Difference between revisions of "Template:LIMSpec for Cannabis Testing/Configuration management"
Shawndouglas (talk | contribs) |
Shawndouglas (talk | contribs) (Updated for 2023.) |
||
Line 5: | Line 5: | ||
! colspan="2" style="text-align:left; padding-left:20px; padding-top:10px; padding-bottom:10px;"| | ! colspan="2" style="text-align:left; padding-left:20px; padding-top:10px; padding-bottom:10px;"| | ||
|- | |- | ||
! style="color:brown; background-color:#ffffee; width: | ! style="color:brown; background-color:#ffffee; width:250px;"| Regulation, Specification, or Guidance | ||
! style="color:brown; background-color:#ffffee; width:700px;"| Requirement | ! style="color:brown; background-color:#ffffee; width:700px;"| Requirement | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-1] | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-1]<br />▪ [https://www.aphl.org/aboutAPHL/publications/Documents/GH-2019May-LIS-Guidebook-web.pdf APHL 2019 LIS Project Management Guidebook] | ||
| style="background-color:white; vertical-align: text-top;" |'''23.1''' The system shall provide tools to enter and manage user-configurable lookup or master data.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.1''' The system shall provide tools to enter and manage user-configurable lookup or master data.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
Line 26: | Line 26: | ||
| style="background-color:white; vertical-align: text-top;" |'''23.6''' The system should provide a configurable means of allowing the system to automatically save after each entry to help meet ALCOA, CGMP, and other requirements to contemporaneously record data into records.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.6''' The system should provide a configurable means of allowing the system to automatically save after each entry to help meet ALCOA, CGMP, and other requirements to contemporaneously record data into records.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.law.cornell.edu/cfr/text/40/3.10 40 CFR Part 3.10]<br />▪ [https://www.law.cornell.edu/cfr/text/40/3.2000 40 CFR Part 3.2000]<br />▪ [https://www.astm.org/ | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" | | ||
▪ [https://www.law.cornell.edu/cfr/text/40/3.10 40 CFR Part 3.10]<br /> | |||
▪ [https://www.law.cornell.edu/cfr/text/40/3.2000 40 CFR Part 3.2000]<br /> | |||
▪ [https://www.acmg.net/ACMG/Medical-Genetics-Practice-Resources/Genetics_Lab_Standards/ACMG/Medical-Genetics-Practice-Resources/Genetics_Lab_Standards.aspx ACMG Technical Standards for Clinical Genetics Laboratories C13.3]<br /> | |||
▪ [https://www.astm.org/e1578-18.html ASTM E1578-18 S-1-5]<br /> | |||
▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AU-10]<br /> | |||
▪ [https://www.gmp-compliance.org/guidelines/gmp-guideline/who-guidance-on-good-data-and-record-management-practices WHO Technical Report Series, #996, Annex 5, Appendix 1] | |||
| style="background-color:white; vertical-align: text-top;" |'''23.7''' The system should provide a configurable (based on sample, test, or both) means of permitting electronic signatures for both entered results and approved reports.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.7''' The system should provide a configurable (based on sample, test, or both) means of permitting electronic signatures for both entered results and approved reports.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
Line 38: | Line 44: | ||
| style="background-color:white; vertical-align: text-top;" |'''23.10''' The system shall allow authorized personnel to assign status values for purposes of tracking sample progress or other portions of the cannabis testing laboratory workflow.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.10''' The system shall allow authorized personnel to assign status values for purposes of tracking sample progress or other portions of the cannabis testing laboratory workflow.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.law.cornell.edu/cfr/text/21/211.68 21 CFR Part 211.68]<br />▪ [https://www.astm.org/ | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" | | ||
▪ [https://www.law.cornell.edu/cfr/text/21/211.68 21 CFR Part 211.68]<br /> | |||
▪ [https://www.aphl.org/aboutAPHL/publications/Documents/GH-2019May-LIS-Guidebook-web.pdf APHL 2019 LIS Project Management Guidebook]<br /> | |||
▪ [https://www.astm.org/e1578-18.html ASTM E1578-18 S-1-9] | |||
