---

Summary

SciCord’s Platform is provided as COTS (Commercial Off-The-Shelf) software. SciCord provides a complete package documenting control of the software product. Additionally, documentation and testing are required to verify the software product meets the organization requirements within the target environment with appropriate control of people, hardware, and process. SciCord’s pharmaceutical validation Service is intended to provide the required customer specific documentation.

Goal

Computer system validation of a COTS solution in the pharmaceutical industry must ensure an acceptable degree of documented evidence establishing confidence in the consistency, accuracy, and reliability against predetermined specifications.

The SciCord Validation Service goal is to ensure both technical and procedural controls are implemented for compliance with good documentation practices for electronic data generated by the system

For COTS solutions, much of the documentation/testing in the model above should be supplied by the vendor. The customer specific documentation includes User Requirements and Performance Qualification.

Deliverables

Document Description	Document Strategy
Validation Master Plan	Establishes the objectives, policy, resources, execution and management of the SciCord ELN validation effort.
User Requirements Specification for SciCord ELN	User requirements defined in collaboration with Customer including review of Customer SOPs and work practices
Standard Operating Procedures	Procedures for SciCord ELN Administration & SciCord ELN Use are written in collaboration with customer.
Training	Training is provided to customer lead users.
Functional Specification for SciCord ELN	SciCord Requirements Document and description of additional functional to be provided via configuration, templates, or reports.
Design Qualification for SciCord ELN	Comparison of SciCord Functional Requirements to User Requirements Specification. Verifies that the proposed design and configuration of the system is suitable for its intended purpose.
Installation Qualification	SciCord Production Environment IQ
Operational Qualification	SciCord Test Plan and Summary Report.
Risk Assessment	Identify risks associated with Customer deployment that will be mitigated procedurally or with PQ testing.
Vendor Audit	Optional: Third party or customer Quality Assurance audit (1 day) at customer expense.
Performance Qualification	Utilize the output of the risk assessment to design and execute test cases intended to verify system functionality as configured for use.
Validation Summary Report	Validation report that provides an overview of activities. This report to also include a summary of associated validation documents, define the configuration of permissions associated with system roles, and provide a traceability matrix between requirements and associated testing.
System Release	Document to be provided to Customer Quality Assurance to release SciCord ELN for production use.

---

Enhancing Lab Efficiency: A Comprehensive Informatics Platform

---

Mr. Naughton’s comments are insightful, primarily because he works in the biotech industry and acknowledges the vital role a LIMS (Laboratory Information Management System) plays. Even in the pharma and biotech industries, people are confused about the differences between an ELN (Electronic Lab Notebook) and a LIMS.

SciCord works to bring LIMS and ELN, and other common lab software, together into one informatics platform. Our customers see at least a 30% efficiency improvement. These improvements are delivered through a secure cloud infrastructure that allows all your data to be accessible across your organization.

 Why Software as a Service?

SaaS minimizes your total cost of ownership. Maintenance and backups are included, minimizing IT overhead.
SciCord provisions required hardware, eliminating initial hardware purchase and refreshes.

Security

Award winning Azure cloud platform meets a broad set of international and industry-specific compliance standards, such as General Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2. Data is encryption at rest and in transit.

Backups and Replicates

Backups are made to two physical locations, Incremental Daily, Full Weekly, Full Monthly. Completed document bundles are provided to you for your own on-site storage.

 Why Software as a Service?

SaaS also allows SciCord to utilize a more robust central cloud infrastructure, based on Microsoft Azure. The SaaS provider manages the application, provides hardware, maintains security, and routinely monitors performance. By contrast, a local-only implementation requires hardware to be managed on-site, dedicated staff to be assigned to maintain it, and increases the risk of data loss in the event of unforeseen accidents or hardware failures.

Implementing SciCord as a SaaS product also allows for quicker and smoother implementations. Typical benefits or advantages of a SaaS solution include:

1. Reduced time to benefit
2. Lower costs
3. Scalability and integration
4. New releases (upgrades)
5. Easy to use and perform proof-of-concepts

 Azure

SciCord utilizes the Azure server network, making SciCord Informatics Platform accessible around the globe.

 ELN or LIMS?

SciCord’s SaaS approach also facilitates delivering multiple software solutions in one package. Laboratory Information Management Systems (LIMS) and Electronic Notebook (ELN) are key parts of this feature set.

• LIMS is focused on the management and tracking of laboratory samples, workflows, and associated data. Read more about us from a LIMS perspective here.
• ELNs are primarily designed to replace traditional paper laboratory notebooks. Read more about us from an ELN perspective here.

SciCord also includes features of document management (SDMS), batch record (EBR) or Manufacturing Execution System (MES), and Lab Execution (LES) systems.

SciCord excels in Pharma labs, manufacturing, R&D, and biotech by:

Delivering Our Service Effectively

SciCord serves both GxP and non-GxP clients. SciCord provides the software and the infrastructure, maintenance, and support.

Protecting Data from External Threats

All SciCord systems are periodically updated with the current patches and security protocols. Data in the SciCord database is encrypted to protect it. Data is also encrypted when transmitted between a client’s site and the Cloud servers. Additionally, clients can expect external protection tests at least annually, with every major software release.

Protecting Data from Improper Internal Access and Vulnerability

A layered password system allows users to access only the information and resources required to perform their legitimate tasks. As designated by FDA 21 CFR part 11, SciCord incorporates security features such as timestamps and digital signatures to assure regulated agencies that data on the system is consistent, not tampered with, and in general follows the data integrity directives mandated by the FDA. The system is also evaluated at least annually to verify its effectiveness.

