Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agilent ChemStation Plus

Similar presentations

Presentation on theme: "Agilent ChemStation Plus"— Presentation transcript:

1 Agilent ChemStation Plus
Instrument control, data analysis and data management

2 Topics Contents Overview ChemStation ChemStore Security Pack
Method Validation Pack ChemAccess Summary

3 What is ChemStation Plus?
Overview ChemStation Core-product for instrument control,data acquisition, simple data review & reporting + any of the following modules; ChemStore ChemAccess Security Pack Method Validation Pack = ChemStation Plus

4 Requirements Speeding up the advanced second-pass data review
Overview Speeding up the advanced second-pass data review Including statistics, custom calculations, charting with control limits and powerful reports Hardware related performance data performance of each module, column quality, system suitability trends... Security Data storage (raw data and results) in ChemStation Plus is compliant with the latest rules of the FDA (21 CFR part 11) Long-term data storage and data management Built-in automatic archiving and backup tools help in handling large data amounts Analytical method validation Automated method validation from planning to overall validation report Having a new product is always exciting for the vendor but what is the excitement for the potential user? This slide lists some items that our customer highlighted as helping them in their work practice: They can be grouped in two categories those that make the instrument users’ daily life better and easier. As an example, ChemStation Plus C/S offers a lot of calculations and statistics that the users had to perform in the past manually or in another program/application. It also offers a visualization of the results in trend charts, just with two mouse clicks. No longer sorting and archiving results from various sources (ChemStation, MS Excel…)together; use ChemStation Plus C/S to have all information in one place. A place that is secure. The security of this place brings us to the second category of supporting the work practice those that make the lab managers’ and IT guys life more relaxed and easy: Secure data storage, built-in archiving tools and a preconfigured installation process make the central data storage easy with a minimum of support work during the product lifetime. In terms of an audit, ChemStation Plus C/S makes sure that you have all chromatographic data and results available, that you can prove every access to your data and that you stored it regularly and avoided unauthorized copying, deleting or manipulation of the data. To understand what hardware and Software is required to achieve these benefits, let’s briefly look at the Software product structure:

5 ChemStation Plus offers...
Overview ChemStation Easy-to-use graphical user interface and full level-4 instrument control for a wide variety of chromatographic instruments. ChemStore Increases lab productivity by providing a tool for easy management of your chromatography data in a relational database. Security Pack Full support of your compliance needs to pass audits easily. Method Validation Pack Automated method validation according to USP, EP, ICH and FDA guidelines following the guidelines of 21 CFR part 11. ChemAccess for effective management and operation of a networked laboratory by providing remote system monitoring and control, plus centralized information storage.

6 ChemStation ChemStation ChemStation – Easy-to-use graphical user interface and full level-4 instrument control for a wide variety of chromatographic instruments.

7 Level-4 instrument control for multiple techniques
ChemStation Level-4 instrument control for: LC GC LC-MS CE* CE-MS* A/D-Converter LAN and GP-IB interfacing

8 Unique level-4 features
ChemStation Column ID tags for identification of the analytical column Micro chip stores all important columns information including an injection counter Storage of instrument firmware revisions and serial numbers Needed to fulfill the needs of 21 CFR Part 11

9 Powerful data analysis
ChemStation Batch review for first-pass data review 3D data analysis with spectra evaluation, peak purity, spectra libraries and iso-plot

10 Diagnostics and EMF Maximising instrument up-time through:
ChemStation Maximising instrument up-time through: Automatic alerts for instrument maintenance Minimizes cost of ownership Advanced 1100 instrument diagnostics for fast and easy trouble- shooting

11 Fast and reliable instrument qualification
ChemStation Built-in verification package (OQ/PV) allows instrument qualification in less than an hour. Tests like wavelength calibration document the specified and actual values on paper and on disk.

12 Agilent ChemStore ChemStore Database solution for single-user or networked ChemStations Increases lab productivity in the laboratory by providing a tool for easy management of your chromatography data in a relational database.

13 Data organization Data organization Data organized in studies
ChemStore Data organization Data organized in studies Level of data storage defined per study Include your own custom fields in study to add supplemental data

14 Study-based data access and security levels
ChemStore The ChemStore study Highest organizational element On a study configurable data access for users Data security on a study level separate “container” for Part 11 and non-Part 11 data Study-based archival of data The ChemStore study is the highest data organization element in the database - typically managing all tests for one lab, one compound or or one series of tests

15 Custom fields Custom fields
ChemStore Custom fields To add supplemental ChemStation data or non-chromatographic data Select from a pool of custom fields Define new fields of type True/false Selection list Integer or Real number Text Date/Time Selection list allows to specify a collection of default values If the user wants to store also non-chromatographic data, the ChemStation Plus custom fields will offer this feature. Custom fields are a very powerful but easy customization tool: Custom fields can contain any additional non-chromatographic information, their number per run is nearly unlimited and they have the same function as result entries in ChemStore: The user can query on custom fields, apply filters, sort data etc. Custom fields can have different types: A checkmark true/false type They can contain a selection list that will only be setup once and can be used later by just clicking on one item of the list, example would be a custom field for colours and a selection list with the occurring colours like green, blue, yellow red, etc. Advantage: Speed up the data entry process from typing to one mouse click and avoiding wrong entries. A free text entry A real or integer numeric entry An additional date and time entry

16 Result storage Data transfer is set up in the ChemStore menu
Select destination study Define custom field values Use “After each analysis” for automated transfer Automatic data transfer after each run in single run or sequence mode, or Manual data transfer from Data Analysis screen AIA Import of data from other vendor’s system Note: with security pack, the transfer checkmark is set by default and can not be disabled! Now let me demonstrate how easy the data transfer can be handled between the two applications: The ChemStation Plus installation adds one menu item in the ChemStation top level menu. This item brings the user to additional menus to setup the transfer. Four mouse clicks guide the user through all items that need to be configured. The fifth click is then the save sequence button that allows to save the transfer settings and keep them with the sequence. The interactive transfer is as easy as the automated one, as the next slide will demonstrate this using the batch review as an example:

17 Data review One query result for review, charting and reporting
ChemStore One query result for review, charting and reporting Review, table or charting view Query and filter tool ChemStore report template creation tool Switch between sample- and compound-focused view left pane = run table (sample view) compound table (compound view) right pane = review layout table layout chart layout => depending on selection on main toolbar Summary statistics are displayed on the bottom of table layout in each view. Regression statistics are available from a separate view when enabled (plus regression chart).

