Vendor Column: Designing a Standardized Laboratory Informatics Environment for Quality Operations

Skip to Navigation


  • Published: Jan 16, 2012
  • Author: Chris Stumpf
  • Channels: Laboratory Informatics / Chemometrics & Informatics
thumbnail image: Vendor Column: Designing a Standardized Laboratory Informatics Environment for Quality Operations

Welcome to the second in a series of features from Chris Stumpf, a marketing manager at Waters Corporation who focuses on Lab Informatics. Every two months, Chris publishes a new informatics-related article which we hope will build into a worthwhile compendium of informatics material. This month, Chris describes the important concepts to consider when designing a standardized laboratory informatics environment operating in GxP. 

Designing, implementing, and operating a laboratory informatics environment is an important part of a pharmaceutical organization's overall quality program as was discussed in my previous column, "Reducing System Complexity by Standardizing Laboratory Informatics Solutions", (November 17, 2011). The FDA's Current Good Manufacturing Practices (cGMP) (21 CFR Part 211) define the necessary requirements of an overall quality system in drug manufacturing including computerized systems. More specific requirements for electronic records and signatures are covered in the FDA's 21 CFR Part 11. Armed with these regulations and the architectural design described in the previous column, is it possible to create a laboratory informatics system for quality operations? This column will describe important concepts to consider when designing a standardized laboratory informatics environment operating in GxP.

First, let's assume that your organization's laboratory informatics environment will include some of the following systems: Enterprise Resource Planning (ERP), Laboratory Information Management System (LIMS), Electronic Laboratory Notebook (ELN), Scientific Data Management System (SDMS), and Chromatography Data System (CDS) - note that ERP and LIMS are usually classified as business systems, but will have some impact on the laboratory. In order to comply with the regulations within 21 CFR Part 211 and Part 11, these systems will need to provide thorough Part 11 technical controls to ensure that electronic records and signatures are trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper. Some examples of technical controls include:

  • Audit trails for troubleshooting and fraud detection
  • Unique login and passwords for each person who uses a system to identify who performed a task
  • Role-based accounts to prevent unauthorized operations
  • Client/server architecture so that the server can be locked in a secure data center to prevent data manipulation
  • Applying a date/time stamp to records to prove when a record was created, etc.

Developers of laboratory informatics solutions will typically market these technical controls as being compliant-ready. However, merely buying a compliant-ready solution and installing it in the GxP environment will not guarantee compliance. The organization must also have compliance policies in place or the Part 11 technical controls are useless. For example, if a laboratory was to implement a solution that provides unique login and password capabilities but then allows users to log in as "QC1" with password "qc"; hence, any data on this system would not be considered trustworthy or reliable because of this poor policy.

Before actually purchasing a laboratory informatics solution with Part 11 technical controls, consider that the computerized system must be validated for intended use (based on 21 CFR Part 11 and 211) and fit within the landscape of your organization's validation master plan (VMP). This will ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. For example, 21 CFR Part 11 states that a signer should not be able to repudiate a signed record as not genuine. All system validation efforts are the responsibility of the system owner, but there are parts of validation that vendors can usually help with, e.g., confirming whether the software was installed and configured according to the vendor's design. There are other aspects that deal directly with intended use or specific configured workflows that system owner's may perform entirely alone or can be assisted with by the vendor or a consultant. The best way to approach this type of validation is to write a set of user requirements specifications (URS). Your organization may not use all of the capabilities of a particular laboratory informatics solution so it is best to define only the capabilities that you will use, assign a risk assessment (discussed in the following paragraph), choose the most critical operations and then validate those operations. It is common to write the validation plan for the laboratory informatics solution during the development of the URS. Once you have the URS in hand, the correct laboratory informatics solution can be selected to meet your needs. Likely, the selected solution will meet most needs, but not all, so a revision to the URS capabilities will be required for validation purposes.

At this point, GAMP 5, a Risk-Based Approach to Compliant GxP Computerized Systems, should be brought into the discussion since such an approach can dramatically reduce your organizations validation efforts. GAMP 5 is a guidance used by the pharmaceutical industry to implement computerized systems to safeguard patient safety, product quality, and data integrity - while also delivering business benefits (see recommended reading below). GAMP 5 breaks down software classifications into discrete categories from 1 (lowest risk) to 5 (highest risk). The categories relevant to this discussion are configurable solutions (Category 4) and customizable software (Category 5). ERP, LIMS, SDMS, ELN, and CDS are largely category 4 when the system owner utilizes functions out-of-the-box and "switch-on" the functions that are needed. Aspects of a solution can be classified as category 5 if a workflow modification involves development of custom code or macros - a common practice with LIMS solutions. From a validation perspective, a category 5 ranking implies more risk. Hence, the custom code module would need to be specified, version controlled, and tested to ensure that the module performs correctly and reliably--and again summarized into a report. The GAMP 5 guidance contains a number of useful principles to guide system validation such as writing a URS (described above) and leveraging the vendor for validation when possible. GAMP 5 also encourages an assessment of the software vendor to leverage the vendo's knowledge, experience, and documentation. By performing a postal or onsite audit (assessment), your organization may be able to eliminate duplicate testing (i.e., utilize quality testing performed by the vendor) during the testing phase of your validation.

After performing a risk assessment of the vendor, a test script can be developed to trace the functionality back from the URS to the regulatory requirement - this is often referred to as a traceability matrix. Once validation is complete, a validation summary report is required to document the system validation.

In summary, a standardized laboratory informatics environment can be designed to adhere to regulatory requirements by implementing solutions with Part 11 technical controls and validating the implemented solution based on the functions that will be used by the organization. Following principles outlined in GAMP 5 can help define system requirements, manage risks, and leverage vendor validation services when possible.

Refer to the references at the end of this column for further reading about regulatory compliance and computerized system validation. In the next column, lean operational execution and laboratory informatics will be discussed.

Recommended Reading:

  1. FDA Basics: Describes what the agency does,
  2. 21 CFR Part 11 and Part 211 can be found on the FDA's Code of Federal Regulations Title 21 at 
  3. GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems, ISPE 2008, ISBN 1-931879-61-3

Article by Chris Stumpf, Waters Corporation

The views represented in this article are solely those of the author and do not necessarily represent those of John Wiley and Sons, Ltd.

Social Links

Share This Links

Bookmark and Share


Suppliers Selection
Societies Selection

Banner Ad

Click here to see
all job opportunities

Most Viewed

Copyright Information

Interested in spectroscopy? Visit our sister site

Copyright © 2018 John Wiley & Sons, Inc. All Rights Reserved