forgotten. The Re-
sponsible Person should determine that job performance reviews
indicate proper skill levels and that any recommended training is
conducted prompdy.
Written procedures can be established requiring that all training
needs identified by job performance reviews or observations of job
activities be reported to the Responsible Person. SOPs requiring
documentation of training and testing could also be created. Em-
ployees can be encouraged to obtain training in use of system
utilities, the operating system, proper use of available program
libraries and databases for testing and production purposes, sort
tools and options, end-user programming languages or report writ-
ers or education they believe is needed. The Responsible Person can
call to the attention of staff and users any available in-house or
vendor-provided t aining that might be pertinent.
CODE
Resi,onsible Person
5.
SOP
The laboratory shall designate a computer scientist or other professional of
appropriate education, training, and experience or combination thereof as the
individual primarily responsible for the automated data collection system(s)
(the Responsible Person). This individual shall ensure that:
2) the continuing competency of staff who design or use the automated data col-
lection system is maintained by documentation of their training, review of work
performance, and verification of required skills.
Resoonsibilitv:
Principle:
62

-------
7.3 Responsible Person
2) Training
TRAINING
Notes...
DOCUMENTATION,
REVIEW, VERIFICATION
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenricide Act
(FIFRA), Good Laboratory Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
RESPONSIBLE
PERSON
EMPLOYEES
J
63

-------
7.3 Responsible Person
3) Security
EXPLANATION
EXAMPLE
The Responsible Person is responsible for ensuring that an analysis
of system vulnerability is performed and reasonable measures for
preventing unauthorized system access have been taken, as war-
ranted by the degree of exposure that exists. All aspects of system
input, processing, and output requiring security control must be
identified and measures for restricting access to these system
functions should be established and operating in a way that satisfies
the stated objectives.
An analysis of all entry methods to the system, especially any
remote modem access by vendors or other users, all persons and
methods involved in initiating processing, and all persons receiving
system output, should be conducted to determine possible areas of
exposure. Precautionary measures to prevent intentional or
unintentional data comiption or disruption of system performance
should be taken. These can consist of password security, dial-back
procedures for remote access, and procedures for updating security
files and distribution of system output to authorized persons only.
Physical access to sensitive records stored magnetically or in hard
copy format must also be controlled appropriately. A system for
updating passwords periodically, such as every six months, might
be used and automatic system logging of unauthorized access
attempts should be utilized. Notification procedures should be
The laboratory shall designate a computer scientist or other professional of
appropriate education, training, and experience or combination thereof as the
individual primarily responsible for the automated data collection system(s)
(the Responsible Person). This individual shall ensure that:
3) a security risk assessment has been made, points of vulnerability of the system
have been determined, and all necessary security measures to resolve the vulnera-
bility have been implemented.
64

-------
7.3 Responsible Person
3) Security
L
established for updating security when users resign or their job
responsibilities change. EPA’s Informanon Security Manual for
Personal Computers (December 1989) provides guidance on how
to perfonn a risk assessment and how to assess potential points of
vulnerability to system security.
Responsibility:
Principle:
Responsible Person
1. Data
Notes...
For additional guidance, see: Computer Security Act of 1987, and Information
Security Manual for Personal Computers (December 1989).
65

-------
7.3 Responsible Person
4) SOPs
EXPLANATION
EXAMPLE
The Responsible Person must ensure that system documentation is
comprehensive, current (showing evidence of management review
and approval within the last 12 months), and readily accessible to
users. For purchased systems, documentation may be provided by
the vendor but may still require supplementing and tailoring to the
environment. Technical documentation should be developed in
accordance with in-house standards and available to Operations and
support personnel. A User’s Manual should provide all pertinent
information for proper system use. Written procedures for control
of the system should be available to all persons whose duties involve
them with the system.
SOPs supporting system activity can be developed covering sub-
jects such as system security, training, hardware and software
change control, data change procedures and audit trails, procedures
for manual operation during system downtime, disaster recovery,
backup and restore procedures, and general system safety. In
addition, documentation of the software and hardware can be made
available either through on-line help text or manuals, which should
be numbered and logged out to departments or individuals in order
to facilitate the update process.
CODE
• Responsible Person
5. SOP
The laboratory shall designate a computer scientist or other professional of
appropriate education, training, and experience or combination thereof as the
individual primarily responsible for the automated data collection system(s)
(the Responsible Person). This individual shall ensure that:
4) the automated data collection system(s) have written operating procedures
and appropriate software documentation that are complete, current, and avail-
able to all staff.
Responsibility
Principle:
66

-------
7.3 Responsible Person
Notes...
4) SOPs
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
I
67

-------
7.3 Responsible Person
5) SOP Review
EXPLANATIONI
System-related SOPs and software changes are to be subject to a
formal approval process that itself is to be defined in written SOPs.
The Responsible Person must ensure that no changes are made to
operating procedures or software without proper approval and
documentation. Software changes are to be made only in accor-
dance with an approved Change Control Procedure. -
EXAMPLE
The Responsible Person can establish a Change Control Procedure
that creates a mechanism for requesting software changes and
defines review and approval measures for changes. The Respon-
sible Person can be part of the approval process and can prohibit any
software change from moving to the production environment with-
out his signed approval. The Responsible Person should also be
included in the approval process for system-related procedures; re-
quirements can be established that no changes should be instituted
without his signature.
CODE
Responsible Person
4. Change
The laboratory shall designate a computer scientist or other professional of
appropriate education, training, and experience or combination thereof as the
individual primarily responsible for the automated data collection system(s)
(the Responsible Person). This individual shall ensure that:
5) all significant changes to operating procedures and/or software are approved
by review and signature.
Responsibility:
Principle:
68

-------
Notes...
7.3 Responsible Person
5) SOP Review
69

-------
7.3 Responsible Person
6) Change Control
EXPLANATION
EXAMPLE
Before software changes or new software are put into the production
environment, the Responsible Person must ascertain that the soft-
ware is performing in accordance with the needs of the users, and
that they have had adequate opportunity to evaluate it in a test
environment.
Documentation of acceptance testing can be part of the approval
process that must precede putting new or changed software into
production. A Software Change Control SOP can be instituted,
requiring that test protocols be created, tests be conducted in accor-
dance with the protocols, and test data with anticipated and actual
results be permanently filed. The SOP can also require written
approvals from users and MIS before changes are put into produc-
tion and indicate procedures and conventions to be followed for ver-
sion control of programs maintained. A test environment can be
established for users to test whether new software or software
changes meet their needs or requests. User sign-off can be obtained
to indicate that new program versions are working satisfactorily.
CODE
Responsible Person
4. change
The laboratory shall designate a computer scientist or other professional of
appropriate education, training, and experience or combination thereof as the
individual primarily responsible for the automated data collection system(s)
(the Responsible Person). This individual shall ensure that:
6) there are adequate acceptance procedures for software and software changes.
Responsibility:
Principle:
70

-------
Notes...
73.3 Responsible Person
6) Change Control
For additional guidance, see: EPA System Design & Development Guidance
(June 1989).
LI:
71

-------
7.3 Responsible Person
7) Data Recording
EXPLANATION
EXAMPLE
The Responsible Person must institute practical methods and pro-
cedures that will control data entry, change, and storage, resulting
in data integrity.
Procedures can be established to require that audit trails are pro-
duced indicating all data entered, changed, or deleted, and that these
reports are reviewed thoroughly by appropriate personnel. Data
changes can require reason comments or codes. Audit trails can
indicate user identification, date and time stamps, field names, plus
old and new values, and authorization codes. Access to data entry/
change/delete functions can be restricted. Double keying can be
required where appropriate. Audit trails for data passing through
interfaces can produce batch control totals of records. Automatic
entry of data by test devices may be checked by means of audit trail
reports. Manual rechecking of data entered against source docu-
ments may be appropriate in some cases; spot-checking of inputs
randomly selected may be helpful in other situations.
CODE
Responsible Person
1. Data
H
The laboratory shall designate a computer scientist or other professional of
appropriate education, training, and experience or combination thereof as the
individual primarily responsible for the automated data collection system(s)
(the Responsible Person). This individual shall ensure that:
7) there are procedures to assure that data are accurately recorded in the
automated data collection system.
Responsibility:
Principle:
72

-------
Notes...
7.3 Responsible Person
7) Data Recording
73

-------
7.3 Responsible Person
8) Problem Reporting
EXPLANATION
The Responsible Person must ensure that a problem reporting
procedure or method is in effect to log system problems that could
impact data integrity, actions taken on those problems, and resolu-
tions. Problem Log documentation should be kept on file.
EXAMPLE
A written Problem Reporting procedure and forms for reporting and
describing such problems are normally used. Actions taken and
resolutions can be documented on the same forms, which can be
retained for later reference and inspection. The Responsible Person
can monitor compliance with the procedures by periodically re-
viewing the log and signing it. Summaries can be prepared for
management review.
CODE
Responsible Person
1. Data
The laboratory shall designate a computer scientist or other professional of
appropriate education, training, and experience or combination thereof as the
individual primarily responsible for the automated data collection system(s)
(the Responsible Person). This individual shall ensure that:
8) problems with the automated collection system that could affect data quality
are documented when they occur, are subject to corrective action, and the action
is documented.
Responsibility:
Principle:
74

-------
7.3 Responsible Person
Notes...
8) Problem Reporting
For additional guidance, see: Computer Security Act of 1987, and EPA System Design
& Development Guidance (June 1989).
J
75

-------
7.3 Responsible Person
9) GALP Compliance
EXPLANATION
EXAMPLE
The Responsible Person must ensure that all lab personnel are
familiar with pertinent current GLPs, that GLPs should be easily
accessible, and that the lab activities are conducted in accordance
with them. Copies of GLPs should be easily accessible to lab per-
sonnel. The Responsible Person can periodically review all perti-
nent GLPs with lab personnel and the Quality Assurance Unit can
inspect periodically for compliance with them.
Training sessions can cover applicable GLPs and testing can be used
to confirm knowledge and understanding of them. Typically, copies
of relevant GLPs will be kept in a designated area for reference by
lab personnel.
CODE
Responsible Person
5. SOP
H
The laboratory shall designate a computer scientist or other professional of
appropriate education, training, and experience or combination thereof as the
individual primarily responsible for the automated data collection system(s)
(the Responsible Person). This individual shall ensure that:
9) all applicable good laboratory practices are followed.
Res onsibii r
Principle:
•1
76

-------
Notes...
7.3 Responsible !erson
9) GALP Compliance
77

-------
78

-------
7.4
QUALITY
ASSURANCE UNIT
79

-------
QA -. . . 7.4 Quality Assurance Unit
1) SOPs
The laboratory shall have a quality assurance unit that shall be responsible for
monitoring those aspects of a study where an automated data collection system is
used. The quality assurance unit shall be entirely separate from and independent
of the personnel engaged in the direction and conduct of a study or contract. The
quality assurance unit shall inspect and audit the automated data collection
system(s) at intervals adequate to ensure the integrity of the study.
The quality assurance unit shall:
1) maintain a copy of the written procedures that include operation of the
automated data collection system.
EXPLANATION
EXAMPLE
CODE
SPECIAL
CONSIDERATIONS
One of the responsibilities of the Quality Assurance Unit (QAU) is
providing proof that the automated data collection system(s)
operates in an accurate and cqrrect manner consistent with its
recommended function. It is imperative that a complete and current
set of Standard Operating Procedures is available and accessible at
all times to the QAU. The QAU must also have access to the most
current and version-specific set of system operations technical
manuals.
A complete and current copy of system SOPs and technical docu-
mentation should exist as part of standard documentation found in
the office of the QAU head (or individual). This must be written and
formalized as standard lab (QAU) policy.
Responsibility: Quality Assurance
Principle: 5. SOP
If SOPs are maintained online, the QAU shall be responsible for
keeping a hardcopy version and for verifying that the machine-
readable and hardcopy versions are identical.
80

-------
7.4 Quality Assurance Unit
1) SOPs
Notes...
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances ControlAct
(TSCA); Good Laboratory Practices (1989).
81