Additionally, SciCord safeguards application and interface security by:

• Following SDLC (Software Development Life Cycle) guidelines, which outline phases of development, each with built-in control features.
• Using only in-house code developers.
• Penetration testing for each major version
• Regularly testing the software against OWASP Top 10 to identify any vulnerabilities.

Instrument Access

SciCord accommodates real-time data collection and displays from balances, pH meters, and other instruments by monitoring an IP address. For instruments that feature a result database, SciCord connects to the database, acquires the results, and records them. For all others, a printed output or created spreadsheet/CSV can be parsed for data import.

User Guidance

A lab doesn’t need to overflow with IT gurus or ‘superusers’ to reap the benefits SciCord provides. Users only need PCs that run Windows and basic working knowledge of spreadsheet software. SciCord provides initial instruction and training as well as periodic support.

SciCord offers the support required to implement and customize the software to fit a client’s needs. Each client is assigned a Project Manager to coordinate the deliverables between each lab’s personnel and the SciCord personnel.

---

Objective

Outline the requirements and strategies for creating a compliant Excel workbook.

Why Validate?

Spreadsheet software is a powerful tool for processing data. This allows it to be an extremely useful asset for the pharmaceutical industry, however, it can also be a huge risk. Each year citations from regulatory bodies inspecting pharmaceutical labs are given out to companies for their use of un-validated spreadsheets. While almost all professionals in the industry have some degree of experience with spreadsheet software, the level of technical ability varies greatly from user to user. Excel spreadsheet validation creates a standard that is acceptable for all associates involved in the project.

When to Validate?

In a Q&A issued by European Medicines Agency: “Validation according to paragraph 4 of annex 11 is required at least for spreadsheets that contain custom code (e.g. Visual Basic for applications). Formulas or other types of algorithm should be verified for correctness. Therefore, appropriate controls for templates of spreadsheets must be in place. Erroneous calculations due to data remaining from previous calculations must be avoided. The templates should also be suitably checked for accuracy and reliability (annex 11 p7.1) and should be stored in a manner which ensures appropriate version control (chapter 4 p4.1).”

Common Issues with Spreadsheets

There are many hurdles to making spreadsheets compliant. The following are just a few of the common issues that must be addressed.

• Easy access to programs
• Everybody (not trained on GxP compliance validation and computer science) can write programs
• Everybody can change without control
• No validation, no documentation
• Many different environments (operating systems, PC hardware)
• Many versions in use (local PC, server, inbox, delete folders)
• No or insufficient documentation

Procedures

Successful validation is dependent on proper planning and procedures being in place. It is likely that a large number of spreadsheets will be involved and therefore efficiency and repeatability are critical factors in the validation process; the key to efficiency and minimizing the validation costs is to keep the process simple. This is achieved by introducing streamlined processes throughout the validation lifecycle and the use of a generic, yet adaptable, set of documentation. This includes validation SOPs, usage SOPs, and Validation Plans.

Design

The spreadsheet should be designed with compliance in mind following established documented procedures. However, it is common that a spreadsheet has already been created and is in use before the decision to validate is made. The FDA has issued the following requirements as a guide to validating spreadsheets:

• Lock all cells of a spreadsheet, except those needed by the user to input data.
• Make spreadsheets read-only, with password protection, so that only authorized users can alter the spreadsheet.
• Design the spreadsheet so that data outside acceptable conditions is rejected (for example, reject non-numerical inputs).

Validating

Each company has different approaches to Excel spreadsheet validation. Regardless the method (Validation Plan vs. SOP), the following points must be addressed at minimum:

• Manually verify spreadsheet calculations by entering data at extreme values, as well as at expected values, to assess the ruggedness of the spreadsheet.
• Test the spreadsheet by entering non-sensical data (for example alphabetical inputs, <CTRL> sequences, etc.).
• Keep a permanent record of all cell formulas when the spreadsheet has been developed. Document all changes made to the spreadsheet and control using a system of version numbers with documentation.
• Periodically re-validate spreadsheets. This should include verification of cell formulas and a manual reverification of spreadsheet calculations.

Documentation

The following information is key to document as proof of the validation effort:

• Description of what the spreadsheet does
• Description of formulas used
• Explanation of the relationships of formulas used
• User manual (including keys for any color/formats used)
• Listing of any code (VBA Macros, etc.)
• Test Sheets with expected results, acceptance criteria, and actual results
• Security measures, password maintenance, and user lists
• System requirements such as operating system, spreadsheet software version, and workbook version.

Conclusion

The validation of spreadsheets often gets overlooked on the priority list but is crucial to avoid regulatory issues. There are many resources available online to guide first time validators through the process.

SciCord provides services and products that can fulfill these validation needs – read more about our options here

---

In the highly regulated pharmaceutical industry, compliance with FDA (U.S. Food and Drug Administration) standards and guidelines is of utmost importance.

Balancing Lab Efficiency with IT and Compliance Requirements

Accurate data management and robust laboratory information management systems (LIMS) play a critical role in meeting these regulatory requirements. To ensure the effectiveness of LIMS solutions, pharmaceutical laboratories rely on validation packages designed specifically for FDA compliance.

---

 What is LIMS Software?

A Laboratory Information Management System (LIMS) is a software solution that streamlines and centralizes data management in a laboratory setting. It helps pharmaceutical laboratories maintain accurate records, improve data traceability, and ensure compliance with regulatory requirements.