18 Filter for query builder
ChemStore View studies allows users to query for data from all studies, or to restrict the data shown in the query dialog to data items only contained in a specific study

19 Control charting of results
ChemStore Define columns for table view and results to be charted at the same time Define upper and lower warning limits and critical limits This slide now finally visualizes the charts layout. Charting is mainly used to give a fast overview for complex results or hundreds of data points. The user can also add control and warning limits to this chart, based on the statistics or configured individually. As an example, a lab supervisor wants to check the quality of his control samples over the last six months by creating a query for the sample type “control” adding the monitored compound name and press “retrieve query”: He chooses to visualize the peak area versus the injection time. In order to get the immediate feedback from the charts, he adds the limits based on his SOPs. The chart displays the two lines for the limits and a graph for the datapoints. That’s it. Across instruments, regardless of the operator, regardless of the lab where the samples were ran. This work is in the daily labs quite often still done with Excel or other 3rd party applications with a manual data entry. ChemStation Plus offers tools to speed up this reviewing dramatically! And in addition, the result can also be printed directly from the user interface without touching a report editor or creating templates: ChemStation Plus has a built-in “print view” command that allows to print the actual screen! With the three views, Graphics, tabular and charting, the user can easily review the data in all different ways. Now the next step of course is to decide on the quality of the results, are they ok, do we need to reanalyze or what? ChemStation Plus offers this functionality as well:

20 Statistical results review
ChemStore Get summary or regression statistics, for example, for compounds Customize your table to display results of interest Get summary statistics such as mean value, SD, %RSD or regression statistics Print the results or export to MS Excel Sort with two mouse-clicks This slide displays the screen look of the table layout. In case the user wants to perform additional calculations on the numeric results or have a statistical summary of the data, he can use the appropriate tools shown on the next slide to perform this mathematical work with the data.

21 Custom calculations The ChemStore custom calculator facilitates:
Cross-compound calculations (relative retention times, relative area) Calculations across two runs (concentration ratio) Calculations based on (statistical) results (average from repetitive injections)

22 Second pass data review
ChemStore Approval (A) Records who approved results and when Only authorized users Reject (R) Records who and when results rejected Batch (B) Runs to transfer back to ChemStation Controlled access for GLP ChemStation Plus C/S has built-in the tools to electronically finish the review process with the final decision ok or not ok: The user with the appropriate permission rights first marks the runs in the the list for Approval Rejection or Batch reprocessing The second step is perform the marked activity using another tool. This tool requires a password reconfirmation and a mandatory comment for the approval or rejection. This two step approach is compliant with the recent FDA rule 21 for electronic signature. The retransfer into the batch review is also a user privilege, but does not require a password confirmation as this step is not meant to be the end point of the second pass data review. The transfer setup of the batch is shown on the next slide:

23 Batch creation Batch functions Select runs for a batch Select method
ChemStore Batch functions Select runs for a batch Select method Assign to a person Status of pending batches Smooth integration with the ChemStation Productivity gains Faster review, reprocessing Proper person performs the work Easy to learn and use Each run marked for batch review will be displayed individually on the left hand panel of the batch setup menu. The user decides to submit all runs to one batch or to create more than one batch using the individual run selection with the single arrow icon. If the user wants the operator to use the original method to reanalyze the data in the ChemStation, he can decide to add the method in the correct version from the “used method” screen. If the user wants only one dedicated operator to reanalyze the samples, he will assign this batch to a certain user. The users are displayed with their log-in name. Eventually, a comment can be added that might tell the ChemStation operator what tasks he is supposed to perform. The last step is to press the submit batch button and wait for the confirmation “batch submitted successfully”. The assigned ChemStation user will find this batch in his ChemStation data analysis view under load batches from ChemStore. If the batch was assigned to all users, they all would find the batch and the first one to come will be the one to reanalyze the batch. Assuming we have finished our report with the run approval, there might still be somebody out there who wants to have a printed report. ChemStation Plus has a built-in report section to perform any report customers would like.

24 Report generation Integrated tool for report creation
ChemStore Integrated tool for report creation A variety of report templates already included For example, full-featured report similar to ChemStation Sequence Summary Report Chromatogram and spectra in report All calculations printed with report

25 Automated archiving Automated archiving Scheduled automatic archives
ChemStore Automated archiving Scheduled automatic archives Pre-defined queries and time intervals Checksum-protected XML catalog file Bi-directional generic archive interface List of defined archive queries External archive management system

26 Defining archive queries
ChemStore Archive name and file location Archive query condition Selected set of criteria: archive query equals combination of criteria Archive frequency

27 Easy and fast retrieval of archives
ChemStore Generic XML catalog file For indexing of archives in archive management system – simplifies retrieval Generated with each ChemStore archive unit Contains detailed information on the archive content: sample information (sample name, acquisition info) result information (results, approval status) XML archive catalog TOC (or other external archive management system) Managing ChemStore archives in Cerity ECM

28 Security Pack Security Pack Calculations and statistics For full support of your compliance needs to pass audits easily Your information Reporting Charting Archiving and organization Security and compliance

29 21 CFR Part 11 Security Integrity Traceability Limit Access
Security Pack Security Integrity Limit Access Prevent data modification Change control Link Raw Data and Results Traceability The focus of FDA inspections has changed from equipment hardware to software and to data traceability, integrity and security, driven mainly but not only by FDA’s regulation 21 CFR Part 11. Regulatory requirements, inspection and enforcement practices are quite dynamic. What is appropriate today may not need to be appropriate tomorrow. Regulations change but more often it is the inspection practices that change. In the early 90’s the focus of inspections was on basic requirements of GLP and GMP, but then it changed to equipment hardware and later on to software and computer systems. The three “pillars” of 21 CFR part 11 are Security through access control and data protection, Integrity achieved by rigorous change control and unbreakable linkage of raw and meta data to the result, and Traceability by documenting all changes in an audit trail and retaining all result versions. The following slides demonstrate how the MSD Security ChemStation implementation supports the requirements from 21 CFR Part 11. Who did what when and why? Previous entries must not be obscured