-------
7.4 Quality Assurance Unit
2) Inspections
EXPLANATION
EXAMPLE
A system that is consistently reliable and accurate is a major focus
of validation. To ensure that consistency and reliability, the system
must be audited and/or validated on a regular basis; at least once
yearly, or immediately after any change that affects overall system
operation or function.
As set by SOP, the periodic inspection policy must include provi-
sions for description of the inspection study, the personnel involved
in the inspection activities, findings and recommended resolutions
to any discovered problems. All documentation of the inspection
must be properly signed-off by the inspection unit (QAU). If
problems are detected, the Responsible Person must be immediately
notified and a date for reinspection should be established.
CODE
Responsibility:
Principle:
Quality Assurance
5. SOP
‘The laboratory shall have a quality assurance unit that shall be responsible for
monitoring those aspects of a study where an automated data collection system is
used. The quality assurance unit shall be entirely separate from and independent
of the personnel engaged in the direction and conduct of a study or contract. The
quality assurance unit shall inspect and audit the automated data collection
system(s) at intervals adequate to ensure the integrity of the study.
The quality assurance unit shall:
2) perform periodic inspections of the laboratory operations that utilize auto-
mated data collection system(s) and submit properly signed records of each
inspection, the study inspected, the person performing the inspection, findings and
problems, action recommended and taken to resolve existing problems, and any
scheduled dates for reinspection. Any problems noted in the automated data
collection system that are likely to affect study integrity found during the course
of an inspection shall be brought to the immediate attention of the designated
Responsible Person.
82

-------
7.4 Quality Assurance Unit
2) Inspections
Notes...
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
83

-------
7.4 Quality Assurance Unit
3) Deviations
EXPLANATION
EXAMPLE
In order to maintain complete control over system operations and
function, it is important to m ike sure that the automated data
collection system is consistently being operated in a manner con-
gruous with its recommended functionality. It is equally important
that no changes be made to the existing software package that are
inconsistent with accepted change authorization procedures.
As set by SOP, the QAU must insure that no changes have been
made to either software or system operations instructions without
prior consent and full documentation of the change. Changes to
either are, of course, permitted as long as the proper change control
procedures are followed (refer to 7.3,7.8 and 7.9: Change Control).
CODE
Responsibility:
Principle:
Quality Assurance
5. SOP
The laboratory shall have a quality assurance unit that shall be responsible for
monitoring those aspects of a study where an automated data collection system is
used. The quality assurance unit shall be entirely separate from and independent
of the personnel engaged in the direction and conduct of a study or contract. The
quality assurance unit shall inspect and audit the automated data collection
system(s) at intervals adequate to ensure the integrity of the study.
The quality assurance unit shall:
3) ‘determine that no deviations from approved written operating instructions and
software were made without proper authorization and sufficient documentation.
84

-------
Notes...
7.4 Quality Assurance Unit
3) Deviations
85

-------
7.4 Quality Assurance Unit
4) Final Data Report Reviews
EXPLANATION
EXAMPLE
Periodic system performance review is a method of ensuring data
integrity and reliability. By examining a final data report and
correlating it with the raw data for a specific system run, the QAU
may check system accuracy.
An SOP must be written requiring a weekly review of several final
data reports and their corresponding raw data. Problems or devia-
tions arising from this review should be handled as mentioned in
Section 7.4 #3.
Although a performance review of this nature is part of a system
validation study, it should not be construed to comprise the entire
study.
CODE
Responsibility:
Principle:
Quality Assurance
5. SOP
The laboratory shall have a quality assurance unit that shall be responsible for
monitoring those aspects of a study where an automated data collection system is
used. The quality assurance unit shall be entirely separate from and independent
of the personnel engaged in the direction and conduct of a study or contract. The
quality assurance unit shall inspect and audit the automated data collection
system(s) at intervals adequate to ensure the integrity of the study.
The quality assurance unit shall:
4) periodically review final data reports to ensure that results reported by the
automated data collection system accurately represent the raw data.
86

-------
Notes...
7.4 Quality Assurance Unit
4) Final Data Report Reviews
87

-------
7.4 Quality Assurance Unit
5) Archiving Records
EXPLANATION
EXAMPLE
To ensure a consistency of effort, it is imperative that all of the
QAU’s methods and procedures be fully documented and perfectly
followed. It is equally important that the unit’s inspections and
results are labeled and identified by date, time and investigator(s),
and are easily accessible. The ease of accessibility is determined by
the filing and/or index system under which the document is stored.
This indexing system must be fully described as well.
A policy must be set that requires the QAU to maintain all records
and documentation pertaining to their activities, methodologies and
investigations (including results). The documentation may well
include all SOPs that pertain to the unit. The complete set of
documents will include an index or description of the indexing
method used, to act as a guide for those individuals who need quick
access to the information contained within those archived files.
CODE
Quality Assurance
5. SOP
The laboratory shall have a quality assurance unit that shall be responsible for
monitoring those aspects of a study where an automated data collection system is
used. The quality assurance unit shall be entirely separate from and independent
of the personnel engaged in the direction and conduct of a study or contract. The
quality assurance unit shall inspect and audit the automated data collection
system(s) at intervals adequate to ensure the integrity of the study.
The quality assurance unit shall:
5) ensure that the responsibilities and procedures applicable to the quality
assurance unit, the records maintained by the quality assurance unit, and the
method of indexing such records shall be in writing and shall be maintained.
These items include inspection dates of automated data collection systems, name
of the individual performing each inspection, and results of the inspection.
Responsibility:
Principle:
88

-------
Notes...
7.4 Quality Assurance Unit
5) Archiving Records
89

-------
90

-------
7.5
FACILITIES
91

-------
7.5 Facilities
1) EnvironmeiU
The system must be provided with the environment it needs to
operate correctly; this applies to all environmental factors that
might impact data loss, such as proper temperature, freedom from
dust and debris, adequate power supply and grounding. System
hardware should be installed in accordance with the environmental
standards specified by the nl2nufacturer.
EXAMPLE
Climpte control systems adequate to provide the proper operating
environment should be dedicated to the computer room or other
location of the hardware. Backup clinl2te control systems are also
provided in many cases. Hardware should be installed in accordance
with the manufacturer’s specifications concerning climpte and
power requirements. Typically, these are stated in the manufac-
turer’s site pLeparatlon manual and the equipment is normally
installed by the manufacturer. Control devices and alarms should be
installed to warn against variances from acceptable temperature
ranges and UPS devices may be used to protect against loss of
power.
Resnonsibilitv:
Principle:
-C
Management
6. Disaster
When an automated data collection system is used in the conduct of a study,
the laboratory shall:
1) ensure that the facility used to house the automated data collection system(s)
has provisions to regulate the environmental conditions (e.g., temperature, humid-
ity, adequacy of electrical requirements) adequate to protect the system(s) against
data loss due to environmental problems.
EXPLANATION
CODE
92

-------
7.5 Facilities
1) Environme,u
Notes... —
For additional guidance, see: Federal Fungicide, Insecticide, and Rode,uicide Act
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
93

-------
7.5 Facilities
2) Archives
When an automated data collection system is used in the conduct of a study,
the laboratory shall:
2) provide adequate storage capability of the automated data collection system(s)
or of the facility itself to provide for retention of raw data, including archives of
computer-resident data.
EXPLANATION
EXAMPLE
CODE
SPECIt4L
CONSID$HATIONS
Adequate storage space must be available forraw data to be retained
in hard-copy format or on magnetic media. Storage for system-
related records, both elecn onic and hard-copy, must be sufficient to
allow orderly conduct of laboratory activities, including complying
with reporting and records retention requirements. For the system,
this pertains to both on and off-line storage. Physical file space re-
quirements (hard copy, microfilm, microfiche) must be properly
planned and managed to meet lab needs and responsibilities.
Operations personnel must mpintain an adequate supply of required
tapes or disks and ensure that space to store them is sufficient to meet
current and anticipated needs. Storage facilities for retention of raw
data in hardcopy orelecuonic format must be planned and available.
Procedures defining how raw data is to be retained can be instituted.
Responsibility: Responsible Person
Principle: 1. Data
Offsite storage is recommended for backup tapes or other media.
Backups can be cycled through the offsite location. For example, the
most recent backup may be kept on the premises while the prior
backup is kept offsite. This procedure retains the most recent
version in-house for convenience while securing another version
offsite for use in the event of disaster.
94

-------
Notes...
95

-------
96

-------
7.6
EQUIPMENT
97

-------
7.6 Equipment
•• 1) Desi
‘ H ’
Automated data collection equipment used in the generation, measurement, or
assessment of data shall be of appropriate design and adequate capacity to function
according to specifications and shall be suitably located for operation, inspection,
cleaning, and maintenance. There shall be a written description of the computer
system(s) hardware. Automated data collection equipment shall be installed in
accordance with manufacturer’s recommendations and undergo appropriate
acceptance testing following written acceptance criteria at installation. Significant
changes to automated data collection system(s) shall be made only by approved
review, testing, and signature of the designated Responsible Person and the
Quality Assurance Unit.
EXPLANATION
EXAMPLE
The system’s hardware should perform in accordance with specifi-
cations provided by the vtmnufacturer and should be appropriately
configured to meet task requirements. Storage capacity and re-
sponse dines must meet user needs. The installation site should be
planned to facilitate use and maintenance. A current system con-
figuration chart should be ni intained. Vendor manuals describing
system hardware components, including their installation specifi-
cations, functions, and usage, should be available to proper lab
personnel and should be kept current. Inst2Il tion should be accord-
ing to manufacturer’s specifications and should meet formal, writ-
ten acceptance test criteria before being used in production mode.
The Responsible Person must ensure that a hardware change control
procedure, involving formal appiuvals and testing, is followed
before hardware changes are permitted.
Manufacturer’s manuals can be obtained for guidance with instal-
lation and initial acceptance testing diagnostics provided with
equipment and normally indicated in the documentation can dem-
onstrate performance in accordance with specifli.ations. Suitability
to the task is typically determined through acceptance testing, and
adequacy might be addressed as part of capacity planning. A formal
SOP for Hardware Change Control can be used to require accep-
tance testing and recommend ways to structure it; such a procedure
normally also indicates reviews and authorizations required.
98

-------
CODE.
Notes...
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Ac:
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
7.6 Equipment
1)Desin
I’ll
Responsibility: Responsible Person
Principle: 4. Change
99

-------
7.6 Equipment
2) Maintenance
1) SOPs
EXPLANATION
EXAMPLE
SOPs must be established to ensure that hardware is nl2intained,
tested, and cleaned on a schedule that will minimize problems and
downtime. The procedures should be reviewed and signed at least
eveiy 12 months by the Responsible Person and appropriate man-
agement.
A Hardware Maintenance SOP might address the feasibility of
contracting for mpintenance through the manufacturer or other
outside vendor as well as what testing, cleaning and nl2intenance
should be performed in-house by users or Operations personnel.
The procedure may state objectives of mpintaining equipment per-
formance in accordance with specifications and minimi7ing down-
time and data loss or corruption.
CODE
Responsible Person
5. SOP
Automated data collection system(s) shall be adequately tested, inspected, cleaned
and maintained. The laboratory shall:
1) have written operating procedures for routine
Responsibility:
Principle:
100

-------
7.6 Equipment
Notes...
2) Maintenance
1) SOPs
For additional guidance, see: Federal Fungicide, 1,isecticide, and Rodenticide Ac:
(FIFRA); Good Laborauny Practices (1989), and Toxic Substances Control Ac:
(TSCA); Good Laboraw,y Practices (1989).
101

-------
•IiIi 7.6 Equipment
•••• 2) Maintenance
liii 2) Responsibility
Automated data collection system(s) shall be adequately tested, inspected, cleaned
and maintained. The laboratory shall:
2) designate in writing an individual responsible for performance of each
operation.
EXPLANATION
EXAMPLE
CODE
Specific responsibilities for testing, inspection, cleaning, and main-
tenance must be assigned in writing and should distinguish between
the various hardware devices on site. Those responsible must ensure
that the tasks are accomplished by themselves or their subordinates.
Operations personnel are normally responsible for inspecting and
cleaning most mainframe and mini-computer equipment, and at
times are responsible for a degree of maintenance. Contracts with
the manufacturer typically cover major hardware performance
problems and preventative maintenance; third-party maintenance
contractors can also provide such services. Terminal users can be
required to clean their own terminals and personal printers and PC
users typically test, inspect, and clean their own equipment, which
might be under a maintenance contract with an outside vendor or
could be repaired by in-house personnel, if such skills are available.
Responsibility: Responsible Person
Principle: 5. SOP
102

-------
7.6 Equipment iII IiII
2) Maintenance
2) Responsibility I Iiiiii
Notes...
103

-------
7.6 Equipment
2) Maintenance
3) Records
EXPLANATION
EXAMPLE
A log of the regularly-scheduled hardware tests, n nies of persons
who conducted them, dates, and indication of results, must be
m2intained. Written test procedures with anticipated results must be
followed and the log must document any deviations from these. This
log should be reviewed and signed at least annually byni nagement
the Responsible Person should review it regularly.
For each type of hardware device utilized on-site, an appropriate test
schedule can be developed and this on-going testing can be con-
ducted accordingly by the persons assigned. A log of these tests,
including their schedule and results can be kept cenu aliy by
Operations personnel or the Responsible Person. Testing perfonned
by outside vendors as part of preventative nl2intenance can also be
documented in the log along with results.
CODE
Responsible Person
5. SOP
Automated data collection system(s) shall be adequately tested, inspected, cleaned
and maintained. The laboratory shall:
3) maintain written records of all maintenance testing containing the dates of the
operation, describing whether the operation was routine and followed the written
procedure.
Responsibility:
Principle:
104