 The Importance of Validation in FDA-Compliant Laboratories

---

 Key Components of Validation Packages for LIMS Software

Validation Packages can vary and include items such as a Validation Plan, Customer Administration Procedures, User Requirements Specification, Functional Requirements Specification, Design Qualification (DQ), Risk Assessment,
Operation Qualification (OQ) Vendor Audit Plan, Vendor Audit Report or Installation Qualification (IQ) or Summary Report, and a Configuration Specification document. Below are descriptions of some of the main components of a validation package.

 Choosing the Right Validation Package

When selecting a validation package for your LIMS software, it’s important to consider the specific needs of your laboratory. Look for a package that aligns with your URS and is designed to meet FDA compliance standards. Additionally, the package should offer ongoing support and updates to ensure continued compliance as regulations evolve.

 Conclusion

Validation packages for LIMS software are a critical component of ensuring that pharmaceutical laboratories remain FDA compliant. By implementing a thorough validation process, laboratories can mitigate the risk of data inaccuracies, streamline their operations, and confidently meet regulatory requirements. Choose the right validation package to support the success of your laboratory’s quality control and data management processes.

 SciCord

SciCord is a hybrid ELN/LIMS, featuring a spreadsheet paradigm, that combines the compliance and structured aspects of a Laboratory Information Management System (LIMS) with the flexibility of an Electronic Laboratory Notebook (ELN). The ELN and LIMS functions integrate seamlessly and enable your company to quickly reap the benefits of enhanced data and time efficiencies as you continue to meet compliance standards and follow GLP.

---

Introduction

Pharmaceutical labs face the dual challenge of complying with FDA 21 CFR Part 11 regulations and the European Union’s General Data Protection Regulation (GDPR). Both sets of regulations focus on data integrity and security but have distinct requirements. This article explores how pharmaceutical labs can navigate these regulatory landscapes, ensuring compliance with both FDA and GDPR standards.

2. Electronic Records and Signatures
ELNs and LIMS must establish a traceable link between electronic records and signatures. The system should prevent the same signature on multiple documents and ensure each signature specifies the role of the signer (e.g., author, reviewer).

3. Document Security and Audit Trails
Both open and closed systems must maintain detailed audit trails, documenting all changes to electronic records. Records should include the printed name of the signatory, the date and time of signing, and the role associated with the signature.

GDPR: Data Protection and User Rights

1. Purposeful and Lawful Data Processing
The GDPR requires that data processing be lawful, fair, and transparent. Companies must collect data for specific, legitimate purposes and limit the amount of data to what is necessary.

Reconciling FDA and GDPR Compliance

1. Data Retention vs. Right to Erasure
A key conflict between FDA 21 CFR Part 11 and GDPR arises from data retention requirements versus the right to be forgotten. FDA regulations mandate retaining data for specific periods, while GDPR allows individuals to request the deletion of their data. Companies must balance these requirements by ensuring compliance with both regulations where possible.

2. Explicit Consent and Audit Trails
GDPR mandates explicit consent for data collection, while FDA 21 CFR Part 11 focuses on maintaining audit trails. Companies should implement processes that secure explicit consent and document all data collection activities to meet both standards.

The GDPR reaches well beyond the physical boundaries of the EU.

The GDPR applies to international companies that collect data from citizens in any EU member state. According to gdpr.eu, “it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU.” Yes, that’s anywhere in the world. So, every firm that collects data from EU citizens falls under the jurisdiction of this law, even if they are located outside the EU.

SciCord ELN/LIMS: Compliance Solutions

Conclusion
Navigating the regulatory requirements of FDA 21 CFR Part 11 and GDPR is challenging but essential for pharmaceutical labs, or any labs working in a validated industry. SciCord ELN/LIMS provides the necessary tools and features to ensure compliance with both standards, safeguarding data integrity and security while respecting user rights and regulatory mandates.

 

---

---

The pharmaceutical industry faces a dilemma every day. On the one hand, the overall success of the industry relies on painstakingly thorough R&D, testing, and trials that, ironically, eliminate the vast majority of product ideas and eventually yield a relatively small number of safe and effective products. However, the research, development, lab testing, and clinical trials necessary to get a new product to market are hugely expensive.

In 2017, Scott Gottlieb told the members of the Regulatory Affairs Professional Society (RAPS):

---

The challenge for pharmaceutical companies is to discover ways to make product development less expensive without making it less effective – to learn how to work more productively without sacrificing accuracy or precision.

A leading-edge ELN (Electronic Laboratory Notebook) designed for use by pharmaceuticals helps companies achieve both of these goals.

Are you skeptical? Read on to discover:

• Why do pharmaceutical labs need an ELN?
• What characteristics make an ELN robust and user-friendly?
• How to approach the implementation of your ELN for maximum efficiency and acceptance.

---

How an ELN Helps Labs Increase Productivity & Reduce Costs

Before we address how an ELN helps labs increase productivity and reduce costs, let’s define what an ELN is and how it differs from a LIMS (Laboratory Information Management System).

Put simply, an ELN is a digital version of the ubiquitous traditional lab notebook used for hundreds of years by researchers in many fields. Like a paper notebook, an ELN documents thousands of details about lab activity: Who did what? When, where, how, and why did they do it? What happened?

Notice the level of detail suggested by these questions, and how specific they are to an individual lab. That’s a key feature of an ELN; it’s designed to manage unstructured data and adapt to changing workflows. That feature is also a critical difference between an ELN and a LIMS.

A LIMS is designed to manage structured data through workflows that are tightly regulated. Traditionally, LIMS data gathering and management has focused on capturing and analyzing data throughout the lifecycle of the sample. Implementing a LIMS increases the lab’s standardization and accuracy among samples and tests, and also guides and records the usage, maintenance, operation, and calibration of equipment.

