Agilent SDA User Manual

White Paper

Support for 21 CFR Part 11 and
Annex 11 Compliance: SDA Module
for Agilent ICP-MS MassHunter
Software

Overview

Part 11 in Title 21 of the US Code of Federal Regulations (commonly referred
to as 21 CFR Part 11) governs food and drugs in the US, and includes the US
Federal guidelines for storing and protecting electronic records and applying
electronic signatures. The equivalent guidelines in the European Union are
defined in EU Annex 11.

The purpose of these regulations is to ensure the security, integrity and
traceability of electronic records, which includes method information, data,
analytical reports and other records (such as daily performance checks)
asssociated with the operation of an analytical instrument.

Agilent’s ICP-MS and ICP-QQQ instruments are controlled by ICP-MS MassHunter
software. ICP-MS MassHunter supports integration with Agilent’s Spectroscopy
Database Administrator (SDA), OpenLab ECM (Enterprise Content Manager),
OpenLab Server, or ECM XT software to provide users with the tools to ensure
compliance with FDA, European and other relevant guidelines relating to the
handling of electronic records.

OpenLab Server and ECM XT are ideal compliance solutions
for medium-sized and expanding laboratories with multiple
ICP-MS instruments, while OpenLab ECM is suitable for large
laboratories wishing to manage electronic records from
multiple instruments and sites. But the cost and complexity
of these server-based compliance solutions may not be
appropriate for smaller laboratories that require a simple set
of compliance tools to manage records from a single ICP-MS
instrument.

For these smaller laboratories, Agilent's Spectroscopy
Database Administrator (SDA) software provides a lower cost
route to complying with 21 CFR Part 11 and Annex 11. SDA
(which is also compatible with Agilent’s ICP-OES instruments)
is installed on the ICP-MS instrument workstation PC to
provide a simple and cost-effective compliance solution for a
single Agilent ICP-MS or ICP-QQQ instrument.

In common with OpenLab Server, ECM XT, and ECM
integration, the control of user access to the ICP-MS
MassHunter workstation and recording of application and
workstation audit trails is performed by ICP-MS MassHunter’s
User Access Control option using OpenLab Shared Services
(OLSS) functions.

Overview

Compliance with regulations is a key aspect of an analytical
laboratory’s operation in many industries, such as
pharmaceutical manufacturing, where the principles of good
manufacturing practice (GMP) apply.

The 4 components of compliance related to analytical
instruments are:

– Design qualification (DQ), manufacturing quality control,

lifecycle management and documentation, and
installation and operational qualification (IQ/OQ), for
analytical instruments and their software.

– Control of user access to the workstation for instrument

control and data processing (restricted user logon access
with password protection).

– Electronic records security, integrity and traceability

(secure storage, file versioning, audit trail, electronic
signatures, and archive/retrieval).

– Control of system operation, performance verification

(PQ), physical access to the laboratory and associated
equipment, Standard Operating Procedures, training and
records.

Compliance for Agilent ICP-MS Systems

The first of the compliance components must be
demonstrated through the manufacturing quality records
and equipment validation certification of the instrument
manufacturer.

Design Qualification

Regulated laboratories must ensure that equipment they
use has been designed, manufactured, tested, installed and
qualified under an acceptable Quality Process.

In the case of instrument software, this means that
the instrument manufacturer must be able to provide a
Declaration of Product Validation, to confirm that their
software supports user requirements for certification under
21 CFR 58 (Good Laboratory Practice), 21 CFR 210 (Good
Manufacturing Practice for Drugs), or 21 CFR 211 (current
Good Manufacturing Practice for finshed pharmaceuticals). In
Europe, the equivalent GxP requirements are covered by ISO
standards and ICH guidelines Q8, Q9 and Q10. An example
of the Declaration of Product Validation for Agilent’s ICP-MS
MassHunter software is shown in Figure 1.

Installation and Operational Qualification (IQ/OQ)

Once delivered to a user’s laboratory, further qualification
checks must be carried out, to ensure that the products
delivered match the specified items, and that the system
hardware and software functions as intended by the
manufacturer.

These services are typically performed by the manufacturer
and are referred to as Installation Qualification (IQ) and
Operational Qualification (OQ). IQ/OQ services, which are
often automated, should be available for the instrument
system hardware and for all the software components
required to operate it. Qualification services will typically
include completion of the relevant documentation required to
demonstrate compliance with the regulations.

Examples of IQ/OQ document cover sheets for the Agilent
ICP-MS hardware and ICP-MS MassHunter software are
shown in Figure 1.

2

Figure 1. Examples of a Declaration of Software Quality (left) and IQ/OQ qualification report cover sheets.

Performance and Documentation

To satisfy the fourth component of a complete compliance
solution, the responsible personnel in the user organization
must set up appropriate controls on laboratory access,
ensure that analytical performance is verified for the intended
method, and document the procedures to be followed for
routine operations.

Once the equipment is installed and qualified, analytical
checks, known as System Suitability Testing (SST), are
typically performed using the methods and samples that
will be measured routinely. SSTs confirm that system
performance meets the lab's specific analytical requirements.
Agilent has developed a comprehensive standard operating
procedure (SOP) which can form part of a complete solution
delivered to a laboratory that is setting up pharmaceutical
testing according to USP<232> or ICH Q3D. Other related
products and services, such as sample preparation
equipment and certified calibration standards can also be
supplied, to provide an end-to-end, workflow-based approach
to setting up the new analytical facility.

User Access and Electronic Records

The remaining 2 components (system logon access and
management of electronic records) are typically controlled
by software packages which control and monitor user
access to the workstation, and provide a secure, integrated
system for handling the data and other electronic records
generated during the lab’s activities. These checks are
designed to ensure data integrity and are summarized in
the ALCOA+ principles, which apply to any records created
under GMP controls. ALCOA refers to the fact that records
should be Attributable, Legible, Contemporaneous, Original,
and Accurate, while the Plus (ALCOA+) added Complete,
Consistent, Enduring, and Available.

The user access and data integrity functions are supported
by the User Access Control (UAC /OLSS) option for ICP-MS
MassHunter, together with one of Agilent's compliance software
packages: SDA, OpenLab Server, ECM XT, or OpenLab ECM.

3

ICP-MS MassHunter

Application software controls the instrument for data acquisition

and (re)processing.

User Access Control using OLSS

ICP-MS MassHunter with SDA

The components of the ICP-MS MassHunter/UAC/SDA
software system that provides compliant operation for Agilent
ICP-MS instruments are illustrated to the left. All software is
installed on the standard ICP-MS MassHunter workstation
PC, providing a simple and low-cost setup.

Multi-level user access rights and audit trail settings can be
configured by the laboratory Administrator, or the default
Audit Trail Map (ATM) settings can be used. The ATM settings
define which user levels may perform certain functions and
whether users must enter a password and reason to verify
their access rights for those functions. Database setup
and administration is performed through the simple SDA
configuration pane.

The following table describes how the features and
functionality of ICP-MS MassHunter version 5.x, in
combination with UAC/OLSS and SDA version B.01.0x,
enables laboratories to meet the regulatory requirements of
21 CFR Part 11, EU Annex 11 and other relevant regulations.

UAC /OLSS provides security with configurable, multi-level,

password protected user profiles. Records user logon/ log-off and

actions in audit trail.

SDA Software ICP-MS MassHunter Version

Databases are created by SDA and accessed by the application

software. SDA uses Microsoft® SQL Server® Express 2014.

4