-------
7.6 Equipment
2) Maintenance
3) Records
Notes...
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laborato,y Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
105

-------
7.6 Equipment
• U 2) Maintenance
liii 4) Problems
Automated data collection system(s) shall be adequately tested, inspected, cleaned
and maintained. The laboratory shall:
4) maintain records of non-routine repairs performed on the equipment as a
result of a failure and/or malfunction. Such records shall document the problem,
how and when the problem occurred, and describe the remedial action taken in
response to the problem along with acceptance criteria to ensure the return of
function of the repaired system.
EXPLANATION
EXAMPLE
CODE
All repairs of malfunctioning or inoperable hardware must be
logged; this log should be retained permanently and reviewed on a
regular basis by m2nagement. All substantive information relevant
to problems and their resolutions should be recorded. Formal
acceptance testing with documented criteria must be conducted to
ensure proper performance prior to returning repaired devices to
normal operations.
Operations can maintain an Equipment Repair Log cenually. If
repairs are performed by the manufacturer or other vendors, nor-
m IIy a written report is provided by the serviceman which can help
to document the problem and should be retained but will usually
have to be supplemented with iMitional information provided by
the user or operator. Cenu alizing responsibility for contacting
outside service support can help to keep records of such service
comprehensive. When repairs are performed in-house by
Operations personnel or users, a form can be implemented to obtain
the necessary information for the Log.
Responsibility: Responsible Person
Principle: 5. SOP
106

-------
7.6 Equipment
2) Maintenance
4) Problems ________
Notes...
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laboraroiy Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
107

-------
7.6 Equipment
3) Operating Instructions
EXPLANATION
EXAMPLE
Applications software and systems software (including the operat-
ing system) must be backed up (i.e., saved to off-line storage on disk
or tape) to prevent complete loss due to a system problem. This
pertains to software versions currently in use at the laboratory; at
least one generation of each software system should be stored off-
line. Procedures for backups and restores must be established, and
personnel responsible for performing these t ck c must be properly
wained. Copyrights pertinent to vendor-supplied software are to be
observed and backups should serve only the purpose intended.
Typically, one generation of each software system used by the lab
is stored off-line in a usable format Normally, this will be on
magneticdiskortapeandwillbekeptinasecurevaultoroff-site
location. Written procedures can indicate reasons for which back-
ups other than initial ones should be taken, such as changes to the
software. Operations personnel are usually responsible for backups
and restores to mainframe, mini-computer, and network software.
Users of stand-alone PCs may be required to perform their own
backups and restores of any software they have developed or
modified.
CODE
Responsible Person
6. Disaster
The laboratory shall institute backup and recovery procedures to ensure that
operating instructions (Le., softwdre) for the automated data collection system(s)
can be recovered after a system failure.
Responsibility:
Principle:
108

-------
Notes...
7.6 Equipment
3) Operating Instructions
For ‘Mitiona1 guidance, see: Computer Security Act of 1987, and EPA System
Design & Development Guidance (June 1989).
109

-------
110

-------
7.7
SECURITY
111

-------
7.7 Security
1) Risk Assessment
1) Confidential Information
EXPLANATION
Laboratories using automated data collection systems must evalu-
ate the need for systems security by determining whether their
systems contain confidential data to which access must be re-
s icted. If this is the case, security procedures must be instituted.
EXAMPLE
Management is usually f2nhiliar with studies being conducted at its
laboratories and typically is sensitive to issues requiring confiden-
tiality. Management can also survey users, when necessary, to assist
in determining this. The Responsible Person can assist in this
respect by ensuring that all parties are communicating sufficiently
about security needs and tools available to meet such needs. Access
categories can be established at various levels and persons can then
be assigned the appropriate access level according to their needs.
Rest,onsibilitv!
Principle:
Management
1. Data
When an automated data collection system is used in the conduct of a study, the
laboratory shall evaluate the need for system security. The laboratory shall have
procedures that azure that the automated data collection system is secured if
that system:
1) contains confidential information that requires protection from unauthorized
disclosure.
CODE
112

-------
7.7 Security
1) Risk Assessment
1) Coi flde,uia1 Information
from EPA Information Security Manual
for Personal Computers, December 1989.
Notes...
For additional guidance, see: Computer Security Act of 1987; EPA Jiy’brmation
Security Manual for Personal Computers (December 1989); Automated Laboratory
Standards: Evaluation of the Standards and Procedures Used in Automated Clinical
Laboratories (Ma’j 1990); and Automated laboratory Standards: Evaluation of rhe
Use of Automated Financial System Procedures (June 1990).
113

-------
7.7 Security
1) RLsk Assessment
2) Data Integrfty
EXPLANATION
EXAMPLE
CODE
Security must be instituted on automated data collection systems at
labs if data integrity is deemed to be an area of exposure and
potential hazard.
If data loss or corruption could negate or degrade the value of a
laboraxbiy study, security measures, such as those indicated in 3.7
#2 below or reswicting the degree of access through use of various
levels of passwordprivileges, should be established on the software
systems to which this pertains. Security built-in to lab applications
can be used, if adequate, or this can be supplemented orreplaced by
use of software dedicated specifically to security. A double level of
protection against intentional security breaches is desirable. For
more information on risk assessment, see EPA’s Information Secu-
rity Manual for Personal Computers (December 1989).
Responsibility:
Principle:
Management
1. Data
When an automated data collection system is used in the conduct of a study, the
laboratory shall evaluate the need for system security. The laboratory shall have
procedures that assure that the automated data collection system is secured if
that system:
2) contains data whose integrity must be protected against unintentional error or
intentional fraud.
114

-------
7.7 Security
1) Risk Assessment
2) Data Integrity
ENVIRONMENTAL
MALICIOUS ThREATS
ACTIONS
USER ERROR
SOFIWARE
HARDWARE &
ERRORS
PROGRAMS
DATA
EQUIPMENT
from EPA Irformation Security Manual
for Personal Computers 1 December 1989.
Notes...
For additional guidance, see: Computer Security Act of 1987; EPA Information
Security Manual for Personal Computers (December 1989); Automated Laboratory
Standards: Evaluation of the Standards and Procedures Used in Automated Clinical
Laboratories (May 1990); and Automated laboratory Standards: Evaluation of the
Use of. utomated Financial System Procedures (June 1990).
4.4
115

-------
7.7 Security
1) Risk Assess,nent
3) Critical Functions
EXPLANATION
EXAMPLE
Security must be instituted on automated data collection systems at
laboratories if such systems are used for tune-critical functions of
lab studies or reporting of study results.
If system functions are critical to the performance of lab studies, a
measure of protection can be added by implementing security
procedures, such as user IDs, passwords, callback modems, and
similar restrictions (locked devices, limited access to computer
rooms) that could prevent loss of system use resulting from access
by
1
Responsibility:
Principle:
Management
5. Data
When an automated data collection system is used in the conduct of a study, the
laboratory shall evaluate the need for system security. The laboratory shall have
procedures that asaure that the automated data collection system is secured if
that system:
3) performs time-critical functions that require that data be available for sample
tracking critical to prompt data analysis, monitors quality control criteria critical
to timely release of data, or generates reports which are critical to timely submis-
sion of the data.
CODE
116

-------
7.7 Security
1) Risk Assessment
3) Critical Functions
jt
Notes...
For ditiona1 guidance, see: Computer Security Act of 1987; EPA Information
Security Manual/or Personal Computers (December 1989); Automated Laborato,y
Standards: Evaluation of the Standards and Procedures Used in Automated Clinical
Zthoratories (May 1990); and Automated laboratorj Standards: Evaluation of the
Use 0/Automated Financial System Procedures (June 1990).
117

-------
7.7 Security
2) Security Requirements
1) Physical Security
EXPLANATION
EXAMPLE
Physical security of the system is required when it stores data that
must be secured. This means restricting access to the hardware
devices which physically comprise the system; only those persons
with documented authorization may be allowed to gain such access.
Of primary concern is physical access to the area housing the central
processing unit(s) (CPU) and storage devices rather than access to
terminals, printers, or other user input/output devices.
Physical access to systems is typically restricted to Operations
personnel, to the extent possible. Generally, this is accomplished by
housing CPUs, disk drives, and media on which backups are stored,
in a locked computer room. Access to such rooms can be card-
controlled rather than key-controlled, for added protection, and
alarm systems can be installed to prevent unauthorized access.
Visitors logs can be used to log in and out all personnel accessing
the computer room other than those assigned to work in that area.
When CPUs or storage media must be located in other areas, such
as when PCs are utilized, use of such systems may be restricted to
non-critical functions, or user access to these areas can be controlled
through measures similar to those used for computer zoom access.
CODE
Responsible Person
1. Data
When the automated data collection system contains data that must be secured,
the laboratory shall ensure that the system is physically secured, that physical
and functional access to the system is limited to only authorized personnel, and
that introduction of unauthorized external programs/software is prohibited.
1) Only personnel with specifically documented authorization shall be allowed
physical access to areas where automated data collection systems are maintained.
Resoonsibilitir
Principle:
.J.
118

-------
7.7 Security
2) Security Requirements
1) Physical Security
Notes...
For 2Mitlonal guidance, see: Computer Security Act of 1987; EPA Information
Security Manual for Personal Computers (December 1989); Automated Laboratorj
Standards: Evaluation of the Standards and Procedures Used in Automated Clinical
Laboratories (May 1990); and Automated laboratory Standards: Evaluation of the
Use of Automated Financial System Procedures (June 1990).
119

-------
7.7 Security
2) Security Requirements
2) System Access Security
EXPLANATION
EXAMPLE
System access security is required when the system stores data that
must be secured. All necessary and reasonable measures of
restricting logical access to the system should be instituted to
prevent loss or corruption of secured data.
Procedures can be established for management authorization of
system access, restricting access to persons requiring it for the
performance of their jobs. Multiple levels of system access can be
established and users can be assigned to the level appropriate to their
work needs. A Security Administrator can be appointed with the
responsibility and sole authority to update system security files.
CODE
Responsibility:
Principle:
Responsible Person
1. Data
SPECIAL
CONSIDERATIONS
If it is not possible to restrict access to personal computers through
log-ons or otherwi se, the PCs should be physically secured so that
only authorized individuals can gain access. See EPA’s Information
Security Ma,uwj for Personal Computers (December 1989).
When the automated data collection system contains data that must be secured,
the laboratory shall ensure that the system is physically secured, that physical
and functional access to the system is limited to only authorized personnel, and
that introduction of unauthorized external programs/software is prohibited.
2) Log-ons, restricted passwords, call-backs on modems, voiceprints,
fingerprints, etc., shall be used to ensure that only personnel with documented
authorization can access automated data collection systems.
120

-------
7.7 Security
2) Security Requirements
2) System Access Security
Notes...
For &lidonaI guidance, see: Computer Security Act of 1987; EPA Information
Security Manual for Personal Computers (December 1989); Automated Laboratory
Standards: Evalu7uion of the Standards and Procedures Used in Automated Clinical
Laboratories (May 1990); and Automated laboratory Standards: Evaluation of the
Use of Automated Financial System Procedures (June 1990).
121

-------
7.7 Security
2) Security Requirements
3) Functional Access
EXPLANATION
When the system stores data that must be secured, the lab must
establish a hierarchy of passwords which limit access, by function,
to those who need to use such functions in the perfonnance of their
jobs and are properly authorized. Security must be smictured in a
way that allows access to needed functions and restricts access to
functions not needed or authorized.
EXAMPLE
Security functions of most software systems permit establishment
of passwords which allow limited access to system functions; some
systems permit screen and field level security also. Labs can utilize
such security features to limit exposure to system problems and data
corruption by restricting users to only the functions or screens they
need.
CODE
Responsible Person
1. Data
When the automated data collection system contains data that must be secured,
the laboratory shall ensure that the system is physically secured, that physical
and fUnctional access to the system is limited to only authorized personnel, and
that introduction of unauthorized external programs/software is prohibited.
3) Procedures shall be in place to ensure that only personnel with documented
authorization to access automated data collection system functions shall be able to
access those functions.
Restonsibilitv:
Principle:
122

-------
7.7 Security
2) Security Requirements
3) Functional Access
Notes...
For additional guidance, see: Computer Security Act of 1987; EPA Information
Security Manual for Personal Computers (December 1989); Automated Laborato y
Standards: Evaluation of the Standards and Procedures Used in Automated Clinical
Laboratories (May 1990); and Automated laboratory Standards: Evaluation of the
Use of Automated Financial System Procedures (June 1990).
123