30 Part 11 Technical Controls
Security Pack §11.10a Systems must be validated (P) §11.10b Accurate and complete copies (T) §11.10c Protection of records (P,T) §11.10d Access limited to authorized individuals (P,T) §11.10e Secure, computer-generated, time-stamped audit trail (T) §11.10f/g/h Checks (device, authority, system checks) (T) §11.50 Signature manifestations (T) §11.70 Signature/record linking (T) § Uniqueness of E-signature to individual (P,T) § E-signature components and controls (P,T) § Controls for identification codes and passwords (P,T) This is a summary of the sections of the original rule that are most affected by the new guidance. Validation of systems that create/maintain electronic records to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records Ability to create accurate and complete copies of records The system must allow the creation of accurate and complete copies of the electronic record in human readable as well as electronic format for inspection and review by the FDA. Protection of records (e.g. by appropriate NTFS security or database protection) to enable their accurate and ready retrieval throughout the records retention period. Limit system access to authorized individuals Authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system Use secure, computer-generated, time-stamped audit trails (previous information is not obscured) Operational system checks (to enforce permitted sequencing of steps and events, as appropriate) Signature manifestation - the signed record has to contain date and timestamp, name of the signer, reason for signing Linking - signature has to be tied to the record Uniqueness is tied to Windows user administration, User ID AND password are required, mandatory logon etc., Password renewal periods, length etc. Additional SOPs are required for… -The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification. -Use of appropriate controls over systems documentation (controlled distribution of, access to, and use of documentation for system operation and maintenance) -Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation. Sufficient education, training and experience for persons who develop/maintain/use electronic record systems. (not mentioned on this slide) P = Procedural controls (usually the responsibility of the pharmaceutical company to develop) T = Technical controls (usually the responsibility of the supplier to develop)

31 General rules for paperless record systems
Security Pack Appropriate control procedures for the laboratory (SOPs) System that fulfills the FDA guidelines for electronic records and electronic signatures 1 + 2 = General rules for implementing a paperless record system Generally, the implementation consists of procedural controls that must be established in the laboratory and product functionality built into the data system that is used to implement the paperless record processes. It is important to understand that the design of the Agilent software is based on a closed system. This is achieved by implementing procedural controls, i.e. access security rules established in the lab so that only authorized individuals physically have access to the systems - exactly like obtaining access to the Tower of England by passing the security guards. The following slides illustrate the main rules that the electronic records implementation has to satisfy.

32 System Validation (§11.10a)
Security Pack “The systems used for the creation and maintenance of the electronic records must be validated” Validation by the vendor Development qualification Validation by the user Formal acceptance testing Installation qualification Operational qualification (OQ/PV) Performance qualification Users may outsource validation services to the vendor The MSD Security ChemStation is validated during design and ships with a declaration of system validation to the internal quality processes at Agilent. On the other hand, formal acceptance testing is expected from the user. The objective of this test is to ensure that the system supports the work-practice of the laboratory based on the established operating procedures. Note: Functionality not covered by the system itself may be covered by a procedural control (SOP). Users may perform the validation tasks themselves or may decide to purchase the validation services from a qualified party (typically the vendor).

33 System validation Agilent validation services
Security Pack Agilent validation services Installation Qualification (IQ) Operational Qualification (OQ) Procedures and documentation that meet the requirements of GLP, ISO 9000 and other regulatory agencies Agilent delivers a fully qualified data handling system together with all necessary services, which are needed to implement such a system to meet the requirements of the FDA regarding 21CFR Part11. Agilent offers additional validation services for installation qualification (IQ), operational qualification (OQ) and ongoing performance verification (PV) for hardware and software. As part of this service a document is compiled that describes the installed configuration and documents the results of the executed IQ and OQ procedures.

34 Limited system access (§11.10d)
Security Pack “System access must be limited to authorized individuals” Procedural controls (SOP‘s) Automatic system controls The ChemStation family of products ships with Microsoft Windows operating system and takes advantage of it's inherent user access security capabilities. Access Control requires procedures controls (SOPs) in the lab. These SOPs define physical access controls and authorization levels of the individuals working in the lab. Secondly, the employed computer system has to provide automatic system controls. These controls have to be enabled and configured to match the established access control SOPs. Most automatic system controls can be implemented using the means provided by the Windows operating system. Examples are: - user authentication through secure logon - protection of files and folders using NTFS security - inactivity timeouts - system policies (e.g. disable access to the command prompt)

35 Managing access security
Security Pack What? Accounts/groups? Password security? File security? Set inactivity timeout? How? Windows user management! Windows password policy! NTFS permissions! Time-based application lock! Typically, the IT department of a regulated facility has already implemented several layers of security in the operating system of the end-users. IT groups define security and password policies and apply formal rules for assigning user account names and passwords. In many cases, access restrictions are already implemented on the file servers to ensure integrity and confidentiality of data. Ideally, a chromatography data system should just tie into the security mechanisms offered by the operating system.

36 User management User management Mandatory login
Security Pack User management Mandatory login Complements NT security scheme Password policies with automated account lockout, expiry date and minimum length Users must be set up for access to the database You can see here the log-on screen to connect to Agilent ChemStore with the required password and the user administration showing how to set up new users with their exclusive password. In a regulated environment, the user receives a blank initial password with his/her user ID and is prompted to define the individual password him/herself. Thus, the application ensures that the user identification remains really unique to the user and is not known even to the system administrator. In addition, a minimum length and expiring dates of the passwords are configurable. The user administration is of course also protected by the user privileges and should only be granted to a person with administration rights. More details on the user rights are given later in the presentation.