| style="background-color:white; vertical-align: text-top;" |'''23.11''' The system should allow authorized personnel to perform revision control of lookup or master data.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.11''' The system should allow authorized personnel to perform revision control of lookup or master data.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-10] | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-10]<br />▪ [https://www.aphl.org/aboutAPHL/publications/Documents/GH-2019May-LIS-Guidebook-web.pdf APHL 2019 LIS Project Management Guidebook] | ||
| style="background-color:white; vertical-align: text-top;" |'''23.12''' The system should provide a means for importing lookup or master data.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.12''' The system should provide a means for importing lookup or master data.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
Line 54: | Line 63: | ||
| style="background-color:white; vertical-align: text-top;" |'''23.14''' The system should allow calculated limits to be created and managed based on test results and relevant metadata.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.14''' The system should allow calculated limits to be created and managed based on test results and relevant metadata.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-13]<br />▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 3.2.6]<br />▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.11] | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" | | ||
▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-13]<br /> | |||
▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 3.2.6]<br /> | |||
▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.11] | |||
| style="background-color:white; vertical-align: text-top;" |'''23.15''' The system should provide a clear alert or notification upon entry of out-of-specification results.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.15''' The system should provide a clear alert or notification upon entry of out-of-specification results.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
Line 63: | Line 75: | ||
| style="background-color:white; vertical-align: text-top;" |'''23.17''' The system should allow workflow events and status changes to trigger one or more user-defined actions.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.17''' The system should allow workflow events and status changes to trigger one or more user-defined actions.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-17]<br /> | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" | | ||
▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-17]<br /> | |||
▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.7.1]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.7.1]<br /> | ||
▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-6(1)]<br /> | ▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-6(1)]<br /> | ||
Line 69: | Line 82: | ||
| style="background-color:white; vertical-align: text-top;" |'''23.18''' The system should provide an interface for administrative access that permits approved users to configure the system without extra programming or manipulation of data storage systems.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.18''' The system should provide an interface for administrative access that permits approved users to configure the system without extra programming or manipulation of data storage systems.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-18] | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-18]<br />▪ [https://elss.cap.org/elss/ShowProperty?nodePath=/UCMCON/Contribution%20Folders/DctmContent/education/OnlineCourseContent/2017/LAP-TLTM/misc/lam.pdf CAP Laboratory Accreditation Manual] | ||
| style="background-color:white; vertical-align: text-top;" |'''23.19''' The system should allow administrators to programmatically customize system modules or build calculations within the application.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.19''' The system should allow administrators to programmatically customize system modules or build calculations within the application.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
Line 75: | Line 88: | ||
| style="background-color:white; vertical-align: text-top;" |'''23.20''' The system should provide a multiuser interface that can be configured to local user needs, including display language, character sets, and time zones.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.20''' The system should provide a multiuser interface that can be configured to local user needs, including display language, character sets, and time zones.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.law.cornell.edu/cfr/text/21/11.100 21 CFR Part 11.100 (a)]<br /> | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" | | ||