-------
7.7 Security
2) Security Requirements
4) External Programs/Soft vare
EXPLANATION
EXAMPLE
CODE
If the system stores data that must be secured, the laboratories must
establish procedures that protect the system against software sabo-
tage in the form of intentionally introduced software bugs that might
corrupt ordestroy programs, rI itn , or system directories. No external
software should intentionally be imported to the system and meas-
ures to ensure that external software is not transferred to the system
through telecommunications lines, modems, disk packs, tapes, or
other media must be instituted and enforced.
These potential problems are usually controlled by having SOPs in
place requiring that dedicated telecom lines be used, where practi-
cal, instead of dial-in access; that usage of modems be tightly
controlled; that modems be switched off when usage is not required;
that call-back systems arc used to grant dial-in access; and that all
system access from external sources is documented and confined to
persons or organizations on an authorized list maintained by man-
agement. Use of disk packs, diskettes, or tapes from external
sources can be prohibited or permitted only after all reasonable
precautions are taken (back-ups, identification of source and con-
tent of disks, dun ping the contents of the media on a backup system,
etc.)
Responsibility:
Principle:
Responsible Person
1. Data
When the automated data collection system contains data that must be secured,
the laboratory shall ensure that the system is physically secured, that physical
and functional acce to the system is limited to only authorized personnel, and
that introduction of unauthorized external programs/software is prohibited.
4) In order to protect the operational integrity of the automated data collection
system, the laboratory shall have procedures for protecting the system from
introduction of external programs/software (e.g., to prevent introduction of
viruses, worms, etc.).
124

-------
7.7 Security
2) Security Requirements
4) External Programs/Software
Notes...
For additional guidance, see: Computer Security Act of 1987; EFA Information
Security Manual for Personal Computers (December 1989); Automated Laboratory
Standards: Evaluation of the Standards and Procedures Used in Automated Clinical
Laboratories (May 1990); and Automated Lczborato,y Standards: Evaluation of the
Use of Automated Financial System Procedures (June 1990).
125

-------
126

-------
7.8
S TANDARD
OPERATING
PROCEDURES
127

-------
7.8 Standard Operating Procedures
1) Scope
1) Security
EXPLANATION
The system programs and its database must be protected at all costs.
Inst ilIing SOPs to maintain security may only partly protect the
system (physical and in-program system security still need to be
implemented). However, management can exercise some degree of
control by specifying exactly which -
enacted and maintained .
, t.M1b 1
EXAMPLE.
CODE
SOPs need to be written to establish security of the automated data
system. System security encompasses three components. 1) The
software and data must be made secure through program (logical)
locks, such as secure levels of password protection. 2) Hardware
may also be protected through passwords. In some cases, physical
security may be enacted (e.g., keyboard and disk drive locks). 3) A
final level of security is the purely physical protection of the
system(s) and/or computer room. At the very least, each system user
must have a unique identification or password. SOPs defining
password protection should be detailed enough to cover levels of
system access and user privileges. SOPs must also describe the
extent of physical protection of the system hardware or equipment.
Users
5. SOP
Responsibility:
Principle:
In laboratories where automated data collection systems are used in the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). Standard operating procedures shall be established for, but not limited to:
1) maintaining the security of the automated data collection system(s)
(i.e., physical security, securing access to the system and its functions, and
restricting installation of external programs/software)
128

-------
7.8 Standard Operating Procedures
,.-____ Notes...
1) Scope
1) Security
For idditiona1 guidance, see: Computer Security Act of 1987; EPA Information
Security Manual for Personal Computers (December 1989); Automated Laboratorj
Standards: Evaluation of the Standards and Procedures Used in Automated Clinical
Laboratories (May 1990); and Automated laboratorj Standards: Evaluation of the
Use of Automated Financial System Procedures (June 1990).
J
129

-------
7.8 Standard Operating Procedures
1) Scope
2) Raw Data
EXPLANATION
EXAMPLE
Whether entered to the system automatically or ni nually, the raw
d it2 itself must be clearly identified and characterized. A distinction
needs to be made about what constitutes raw data vs. processed data
(see also Section 7.11).
Analyzerreadings of specific samples may be considered raw data .
The conelation or demography of many such samples would be
regarded as processed data . Hand written data collections (such as
field readings or reports) are raw data. After this information is
entered into the automated data collection system and is manipu-
bitMhy 1r iibatinnc inti fnrmi isit nnsi ss”! 1 .
CODE
Responsibility:
Principle:
In laboratories where automated data collection systems are used in the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). Standard operating procedures shall be established for, but not limited to:
2) defining raw data for the laboratory operation and providing a working
definition of raw data.
Users
5. SOP
130

-------
7.8 Standard Operating Procedures
1) Scope
2) Raw Data
Notes...
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laborato,y Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
131

-------
7.8 Standard Operating Procedures
1) Scope
3) Data Enny
EXPLANATION
EXAMPLE
CODE
There may be special requirements pertaining to the entry of data
into the automated data entry system(s). If this is the case, then SOPs
must clearly define these requirements. In any case, all system users
entering data must be identifiable to the system via a unique user
identification andlor password.
Some systems require very specific methods for the entry of the
data. Operators must be aware of these requirements and have
guidelines so that the data is always entered in the same (conect)
manner. This procedure will coniribute greatly to the integrity of the
system and the results produced.
Methods must exist whereby the operator actually entering the data
may be easily identified. A unique user ID is such a method.
Resoonsibilitv:
Principle:
Users
5. SOP
In laboratories where automated data collection systems are used in the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). Standard operating procedures shall be established for, but not limited to:
3) entry of data and proper identification of the individual entering the data.
132

-------
7.8 Standard Operating Procedures
1) Scope
3) Dwa Eiurj
Notes...
For r 1 ditiona1 guidance, see: Federal Fungicide, lMecdcide, and Rode,uicide Ac:
(FIFRA); Good Laboratory Practices (1989), Toxic Substances Control Act (TSCA);
Good Laboratory Practices (1989), and Automated Laboratory Standards:
Evaluation of the Use of Automated Financial System Procedures (June 1990).
133

-------
7.8 Standard Operating Procedures
1) Scope
4) Verification
EXPLANATION
A technique must exist that permits an analysis of entered data to
conflim that this data is accurate. Verification, here, may be defined
as the correcmess of the entered d2hi
EXAMPLE
The double-blind method of data enny, where two people independ-
ently enter the same data, is one technique that can be used for data
verification. A similar method involves simple double entry of data
by the same user. A third methodology consists of program edits,
whereby input is checked against specific parameters or system
tables.
CODE
Responsibility:
Principle:
In laboratories where automated data collection systeuLs are used in the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). Standard operating procedures shall be established for, but not limited to:
4) verification of manually or electronically Input data.
Users
5. SOP
134

-------
7.8 Standard Operating Procedures
Notes...
1) Scope
4) Verification
For additional guidance, see: Automated Laboratory Standards: Evaluation of:he
Use of Automated Financial System Procedures (June 1990).
135

-------
7.8 Standard Operating Procedures
1) Scope
5) Error Codes
EXPLANATION
EXAMPLE
Error codes are messages that appear in printed form or on-screen
to let the user know that there is an inconsistency or problem. An
SOP must be formalized listing possible error messages along with
their probable causes. This SOP should also document the method-
ology by which the euors are corrected, and who, if anybody, should
be notified.
A chart could be used to cross-reference potential error messages,
their cause and methodology for correction.
CODE
Responsibility:
Principle:
In laboratories where automated data collection systems are used in the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). Standard operating procedures shall be established for, but not limited to:
5) interpretation of error codes or flags and the corrective action to follow
when these occur.
Usei
5. SOP
136

-------
Notes...
7.8 Standard Operating Procedures
1) Scope
5) Error Codes
137

-------
7.8 Standard Operating Procedures
1) Scope
6) Change Control
EXPLANATION
Safeguards must be in place to protect against unauthorized change of
data (either raw or processed). Audit wails can be installed into
automated systems that will show both changed and original data
elements, with the date and user nl2king the change; SOPs should be
written to ensure that these audit wails for such changes are m2ilnained.
Any time data is changed, for whatever reason . the date of the change,
reason for the change and individual mpking the change must be
indicated along with the old and new values of the data elements that
have been changed.
EXAMPLE
Separate programs can be used for data eniry and data maintenance, or
separate modules within the same program may be used for these
purposes; this approach may facilitate capturing the required informa-
don for data changes. The system can be programmed to produce audit
wails in the form of change logs. The SOP can require that these be
printed on a regular basis for review by proper supervisors or manage-
ment. All records 2dded , changed or deleted can either be flagged or
audit wail records for these updates can be written to an audit wail file
for printing. A print program could provide the option of listing all
updates or only selected records, such as deletes; sort options could
also be provided to show the updates chronologically or by record type
or both. Someone could be assigned the’ esponsibility of’n iv1taining
the copy of record for these reports. Audit Trail Reports for sensitive
records could then be microfilmed for archive purposes.
In laboratories where automated data collection systems are used in the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). Standard operating procedures shall be established for, but not limited to:
6) chnnging data and proper methods for execution of data changes to include the
original data element, the changed data element, identification of the date of
chnnge, the individual responsible for the change, and the reason for the change.
138

-------
7.8 Standard Operating Procedures
1) Scope
6) Change Control
Res ons biljf 1!
Principk:
- Users
5. SOP
SPECIAL
CONSIDERATIONS
In the audit wail, it is useful to capture the identity of the software
module or pzo am ni lthig the thange
134.7
NAME OP PERSON
ENTERING DATA
•DATEOF ENTRY
I
ORIGINAL
DATA
AUDiT TRAIL
— — — —
CHANGE PROCESS
144.7
134.7
• NAME OF PERSON
MAKING CHANGE
. .. .DATEOFCHANGE
• REASON FOR CHANGE
CHANGED
DATA
CODE.
Notes...
For a$ditional guidance, see: FIFRA GLPs 40CFR 792.130(e): TSCA GLPs 4OCFR
160.130(e); Automated Labo ratory Standards. Evaluation of Good Laboratory
Practices for EPA Programs, Draft (June 1990); Automated Laboratory Standards:
Evaluation of the Standard$ and Procedures Used in Automated Clinical
Laboratories, Draft (May 1990); and Automated Laborawrg Standarcif: Evaluation
of the Use of Automated Financial System Procedures (June 1990).
139

-------
7.8 Standard Operating Procedures
1) Scope
7) Archiving
EXPLANATION
EXAMPLE
CODE
Data processing encompasses all manners of manipulating raw data
into information that may be easily ntcqneted. Data analysis is that
int qnctauon itself. There must be a consistency in methodologies
used, therefore it is necessary to produce standard operating proce-
dures that clearly describe the techniques used for data processing
and analysis. Similar methodologies must be formalized that detail
how data is stored, and on what media, and how this data may be
brought back into the automated system for further processing.
“Storage” may also encompass the physical storage of data saved to
various magnetic media (such as diskettes, tapes, etc.).
The SOP can indicate how formulas used to analyze or process data
must be verified, how standard routines to perform processing or
analysis could be utilized, how storage of magnetic media must
minimize deterioration and how archived computer records are to
be indexed. It can also set up authorization mechanisms for access-
ing or retrieving stored data and indicate responsibilities for m2in-
t2ining the system archives.
Users
5. SOP
Responsibility:
Principle:
In laboratories where automated data collection systems are used in the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). Standard operating procedures shall be established for, but not limited to:
7) data analysis, processing, storage, and retrieval.
140

-------
7.8 Standard Operating Procedures
1) Scope
7) Archiving
Notes...
For additional guidance, see: Federal Fungicide, Insecticide, and Rodensicide Act
(FIFRA); Good Laborato y Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratoiy Practices (1989).
141

-------
7.8 Standard Operating Procedures
1) Scope
8) Backup and Recoverj
EXPLANATION
EXAMPLE
Proper ni intenance of files critical to the system will ensure a quick
return to operation in the event of corruption or loss of any of these
files. Therefore, an SOP documenting procedures for system data
backup and recovery must exist.
The SOP should clearly describe the procedure(s) necessary to
create and store a backup copy of system data. Data backup
frequency should be established; a daily, weekly, monthly, and
annual schedule per system or file can be required by the SOP. The
SOP should also delineate where both on-site and off-site backup
copies are to be stored, as well as which individual is responsible for
m lcing the backup copies.
A Backup Logbook, such as illustrated below, can be used to track
the backups if no system utility generates such recoids automati-
cally.
BACKUP LOG
Serial # Date Initials Notes
In laboratories where automated data collection systeim are used in the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). Standard operating procedures shall be established for, but not limited to:
8) backup and recovery of data.
142