37 Session locking Security Pack For periods of unattended operation security pack provides for: Explicit lock function Private session locking when leaving the session unattended such as during a break Non-private session locking such as for shift changes Configurable inactivity timeout Releasing requires authentication with both user ID and password For periods of unattended operation the software provides for: Explicit lock function for private session locking when leaving the system unattended (for example, during a break) Non-private session locking (for example, for shift changes) Configurable inactivity timeout (unlocking requires reauthentication with both UserID and password). Beyond the initial user authorization, part 11 also requires certain security for the unattended operation of workstations. Users that leave their desks must have security tools installed that secure their data during unattended instrument or PC operation or during intended operator changes: ChemStation security pack has a built-in APPLICATION-SPECIFIC application lock that covers both the instrument acquisition SW ChemStation and the archiving and data organisation application. The application lock exists in two flavors: As an NT like “private lock” that allows only the original user or a person with database administrative capabilities to unlock the session and A non-private lock that allows all authorized users (for shift changes) to unlock the session. In addition, this session lock must offer a way of automated setup for all regulated labs: This is implemented with the time-based application lock that automatically locks the session after an administrator-defined time interval. This application lock is stored in the database and applies to all systems in one network cluster. Requirement: …for short periods of unattended operation, there should be an inactivity timeout... NT screen saver is not a solution because it doesn’t support multiple users Solution: Database-wide application-specific system lock in two flavors: privately and non-privately (I.e for shift changes) Offer manual and time-based lock feature Can also be started during data acquisition Documents all operator activities including the current instrument session, the full operator ID and the date and time of the action. 100% system protection also covering shift change and short “coffee breaks”

38 Record protection (§11.10c)
Security Pack “Records must be protected to enable accurate and ready retrieval throughout the record retention period” Sign Secure Maintain integrity Retrieve

39 Linking and versioning
Security Pack Data integrity is ensured by storing all results, raw and meta data (sequence, method, etc.) in a relational database Data can be buffered on acquisition PC Each version is added to the record - iterations are stored as revisions in the database Transfer is documented and checksum protected No data is ever overwritten! Beside the basic numeric results that are always transferred into Agilent ChemStore, the study setup enables the user to store the chromatograms and spectra of the run and in the client/server version also, raw data, processing method and processing sequence. In case the user wants to free up space on his/her hard disk, he can optionally decide to delete the raw data from the hard disk after the transfer. These options allow to optimize the database and the hard disk for minimized storage or for a maximum of security. If the user needs high security, he will decide to store raw data, sequence and methods always in the database and maybe keep a local copy on the PC to perform a proper backup. If the data storage must follow the E-SIG guidelines, the user always has to store raw data, methods and sequences in the Oracle database. Optimizing for disk space would only include numeric results in the database to have the tabular data review functions. The user has a broad range of choices to setup this data storage individually according to his/her individual needs. Have in mind that the data amount of the results of a DAD or LC_MS run may vary from Kbytes storing just numeric results to more than 3MB storing all data and all spectra including the raw data in the database. More details and recommendations for the setup are given in the installation manuals to help the user determine the right setup for the database.

40 Data integrity Security Pack Data integrity equates to secure, version-controlled, unbreakably linked and centrally stored data No data is ever overwritten All calculated results are stored as individual revisions in the database All revisions are automatically linked to original injection run No deletion of single run versions possible – either all versions or none Audit-trail documents all versions with timestamp and operator ID Compliance for full data integrity not only requires to store all electronic data, but also to ensure a complete versioning all results. What makes versioning complete? no overwriting or deleting of one or several versions of reprocessing result copies No interactive “definition” of a run copy as “this is (not) a new version - versioning must be generated by the application software Link raw data, all result versions and the meta data unbreakably. The reason for this restrictive definition is the FDA guideline to store all steps of a result creation from data acquisition to the final result - auditor like to go into the data and ask for the recreation of the result of version 5 out of the 8 result version with one particular injection! ChemStation Plus fulfills ALL of the above requirements: each run (regardless of its origin as a new data acquisition or a reprocessed copy) that is transferred to the database crates a new entry in the run list and a new line in the audittrail table of this “raw data” data set. An additional idea how users can answer the auditor’s question of all data of version 5 of run XY is given in slide 17.

41 ChemStore spooler The ChemStore spooler works like a printer spooler:
Security Pack The ChemStore spooler works like a printer spooler: Prepares the background data transfer Buffers the data if a transfer problem occurs Can be paused and resumed Removes the buffered data from local drive after successful transfer One of the common questions is “how can I make sure that I do not have a loss of data if my network goes down? And how do I avoid then any duplicated storage of my data?” The answer to both questions is our spooler that handles the data transfer from the ChemStation into the database (either Oracle or MS Access). The spooler’s job is divided into three steps: Copy the ChemStation result data and initialize the network transfer Provide a security storage if the network goes down or another problem during data transfer occurs. The spooler stores the files and displays a list of those files that were not properly transferred. Thus, the spooled transfer enables customers to continue the data transfer after the transfer problem was solved and it makes sure that all data are transferred correctly without duplication or loss. Then the spooler manages the correct fill in of the data into the database Eventually, after step three has been finished the spooler deletes the raw data from the local hard drive, if this options was enabled in the study setup. The whole process of the data transfer is also documented in the PC. The data transfer from the ChemStation is documented in the ChemStation logbook, the data arrival in the database is documented in the ChemStore audit-trail table as “new entry” with the processing timestamp and operator. NB: My feeling is that this approach is a very smart solution to the “network down” concerns of customers, make sure that each customers ask other vendors how they solve this problem and if they also have such a smart solution.

42 Audit trail (§11.10e) Security Pack “Secure, computer-generated, time-stamped audit trails must be used” Who did what, when and why? The FDA rule requires that audit trails be generated automatically and independently of the operator. Audit trail information has to carry time stamps and the operator name in a humanly readable format.

