Biomedical Engineering Reference
In-Depth Information
TABLE 13.2 Accommodation for the Computer's Operating System in a Flow
Cytometer Validation
Operating Systems
Macintosh
Attributes
Windows
User accounts
Global NT user groups
Password management
Global (corporate) NT
password policies
apply
Local password policies
configured through OSx
terminal
Data storage and
handling
Data saved directly
to file server
Third party program
(e.g., DAVE ) interfaces
with Windows server
Disaster recovery
Norton Ghost
Carbon Copy Cloner
(freeware)
Procedural controls
Automatic time-out set by
administrator for all users
Automatic time-out set per
user
such discussion in our group led us to exclude efforts to evaluate the mechanical sorter
that was a component of one of the FACSCalibur instruments in our validation plan. In
another meeting, we identified certain software configurations and related issues that
had to be set independently for each user or specific to each computer system to
establish compliance (Table 13.2).
The suite of activities triggered by the validation plan (VP), requirements and
design (RD), requirements traceability matrix (RTM), and test protocols (IQ/OQ/PQ)
are the true heart and soul of the instrument validation process.
Compliance is achieved through the verification and acceptance of intended use
and documented upon approval of the validation summary report (VSR); compliance
is maintained through change control practices, forward-thinking training oversight,
and documented maintenance and monitoring of the instrument.
13.2.2.2 Access Controls, Integrity, Authentication, and Transmission
Security The validation process consists of verification and control over the
entire system, including both user and data controls. The basic principle of user
access is defining, documenting, and managing who should have access to what.
Defining the minimum business requirements for managing user access includes
defining local (instrument-specific) user groups, for example, defining role-based
access privileges and responsibilities such as Administrator, and defining instrument
configured parameters (e.g., password requirements, allowable logon attempts, etc.).
Once user groups are defined and configured, a documented procedure defining the
role-based training requirements, method of access approval, and administration of
users, including removal and periodic verification of the process, ensures access
control over time.
Assurance of data integrity starts with a careful review of the data flow, from raw
data generation to archive. At any point where data may be manually manipulated
or lost, a technical or procedural control is necessary to ensure accuracy and
Search WWH ::




Custom Search