-------
7.8 Standard Operating Procedures
CODE
SPECIt L
CONSIDERATIONS
Users
5. SOP
1) Scope
8) Backup and Recove,y
The laboratory should develop procedures for applying “work
arounds” in case of temporary failure or inaccessibility of the
arn ited data collection system. These procedures should cover
1) “rolling back” or “undoing” changes that have not been com-
pleted, to a previous, stable documented state of the database, and
2) “rolling forward” the automated system or applying changes to
the automated system that were implemented manually during the
temporary failure of the automated system.
In database management terminology, the laboratory should estab-
lish and implement procedures that rollback uncommitted uansac-
tions or roll the database forward to synchronize it with changes
nwI manually, so that at all times the “current state” of the database
is known and valid.
Responsibility:
Principle:
Notes...
For additional guidance, see: Computer Security Act of 1987 and EPA System
Design and Devlopmeat Guidance (June 1989).
143

-------
7.8 Standard Operating Procedures
1) Scope
9) Maintenance
EXPLANATION
To be assured of the consistently acciu te operation of all automated
equipment, proper upkeep and preventative maintenance of that
equipment is vital. An SOP must be established that institutes a
preventive maintenance plan for all units of automated data collec-
tion hardware and generally identifies how such na intenance is to
be documented.
EXAMPLE
For most hardware units, there are vendor-prescribed schedules for
preventive mpintenance. An Operations person, or whoever nor-
ni 11y has primary responsibility for hardware m2intenance, can be
m it1e responsible for follow-up with the vendor or whoever is
performing the i mintenance to ensure that it is accomplished at the
proper time and documented according to the requirements of the
SOP.
CODE.
Responsibility:
Principle:
In laboratories where automated data collection systeim are used In the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). Standard operating procedures shall be established for, but not limited to:
9) maintain*na automated data coilection system(s) hardware.
Users
5. SOP
144

-------
7.8 Standard Operating Procedures
1) Scope
9) Mainenance
Notes...
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act
(rSCA); Good Laborawrj Practices (1989).
145

-------
7.8 Standard Operating Procedures
1) Scope
10) Elecwonic Reporting
EXPLANATION
EXAMPLE
CODE
If elecuonic reporting will be used by labs, an SOP must exist to
establish conuDis for this process. Standards, protocols, and proce-
dures to be used can be indicated and uniformity of such reporting
can be suuctured through such an SOP.
The SOP can address issues such as when elecuDnic reporting is to
be done, which records are involved, and how and by whom
wansmission is to be performed. Guidance in determining the
standards to be followed in the process and what audit uails are
necessary can also be provided (see also Section 7.13 of this
manual).
Responsibility:
Principle:
Users
5. SOp
In laboratories where automated data collection systetus are used in the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). Standard operating procedures shall be established for, but not limited to:
10) electronic reporting, if applicable.
146

-------
7.8 Standard Operating Procedures
Notes...
1) Scope
10) Electronic Repordng
For additional guidance, see:
Standards Workgroup.
of the E1ec onic Reporting
I
147

-------
7.8 Standard Operating Procedures
2) Docwnent Availability
EXPLANA11ON
Written documentation of the procedures being performed must be
kept available. If vendor-supplied documentation is used to supple-
ment these written procedures, that documentation must be properly
referenced in the SOPs.
EXAMPLE
tion su ulied by vendors can
Resnonsibilitv:
Ptincip :
- C
Management
5. SOP
In laboratories where automated data collection systems are used in the conduct
of a study, the laboratory shall have written standard operating procedures
(SOPs). Each laboratory or other study area shall have readily available manuals
and standard operating procedures that document the procedures being per-
formed. Published literature or vendor documentation may be used as a supple-
ment to the standard operating procedures if properly referenced therein.
CODE
be made in SOPs developed in-house.
148

-------
7.8 Standard Operating Procedures
2) Docwnent Availability
Notes...
For additional guidance, see: Federal Fungicide, lnsecdcide, and Rodenticide Act
(FIFRA); Good Laboratorj Practices (1989), and Toxic Substances ControlAc:
(rSCA); Good Laboratory Practices (1989).
149

-------
7.8 Standard Operating Procedures
3) Historical Files
EXPLANATION
EXAMPLE
All versions of SOPs, including expired ones, must be retained in
historical files. The effective dates of each must be indicated.
A chronological file of SOPs can be retained in hardcopy format;
effective dates can be indicated on the forms.
CODE
Responsibility:
Principle:
Archivist
3. Audit
In laboratories where automated data collection systems are used in the conduct
of a study, the laboratory 5h21l have written standard operating procedures
(SOPs). A historical file of standard operating procedures shall be maintained.
All revisions, Including the dates of such revisions, shall be maintained within the
historical file.
150

-------
7.8 Standard Operating Procedures
3) Historical Files
Notes...
For MitionaI guidance, see: Federal Fungicide, I,§icide, and Rodenticide Ac:
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances ControlAc:
(rSCA); Good Laboratory Practices (1989).
151

-------
152

-------
7.9
S OFT WARE
I
till
153

-------
7.9 Software
1) Purpose and Use
EXPLANATION
EXAMPLE
Methods for determining that software is performing its functions
properly must be documented in SOPs and followed. The Respon-
sible Person must control the software change process to prevent
any changes which have not been documented, reviewed, author-
fred and accepted in writing by the Responsible Person. Variances
from any instructions relevant to the system must first be authorized
by the Responsible Person before they can be instituted. Formulas
should be checked and source code reviewed as part of this process.
A Software Change Control SOP can require that no software
changes to the system be implemented unless proper request,
review, authorization, and acceptance procedures are followed.
Control of program libraries can be restricted to a small number of
Operations personnel, where practical, so that no programmers or
users are allowed to move changed software into the production
environment without following required procedures. User surveys
and post-implementation reviews of software performance can be
required to evaluate whether software is properly performing its
functions, as documented.
CODE
Responsible Person
4. O nge
The laboratory shall consider software to be the operational instructions for
automated data collection systents and shall, therefore, have written standard
operating procedures setting forth methods that management is satisfied are
adequate to ensure that the software is accurately performing the intended
fUnctions. All deviations from the operational instructions for automated data
collection systeme shall be authorized by the designated Responsible Person.
Changes in the established operational instructions shall be properly authorized,
reviewed and accepted in writing by the designated Responsible Person.
Rest ,onsibilitv:
Principle:
154

-------
7.9 Software
1) Purpose and Use
SPECIAL
CONSIDERATIONS
It may be useful for the laboratory to distinguish among different
categories of software: operating systems; “layered software prod-
ucts” such as programming languages, with which applications are
developed; and actual applications. Procedures for authorization,
review, and acceptance of changes in software may differ across
these different categories of software.
RESPONSIBLE TEST/REVIEW
PERSON
Notes...
For 2ddidonal guidance, see: Computer Security Act of 1987, and EPA System
Design & Development Guidance (June 1989).
155

-------
7.9 Software
2) Life Cycle
1) Development
EXPLANATION
EXAMPLE
For all new systems (systems not in a production mode at the time
of publication of this Guide) to be used in the conduct of an EPA
study, labs must establish and maintain documentation for all steps
of the system’s life cycle, in accordance with the EPA’s System
Design and Development Guide and Section 7.9 #3 below. These
include documentation of user requirements, design documents
(such as functional specifications, pro am specifications, file
layouts, database design, and hardware configurations), documen-
tation of unit testing, qualification, and validation procedures and
testing, control of production stan-up, software versions and
change through maintenance, post-implementation reviews, and
on-going support procedures.
SOPs can require that each system development life cycle phase of
a software project be properly documented before that phase can be
regarded as complete. Management review of development project
milestones can ensure that required documentation is available
before giving approval for projects to proceed.
Responsibility:
Principle:
Management
3. Audit
SPECIAL
CONSIDERATIONS
Laboratories that rely on off-the-shelf software or third-party prod-
ucts may not have the same obligations to document these products
over their life cycle. This obligation may depend on how widely
The laboratory shall have documentation to demonstrate the validity of software
used in the conduct of a study as outlined in Section 7.9 #3.
1) For new systems the laboratory shall have documentation throughout the life
cycle of the system (i.e., beginning with identification of user requirements and
continuing through design, integration, qualification, validation, control, and
mnintenance, until use of the system is terminated)
CODE
156

-------
7.9 Software
2) Life Cycle
1) Development
these third-party products are utilized and how well respected they
are in the industry. Where third-party software is used, the Labora-
tory data sets must reference the version of software used.
Notes...
from EPA System Design &
Development Guidance. June 1989.
For additional guidance, see: EPA System Design & Development Guidance
(June 1989).
157

-------
7.9 Software
2) Life Cycle
2) Docwne,uarion
EXPLANATION
EXAMPLE
CODE
Systems existing in a production mode prior to publication of this
Guide and purchased systems should be documented in the same
way as systems developed in accordance with EPA’s System
Design and Development Guide and 7.9 #2 above, to the degree
possible. Documentation relevant to certain phases of the system
life cycle, such as validation, change control, acceptance testing,
and mpintenance, for example, should be similar for all systems.
For systems ihat already exist in a production mode prior to pub-
lication of this guide, reconstruction of documentation for user
requirements and design documents may not be possible, but should
be done when possible. System descriptions and flow charts can
also be developed, if unavailable. Evidence of integration and val-
idation testing should be maintained for inspection purposes. For
vendor-supplied software, user requirements would normally be
developed prior to software evaluation and selection. Systems de-
sign documentation may be provided, to a degree (file layouts, sys-
tem descriptions), but may often be unavailable to the same extent
that systems developed in-house are documented (file layouts,
system descriptions, and functional specs may be provided but pro-
gram specs or source code may be unavailable). If critical documen-
tation is not provided, it may be necessary to attempt to obtain it
from the vendor or re-construct it in-house, to the degree possible.
Responsibility:
Principle:
3. Audit
The laboratory shall have documentation to demonstrate the validity of software
used in the conduct of a study as outlined in Section 7.9 #3.
2) Automated data collection system(s) currently In existence or purchased from a
vendor shall be, to the greatest extent possible, similnrly documented to demon-
strate validity.
158

-------
7.9 Software
2) Life Cycle
2) Documentation
,— Notes...
For additional guidance, see: EPA System Design & Development Guidance
(June 1989).
159

-------
_____ I 7.9Software
3) Scope
1) Inventory
EXPLANATION
EXAMPLE
A written system description, which provides detailed information
on the software’s functionality, must be developed and maintained
for each software application in use at the lab. Functional require-
ments which document what the system is designed to accomplish
may be substituted for the system description.
System flowcharts, work flow charts and data flow charts can be
developed by those most knowledgeable about the system if they are
not provided by the software vendor (for purchased software). A
written system description is generally provided by vendors for
purchased systems or will normally be developed in the design
phase of in-house software projects. Such documentation should be
made available in a designated area within the lab.
Responsibility:
Principle:
Management
3. Audit
Documentation of operational instructions (i.e., software) shall be established and
maintained for, but not be limited to:
1) detailed written description of the software in use and what the software is
expected to do or the f inctional requirements that the system is designed to fulfill.
CODE
160

-------
Notes...
7.9 Software
3) Scope
1) Inventory
For 2Midonal guidance, see: EPA System Design & Development Guidance
(June 1989).
J
161

-------
7.9 Software
3) Scope
2) Coding Standards -
EXPLANATION:
EXAMPLE.
Written documentation of software development standards must
exist, which includes programming conventions, shop program-
ming standards, and development standards to be followed by
design and development staff at the site. Standards for internal
documentation of programs developed or modified at the site must
also be included.
Programming and design standards can be established to ensure that
minimum requirements are met and to foster consistency and
uniformity in the software. In the area of design, issues such as
consistency of file layout formats, screen formats, and report
formats can be addressed. Other design issues such as docurnenta-
ton standards for user requirements definition, functional specifi-
cations, and system descriptions can be included. With regard to
programming standards, requirements for the documentation of
programs internally are important; explanatory comments, section
and function labels, indications of programming language, pro-
grammer name, dates of original writing and all changes, and use of
logical variable names can all be required.
CODE
Responsible Person
5. SOP
Documentation of operational instructions (i.e., software) shall be established and
maintained for, but not be limited to:
2) identification of software development standards used, including coding Stan-
dards and requirements for adding comments to the code to identify its functions.
Responsibility:
Principle:
162