▪ [https://www.law.cornell.edu/cfr/text/21/11.100 21 CFR Part 11.100 (a)]<br /> | |||
▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-20]<br /> | ▪ [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-20]<br /> | ||
▪ [https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-14]<br /> | ▪ [https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-14]<br /> | ||
▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, CM-5(1)] | ▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, CM-5(1)]<br /> | ||
▪ [https://www.gmp-compliance.org/guidelines/gmp-guideline/who-guidance-on-good-data-and-record-management-practices WHO Technical Report Series, #996, Annex 5, Appendix 1] | |||
| style="background-color:white; vertical-align: text-top;" |'''23.21''' The system should support rules governing electronic records and electronic signatures in regulated environments like the cannabis testing industry.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.21''' The system should support rules governing electronic records and electronic signatures in regulated environments like the cannabis testing industry.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
Line 84: | Line 99: | ||
▪ [https://www.law.cornell.edu/cfr/text/7/331.11 7 CFR Part 331.11]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/7/331.11 7 CFR Part 331.11]<br /> | ||
▪ [https://www.law.cornell.edu/cfr/text/9/121.11 9 CFR Part 121.11]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/9/121.11 9 CFR Part 121.11]<br /> | ||
▪ [https://www.law.cornell.edu/cfr/text/10/20.2110 10 CFR Part 20.2110]<br /> | |||
▪ [https://www.law.cornell.edu/cfr/text/10/30.51 10 CFR Part 30.51 (c-1]<br /> | |||
▪ [https://www.law.cornell.edu/cfr/text/21/11.10 21 CFR Part 11.10 (d)]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/21/11.10 21 CFR Part 11.10 (d)]<br /> | ||
▪ [https://www.law.cornell.edu/cfr/text/21/211.68 21 CFR Part 211.68]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/21/211.68 21 CFR Part 211.68]<br /> | ||
▪ [https://www.law.cornell.edu/cfr/text/42/73.11 42 CFR Part 73.11]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/42/73.11 42 CFR Part 73.11]<br /> | ||
▪ [https://www.law.cornell.edu/cfr/text/45/164.308 45 CFR Part 164.308]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/45/164.308 45 CFR Part 164.308]<br /> | ||
▪ [https://www.uslegalforms.com/form-library/256001-c211-specific-checklist-combined-iso-iec-17025-and-veterinary-laboratory-accreditation A2LA C211 4.13.1.4]<br /> | |||
▪ [https://www.uslegalforms.com/form-library/256001-c211-specific-checklist-combined-iso-iec-17025-and-veterinary-laboratory-accreditation A2LA C211 5.4.7.2]<br /> | |||
▪ [https://www.aavld.org/accreditation-requirements-page AAVLD Requirements for an AVMDL Sec. 4.10.1.3–4]<br /> | ▪ [https://www.aavld.org/accreditation-requirements-page AAVLD Requirements for an AVMDL Sec. 4.10.1.3–4]<br /> | ||
▪ [https://www.aavld.org/accreditation-requirements-page AAVLD Requirements for an AVMDL Sec. 5.4.4.1]<br /> | ▪ [https://www.aavld.org/accreditation-requirements-page AAVLD Requirements for an AVMDL Sec. 5.4.4.1]<br /> | ||
▪ [ | ▪ [https://www.acmg.net/ACMG/Medical-Genetics-Practice-Resources/Genetics_Lab_Standards/ACMG/Medical-Genetics-Practice-Resources/Genetics_Lab_Standards.aspx ACMG Technical Standards for Clinical Genetics Laboratories C5.3]<br /> | ||
▪ [https://www.astm.org/ | ▪ [https://des.wa.gov/sites/default/files/public/documents/About/1063/RFP/Add7_Item4ASCLD.pdf ASCLD/LAB Supp. Reqs. for the Accreditation of Forensic Science Testing Laboratories 5.4.7.2.1]<br /> | ||
▪ [https://www.astm.org/ | ▪ [https://www.astm.org/e1492-11r17.html ASTM E1492-11 4.2.4]<br /> | ||
▪ [https://www.astm.org/ | ▪ [https://www.astm.org/e1578-18.html ASTM E1578-18 S-1-16]<br /> | ||
▪ [https://www.astm.org/e1578-18.html ASTM E1578-18 S-1-21]<br /> | |||
▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2]<br /> | ||
▪ [https://clsi.org/standards/products/quality-management-systems/documents/qms22/ CLSI QMS22 2.4.3]<br /> | |||
▪ [https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-12]<br /> | ▪ [https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-12]<br /> | ||
▪ [https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. IV, Sec. 8.6]<br /> | ▪ [https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. IV, Sec. 8.6]<br /> | ||
Line 100: | Line 121: | ||
▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.1.14–15]<br /> | ▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.1.14–15]<br /> | ||
▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.4 and 4.9.14]<br /> | ▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.4 and 4.9.14]<br /> | ||
▪ [https://ichgcp.net/ ICH GCP 2.10]<br /> | |||
▪ [https://www.iso.org/standard/66912.html ISO/IEC 17025:2017 4.2.1]<br /> | |||
▪ [https://www.iso.org/standard/66912.html ISO/IEC 17025:2017 7.11.3]<br /> | ▪ [https://www.iso.org/standard/66912.html ISO/IEC 17025:2017 7.11.3]<br /> | ||
▪ [https:// | ▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, CM-5 and CM-5(1)]<br /> | ||
▪ [https://www.wadsworth.org/regulatory/clep/clinical-labs/laboratory-standards NYSDOH CLEP Clinical Laboratory Standards of Practice, General Systems Standards]<br /> | |||
▪ [https://www.pfp-ifss.org/ifss-resources/human-and-animal-food-testing-laboratories-best-practices-manual-december-2018/ PFP Human and Animal Food Testing Laboratories Best Practices Manual]<br /> | |||
▪ [https://ris.dls.virginia.gov/uploads/1VAC30/dibr/Microsoft%20Word%20-%20STD-ELV1-2016-Rev2.1_LabReqs_ANSIapp.doc-20210426142653.pdf TNI EL-V1-2016-Rev.2.1 (V1,M2 4.13.1.4]<br /> | |||
▪ [https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.2.4]<br /> | ▪ [https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.2.4]<br /> | ||
▪ [https://www.wada-ama.org/en/resources/world-anti-doping-program/international-standard-laboratories-isl WADA International Standard for Laboratories (ISL) 5.2.3.5]<br /> | |||
▪ [https://www.who.int/medicines/areas/quality_safety/quality_assurance/expert_committee/trs_986/en/ WHO Technical Report Series, #986, Annex 2, 15.9] | ▪ [https://www.who.int/medicines/areas/quality_safety/quality_assurance/expert_committee/trs_986/en/ WHO Technical Report Series, #986, Annex 2, 15.9] | ||
| style="background-color:white; vertical-align: text-top;" |'''23.22''' The system shall provide a security interface usable across all modules of the system that secures data and operations and prevents unauthorized access to data and functions.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.22''' The system shall provide a security interface usable across all modules of the system that secures data and operations and prevents unauthorized access to data and functions.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2.2–3]<br />▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.1.14–15]<br /> | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" | | ||
▪ [https:// | ▪ [https://cdn.scsglobalservices.com/files/program_documents/brc_food_standard_8_0.pdf BRC GSFS, Issue 8, 3.2.1]<br /> | ||
▪ [https://cdn.scsglobalservices.com/files/program_documents/brc_food_standard_8_0.pdf BRC GSFS, Issue 8, 3.3.1]<br /> | |||
▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2.2–3]<br /> | |||
▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.1.14–15]<br /> | |||
▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AC-2(11)] | |||
| style="background-color:white; vertical-align: text-top;" |'''23.23''' The system shall be able to granularly define access control down to the object level, role level, physical location, logical location, network address, and chronometric restriction level for the protection of regulated, patented, confidential, and classified data, methods, or other types of information.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.23''' The system shall be able to granularly define access control down to the object level, role level, physical location, logical location, network address, and chronometric restriction level for the protection of regulated, patented, confidential, and classified data, methods, or other types of information.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
Line 117: | Line 148: | ||
▪ [https://www.law.cornell.edu/cfr/text/45/164.312 45 CFR Part 164.312]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/45/164.312 45 CFR Part 164.312]<br /> | ||
▪ [https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d)]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d)]<br /> | ||
▪ [ | ▪ [https://www.aphl.org/aboutAPHL/publications/Documents/GH-2019May-LIS-Guidebook-web.pdf APHL 2019 LIS Project Management Guidebook]<br /> | ||
▪ [https://www.astm.org/ | ▪ [https://des.wa.gov/sites/default/files/public/documents/About/1063/RFP/Add7_Item4ASCLD.pdf ASCLD/LAB Supp. Reqs. for the Accreditation of Forensic Science Testing Laboratories 5.4.7.2.1]<br /> | ||
▪ [https://www.astm.org/e1578-18.html ASTM E1578-18 E17-5 and S-3-1]<br /> | |||
▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.1]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.1]<br /> | ||