There’s disagreement over whether a leading-edge lab should implement an ELN, a LIMS, or a combination of the two. (We will address that issue later.) For now, we’ll focus on the ELN.

---

---

An ELN eliminates these difficulties associated with paper notebooks and provides researchers with tools and integration that a paper notebook just can’t provide. For those reasons, an ELN is crucial for cutting-edge pharmaceutical labs. Specifically, an ELN provides:

• Enhanced data creation
  An ELN covers all aspects of data entry, including who generated the data and what materials/resources and machines/instruments were used. E-signatures and time stamps explain when the analyst performed the testing. Automated calculations yield fewer math errors, greater precision, and significant time efficiencies. Simply put, an ELN helps researchers generate more accurate data faster. This means increased productivity and efficiency.
  An ELN also makes errors easier to spot. Since data ranges can be specified, results outside the range are instantly flagged and can be quickly analyzed to discover the cause of the discrepancy. This capability helps researchers notice errors of transposition or substitution and prevents a domino effect of incorrect calculations driven by a single error.
• Improved sample preparation
  Complex sample formulations are often automated for greater measurement accuracy. A robust ELN links the equipment, instruments, and resources used in the sampling process to the data derived from each sample. Preparation documents are detailed, easier to complete, and legible (There’s no more need to decipher someone’s handwriting.)
• Easier data retrieval
  An ELN’s search function lets you access data from a specific experiment that was performed by a certain researcher and yielded results that meet exact parameters.  Thanks to layers of search functionality, the most robust ELNs can pinpoint and display–in just a few seconds–the exact data needed. (You can say goodbye to trips to the vault in the basement!)
• A balanced approach to data protection and data sharing
  Giving the right people access to data increases communication and the flow of ideas. It speeds the research process and encourages camaraderie and a shared sense of purpose. However, unbridled access can foster errors, clashes between researchers, compliance issues, and myriad situations that can put the integrity of the data at risk.  An ELN lets you determine who can access what information. You specify the hierarchy of the project, stipulate who can use the data, and limit who can change the data. These features allow you to protect the data while you share it.
• Better lab stewardship
  At the heart of lab stewardship is the desire to improve quality while reducing lab costs. An ELN helps labs increase their stewardship by streamlining activities, reducing redundancies, and increasing efficiency.
• Lab-wide Integration and Collaboration
  This may be the biggest, overarching benefit. Integration reduces redundancies and the effects of human error while increasing communication and collaboration. Collaboration spawns ideas, generates teamwork, and enhances the work environment. Together, they facilitate lab-wide stewardship. Errors will still occur, but less frequently. And when they do, having an ELN in place makes them easier to spot and easier to correct.
  With an ELN, all researchers can access the data they need, but no researcher should be able to access sensitive data without authorization. Layers of protection guard the data from unauthorized changes while electronic signatures and time/date stamps provide an audit trail.

Characteristics of a Robust and User-friendly ELN

You’ve decided that an ELN makes sense for your lab. Now you need to select an ELN that will serve you well today and into the future. What traits make an ELN powerful, adaptable, and easy to use?

A second benefit of spreadsheet-based ELNs is that they have been scientists’ “tool of choice” for decades now. Excel is now over 30 years old. It’s more dynamic than it used to be, but is essentially the same tool researchers have relied on for years. An ELN based on a spreadsheet feels ‘right’ to many researchers. That results in decreased training costs resulting from 1) greater acceptance among scientists who view a spreadsheet as a valued tool, and 2) easier and faster integration since that format is familiar.

• Simplicity
  A strong notebook is a simple notebook in terms of how easy it is to understand and use on a daily basis. Simple notebooks are intuitive. They make it easy for researchers to take detailed notes (and locate them weeks or months later), to document equipment usage and calibration details, and to manage every aspect of the sampling process, from chemical inventory to sampling techniques.
• Compatibility
  An ELN needs to integrate with all your lab’s other tools. To do this effectively, it needs an API (Application Programming Interface) layer that can communicate with them. The usefulness of an ELN drops greatly if it requires you to “retool” all the other systems in order to implement it fully.

No ELN can guarantee that a lab will be compliant. Human actions ultimately determine whether a lab meets compliance standards. However, the software needs to meet technical requirements for compliance including a comprehensive and easy-to-follow audit trail and a framework that encourages lab-wide SOPs that meet compliance guidelines.

The most common objection to a cloud-based solution is data integrity. However, a responsible ELN provider will secure your data with redundant server data and backups, and will also provide regular archives to you for local storage. This guarantees your data can not be lost and allows you to switch providers if needed without sacrificing data continuity.

How to Implement Your ELN Successfully and Efficiently

“Implementing an ELN occurs as a transition–not at a fixed point in time.” Key people in your transition team will need to repeat that saying to themselves and others during the process. You’ll facilitate the implementation if you:

• Expect some resistance
  Among the researchers in your lab, you’re likely to encounter some or all of these objections to an ELN:
  • “There’s no real need to change.” These people may admit that the current procedures lack in some ways, but they fail to see a pressing need to disrupt the status quo.
  • “Our data won’t be secure, so all our work will be compromised.” This fear used to be more prevalent, but with increased levels of protection, has diminished, however, some scientists–especially those who meticulously follow data safety protocols and adhere to GLP –are still reluctant to trust an ELN.
  • “An electronic system will add one more layer of difficulty to our work.” Laboratory science is a complex world of testing and discovery that demands attention to detail and intense focus. Some scientists worry that an ELN will add an unnecessary level of complexity that will muddle or derail their professional focus and lead to costly errors.
  • “An electronic system is too expensive.” Each ELN is tailored to the lab that uses it. The cost varies based upon the number of users, the scale of the lab’s required services, and whether the ELN is hosted or located on-premise.
• Carefully choose the time you switch to an ELN
  There will never be a perfect moment to switch from paper notebooks to an ELN. Research and experiments already in progress will be disrupted. Everyone’s productivity will dip briefly while he or she acclimates to the ELN. However, given the financial benefits of implementing an ELN, waiting for the perfect moment could be very costly, both in terms of the rate of getting new products to market and in additional ROI the lab could generate with an efficient ELN. Unless the lab is facing a crisis, the best time to transition to an ELN is probably now.
• Take full advantage of the support team supplied by the ELN provider
  A good ELN provider will supply you with a support team during installation and transition. An excellent provider will make ongoing support available to you as part of their service. Having access to knowledgeable support personnel smooths the transition, calms the fears and doubts, and helps everyone adapt quicker.

How SciCord Provides a Powerful, Integrated Solution

SciCord is a spreadsheet-based hybrid ELN/LIMS that combines the compliance and structured aspects of a Laboratory Information Management System (LIMS) with the flexibility of an Electronic Laboratory Notebook (ELN). The ELN and LIMS functions integrate seamlessly and enable your company to quickly reap the benefits of enhanced data and time efficiencies as you continue to meet compliance standards and follow GLP.

Spreadsheets, Their Data, and Security

• Excel-based system with standard templates that can be adapted for your lab’s needs. New templates can be created by your lab personnel or by SciCord.
• Life-cycle-based program that records each step of each of your lab’s projects.
• To preserve data integrity, the document life cycle offers 3 levels of review – Self, Peer, or Peer Reviewer and Approver
• Audit history shows current and previous data as well as person and reason for change.
• Spreadsheet pages contain predefined calculations. Outlier data is automatically flagged.
• Documents and graphics can be added to the page or inserted as a separate page.
• Instruments can be linked directly to the page; reports can be permanently stored.

Document navigation and search

• Unique query function combines standard word/phrase search for Documents, Samples, and Resources
• Includes standard and customizable “Views” that can be filtered, sorted, ordered, named, and persisted for each user.

Asset management

• Records the location, ID, calibration details, expiration, and additional details of each asset.
• Assets can be linked via an interface connection.
• Includes resource usage details based on the Assets usage within the lab.

• Ability to take complex testing processes and simplify them in easy-to-follow steps, automatic calculations, and reporting.
• Work Requests generate tasks for lab personnel.

Creation of Permanent Records

• Template-based system saves time and reduces errors via automated calculations.
• Stores all sample results which can be queried. Specifications can be utilized.
• Instantly generates of Certificate of Analysis
• Compatible with visualization programs

---

Choosing an ELN solution is Complex

As an IT manager in the pharmaceutical industry, it is crucial to select an Electronic Laboratory Notebook (ELN) solution that meets the specific needs of your laboratory while also adhering to regulatory requirements set by the Food and Drug Administration (FDA). The process of selecting an ELN solution can be complex and time-consuming, but by following a few key steps, IT managers can ensure that they choose the right solution for their laboratory.

Criteria for selecting an ELN

The first step in selecting an ELN solution is to identify the specific needs of your laboratory. This includes determining the type of data that will be stored in the ELN, the number of users who will be accessing the system, and any specific compliance requirements that must be met. By identifying these needs, IT managers can narrow down the list of potential solutions and focus on those that are best suited for their laboratory.

Additionally, IT managers should also consider the vendor’s support and maintenance services. The ELN solution should be easy to use and should have a user-friendly interface. Additionally, the vendor should provide comprehensive training and support services to help IT managers and laboratory staff quickly become proficient with the system. The vendor should also have a reliable maintenance and upgrade plan.

Scalability is another key consideration when selecting an ELN solution. As the laboratory’s needs change over time, the ELN solution should be able to adapt and grow with the laboratory. The solution should have the ability to handle large amounts of data and should be able to accommodate an increasing number of users.

Finally, IT managers should also consider the cost of the ELN solution. This includes not only the initial cost of the system but also the ongoing costs of maintenance, support, and upgrades. IT managers should also consider the potential return on investment (ROI) of the ELN solution and how it will benefit the laboratory in the long term.

Conclusion

In conclusion, selecting an ELN solution for a pharmaceutical laboratory can be a complex and time-consuming process. However, by following a few key steps, IT managers can ensure that they choose the right solution for their laboratory. This includes identifying the specific needs of the laboratory, researching different solutions, evaluating the vendor’s compliance and regulatory experience, considering the vendor’s support and maintenance services, security, scalability, and cost. With the right ELN solution in place, IT managers can improve efficiency, compliance and data management in their laboratory.

---

Starting with the Basics: End-User Requirements in Lab Informatics

Has your team considered utilizing an ELN or LIMS, or Batch Record or Stability solution in the laboratory, but didn’t know how or where to start? End-user requirements for any informatics solution or platform are an important part and a good place to begin your journey towards a paperless lab.

SciCord has put together an example of what end-user requirements may look like for a laboratory:

---

1 Purpose

To define end-user requirements to support R&D, Quality Control, and Manufacture as implemented at Organization.

2 Scope

Implement a commercial off the shelf (COTS) application capable of supporting R&D, Quality Control, and Manufacture business organizations.