-------
Notes...
7.9 Software
3) Scope
2) Coding Standards
J
163

-------
7.9 Software
3) Scope
3) Formulas
EXPLANATION
EXAMPLE
All algorithms or formulas used in programs run at the lab, including
user-developed programs and purchased software p ck ges which
allow user enuy of formulas or algorithms, must be documented and
retained for reference and inspection. The intent is to establish a
source for locating such algorithms or formulas easily. Files of all
program listings or specifications are insufficient listings of the
algorithms and formulas should exclude all other information.
These listings should identify the programs in which the formulas
and algorithms occur.
A file or log of all such formulas or algorithms can be maintained
centrally in a location designated by the Responsible Person. For
purchased software, formulas and algorithms may be obtained from
vendor-provided documentation, in some cases. For most software
currently in use, it is probable that formulas and algorithms will
have to be abstracted. Documentation of algorithms and formulas in
the a 1 p oyuate listings can then be made a required part of the
design and development process to insure compliance.
CODE
Resnonsibilitv:
Principle:
-e
Responsible Person
5. Formulas
Documentation of operational instructions (i.e., software) shall be established and
mnintained for, but not be limited to:
3) listing of all algorithms or formulas used for data analysis, processing,
conversion, or other manipulations.
164

-------
Notes...
7.9 Software
3) Scope
3) Formulas
165

-------
7.9 Software
3) Scope
4) Acceptance Testing
EXPLANATION
EXAMPLE
Acceptance testing, which involves responsible users testing new or
changed software to determine that it performs colTectly and meets
their requirements, must be conducted and documented. Written
procedures should indicate when such testing is required as well as
how it is tobe conducted, and that documentation of such testing
must include the acceptance criteria, summary of results, names of
persons who performed testing, indication of review and written
approval.
Acceptance testing procedures are commonly integral parts of the
change control process, which should also apply to implementation
of new software. Users should be given the opportunity to test
programs for which they have requested changes in a test environ-
ment that will not impact the production system. New software
shouldalsobetestedinasimilarwaybyuserswhowillbeexpected
to work with it. Acceptance criteria should be documented before
testing begins to ensure that testing is predicated on meeting those
standards. Quality assurance units or management can review the
tests and results to ascertain that criteria are appropriate and are met
to their satisfaction.
Resnonsibilitv:
Principle:
Users
4. Oi nge
uocumentation or operational instructions (i.e., software) shall be established and
maintained for, but not be limited to:
4) acceptance testing that outlines acceptance criteria; identifies when the tests
were done and the individual(s) responsible for the testing; summarizes the results
of the tests; and documents review and written approval of tests performed.
CODE
166

-------
7.9 Software
MANAGEMENT
Notes...
3) Scope
4) Acceptance Testing
USERS
PROGRAMMERS
SCIENTISTS
OUALITV
ASSURANCE
UNIT
For additional guidance, see: EPA System Design & Development Guidance
(June 1989).
167

-------
7.9 Software
3) Scope
5) Change Control
EXPLANATION
EXAMPLE
Written documentation of Change Control Procedures must exist to
provide a reference and guidance to MIS and users for management
of the on-going software change and maintenance process. All steps
in this process should be explained or clarified and the procedures
should be available to all system users and MIS personnel at the
laboratory. Software or software changes that have not been imple-
mented in compliance with the Change Control Procedures cannot
be utilized at the laboratory, except in test mode.
Change Control Procedures can refer to persons authorized to
request software changes, forms designed for that purpose, require-
ments to be met before approval of such requests, prioritizing
methods for change requests, program libraries from which to take
copies of programs to be amended, libraries for program copies
undergoing change, responsibilities for documenting testing, ap-
proving of changed versions, and moving changed versions to the
production environment. Restricting access to the function of
moving changed versions to production will assist in enforcing
compliance.
CODE
Responsibility:
Principle:
Responsible Person
4. Change
Documentation of operational instructions (i.e., software) shall be established and
maintained for, but not be limited to:
5) drnnge control procedures that include instructions for requesting, testing,
approving, and issuing software changes.
168

-------
Notes...
7.9 Software
3) Scope
5) Change Control
For additional guidance, see: EPA System Design & Development Guidance
(June 1989).
I
169

-------
7.9 Software
3) Scope
6) Version Control
EXPLANATION
EXAMPLE
An audit tail must be established and retained that permits identi-
fication of the software version in use at the time each data set was
created.
This requirement is normally met by insuring that the date and time
of generation of all data sets is documented (usually within the data
record itself), and that the software system generating the data set
is identifiable. Also, the lab can ensure that historical files are
established and maintained to indicate the current and all previous
versions of the software releases and individual programs, includ-
ing dates and times they were put into and removed from the
1 MW PLi flA J 7
CODE
Responsibility:
Principle:
Responsible Person
3. Audit
6)
data sets.
Documentation of operational instructions (i.e., software) shall be established and
malntained for, but not be limited to:
procedures that document the version of software used to create or update
170

-------
, ØP ___ Notes...
7.9 Software
3) Scope
6) Version Coiizrol
171

-------
7.9 Software
3)
Scope
7) Problem Reporting
EXPLANATION.
EXAMPLE
A written Pioblem Reporting Procedure should exist to structure the
process of documenting software problems encountered by users
and MIS staff, as well as the recording, follow-up and resolution of
such problems.
Problem Report forms with written instructions for completion can
be developed and Problem Logs can be maintained by a person
designated by the Responsible Person. Analysis and initial report-
ing can be required within a specific time frame and periodic follow-
up of open problems can be done by the Responsible Person until
resolution is reached. Documentation of resolved problems can be
retained in case of recurrences.
CODE
Responsible Person
4. Audit
Documentation of operational instructions (i.e., software) shall be established and
maintained for, but not be limited to:
7) procedures for reporting software problems, evaluation of problems, and
documentation of corrective actions.
Responsibility:
Principle:
172

-------
7.9 Software
3) Scope
7) Problem Reporting
Notes...
For additional guidance, see: EPA System Design & Development Guidance
(June 1989).
173

-------
7.9 Software
4) DocuuAvailabiir
EXPLANATION
EXAMPLE
All written SOPs or software documentation mentioned in para-
graph 7.3, subparagraphs 4-10 above, should be available, in their
work areas, to system users or persons involved in software devel-
opment or maintenance, as applicable. For purchased systems.
vendor-supplied documentation, if properly referenced, may sup-
plement documentation developed in-house.
SOP manuals are normally available to each department or work
group within a lab. Persons responsible forproducing SOP manuals
may maintain a log of manuals issued, by number, and to whom they
were issued in order to ensure that all manual holders receive
updates. A distribution key, indicating departments or persons
receiving SOPs, and the SOPs which were issued to them (not all
users need all SOPs), can be useful. SOPs pertinent only to design,
development, and maintenance personnel can be made available
centrally at a specified location in the systems area. User manuals
should be provided to all user departments or kept in a central
documentation area; sign-out procedures can help prevent loss or
misplacement.
CODE
Responsibility:
Principle:
Man” E or written procedures for documentation of operational instructions shall
be readily available in the areas where these procedures are performed. Published
literature or vendor documentation may be used as a supplement to software
documentation if properly referenced therein.
Archivist
5. SOP
174

-------
7.9 Software
4) Document Availability
Notes...
175

-------
7.9 Software
5) Historical Files
EXPLANATION
EXAMPLE
Files of all versions of software programs must be created and
maintained so that the history of each program is evident. Differ-
ences between the various versions and the dine of their use should
be evident. An audit tail must be established and retained that
permits identification of the software version in use at the time each
set was created.
The lab can ensure that historical files are established and main-
tained to indicate the current and all previous versions of the
software releases and individual programs, including dates and
dines they were put into and removed from the production system
environment. Program listings with sufficient internal documenta-
tion of changes, dates, and persons making changes can be used;
internal references back to a project number or change request form
can also be useful. Labs can also log the date and dine of generation
of all data sets within the data record itself and make sure the
software system generating the data set is identifiable.
Responsible Person
3. Audit
A historical file of operating instructions, changes, or version numbers shall be
maintained. All software revisions, induding the dates of such revisions, shall be
innintained within the historical file. The laboratory shall have appropriate
historical documentation to determine the software version used for the collection,
analysis, processing, or maintenance of all data sets on automated data collection
systems.
Responsibility:
Principle:
176

-------
7.9 Software
5) Historical Files
,.— Notes...
For additional guidance, see: EPA System Design & Development Guidance
(June 1989).
177

-------
178

-------
7.10
DATA ENTRY
179

-------
7.10 Data Entry
1) Integrity of Data
1) Tracking Person
EXPLANATION
EXAM PLE
Labs using automated data collection systems must ensure that data
input is traceable to the person who entered it, i.e., the person
responsible for the data entered can be identified.
The usual method for accomplishing this is to have the system
record the user identification code as part of all records entered. The
user ID code can then be referenced back to the associated data entry
person to allow identification per each record entered.
CODE
Responsible Person
3. Audit
When a laboratory uses an automated data collection system in the conduct of a
study, the laboratory hnI1 ensure integrity of the computer-resident data col-
lected, nnalyzed, processed, or maintained on the system. The laboratory shall
ensure that in automated data collection systems:
1) The individual responsible for direct data input shall be Identified at the time
of data input.
Resnonsibilirv:
Principle:
180

-------
7.10 Data Entry
1) Integrity of Data
1) Tracking Person
:‘T ’ L
Notes...
For additional guidance, see: Automated Laboratorj Standards: Evaluation of the
Use of Automated Financial System Procedures (June 1990).
181

-------
7.10 Data Entry
1) Integrity of Data
2) Tracking Equipment, Time, Daze
EXPLANATION
Labs using instruments which transmit data to automated data
collection systems must ensure that an audit trail exists and is
maintained, indicating date and time stamps for each record nans-
mined and which instrument was the source for each entry. It must
be possible to trace each record transmitted back to the source
instrument, and date and time of generation.
EXAMPLE
This àan be accomplished by entering an instrument identification
code along with a date and tune stamp into each record transmitted
to the system and storing this information as part of those records or
by generating an audit nail report with similar information.
CODE
Responsibility:
Principle:
Responsible Person
3. Audit
When a laboratory uses an automated data collection system in the conduct of a
study, the laboratory shall ensure integrity of the computer-resident data col-
lected, analyzed, processed, or maintained on the system. The laboratory shall
ensure that in automated data collection systems:
2) The instruments transmitting data to the automated data collection system
shall be identified, and the time and date of transmittal shall be documented.
182

-------
7.10 Data Entry
1) Integrity of Data
2) Tracking Equipment, Time, Date
Notes...
For additional guidance, see: Automated Laboratory Standardc: Evaluation of the
Use of Automated Financial System Procedures (June 1990).
183

-------
7.10 Data Entry
1) huegrity of Data
3) Data Change
EXPLANATIO N
EXAMPLE
When data in the system is changed after initial entry, an audit trail
must exist which indicates the new value entered, the old value, a
reason for change, date of change, and person who entered the
change.
This normally requires storing all the values needed in the record
changed or an audit trail file and keeping them permanently so that
the history of any data record can always be reconstructed. Audit•
Trail reports may be required and, if any electronic data is purged,
the reports may have to be kept permanently on microfiche or
microfilm.
CODE
Responsible Person
3. Audit
SPECIAL
CONSIDERATIONS
Laboratories may consider adopting the policy by which only one
individual may be authorized to change data, rather than implement-
ing a system that records the name of any and all individuals making
data changes.
When a laboratory uses an automated data collection system in the conduct of a
study, the laboratory ch Il ensure integrity of the computer-resident data col-
lected, analyzed, processed, or maintained on the system. The laboratory shall
ensure that in automated data collection systems:
3) Any change in automated data entries shall not obscure the original entry,
sh Il indicate the reason for change, shall be dated, and shall identify the individual
making the th nge.
ResDonsibilitv:
Principle:
184

-------
134.7
• NAME OF PERSON
ENTERING DATA
• DATE OF ENTRY
I
7.10 Data Entry
1) Integrity of Data
3) Data Change
• NAME OF PERSON
MAKING CHANGE
• DATE OF CHANGE
• REASON FOR CHANGE
AUDIT TRAil.
— — — — —
CHANGE PROCESS
144.7
134.7
ORIGINAL
DATA
CHANGED
DATA
Notes...
For additional guidance, see: FIFRA GLFs 4OCFR 792 .130(e); TSCA GLPs 4OCFR
160.130(e); Automated Laboratory Standards: Evaluation of Good Laboratory
Practices for EPA Programs, Draft (June 1990); Automated Laboratory Standards:
Evaluation of the Standards and Procedures Used in Automated Clinical
Laboratories, Draft (May 1990): and Awomated Laboratory Standards: Evaluation
of the Use of Automated Financial System Procedures (June 1990).
185

-------
7.10 Data Entry
2) Data Verification
EXPLANATION
EXAMPLE
CODE
Written SOPs must exist for validating the data entered manually or
automatically to the lab’s automated data collection systems. The
practice of these procedures must be enforced.
Data v lid2tion methods, such as double-keying of manually en-
tered data, blind re-keying of data entered automatically, or other
proven methods, can be practiced to ensure data integrity.
Responsibility: Responsible Person
Principle:
1. Data
Data integrity In an automated data collection system is most vulnerable during
data entry ‘whether done via manual input or by electronic transfer from auto-
mated Instruments. The laboratory shaH have written procedures and practices in
place to verify the accuracy of manually entered and electronically transferred
data collected on automated system(s).
186