▪ [https://clsi.org/standards/products/quality-management-systems/documents/qms22/ CLSI QMS22 2.4.2.2]<br /> | |||
▪ [https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-14]<br /> | ▪ [https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-14]<br /> | ||
▪ [https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. IV, Sec. 8.6]<br /> | ▪ [https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. IV, Sec. 8.6]<br /> | ||
Line 126: | Line 159: | ||
▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.4]<br /> | ▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.4]<br /> | ||
▪ [https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.3]<br /> | ▪ [https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.3]<br /> | ||
▪ [https:// | ▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AC-2(7) and AC-3]<br /> | ||
▪ [https:// | ▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, IA-2, IA-5, and IA-8]<br /> | ||
▪ [https:// | ▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, MA-4]<br /> | ||
▪ [https://extranet.who.int/prequal/content/who-technical-report-series WHO Technical Report Series, #986, Annex 2, 15.9] | ▪ [https://www.wada-ama.org/en/resources/world-anti-doping-program/international-standard-laboratories-isl WADA International Standard for Laboratories (ISL) 5.2.3.5]<br /> | ||
▪ [https://extranet.who.int/prequal/content/who-technical-report-series WHO Technical Report Series, #986, Annex 2, 15.9]<br /> | |||
▪ [https://www.gmp-compliance.org/guidelines/gmp-guideline/who-guidance-on-good-data-and-record-management-practices WHO Technical Report Series, #996, Annex 5, Appendix 1] | |||
| style="background-color:white; vertical-align: text-top;" |'''23.25''' The system shall provide initial login access using at least two unique identification components, e.g., a user identifier and password, or biometric information linked to and used by the genuine user.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.25''' The system shall provide initial login access using at least two unique identification components, e.g., a user identifier and password, or biometric information linked to and used by the genuine user.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
Line 142: | Line 177: | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" | | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" | | ||
▪ [https://www.law.cornell.edu/cfr/text/21/11.300 21 CFR Part 11.300 (b)]<br />▪ [https://www.astm.org/ | ▪ [https://www.law.cornell.edu/cfr/text/21/11.300 21 CFR Part 11.300 (b)]<br /> | ||
▪ [https://www.astm.org/e1578-18.html ASTM E1578-18 E17-5 and S-3-1]<br /> | |||
▪ [https://clsi.org/standards/products/quality-management-systems/documents/qms22/ CLSI QMS22 2.4.2]<br /> | |||
▪ [https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.3]<br /> | |||
▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, IA-5 and IA-5(1)] | |||
| style="background-color:white; vertical-align: text-top;" |'''23.27''' The system shall allow the administrator to define a time period in days after which a user will be prompted to change their password.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.27''' The system shall allow the administrator to define a time period in days after which a user will be prompted to change their password.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.3.1]<br />▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-2(3)]<br /> | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" | | ||
▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.3.1]<br /> | |||
▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-2(3)]<br /> | |||
▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, IA-4 and IA-5(1)]<br /> | ▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, IA-4 and IA-5(1)]<br /> | ||
▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, PS-4] | ▪ [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, PS-4] | ||
Line 163: | Line 204: | ||
▪ [https://www.law.cornell.edu/cfr/text/21/211.188 21 CFR Part 211.188]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/21/211.188 21 CFR Part 211.188]<br /> | ||
▪ [https://www.law.cornell.edu/cfr/text/21/211.194 21 CFR Part 211.194]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/21/211.194 21 CFR Part 211.194]<br /> | ||
▪ [https://www.astm.org/ | ▪ [https://www.uslegalforms.com/form-library/256001-c211-specific-checklist-combined-iso-iec-17025-and-veterinary-laboratory-accreditation A2LA C211 4.13.2.1]<br /> | ||
▪ [https://www.astm.org/e1578-18.html ASTM E1578-18 E17-5 and S-3-1]<br /> | |||