3 Abbreviations and Definitions

3.1 Abbreviations

ELN	Electronic Laboratory Notebook
LIMS	Laboratory Information Management System
COTS	Commercial off-the-shelf software
URL	“Uniform Resource Locator” – protocol for specifying addresses on the Internet.

3.2 Definitions

21CFR Part 11	Code of US Federal Regulations dealing with electronic records and signatures.
Closed System	Software environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.
Plug and Play	Term defining a process that allows functionality to be integrated into an existing application and which will work perfectly when first used or connected, without reconfiguration or adjustment by the user.
Configuration	Specific settings which define how the system operates, including roles and permissions.

4 Requirements

End-user requirements are designed to define the procedures and practices critical to support laboratory and production operations and associated documentation. Each end-user requirement is assigned unique requirement numbers to support traceability to test scripts.

4.1 Quality

UR-Qual-01	The system manages user roles for at minimum Administrator, Scientist, Data Reviewer, Sample Manager, Customer, and Quality Assurance.
UR-Qual-02	The system supports granular permissions for system functionality.
UR-Qual-03	The system manages a matrix of roles versus permissions.
UR-Qual-04	The system manages User definition – creation, activation, updates, deactivation, and role assignment.
UR-Qual-05	Grouping mechanism, such as the “site”, which governs the default scope of information displayed to a user. Site scope may be overridden to display a wider range of information.
UR-Qual-06	A mechanism must be available to expose specific information or documentation to internal or external customers
UR-Qual-07	Granular access to specific system information can be managed (Claims). This requirement adds an additional layer of control to permissions. Example: Use of an instrument is restricted to users completing a specific training exercise.
UR-Qual-08	The system enforces password strength and expiration in accordance with organizational requirements OR implements the organization’s LDAP system for single sign-on.
UR-Qual-09	The system provides archival of documentation and samples in long-term readable format.
UR-Qual-10	The system supports messaging both internal to the solution or via email. Messages are automatically generated based on user-defined events.

4.2 Document Lifecycle

UR-DocLife-01	The system supports a controlled document lifecycle including document status for: creation, in progress, optional review, optional approval, and complete.
UR-DocLife-02	The system supports rework, where reviewed or complete documents are returned to an editable state.
UR-DocLife-03	Documents may be canceled but may not be deleted.
UR-DocLife-04	Document content may be viewed in a read-only mode

4.3 Document Edit

UR-DocEdit-01	Document edit supports recording and formatting scientific information.
UR-DocEdit-02	Calculations are supported with Excel compatible formula functionality.
UR-DocEdit-03	Document edit supports cell content types: text, dates, numbers, and calculated formulas.
UR-DocEdit-04	Document Editor supports Copy & Paste operations.
UR-DocEdit-05	Document Editor supports URLs, Pictures, & Lines.
UR-DocEdit-06	Support in context Signatures within document content.
UR-DocEdit-07	Support temporary work on a document by a different user to record information.
UR-DocEdit-08	Support file attachment within document content.
UR-DocEdit-09	Support linkage between resource definition and resource usage.
UR-DocEdit-10	Support extraction of structured data
UR-DocEdit-11	Support data entry in standard spreadsheet and rich text formats.

4.4 Document Review

UR-DocRev-01	Support addition and management of review notes on a document. Notes must be removed when document is completed.
UR-DocRev-02	Support review alerts for visualization of situations requiring reviewer attention.
UR-DocRev-03	Highlight/mark all entries related to audited records under Review
UR-DocRev-04	Support partial reviews and multiple reviewers

4.5 Sample Management

UR-Spl-01	The system supports a controlled sample lifecycle including sample status for: creation, in progress, available, optional review, and optional complete.
UR-Spl-02	Support configurable sample types and configurable sample attributes.
UR-Spl-03	Support linkage between samples and documents.
UR-Spl-04	Support label printing for Samples. Include barcodes on the label.
UR-Spl-05	Support sample inventory.
UR-Spl-06	System supports management of hierarchical sample locations
UR-Spl-07	Sample task management is supported. Tasks should include at minimum: 1) what needs to be done, 2) who is responsible (individual or group), 3) start date and completion date

4.6 Support

UR-Sup-01	The preferred solution requires minimal overhead by the organization and is provided as SaaS (Software as a Service). The solution is provisioned, maintained, and fully supported by the vendor.
UR-Sup-02	The preferred solution is provided as a Closed System to be more easily validated and managed.
UR-Sup-03	The preferred solution provides an industry-standard data migration path such as XML to support transfer of organization data to another solution if circumstances require.
UR-Sup-04	The preferred solution features a modular architecture that can be easily enhanced and extended by adding plug and play modules & components.
UR-Sup-05	Scheduling of updates and releases are managed by the organization – not the vendor.
UR-Sup-06	Vendor validation package (Solution Requirements, Functional Specification, Design Specification, Test Plans, Test Executions, Matrix, Summary Report)
UR-Sup-07	Documented Backup and Recovery procedure.
UR-Sup-08	Documented Service Level Agreement (SLA) defining: · Service Availability · Support Coverage · Support Guidelines
UR-Sup-09	Issue Management

4.7 Compliance

UR-Comp-01	The solution supports flexible life cycles for documents, specifications, and samples. At minimum, life cycles must include author(s), reviewer(s), and approver.
UR-Comp-02	Screen locking can be implemented on organization defined “unused” time interval.
UR-Comp-03	A comprehensive audit trail is implemented. The audit trail should be easily displayed and understood by reviewers and auditors. Audit reasons can be required for change events.
UR-Comp-04	The solution generates a comprehensive “readable” archive bundle for long-term data storage. The archive bundles should be available for storage inside the organization’s network.