-------
Notes...
7.10 Data Entry
2) Data Ver flcarion
For *dtiitional guidance, see: Automated Laboratory Standards: Evaluation of the
Use of Automated Financial System Procgdures (June 1990).
187

-------
188

-------
7.11
RAW DATA
189

-------
7.11 Raw Data
1) Definition
EXPLANAT1ON
EXAMPLE
The operational definition of raw data for the lab, especially as it
relates to automated data collection systems used, must be docu-
mented by the lab and made known to employees. Raw data can be
original records of environmental conditions, animal weights, food
consumed by study animals throughout the course of a study or
imi12r original records-or documentation necessary for the recon-
struction of a study and which cannot be recalculated, as can a
statistical value such as a mean or median, given all the original raw
data of the study. It can include data stored on the system or output
on various media.
The definition of raw data in GLP regulations is: “... [ A]ny labora-
tory worksheets, records, memoranda, notes, or exact copies
thereof, that are the result of original observations and activities of
a study and are necessary for the reconstruction and evaluation of
that study... “Raw data” may include photographs, microfilm or
microfiche copies, computer printouts, magnetic media, ... and
recorded data from automated instruments.” (40 CFR 792.3). Data
entered into the system directly (not from a source document) by
keyboard or automatically by lab test devices is considered raw
djIr2 A microscope slide is not raw data since it is not an original
record of an observation, but a pathologist’s written diagnosis .,f the
slide would be considered raw data.
Resnonsibilitv:
Principle:
Management
1. Data
Raw data collected, analyzed, processed, or maintained on automated data
collection system(s) are subject to the procedures outlined below for storage
and retention of records. Raw data may include microfilm, microfiche, computer
printouts, magnetic media, and recorded data from automated collection systems.
Raw data is defined as data that cannot be easily derived or recalculated from
other information. The laboratory shall:
1) Define raw data for its own laboratory operation.
CODE
190

-------
7.11 Raw Data
1) Definition
SPECIAL
CONSIDERATIONS
Notes...
1. A recent court ruling may supercede federal requirements. A
review of the US Court of Appeals ruling on the A.H. Robins Dalkon
Shield case is recommended. The Court ruled that compliance with
the Food and Drug Administration’s (FDA) retention guidelines did
not free the company from obligation to produce records. In this case
the company failed to produce test evidence that it claimed it de-
stroyed after the FDA retention date passed and before the law suit
was filed.
2. Some computer-controlled devices including some spec trome-
ters, chromatography devices, and titration measurement devices
provide intermediary or “tentative” data. In these situations, the
scientist interprets these tentative data typically through a number of
preliminary curve sets. After several iterations, he determines an
appropriate curve fit. While several hundred thousand data points are
generated only the final fit is the raw data.
In this unique setting, it is the scientist’s professional determina-
tion of what are acceptable data that determines what the raw data are.
3. In practice, this regulation is interpreted to mean that a regulated
industry has an obligation to retain (and, within certain periods of
tune, produce) all records that may be subject to alternate expert inter-
pretation,or that demonstrate compliance (or non-compliance) with
a specific regulation. Most laboratories treat as raw data all scientists’
notebooks, printouts of databases summarizing the results of testing
equipment output, and electronic copies of said databases, including
any statistical manipulation of the data contained therein.
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratoty Practices (1989).
191

-------
7.11 Raw Data
2) Standard Operating Procedures
EXPLANATION
EXAMPLE
The lab must include its definition of raw data in the SOPs it
publishes and makes available to its personnel so that interpretation
of what constitutes raw data and retention procedures for such data
are uniform for all lab studies performed.
A policy statement can be issued by the lab to make this definition
clear to employees. Consideration can be given to preferred storage
media and retention requirements.
Responsibility:
Principle:
Management
5. SOP
Raw data collected, analyzed, processed, or maintained on automated data
collection system(s) are subject to the procedures outlined below for storage
and retention of records. Raw data may include microfilm, microfiche, computer
printouts, magnetic media, and recorded data from automated collection systems.
Raw data is defined as data that cannot be easily derived or recalculated from
other information. The laboratory shall:
2) Include this definition in the laboratory’s standard operating procedures.
CODE
192

-------
7.11 Raw Data
, — Notes...
2) Standard Operating Procedures
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFR.A); Good Laboraorj Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
193

-------
194

-------
7.12
RECORDS
AND ARCHIVES
195

-------
7.12 Records and Archives
1) Records to be Maintained
1) RawData
EXPLANATION
EXAMPLE
Labs must retain their written definition of computer resident raw
data for inspection or audit.
The policy or SOP containing the raw data definition, including all
prior versions of it, can be permanently retained in the office or
department responsible for publishing it that version may be
considered the copy of record and it can be made available there for
inspection or audit.
Responsibility:
Principle:
Management
1. Data
All raw data, documentation, and records generated in the design and operation of
automated data collection system(s) shall be retained. Correspondence and other
documents relating to interpretation and evaluation of data collected, analyzed,
processed, or maintained on the automated data collection system(s) also shall be
retained. Records to be maintained indude, but are not limited to:
1) A written definition of computer-resident “raw data” (see Section 7.11 of this
document).
CODE
196

-------
7.12 Records and Archives
1) Records to be Maintained
1) Raw Data
Notes...
For additional guidance, see: Federal Fungicide, Insecticide, and Rodenticide Act
(FIFRA); Good Laboratory Practices (1989), and Toxic Substances Control Act
(TSCA); Good Laboratory Practices (1989).
197

-------
7.12 Records and Archives
1) Records to be Mai,uained
2) Hardware and Software
EXPLANATION
EXAMPLE.
The lab must retain written descriptions of all hardware and soft-
ware used in data handling on the system. Overall descriptions of the
purpose and use of the system and specific listing of hardware and
software involved in data handling are required. If more than one
system exists, the relationships between them, including what data
is passed from one system to another, must be documented and
retained.
Hardware descriptions are usually provided by the vendor but
system configurations can be documented in-house; general de-
scriptions of software are available from the vendor for purchased
software but will have to be enhanced in-house if the software is
modified or to describe how important software options are being
used. For software developed in-house, the required descriptions
will have to be developed as part of the design documentation.
CODE.
Responsibility:
Principle:
Responsible Person
3. Audit
All raw data, documentation, and records generated in the design and operation of
automated data collection system(s) shall be retained. Correspondence and other
documents relating to interpretation and evaluation of data collected, analyzed,
processed, or maintained on the automated data collection system(s) also shall be
retained. Records to be maintained include, but are not limited to:
2) A written description of the hardware and software used in the collection,
analysis, processing, or maintenance of data on automated data collection
system(s). This description shall identify expectations of computer system perform-
ance and shall list the hardware and software used for data handling. Where mul-
tiple automated data collection systems are used, the written description shall
include how the systems interact with one another.
198

-------
7.12 Records and Archives A
1) Records to be Maintained
2) Hardware and Software
Notes...
For dditiona1 guidance, see: EPA System Design & Development Guidance
(June 1989), and EPA Information Security Manual for Personal Computers
(December 1989).
199

-------
7.12 Records and Archives
1) Records to be Maintained
3) Acceptance Test Records
EXPLANATION
Acceptance testing must be performed and documented for new or
changed software. Documentation of that testing, including the
information mentioned above, must be permanently retained.
EXAMPLE
Normally such documentation of acceptance testing by users is
made a part of the project file associated with the new or changed
software, which is typically retained in the MIS department or other
designated area, for audit purposes.
CODE -
Responsible Person
3. Audit
All raw data, documentation, and records generated in the design and operation of
automated data collection system(s) shall be retained. Correspondence and other
documents relating to interpretation and evaluation of data collected, analyzed,
processed, or maintained on the automated data collection system(s) also shall be
retained. Records to be maintained include, but are not limited to:
3) Software and/or hardware acceptance test records which identify the item
tested, the method of testing, the date(s) the tests were performed, and the mdi-
‘viduals who conducted and reviewed the tests.
Responsibility:
Principle:
200

-------
7.12 Records and Archives
1) Records to be Maintained
3) Acceptance Test Records
Notes...
For additional guidance, see: EPA System Design & Development Guidance
(June 1989), and EPA Information Security Manual for Personal Computers
(December 1989).
201

-------
7.12 Records and Archives
1) Records to be Maintained
4) Training and Experience
EXPLANATION
EXAMPLE
Laboratoriess must retain summary records for their personnel of
their job descriptions, experience, qualifications, and training re-
ceived.
Documentation of personnel backgrounds, including education,
aining, and experience, can be retained cen ally, by Personnel for
example, and kept available to laboratory management and inspec-
tors or auditors. Any pertinent systems design and operations
knowledge should be indicated, in accordance with Section 7.1 of
this manual.
CODE
Responsibility:
Principle:
Archivist
3. Audit
All raw data, documentation, and records generated in the design and operation of
automated data collection system(s) shall be retained. Correspondence and other
documents relating to interpretation and evaluation of data collected, analyzed,
processed, or maintained on the automated data collection system(s) also shall be
retained. Records to be maintained include, but are not limited to:
4) Sununaries of training and experience and job descriptions of staff as required
by Section 7.1. of this document.
202

-------
Notes...
7.12 Records and Archives
1) Records to be Maintained
4) Training and Experience
203

-------
7.12 Records and Archives
1) Records to be Maintained
5) Maintenance
EXPLANA11ON
All written documentation or logs of repair or preventative mainte-
nance to automated data collection system hardware must be
retained by labs for subsequent reference, inspection, or audit. Such
documentation should indicate the devices repaired or maintained
(preferably with model and serial numbers), dates, nature of the
problem forrepairs, resolutions, indications of testing, when appro-
priate, and authorizations for return of devices to service. Mainte-
nance documentation should include records pertaining to work
performed by in-house personnel as well as that done by vendors or
outside service contractors. See also Section 7.6 of this manual.
EXAMPLE
CODE
Policies can be implemented to ensure that all required documenta-
tion is forwarded to a central archive point, including that for
peripheral devices or PCs, even if remotely located. Accounts
Payable can be alerted to check that documentation of repairs and
maintenance has been updated before paying any related invoices,
or special General Ledger accounts can be created for these kinds of
payments to aid in tracing them.
Responsible Person
3. Audit
Responsibility:
Principle:
All raw data, documentation, and records generated in the design and operation of
automated data collection system(s) shall be retained. Correspondence and other
documents relating to interpretation and evaluation of data collected, analyzed,
processed, or maintained on the automated data collection system(s) also shall be
retained. Records to be maintained include, but are not limited to:
5) Records and reports of
of automated data collection system(s)
204

-------
7.12 Records and Archives
1) Records to be Maintained
5) Maintenance
Notes...
For additional guidance, see: EPA System Design & D evelopmen Guidance
(June 1989).
205

-------
7.12 Records and Archives
1) Records to be Maintained
6) Problem Reporting
EXPLANAT1ON
EXAMPLE
CODE
Labs must retain all soft e-related Problem Reports and Problem
Logs for subsequent reference and inspection. These should include
all information pertinent to the problems and the actions taken to
resolve the problems. See also Section 7.9 #3, of this manual.
Software problems are typically reported cen ally to a system sup-
port group or person; they can be reported by both users and
Operations personnel. In the written procedures required by the
above referenced section of this manual, guidelines can be estab-
lished for documenting, filing, and retention of such problems.
Primary responsibility for maintenance and retention of these
records can be specifically delegated to a designated person.
Responsibility:
Principle:
Archivist
5. SOP
All raw data, documentation, and records generated in the design and operation of
automated data collection system(s) shall be retained. Correspondence and other
documents relating to interpretation and evaluation of data collected, analyzed,
processed, or maintained on the automated data collection system(s) also shall be
retained. Records to be maintained include, but are not limited to:
6) Records of problems reported with software and corrective actions taken.
206

-------
7.12 Records and Archives
1) Records to be Maintained
6) Problem Reporting
Notes...
For additional guidance, see: EPA System Design & Development Guidance
(June 1989), and EPA Information Security Manual for Personal Computers
(December 1989).
207