▪ [https://elss.cap.org/elss/ShowProperty?nodePath=/UCMCON/Contribution%20Folders/DctmContent/education/OnlineCourseContent/2017/LAP-TLTM/misc/lam.pdf CAP Laboratory Accreditation Manual]<br /> | |||
▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.4.1.1]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.4.1.1]<br /> | ||
▪ [https://eur-lex.europa.eu/ | ▪ [https://clsi.org/standards/products/quality-management-systems/documents/qms22/ CLSI QMS22 2.4.4]<br /> | ||
▪ [https://eur-lex.europa.eu/eli/dir/2003/94/oj E.U. Commission Directive 2003/94/EC Article 9.2]<br /> | |||
▪ [https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.3]<br /> | ▪ [https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.3]<br /> | ||
▪ [https:// | ▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, CM-5(1)]<br /> | ||
▪ [https://www.wada-ama.org/en/resources/world-anti-doping-program/international-standard-laboratories-isl WADA International Standard for Laboratories (ISL) 5.2.3.5]<br /> | |||
▪ [https://www.who.int/medicines/areas/quality_safety/quality_assurance/expert_committee/trs_986/en/ WHO Technical Report Series, #986, Annex 2, 15.9] | ▪ [https://www.who.int/medicines/areas/quality_safety/quality_assurance/expert_committee/trs_986/en/ WHO Technical Report Series, #986, Annex 2, 15.9] | ||
| style="background-color:white; vertical-align: text-top;" |'''23.31''' The system shall keep an accurate audit trail of login activities, including failed login attempts and electronic signings.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.31''' The system shall keep an accurate audit trail of login activities, including failed login attempts and electronic signings.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
Line 191: | Line 236: | ||
▪ [https://www.law.cornell.edu/cfr/text/21/212.50 21 CFR Part 212.50 (c-10)]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/21/212.50 21 CFR Part 212.50 (c-10)]<br /> | ||
▪ [https://www.law.cornell.edu/cfr/text/42/73.11 42 CFR Part 73.11]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/42/73.11 42 CFR Part 73.11]<br /> | ||
▪ [https://www.astm.org/ | ▪ [https://www.astm.org/e1578-18.html ASTM E1578-18 S-3-1]<br /> | ||
▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.3.2]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.6.3.2]<br /> | ||
▪ [https:// | ▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, IA-5] | ||
| style="background-color:white; vertical-align: text-top;" |'''23.34''' The vendor shall provide training materials emphasizing the importance of not sharing unique identification components with other individuals and promoting compliance review for ensuring such practices are followed.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.34''' The vendor shall provide training materials emphasizing the importance of not sharing unique identification components with other individuals and promoting compliance review for ensuring such practices are followed.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
Line 205: | Line 250: | ||
▪ [https://www.law.cornell.edu/cfr/text/45/164.514 45 CFR Part 164.514]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/45/164.514 45 CFR Part 164.514]<br /> | ||
▪ [https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d)]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d)]<br /> | ||
▪ [https://www.astm.org/ | ▪ [https://www.astm.org/e1578-18.html ASTM E1578-18 S-1-25]<br /> | ||
▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.1]<br /> | ▪ [https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.1]<br /> | ||
▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.1.14–15]<br /> | ▪ [https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.1.14–15]<br /> | ||
▪ [https:// | ▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AC-3]<br /> | ||
▪ [https:// | ▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, IA-2, IA-5, and IA-8] | ||
| style="background-color:white; vertical-align: text-top;" |'''23.35''' The system shall support the ability to initially assign new individual users to system groups, roles, or both.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.35''' The system shall support the ability to initially assign new individual users to system groups, roles, or both.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
Line 215: | Line 260: | ||
▪ [https://www.law.cornell.edu/cfr/text/21/11.100 21 CFR Part 11.100 (a)]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/21/11.100 21 CFR Part 11.100 (a)]<br /> | ||
▪ [https://www.law.cornell.edu/cfr/text/45/164.312 45 CFR Part 164.312]<br /> | ▪ [https://www.law.cornell.edu/cfr/text/45/164.312 45 CFR Part 164.312]<br /> | ||