43 Results audit trail Includes change history
Security Pack Includes change history Computer-generated & user-independent Time-stamped (local time zone information) The Agilent ChemStore audit-trail documents each activity in the database with the name and the time stamp of the user. The audit trail documents each change in run status or results with a new entry in the audit trail. It stores all comments of the change history thus ensuring full data integrity and traceability. Sensitive functions like run approval require a password confirmation providing the two items required for the electronic signature: The unique user-ID given by the log-in and the password reconfirmation to identify the signing user as the right one. This functionality is exactly what the FDA CFR 21 part 11 requires: A combination of User-ID and unique password protected identification tool. However, the requirements of traceability go beyond the current signing of one or a set of runs; they also want to have a fast overview of all sample related data. Sample related data like, what method version was used for the calibration? Where is the original sequence stored? Where do the raw data reside? What instruments were used for analyzing the sample? Which computer acquired the data? The next two slides will show that it takes less than ten seconds to answer the whole set of questions: Includes manual integration details Printable

44 Database logbook Executing user and time stamp of activities Event
Security Pack Executing user and time stamp of activities Event Affected user Application and client details Logbook documents application-related activities that are relevant to security and data integrity. For example, the administrator removed access restrictions for the guest account. The database logbook represents the audit-trail of the entire application. It stores all events that reside in the application and can not be linked to an individual sample. Examples are the login/logout of users, the start of the session lock, failed logon attempts and as shown here, it also documents changes in the user rights for a full backwards traceability of user rights Access to event details Query for specific events

45 Database logbook event details
Security Pack Check for data access status: detailed modification of permission rights Query all entries for the relevant setting: the time interval, the user and affected user plus the reason for the entry

46 Run information screen
Security Pack Injection information Processing information Data storage Restore raw and meta data to a human-readable format Direct access to audit-trail, instrument and column configuration Remember the auditor asking for the data of version 5 of run XY and how it was calibrated? Here is ChemStation Plus’ answer: Mark the run of interest in the run list and click on “run information” - the screen shots show the display of the run information. All raw and meta data are available either with their current location or directly (like time, operator etc). The run information answers all questions on injection, run time, raw data, method and method version and the sequence location! Three additional buttons offer access to all additional data and parameter like column information and audit-trail info of this run. Having documented all computer based data storage information of the first (method info) and the second pass (in the audit-trail table) review, the hardware information is still missing. To access it, just press the instrument configuration button. The next slide shows what would have happened with the online application:

47 Checks (§11.10 f/g/h) Checks Limit system access to authorized users
Security Pack Checks Limit system access to authorized users Check permitted sequence of steps Check authorization of users Written policies to hold users accountable for their actions and signatures Section also addresses the security of closed systems and requires that: (1) System access be limited to authorized individuals (NT security and secure ChemStation logon) (2) operational system checks be used to enforce permitted sequencing of steps and events as appropriate (result approval , data archival) Comment: Operational system checks are not as critical in analytical systems as they might be in manufacturing production control software. However, Agilent uses a clear prerun / run / postrun structure in its ‘Run control’ functionality to ensure proper sequencing of steps. Other examples for processes that require sequenced steps are the archive/delete procedure - records must be archived before they are allowed for deletion - or electronic signing - a record cannot be electronically signed without specifying a reason for the signature. (3) authority checks be used to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform operations; (NT security, inactivity timeouts, reenter password and userID for unlocking as well as approval) (4)device (e.g., terminal) checks be used to determine the validity of the source of data input or operation instruction; (standard consistency checks in the software) Comment: During startup as well as when sending a command (such as starting a run) to the instrument a bi-directional connectivity check is done. The instrument is clearly identified by is GPIB address or IP address, which has to be configured by the administrator when setting up the system. (5) written policies be established and adhered to holding individuals accountable and responsible for actions initiated under their electronic signatures, so as to deter record and signature falsification.

48 Authority checks (§11.10g) Logon to the application:
Security Pack Logon to the application: User must exist as a system user Requires valid user-name/password combination Access level determined by individual permissions Logon is independent of user who logged on to the operating system Independent sessions can have individual users A mandatory logon requires users to enter their UserID and password when starting the application. The user must be a member of a MSD Security ChemStation user group. The access level is determined by the user group membership. The logon is independent of the user who logged on to the operating system. The application checks for membership of the active user in these groups to determine the appropriate level of access. Membership of an active user in multiple groups automatically confers the privileges of the highest-level group to which the user belongs.

49 Authority checks (§11.10g) Security Pack Setting up new users Define which database actions the user is authorized to do Use standard profiles template, or define individual user profiles Define ChemStation access level and command line access See the list of user privileges, they cover all sensitive actions in Agilent ChemStore and also tie in the ChemStation access levels: Setting up the user in Agilent ChemStore implies also a ChemStation access level. The default level is manager. If a user wanted for instance to prevent an ChemStation user from any data manipulation and only allow him to operate the instrument, he would be set up as ChemStation operator. The data transfer into Agilent ChemStore would be configured automatically and therewith, the user is unable to do any data modification unless data do arrive in Agilent ChemStore. Available both in entry level and client server version. Administrative rights should only be given to designated database administrators.

50 System checks (§11.10g) Formal result review/approval
Security Pack Formal result review/approval For approval, user must provide: User-ID password mandatory signature meaning When applying an electronic signatures the user has to re-authenticate himself with both signature components - user ID and password. A short comment with a minimum length of six characters is mandatory. Electronic signatures are documented in the results audit trail with date & time information and signature meaning. Certain tasks require an electronic signature before they can be completed (for example data archival).

51 Device checks (§11.10g) Traceability of instrument configuration
Security Pack Traceability of instrument configuration Links instrument with data acquisition PC “… determine (…) the validity of the source of data input or operational instruction.” This link from the various instrument modules, uniquely defined by the serial numbers over the data acquisition PC to the network is unique with ChemStation Plus and unmatched by any competitor. It allows to trace, particularly in a multi-instrument environment, all data to their original source. Have in mind that the serial numbers of the instruments are transferred electronically independent of the user. This is only available with the latest instrument generation of Agilent 1100 and 6890s.