4.8 Data

UR-Data-01	The solution supports definition of structured data in the format Test-Measurement.
UR-Data-02	Structured data is associated with samples or documents.
UR-Data-03	Structured data includes definition of analyst, date, units, replicate number, method, and method version.
UR-Data-04	The definition of structured data may be extended through a set of flexible qualifiers.
UR-Data-05	Structured data is displayed for a specific sample or for a filtered group of samples.
UR-Data-06	Structured data may be queried from a DataMart. The DataMart tables should be in stacked or in wide form tables to support queries from third party visualization tools such as JMP, PowerBI, Spotfire, Excel, or Visio.
UR-Data-07	Specifications can be applied against structured data. Specification should at minimum support warning and error limits for text or numeric data. The results associated with a specification are displayed with outcomes.

4.9 Reports

UR-Rep-01	Reports can be generated for structured data in either pdf or spreadsheet format.
UR-Rep-02	Basic reports can be defined using a set of filters available in the user interface.
UR-Rep-03	Advanced reports can be defined by the organization by users with a knowledge of spreadsheet applications.
UR-Rep-04	Reports can be scheduled and delivered either via email or to a defined folder within the system.

4.10 Interface

UR-Inter-01	Solution supports real-time connections with instruments such as balances and pH meters.
UR-Inter-02	Instrument files can be attached to documentation.
UR-Inter-03	Attached instrument files can be “parsed” to extract specific information for additional processing or reporting.
UR-Inter-04	Instruments can “print” directly to the solution using a printer driver.
UR-Inter-05	Custom interfaces are provided for specific instrument applications
UR-Inter-06	Chromatography interface is provided for industry standard vendors (Waters, Agilent)

4.11 Resources

UR-Res-01	The solution manages resources such Standards, Solutions, Supplies, Chemicals, Protocols, and Methods
UR-Res-02	Resource usage can be identified – instances where a resource was used within a specified date range.
UR-Res-03	Manage Resource Expiration dates and availability
UR-Res-04	Manage Resource location
UR-Res-05	Manage Resource inventory
UR-Res-06	Manage Instrument logbooks including metrology (calibration due dates, in/out of service, scheduling, and recording preventative maintenance).

4.12 Extensions

UR-Ext-01	The system provides Analytical Documentation modules.
UR-Ext-02	The system provides Manufacture Batch Records.
UR-Ext-03	The system provides a Training module.
UR-Ext-04	The system provides a Document Management module.
UR-Ext-05	The system provides a Stability module.

4.13 21CFR Part 11 Records

UR-CFRRec-01	Limited and authorized system access. [11.10(a)]
UR-CFRRec-02	Limited access to selected tasks and permissions. [11.10(a)]
UR-CFRRec-03	Computer generated audit trail. [11.10(a)]
UR-CFRRec-04	Accurate and complete copies. [11.10(a)]
UR-CFRRec-05	Binding signatures with records. [11.10(a)]
UR-CFRRec-06	Procedures should be in place to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection. [11.10(b)]
UR-CFRRec-07	Records must be protected to enable their accurate and ready retrieval throughout the records retention period. [11.10(c)]
UR-CFRRec-08	Procedures should be in place to limit system access to authorized users [11.10(d)]
UR-CFRRec-09	Procedures should be available to use secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. [11.10(e)]
UR-CFRRec-10	Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as required for the subject electronic records and shall be available for agency review and copying. [11.10(e)]
UR-CFRRec-11	Procedures should be available to use operational system checks to enforce permitted sequencing of steps and events, as appropriate [11.10(f)]
UR-CFRRec-12	Procedures should be available to use authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand. [11.10(g)]
UR-CFRRec-13	Procedures should be available to use device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction. [11.10(h)]
UR-CFRRec-14	Procedures should be available to determine that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks”. People qualification is a GxP requirement and not specific to Part 11. [11.10(i)]
UR-CFRRec-15	Procedures should be available to establish, and adhere to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification. [11.10(j)]
UR-CFRRec-16	Procedures should be in place for appropriate controls over systems documentation including: (1) Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance. (2) Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation. [11.10(k)]

 

4.14 21CFR Part 11 Electronic Signatures

UR-CFRSig-01	Signed electronic records shall contain information associated with the signing that clearly indicates all of the following: (1) The printed name of the signer; (2) The date and time when the signature was executed; and (3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature. (4) The items identified in this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout).
UR-CFRSig-02	Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means
UR-CFRSig-03	Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else. Before an organization establishes, assigns, certifies, or otherwise sanctions an individual’s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual.
UR-CFRSig-04	Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures. (1) The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville, MD 20857. (2) Persons using electronic signatures shall, upon agency request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer’s handwritten signature.
UR-CFRSig-05	Electronic signatures that are not based upon biometrics shall: (1) Employ at least two distinct identification components such as an identification code and password. (i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual. (ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components. (2) Be used only by their genuine owners; and (3) Be administered and executed to ensure that attempted use of an individual’s electronic signature by anyone other than its genuine owner requires the collaboration of two or more individuals. (4) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners.
UR-CFRSig-06	Persons who use electronic signatures based upon the use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include: (a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password. (b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging). (c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls. (d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management. (e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner.

 

---

Informatics Platform for Quality Control (QC) Labs

Quality control (QC) labs play a crucial role in the pharmaceutical industry by ensuring the safety and efficacy of drug products. These labs are responsible for conducting a wide range of tests, including raw material testing, in-process testing, stability testing, and finished product testing, among others. With the increasing complexity of drug development and the need to comply with regulatory requirements, quality control labs face numerous challenges in managing and organizing their data.