▪ [https://www.astm.org/ | ▪ [https://www.astm.org/e1578-18.html ASTM E1578-18 S-1-24]<br /> | ||
▪ [https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-14] | ▪ [https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-14]<br /> | ||
▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AU-10 and AU-10(3)]<br /> | |||
▪ [https://www.gmp-compliance.org/guidelines/gmp-guideline/who-guidance-on-good-data-and-record-management-practices WHO Technical Report Series, #996, Annex 5, Appendix 1] | |||
| style="background-color:white; vertical-align: text-top;" |'''23.36''' The system shall force a user's electronic signature to be unique and traceable to a specific user's account.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.36''' The system shall force a user's electronic signature to be unique and traceable to a specific user's account.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.law.cornell.edu/cfr/text/21/11.100 21 CFR Part 11.100 (a)]<br />▪ [https://www.astm.org/ | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" | | ||
▪ [https://www.law.cornell.edu/cfr/text/21/11.100 21 CFR Part 11.100 (a)]<br /> | |||
▪ [https://www.astm.org/e1578-18.html ASTM E1578-18 S-1-24]<br /> | |||
▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AU-10 and AU-10(3)] | |||
| style="background-color:white; vertical-align: text-top;" |'''23.37''' The system shall prevent the reuse or reassignment of a user's electronic signature.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.37''' The system shall prevent the reuse or reassignment of a user's electronic signature.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
Line 225: | Line 275: | ||
| style="background-color:white; vertical-align: text-top;" |'''23.38''' When the system generates a complete and accurate copy of an electronically signed record, it shall also display the printed name of the signer, the date and time of signature execution, and any applicable meaning associated with the signature. This shall be applicable for both electronically displayed and printed copies of the electronic record.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.38''' When the system generates a complete and accurate copy of an electronically signed record, it shall also display the printed name of the signer, the date and time of signature execution, and any applicable meaning associated with the signature. This shall be applicable for both electronically displayed and printed copies of the electronic record.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://www.astm.org/ | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" | | ||
▪ [https://www.astm.org/e1578-18.html ASTM E1578-18 S-1-26]<br /> | |||
▪ [https://www.aphl.org/aboutAPHL/publications/Documents/GH-2019May-LIS-Guidebook-web.pdf APHL 2019 LIS Project Management Guidebook]<br /> | |||
▪ [https://clsi.org/standards/products/quality-management-systems/documents/qms22/ CLSI QMS22 2.8.5.3]<br /> | |||
▪ [https://www.gmp-compliance.org/guidelines/gmp-guideline/who-guidance-on-good-data-and-record-management-practices WHO Technical Report Series, #996, Annex 5, Appendix 1] | |||
| style="background-color:white; vertical-align: text-top;" |'''23.39''' The system should provide a means to migrate static data into the system.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.39''' The system should provide a means to migrate static data into the system.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- | ||
| style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https:// | | style="padding-left:5px; padding-top:5px; padding-bottom:5px;" |▪ [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, IA-5(1)]<br />▪ [https://clsi.org/standards/products/quality-management-systems/documents/qms22/ CLSI QMS22 2.4.2] | ||
| style="background-color:white; vertical-align: text-top;" |'''23.40''' The system should provide a means for automatically authenticating if a user's proposed password meets the length, complexity, minimum number of changed characters, and other requirements as configured by the administrator or another authorized system user.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | | style="background-color:white; vertical-align: text-top;" |'''23.40''' The system should provide a means for automatically authenticating if a user's proposed password meets the length, complexity, minimum number of changed characters, and other requirements as configured by the administrator or another authorized system user.<br /> <br /><hr style="width:95%; margin: auto;"><br /> <br /> | ||
|- | |- |
Revision as of 14:29, 23 June 2023
|