52 Accurate and complete copies (§11.10b)
Security Pack “The system must allow the creation of accurate and complete copies of the electronic record in human readable as well as electronic format for inspection and review by the FDA” The system should support standard file formats that allow inspection of the data on another system. With the MSD Security ChemStation electronic records generated by the application are always stored along with all related raw, meta and result data (including all result versions). The data written to the hard disk can be stored to durable media by using the built-in tool for data archival. The data archival tool allows to create archives without delete for provision to regulatory agencies for inspection. Part 11: “The system must allow the creation of accurate and complete copies of the electronic record in human readable as well as electronic format for inspection and review by the FDA “ Technically, most challenging requirement! New Guidance: “You should provide an investigator with reasonable and useful access to records during an inspection. All records held by you are subject to inspection in accordance with predicate rules (e.g., §§ (c), (d), and (c)(3)(ii)). The MSD Security ChemStation has been designed with technical interfaces and controls to conveniently provide the required electronic records in an electronic format (through the Archive/Restore Utility, XML Archive Catalogs etc.) The requirement for “accurate and complete copies” is the most challenging technical control mandated by the the original rule. The new guidance eases this difficulty somewhat. FDA still expects access in a reasonable and useful way. Make sure that you can provide the investigator to records that are required by a predicate rule. c and d: is general record provisions in cGMP for finished pharmaceuticals “All records required under this part, or copies of such records, shall be readily available for authorized inspection during the retention period at the establishment where the activities described in such records occurred. These records or copies thereof shall be subject to photocopying or other means of reproduction as part of such inspection. Records that can be immediately retrieved from another location by computer or other electronic means shall be considered as meeting the requirements of this paragraph.” “Records required under this part may be retained either as original records or as true copies such as photocopies, microfilm, microfiche, or other accurate reproductions of the original records. Where reduction techniques, such as microfilming, are used, suitable reader and photocopying equipment shall be readily available.” 108.35c3ii: Emergency permit control for food manufacturers. “Process information availability – any info on ongoing processes and procedures” FDA does not intend to object if you decide to archive required records in electronic format to non-electronic media such as microfilm, microfiche, and paper, or to a standard electronic file format (examples: PDF, XML). Persons must still comply with all predicate rule requirements, and the records themselves and any copies of the required records should preserve their content and meaning. We suggest that your decision on how to maintain records be based on predicate rule requirements and that you base your decision on a justified and documented risk assessment and a determination of the value of the records over time.

53 Accurate and complete copies
Security Pack … of an e-record in both human readable and electronic format: Archive/restore for long-term storage in electronic format Printouts on paper, screen or to file as human-readable copy Checksum protection of exported data to ensure data integrity .

54 Archive and restore Archive and restore
Security Pack Archive and restore Only authorized users can archive, restore, or delete data The data of each analysis data is archived as one unit including all result versions Use standard queries to define the archive contents Archive log is maintained Password reentry control for archive, dearchive, or delete The FDA rule for E-SIG requires the ability to create accurate and complete copies of records. The system must allow the creation of accurate and complete copies of the electronic record in human readable as well as electronic format for inspection and review by the FDA The tool to make complete copies of the data in Agilent ChemStore is the archive/dearchive function that is basic functionality in Agilent ChemStore C/S with the networked Oracle database. The Archive/dearchive tools allow to transfer data on to an external device to keep the data stored but free up the server for new data entries. The transfer keeps the database format so that archived data can be dearchived later on with the same archive/dearchive tool. The archive process answers the need for the “copy in electronic format”. With the dearchiving functionality, the need for a “copy in a human readable format” is also answered. A process to archive data in a database format always is a time consuming process. The Agilent ChemStore C/S application offers an administration tool, the “admin client” that allows to decouple data acquisition and archive/delete processes on the server. The schedule allows to perform the archiving at a time where nobody accesses the database [weekend ] to avoid potential data loss. In addition the tool makes sure that the data are copied correctly and can be reopened (“dearchived”) whenever required, e.g. in an audit situation. In addition it has the flexibility to create the archive units independent of the study or any other logical link But the archiving is not only a time consuming but also a sensitive process. Agilent ChemStore C/S therefor defines the archive/delete as a user privilege and requires a password confirmation for every archive or archive/delete function. The Agilent ChemStore archiving is not only a secure but also a flexible process:

55 Data export Export to clipboard (for graphics) or xls format
Security Pack Export to clipboard (for graphics) or xls format Database reports on paper or to file (htm, csv)

56 Electronic signature § 11.200(i)
Security Pack § (i) “When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components”

57 Security violations §11.30(d)
Security Pack §11.30(d) “Instant notification on unauthorized access to the central database from any ChemStation Plus client” To ensure instant notification of the administrator when unauthorized logon attempts to the database are detected in the ChemStore database logbook a new notification is implemented for C/S installations. A configurable list of addresses will receive a customizable message upon account lockout. notification of account lockout!

58 Signature and record linking (§11.70)
Security Pack “Electronic signatures … shall be linked to their respective electronics records to ensure that (they) cannot be excised, copied, … to falsify an electronic record by ordinary means” Design ensures referential integrity between raw and meta data and result versions Audit trail and signature information cannot be manipulated Strict revision control of all records maintained by the system The FDA mandates "Electronic signatures…shall be linked to their respective electronics records to ensure that (they) cannot be excised, copied, …to falsify an electronic record by "Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else." The application makes use of the built-in Windows user management and security ordinary means". The design of the ChemStation Plus Security Pack ensures referential integrity between raw and meta data and result versions. The record audit trail and signature information cannot be manipulated or deleted. Electronic signatures are documented in the record audit trail with signature meaning, full name of the signer and date and time stamp. It is directly attached to the result version it was applied on.

59 Unique electronic signatures (§11.100)
Security Pack “Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else” Requires procedural controls in the organization Is typically handled by HR and IT departments IT policies ensure that combinations of user ID and passwords are unique and periodically revised "Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else." The application makes use of the built-in Windows user management and security policies. This requires procedural controls in the organization, typically handled by HR and IT departments. IT policies ensure that combinations of user ID and passwords are unique and periodically revised. For example, when setting up new users a password change during first logon can be forced.

