1) Validation of Systems to ensure accuracy, reliability, consistent, intended performance, and the ability to discern invalid or altered records.

Accuracy: This is achieved by maintaining a master data only to be controlled by the administrator in the first place. It provides the parameter methods along with the applicable formulae and defined attributes attached to it. Hence the analyst is neither allowed to enter the formula nor to decide to choose it. He is not required to calculate also because system takes over this job.

Reliability:When the Pro-LabManager process starts, the sample is assigned a system generated number which is a reference point for all processes and documents related to the sample. In addition to this, an analysis report has to be approved by the lab in charge before it can be printed. Thus the reliability is achieved. There are in-built checks placed in the system, such that a report cannot be authorized by lab in-charge until all parameters for a sample are tested and its raw values rendered to the application. Hence reports will always be complete.

Consistency intended performance: The system is robust and prevents any abnormal transaction. There are no exceptions allowed in the process.

The ability to discern invalid and altered records. The strength of the system lies in maintaining a complete track of all transactions. There is no “delete” option throughout. Thus the complete record is discernible if the need arises. Secondly, in case where acceptable and permissible limitsdata is maintained, system can retrieve records which do not conform to the limits.

The system is so designed, that reports cannot be generated, until there is proper recording of sample to be tested and the test parameters are attached to it, hence invalid records cannot be created.

2) The ability to generate accurate and complete copies of records in both human readable and electronic form

Since all records are available in the system, a report can be generated to display the required details of the data.

The reports are generated in pdf format, hence easily readable by the human eye. They are stored in the system so that they can be retrieved at any time. Moreover these reports can also be printed.

3) Protection of records to enable their accurate and ready retrieval throughout the records retention period

Since each transaction is user-date stamped all records can be traced. The database is protected and cannot be accessed by any user at the client side. Since the Documents in PDF format are stored by system in a preset manner, they can be quickly retrieved.All reports and procedural instructions within lab are in the systemand are readily viewable through the application. However, none of these documents or records accreditable.

Lastly, the record retention period is 3 years.

4) Limiting system access to authorized individuals

The product is a web based and role access controlled. The access to registered individuals is granted by the administrator. The user is also registered first as an employee of the organisation. Hence the product access is only to authorized individuals.

5) Use of secure, computer-generated, time-stamped audit trails

All inputs to the application are time-stamped and user ID’s are recorded with the product.Secondly, as mentioned earlier, there is no deletion functionality included within the application.

Therefore all insertions and updating are audit trailed within the product.

6) Use of operational system checks to enforce permitted sequencing of steps and events

All operations within the product are tightly coupled such as work order can be generated only after recording the order, sample pick up can be initiated only after work order generations, chemists can view the dynamic view sheets only after sample is registered and unique identification is generated, report can be generated only after completion of recording all results to the application etc.. Hence system checks are severely enforced to permit sequencing of steps and events.

7) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand

As mentioned previously, the product is a web based and with controlled access through the defined roles. The access to registered individuals is granted by the administrator of the system. The user is expected to be an employee of the organization.

Secondly if a result needs to be double checked, the concerned lab incharge is required to authorize a recheck and only then will the application allow a new result to be rendered. The new result will be a new record in the database. Thus audit trail is made possible.

As the product is customizable and scalable, electronic signature functionality can be configured to the product.Hence the product access can be said to be under controlled environment.

8) Use of device checks to determine the validity of the source of data input or operational instruction

At present, the system does not pick up data from any device which could have resulted in the requirement of validity of source data. Hence this check is not required to be implemented.

Secondly, the operational instructions or procedural write ups for the lab are embedded in the system by the authorized person only. These write ups of processes can be referred to by the analyst, online in the system during the course of his work thus eliminating the risk of referring to invalid instructions.

9) Determination that persons who develop, maintain, or use electronic record/electronic signature systems has the education, training, and experience to perform their assigned task

The software solution company i.e. Progile Infotech Private Limited, Pune ensures that an adequate training is given to the users at the time of installation and all users are required to be present at training session.For a couple of months the company provides all possible support to the users of the system to ensure that the system shall be used in the proper manner.

Progile Infotech has a policy to get the Annual Maintenance Contract awarded after a period of 90 days from date of installation, whereby the support can continue.

Moreover, it advises the clients to deploy right people for the right job to avoid unintended operational errors and difficulties.

10) The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures

The application shall establish an audit trail and will display individual accountability.

The client shall be advised accordingly and the documents establishing this accountability can be made within the organization.

11) Use of appropriate controls over systems documentation

All controls and checks are already placed within the product. The masters control all critical parameters required for the product.It is important that the administrator of the system adheres to the implied discipline. All sections of the application are secure. As regards Progile Infotech, it keeps appropriate control over its own system documentation. ies.