To overcome these challenges, many quality control labs are now turning to Lab Informatics Platforms. The SciCord Informatics Platform is a computer-based systems that provide a centralized platform for managing and storing laboratory data. These solutions offer numerous benefits for quality control labs, including improved data management, enhanced data accessibility, streamlined workflows, and regulatory compliance.

Enhanced Data Accessibility

Another benefit of these tools is enhanced data accessibility. These solutions provide easy access to laboratory data for stakeholders such as QA/QC, R&D, and regulatory authorities. With SciCord Informatics Platform, quality control labs can share their data with stakeholders in real-time, improving communication and reducing miscommunication.

Streamlined Workflow

Another benefit of Informatics Platforms is streamlined workflow. These solutions can automate and streamline laboratory workflows, reducing manual efforts and errors. For example, these tools can be used to automate the creation of test protocols, reducing the time and effort required to complete these tasks.

The SciCord Informatics Platform can track laboratory work, making it easier for quality control labs to monitor progress and ensure that work is completed on time. Work requests within our tool notify scientists when certain tests need to be executed against specified samples. A calendar view allows managers to see the day’s and upcoming weeks work and plan accordingly.

If you are looking for a solution to improve data management and regulatory compliance in your quality control lab, consider the SciCord Informatics Platform. With the right solution, you can improve efficiency, reduce errors, and ensure that your data is secure and accessible. Digital lab solutions are a valuable investment for quality control labs in the pharmaceutical industry and can help you stay ahead of the curve in the ever-evolving pharmaceutical industry.

---

Securing Your Data with SOC 2 and ISO 27001: Ensuring Trust in Our Informatics Platform

Our platform is strategically built upon the robust Microsoft Azure Cloud infrastructure, recognized globally for its state-of-the-art data security features, comprehensive compliance capabilities, and unmatched scalability. By harnessing Azure’s advanced security controls, robust encryption mechanisms, and continuous monitoring protocols, SciCord guarantees the utmost integrity and confidentiality of your sensitive data, effectively shielding against diverse cyber threats and vulnerabilities.

In addition to leveraging Azure’s built-in security capabilities, SciCord maintains rigorous Standard Operating Procedures (SOPs) meticulously crafted to establish a structured framework for implementing and enforcing stringent security measures. These SOPs, accessible to all our clients, encompass critical aspects such as Access Control, Privileged Access Management, Incident Response Planning, Backup and Recovery Procedures, and Change Management Protocols.

Incident Response Planning: SciCord maintains a comprehensive incident response plan (IRP) designed to swiftly and effectively mitigate security incidents. This proactive approach includes predefined escalation procedures, incident categorization, containment strategies, forensic analysis capabilities, and communication protocols to minimize disruption and ensure prompt resolution.

Backup and Recovery Procedures: To safeguard against data loss and ensure business continuity, SciCord implements robust backup and recovery strategies. Regularly scheduled backups are conducted with strict adherence to industry best practices, ensuring data integrity and availability in the event of hardware failures, natural disasters, or malicious attacks.

Change Management Protocols: We adhere to stringent change management practices to carefully orchestrate and document changes to our systems, applications, and infrastructure. Each change undergoes thorough assessment, testing, approval, and implementation procedures to mitigate risks and maintain system stability and security.

What is SOC 2?

SOC 2 (Service Organization Control 2) stands as a preeminent auditing standard developed by the American Institute of CPAs (AICPA). It focuses on five critical trust service criteria: security, availability, processing integrity, confidentiality, and privacy of customer data. Achieving SOC 2 compliance underscores our dedication to maintaining a secure environment for your valuable information.
Implementing SOC 2 involves:

1. Security: Our systems and infrastructure incorporate multiple layers of security controls to thwart unauthorized access and mitigate cyber threats effectively.
2. Availability: The SciCord platform ensures high availability, minimizing downtime and disruptions to your operations.
3. Processing Integrity: We maintain data accuracy and completeness through stringent controls over processing activities and data manipulation.
4. Confidentiality: Your data remains confidential through robust access controls, encryption measures, and policies that prevent unauthorized disclosure.
5. Privacy: Personal and sensitive information is shielded from unauthorized handling or exposure.

ISO 27001: Elevating Our Security Practices

ISO 27001 serves as a globally recognized information security management standard, providing a systematic approach to safeguarding sensitive data’s confidentiality, integrity, and availability.
Our implementation of ISO 27001 includes:

1. Risk Assessment: Thorough risk assessments identify potential security threats and vulnerabilities, enabling us to implement effective risk mitigation strategies.
2. Information Security Policies: Our SOPs guide team members in securely handling data, fostering a culture of heightened security awareness.
3. Access Control: We enforce stringent access controls to ensure only authorized personnel access sensitive data, minimizing the risk of data breaches.
4. Regular Auditing and Monitoring: Continuous monitoring and audits of security controls identify and address potential system weaknesses proactively.
5. Incident Response: A well-defined incident response plan enables us to swiftly minimize the impact of any security incidents and facilitate quick recovery.

Your Trust is Our Priority

For a comprehensive list of our compliance offerings via Azure, please refer to the Azure compliance documentation. Additionally, we make our internal SOPs and guidelines available upon request.
Use our SciCord Informatics Platform with confidence, assured that industry-leading security practices protect your data. For inquiries about our security protocols, compliance benchmarks, or data management procedures, please contact us. Your peace of mind is paramount, and we are committed to ensuring your experience with us is secure, smooth, and successful.