-------
7.12 Records and Archives
1) Records to be Maintained
7) QA Inspections
EXPLANATION
EXAMPLE
In automated laboratories, the Quality Assurance Unit is respon-
sible for conducting periodic inspections of lab operations, to
include the hardware, software and computer-resident data to en-
sure that no deviations from proper design or use, as documented in
written procedures or pertinent manuals, is evident The QAU must
also document these inspections and this documentation of inspec-
tions must be retained.
The QAU can create suitable forms or checklists to document such
inspections and retain them in appropriate files or on microfilm. The
QAU staff does not have to become expert in systems hardware or
software but can inspect automated operations for compliance with
applicable GLPs and SOPs and evidence of proper authorization
and documentation for deviations from these.
CODE
Responsibility:
Principle:
Quality Assurance
3. Audit
All raw data, documentation, and records generated in the design and operation of
automated data collection system(s) shall be retained. Correspondence and other
documents relating to interpretation and evaluation of data collected, analyzed,
processed, or maintained on the automated data collection system(s) also shall be
retained. Records to be maintained indude, but are not limited to:
7) Records of quality assurance inspections (but not the findings of the inspec-
tions) of computer hardware, software, and computer-resident data.
208

-------
,._____ Notes...
7.12 Records and Archives A
1) Records to be Maintained
7) QA Inspeaions
209

-------
7.12 Records and Archives
1) Records to be Maintained
8) Backup and Recovery
EXPLANATION
EXAMPLE
Labs must retain all schedules, logs, and reports of system backups
(data and programs), system failures, and recoveries or restores.
These records should indicate the type of activity (e.g., normal
backup, recovery due to system failure, restore of a particular file
due to data comiption) and location of backup storage media.
Binders or other suitable files can be established in the Operations
Department for retention of the forms on which all backups and
recoveries or restores can be documented. This documentation is
typically subject to scheduled managerial review when operations
are centralized and as a result is usually easily consolidated under
such conditions. When operations are distributed or when PCs are
involved, persons responsible for backup, recovery, and for docu-
menting backup and recovery, may also be subject to frequent
managerial review or follow-up to ensure all necessary records are
generated and retained, according to SOPs.
CODE
ResDonsibilitv:
Principle:
Responsible Person
3. Audit
All raw data, documentation, and records generated in the design and operation of
automated data collection system(s) shall be retained. Correspondence and other
documents relating to interpretation and evaluation of data collected, analyzed,
processed, or maintained on the automated data collection system(s) also shall be
retained. Records to be maintained include, but are not limited to:
8) Records of backups and recoveries, including backup schedules or logs, type
and storage location of backup media used, and logs of system failures and
recoveries.
210

-------
7.12 Records and Archives
1) Records to be Maintained
8) Backup and Recovery
Notes...
For additional guidance, see: Computer Security Ac: of 1987, and EPA System
Design & Development Guidance (June 1989).
211

-------
7.12 Records and Archives
2) Conditions of Archives
EXPLANA11ON
EXAMPLE
CODE
All raw data, documentation, and records generated in the design
and operation of the automated data collection system must be
archived in a manner that is orderly and facilitates retrieval. Filing
logic and sequences should be easily understood. If stored on the
system, such data must be backed up at intervals appropriate to the
importance of the data and potential difficulty of reconstructing it,
and the backups must be retained. The storage environment should
be suitable to accommodate the media involved and prolong the
usefulness of the backups or documents in accordance with their
retention period requirements.
Backup tapes or disks can be stored in the computer room, if
available, which normally provides the proper environment to
prevent deterioration due to temperature, dust, or other potentially
harmful conditions. Documents which must be retained can be filed
in cabinets that are water- and fireproof and located in areas
appropriately protected from water and fire damage. If retention
requirements for data stored on magnetic tape exceed two years,
procedures for periodically copying such tapes can be established.
Filing procedures and sequences can be documented to ensure
uniformity.
Responsibility:
Principle:
Archivist
1. Data
There shall be archives for orderly storage and expedient retrieval of all raw data,
documentation, and records generated in the design and operation of the auto-
mated data collection system. Conditions of storage shall minimize potential dete-
rioration of documents or magnetic media in accordance with the requirements for
the retention period and the nature of the documents or magnetic media.
212

-------
Notes...
7.12 Records and Archives
2) Conditions of Archives
213

-------
7.12 Records and Archives
3) Records Custodian
:ON
Ltbs must assign responsibility, in writing, for maintenance and
security of archives to a designated individual.
The job description for a particular position in the lab can contain,
among other duties, the responsibilities of archivist. This person
will normally require a backup person to assume such duties in case
of absence.
Responsibility:
Principle:
Management
1.
Data
An individual shall be designated in writing as a records custodian for the archives.
214

-------
Notes...
7.12 Records and Archives
3) Records Custodian
215

-------
7.12 Records and Archives
4) Limited Access
EXPLANA11ON
Access to all data and documentation archived in accordance with
Section 7.12 and zelated subparagraphs of this manual shall be
limited to those with documented authorization.
EXAMPLE
Archived data and documentation should be accorded the same
level of protection as data stored on the system. Procedures defining
how access authorization is granted and the proper use of the
archived data, including restrictions on how and where it can be
used by authorized persons, can be established. Logs can be main-
tained indicating when, to whom, and for what reasons access was
granted to the archives; the particular records accessed may also be
identified. If removal of records from the archive aiea is to be
permitted, strictly enforced sign-out and return procedures should
be documented and implemented.
CODE
Responsibility:
Principle:
Only personnel with documented authorization to access the archives shall be
Permitted this access.
Archivist
1. Data
216

-------
Notes...
7.12 Records and Archives
4) Limited Access
217

-------
7.12 Records and Archives
5) Retention Periods for Records
EXPLANATION:
EXAMPLE
Raw data and all system-related data or documentation pertaining
to laboratory work submitted in support of health or environmental
pro ains must be retained by the labs for the period specified in the
conuact or by EPA statute.
Coniract clauses or EPA statutes pertinent to record retention
periods can be copied and forwarded to the Archivist, who then can
ensure compliance and disposal or desiruction, as appropriate,
when retention periods have expired. The Archivist can follow-up
to determine retention periods for any records lacking such inform a-
ton. The Archivist can ensure that the storage media used is
adequate to meet retention requirements and can institute proce-
dures to periodically copy data stored on magnetic media whose
retention capabilities do not meet requirements.
CODE
SPECIAL
CONSIDERATIONS
Responsibility:
Principle:
Archivist
1. Data
Arecentcourtru]ingniay supercede federairequirements. A review
of the US Court of Appeals ruling on the A.H. Robins Da]kon Shield
case is recommended. The Court ruled that compliance with the
FoodandDrugAdminiciration’s (FDA)retention guidelines didnot
free the company from obligation to produce records. In this case the
company failed to produce test evidence that it claimed it desiroyed
after the FDA retention date passed and before the law suit was filed.
Raw data collected, analyzed, processed, or maintained on automated data collec-
tions systems and documentation and records pertaining to automated data collec-
tion system(s) shall be retained for the period specified by EPA contract or EPA
statute.
218

-------
Notes...
7.12 Records and Archives
5) Retention Periods for Records
219

-------
220

-------
7.13
REPORTING
221

-------
7.13 Reporting
1) Standards
EXPLANATION.
EXAMPLE
When a lab reports data from analytical instruments electronically
to the EPA, that data must be submitted on standard magnetic
media, such as tapes or diskettes, and conform to all requirements
of EPA Order 2180.2, such as those for record identification,
length, and content.
Although the EPA Order 2180.2 should be consulted directly for
specific information, these general requirements are noted:
1. All character data are to be upper case, with two exceptions:
1.1 When using the symbols for chemical elements, they must
be shown as one upper case letter or one upper case letter
followed by a lower case letter.
1.2 In comment fields, no restrictions are made.
2. Missing or unknown values must be left blank.
3. All character fields must be left-justified.
4. All numeric fields must be right-justified. A decimal point is to
be used with a non-integer if exponential notation is not used.
Commas are not allowed.
5. All temperature fields are in degrees centigrade, and values are
presumed non-negative unless preceded by a minus sign (-).
6. Records must be 80 bytes in length, ASCII format.
A laboratory may choose to report or may be required to report data electroni-
cally. If the laboratory reports data electronically, the laboratory shall:
1) Ensure that electronic reporting of data from analytical instruments is reported
in accordance with the EPA’s standards for electronic transmission of laboratory
measurements. Electronic reporting of laboratory measurements must be provided
on standard magnetic media (i.e., magnetic tapes and/or floppy disks) and shall
adhere to standard requirements for record identification, sequence, length, and
content as specified in EPA Order 2180.2 - Data Standards for Electronic Trans-
mission of Laboratory Measurement Results.
222

-------
7.13 Reporting
1) Standards
CODE.
7. Disks or diskettes must have a parent directoty listing all files
present.
8. Tape files must be separated by single tape marks with the last file
ending with two tape marks.
9. External labels must indicate volume ID, number of files, creation
date, name, address, and phone number of submitter.
10. Tape labels must also contain density, block size, and record
length.
The Order also provides the formats for six different record types
and gives other important definitions and information that must be
noted and followed by all labs submitting data electronically.
Responsibility: Responsible Person
Principle: 1. Data
Notes...
223

-------
7.13 Reporting
2) Other Data
EXPLANA11ON
EXAMPLE
If labs electronically report data other than that from analytical
insmnnents (covered in subparagraph 1 above), that data must be
transmitted in accordance with the recommendations made by the
ERS Workgroup mentioned above.
A policy statement concerning all aspects of electronic data inter-
change (EDI) has been developed by the ERS Workgroup but has
not yet become effective. This policy provides guidance in adopting
the same Federal Information Process Standard (FIPS) proposed by
the National Institute of Standards and Technology (NIST) relative
to EDI (Federal Register, Vol. 54, pp. 38424-6, September 18,
1989). When the policy becomes effective, labs will want to obtain
copies to guide them in submitting reports electronically; in the
meantime, an indication of what to expect or how to prepare can be
probably be derived from the FIPS.
CODE
Rest,onsibilitv:
Principle:
Responsiblà Person
1. Data
A laboratory may choose to report or may be required to report data electroni-
cally. If the laboratory reports data electronically, the laboratory shall:
2) Ensure that other electronically reported data are transmitted in accordance
with the recommendations of the Electronic Reporting Standards Workgroup (to
be identified when the recommendations are finalized).
224

-------
Notes...
7.13 Reporting
2) Other Data
225

-------
226

-------
7.14
C OMPREHENS lYE
ONGOING TESTING
227

-------
7.14 Comprehensive Ongoing Testing
EXPLANA11ON
EXAMPLE
In order to ensure ongoing compliance with EPA requirements for
secárity and integrity of data and continued system reliability and
accuracy, a complete systems test of laboratory systems must be
conducted at least once very 24 months. This test must also include
a complete document review (SOPs, change, security, and uaining
documentation, audit trails, error logs, problem reports, disaster
plans, etc. See Appendix B of A Guide to EPA Requirements for
Automated Laboratories; “Inventory of Compliance Docuinenta-
tion”).
A test team can be assembled which could include users, QAU
personnel, data processing personnel, and management so that the
interests, skills and backgrounds of individuals from these different
areas can best be drawn into the testing process. A system test data
set can be developed which significantly exercises all important
functions of the system. This test data set can then be retained and
re-used for future systems tests. It may have to be enhanced periodi-
cally if new functionality is added to the system. System test
protocols and test objectives can be developed and re-used also. A
checklist can be developed to ensure that all important areas of
testing and document review are addressed.
Responsibility:
Principle:
Management
4. change
SPECIAL
CONSIDERATIONS
If it is determined that there have been no changes to the system
within the previous 24 months, actual retesting and review can be
of a limited scope. It should at least be determined that documenta-
tion is current and accurate.
Laboratories using automated data collection systems must conduct comprehensive
tests of overall system performance, induding document review, at least once every
24 months. These tests must be documented and the documentation must be re-
tained and available for inspection or audit.
CODE
228

-------
r rotes...
7.14.Comprehensive Ongoing Testing
229

-------
230

-------
APPENDIX A
EPA OIRM GALP Publications
AutomatedLaboratory Standards: Current Automated Laboratory Data
Management Practices (Firi 1, June 1990)
Automated Laboratory Standards: Good Laboratory Practices for EPA
Programs (Draft, June 1990)
Automated Laboratory Standards: Survey of Current Automated Technology
(Fin 1, June 1990)
Automated Laboratory Standards: Evaluation of the Use of Automated
Financial System Procedures (Final, June 1990)
Automated Laboratory Standards: Evaluation of the Standards and Procedures
used in Automated Clinical Laboratories (Draft, May 1990)
231

-------
Notes...
232

-------
COMMENT FORM
Please use this form to forward any comments you may have on this Implementation Gu*Ie.
Send the form to:
Richard Johnson
U.S.E.P.A.
MD-34
RescarchTrianglePark,NC 27711
Name: _____________________________________________
Title: _____________________________________
Org ni tion:
Address: ___________________________
Phone:_______________________________ Date:
Comments:
233

-------