60 Components and controls (§11.200)
Security Pack The rule requires stringent controls to prevent impersonation Logon is mandatory (User ID and password) Session can be locked interactively After a defined inactivity period, sessions are locked automatically User ID and password are required to release a locked session

61 Method Validation Pack
MVP ChemStation Plus Method Validation Pack for automated method validation according to USP, EP, ICH and FDA guidelines, including 21 CFR part 11 Analytical methods used in GxP environment should be validated after development and before going into routine use. This is a very challenging task for itself and even more in light of the various guidances available from regulatory bodies. Especially as the focus of FDA inspections has changed from equipment hardware to software and now to data traceability, integrity and security, this has tremendously gained importance. Therefore working in compliance with 21 CFR Part 11 has become a key requirements. Agilent’s Method Validation Pack supports the workflow of analytical method validation from the initial validation plan to the final validated method. The majority of steps can be automated, thus reducing the overall time required. The complete procedure is documented in a single comprehensive overall validation report, while all related raw, meta and result data, standard operating procedures and so on are centrally managed in a relational database, thus providing versioning of all data, full traceability of the results and maintenance of data in a secure environment. This allows users to validate methods according the the USP, EP, ICH and FDA guidelines, including 21 CFR Part 11 Further it includes advanced statistical calculations for the purpose of an independent judgment on the quality of the analytical method. The statistical results can visualize whether the analytical the results meet their specifications or show any deviation.

62 The ChemStation Plus design
MVP Method Validation Pack A ChemStation Plus module Based on ChemStore relational Oracle database Delivered with built-in support of FDA requirements (21 CFR Part 11)* For detailed information on features and configuration see ChemStation Plus specifications (Pub No EN) * Requires ChemStation Plus Security Pack Analytical method validation requires software applications for planning, test execution with data acquisition, result management, and result reporting and review. Agilent ChemStation Plus offers all of these functions - the ChemStation base software for instrument control and data acquisition, the data organization and storage module for data management, and the method validation pack for validation planning and result review. If required, in combination with ChemStation Plus Security Pack users may work in full compliance with the FDA regulations of 21 CFR Part 11.

63 Strategy for method validation
MVP Validation Plan Define Purpose Prelim. Tests SST AQC Training Materials SOPs Iterative Process Document validation experiments and results I would like to briefly outline the strategy for analytical method validation. At this point it is important to understand that method validation is not a “straight” procedure but rather an iterative process. The tasks can be summarized as follows: Develop validation plan Define purpose of method (performance criteria) Define and verify performance of equipment Qualify/train operator Qualify/validate materials (standards and materials) After these conditions have to be established before the very first validation experiments can take place. So next... Perform (preliminary) validation experiments (in this context you may have to revisit purpose and scope of the method, reset the limits or you might even discover that the method of choice will not be suitable for the analytical problem and you have to take a different route maybe even using different equipment) Develop SOPs for executing the method Define type and frequency of system suitability tests and/or analytical quality control (AQC) checks (During the overall procedure you will already identify the most critical parameters, which should then be translated into SSTs or ACQs to ensure proper performance of the equipment) Finally the outcome should be one validation document outlining the validation experiments and results A software that supports this workflow needs to support this iterative approach to method validation by providing full version of all validation parameters including the results.

64 Method validation requirements
MVP Method validation requires: Cross instrument and cross-technique data management Full validation of tools and result creation An iterative process of definition/design, execution, result creation Flexibility to address different guidelines such as published by the USP, ICH, FDA Method validation pack provides: Full integration of data acquisition and analysis for all instruments* Convenient import capabilities for data from other sources** A fully validation solution from Agilent One software for validation planning, data acquisition, review and reporting Built-in statistics and preconfigured tests based on regulatory guidelines from the USP, ICH, FDA (including 21 CFR Part 11) The first step is to understand the requirements for doing method validation. Typically an analytical lab consists of a variety of instruments covering a variety of techniques as well as a equipment from multiple vendors. Method Validation Pack fully integrates the data acquisition and analysis for all instruments controlled by the Agilent ChemStation. For other input sources it offers a convenient import function. Configurable import filters allow an automation of the import. All tools that are used for the procedure, including planning, result creation and reporting, need to be fully validated. ChemStation Plus is validated during design and ships with a declaration of system validation, which documents that the applied procedures adhere to the internal quality processes at Agilent. On the other hand, formal acceptance testing is expected from the user. The objective of this test is to ensure that the system supports the work-practice of the laboratory based on the established operating procedures. Users may perform the validation tasks themselves or may decide to purchase the validation services from a qualified party (typically the vendor). Method validation usually is an iterative process and requires a software that is able to manage those iterations. Method Validation Pack is a single software product that covers validation planning, data acquisition, data review and reporting. Iterations are stored as new versions of an existing validation, whereas no data is ever overwritten. Of very high importance is that the software is flexible enough to allow meeting the requirements from various guidelines as well as complying - if necessary - with 21CFR part11. Method Validation Pack has built-in statistics and preconfigured tests based on regulatory guidelines from the USP, ICH and FDA (incl. 21 CFR Part 11) * controlled by ChemStation ** not controlled by ChemStation

65 Method validation requirements
MVP Method validation requires: All validation data stored in a central location One overall validation report 21 CFR Part 11 compliance Method validation pack provides: Central data management of all validation data in a hierarchical, compound-centric structure A single detailed, customizable validation report for all data included with the validation In combination with ChemStation Plus Security Pack full support of all 21 CFR Part 11 requirements The challenge is to gather all information in a single location and comprise all information in a single report. ChemStation Plus manages all validation data in a central repository based on a relational database. A validation is hierarchically structured in a compound-centric approach, where each compound consists a a set of individual tests. At any stage a detailed and customizable intermediate or final validation report can be created. It contains all data and information included with the validation, for example measured values, standard operating procedures, attached graphics (e.g. example chromatograms), validation audit trail, calculation formula and so on. If the laboratory is required to work in compliance with 21 CFR Part 11 Agilent’s Method Validation Pack fully supports the regulations in combination with ChemStation Plus Security Pack. In this case a validation is executed as “21 CFR Part 11 Validation” with the highest level of audit trail. * controlled by ChemStation ** not controlled by ChemStation

66 Method Validation Pack workflow
MVP 2 1 Method Validation Pack ChemStation Run sequence to acquire data Create validation template Integrated sequence generation 3 Dynamic study creation and update Create validation report from database Compliant storage of raw and meta data ChemStore Database I would like to briefly explain the ChemStation Plus workflow model based on the schematic overview given on this slide. This process starts in the Method Validation Software, where a validation template is created in step 1, and all necessary setpoints like compounds to measure , checkpoints to calculate and limits for the results are entered. In Step 2 a sequence is generated based on the validation template. The sequence can be executed on a selected ChemStation system in the laboratory network. In addition a study in ChemStore is created automatically, where the data from the ChemStation(s) taking part in the validation process is stored. On the ChemStation selected for data acquisition the sequence is completed with information such as vial location and then executed. Data is collected and automatically transferred to the ChemStore database for central storage and data management. In Step 3 the final calculations and overall validation report creation is done in the Method Validation Pack, based on the result data stored in the ChemStore database. Through the course of the validation it might turn out that some acceptance criteria need to be revised or even that the whole method of analysis is not suitable for solving the analytical problem. To support this approach Method Validation Pack allows to generate and manage multiple versions of the same validation. By doing this the user will revise step 1 by modifying the parameters accordingly and then continue with step 2 as outlined above.

67 Regulations and guidelines for method validation
MVP Method Validation Pack supports ICH Q2A/Q2B Selectivity / Specificity Precision Accuracy Linearity Limit of Detection / Quantification Robustness / Ruggedness Stability (short-term) ICH Q1A Stability (long-term) FDA’s 21 CFR Part 11* Various DIN/ISO guidelines Lab Capability Calibration Function Ring Experiment In the guidelines published by organizations such as the ICH or the FDA a number of criteria that a separation method must fulfill to be classified as “good quality” are defined. These performance criteria are applied depending on the scope and purpose of the method. In attempt to harmonize the terms and definitions in analytical method validation the ICH has created a set of guidelines originating from an international team of validation experts. Most of the procedures for analytical method validation are well described in the ICH guidelines Q2A/Q2B and Q1A and are covered by the Method Validation Pack. You will find that some of the parameters supported by the Method Validation Pack and listed on this slide are very specifically tailored to some DIN or ISO guidelines. Typical parameters for validation as defined by the ICH are include…. Selectivity/Specificity - how well is a compound identified or distinguished from other responses? Precision - what is the SD for repeated injections/determinations Repeatability - same analyst, same lab, same equipment Intermediate Precision - within lab variations, i.e. different analysts, days, equipment in same lab Reproducibility - precision between laboratories Accuracy - how close is the value obtained from the test method to the true value (bias, trueness) Linearity - in the given range is the result proportional to the concentration (by means of well-defined mathematical formula) LOD/LOQ - how well can it be distinguished from noise (2-3 x noise) / at what level is a precise determination possible (10-20x noise) ((Range - upper and lower level determined with accuracy, precision and linearity.)) Robustness, ruggedness – influence of variations in method parameters such as flow, temperature (ruggedness) or influence of transfer to another instrument (robustness). New with A is the determination of short-term as well as long-term stability. This will be covered in more detail lateron. Method Validation Pack further covers tests as defined by DIN/ISO guidelines. The actual validation effort will depend on the scope of the method and on the type of analytical procedure. For example: For a trace method when testing limits for impurities you will not necessarily determine the quantitation limit or the linearity over the full range. Rather you will limit your validation effort to specificity and detection limit. On the other hand when focusing on identification of compounds determining specificity will probably be sufficient. Quantitative impurity testing will include accuracy and precision. * Only in conjunction with ChemStation Plus Security Pack

68 ChemAccess ChemAccess For effective management and operation of a networked laboratory by providing remote system monitoring and control, plus centralized information storage. Windows 2000 Server GC/LC/CE/LC-MS ChemStation Data analysis ChemStation (offline) MS ChemStation

69 Overview PC-anywhere for the analytical lab Remote instrument status
ChemAccess PC-anywhere for the analytical lab Remote instrument status Remote real time plot Remote instrument method and sequence control Centralized data storage Data file organization on the server Remote data review Centralized data backup

70 User interface Graphical view organized by: Group WorkStation
ChemAccess Graphical view organized by: Group Used to logically separate laboratory organization WorkStation Represents ChemStation Instrument Displays online instruments interfaced to workStation Menus accessed by right mouse button WorkStation status View name & selectable status Disk space, memory, resources, Windows/ChemStation versions Full panel includes network ID User access security defined for each workstation

71 Instrument status Individual instrument status information:
ChemAccess Individual instrument status information: View name & two selectable status lines ChemStation/Method Status, Runtime, Current Sequence/ Method, Data File Instrument status depicted by colors Green for Ready Yellow for Not Ready Red for Error Purple for Pre-Injection Blue for Running Remote real-time plot Detailed instrument status panels available from this menu

72 Instrument status screens

73 Remote real-time plot ChemAccess User may remotely monitor available signals delivered by the selected instrument Function supported by both stage 1 & 2 instruments Security access defined at instrument signal source

74 Remote single-run control
ChemAccess Load Method – Lists the methods found in the ChemStation’s default directory Start Method – Starts the instrument with the currently loaded method Stop Method – Stops the current run

75 Remote sequence control
ChemAccess Load Sequence Lists the Sequences found in the ChemStation’s default directory. Available Sequence Controls Start, Stop, Pause and Resume

76 Data transfer properties
ChemAccess Administrator configures file transfer properties for each instrument Properties are viewable, but not editable by users Keep Versions maintains data integrity when re-analyzed Delete File after Copy keeps local drive clean & available Write Protect File secures original data from accidental deletion Copy Method/Sequence to Data Directory maintains instrument conditions & method parameters with data, results and reports

77 Server data storage ChemAccess Administrator configures server storage for each instrument Master path configuration defined on server Administrator sets fixed path components Client user can set path components which are enabled and not fixed Client user can set new path components that are creatable and not fixed

78 Summary Summary ChemStation Easy-to-use graphical user interface and full level-4 instrument control for a wide variety of chromatographic instruments. ChemStore Increases lab productivity by providing a tool for easy management of your chromatography data in a relational database. Security Pack Full support of your compliance needs to pass audits easily. Method Validation Pack Automated method validation according to USP, EP, ICH and FDA guidelines following the guidelines of 21 CFR part 11. ChemAccess for effective management and operation of a networked laboratory by providing remote system monitoring and control, plus centralized information storage.

Download ppt "Agilent ChemStation Plus"

Similar presentations

Ads by Google