ThermoFisher Using Chromeleon 7.3 CDS User Manual

The world leader in serving science

Using Chromeleon 7.3 CDS to comply with regulations

2

3

Agenda

4

Data

Technical Controls
Procedural Controls

Qualification

• Compliance layers

• Compliance must be combination of technical and procedural controls

Built for Compliance

Data

Technical Controls
Procedural Controls

Qualification

5

• Software must be capable of 21 CFR Part 11 compliance

• Compliance can be considered

in four categories:

• Security

• Access control and data security

• Record Management

• All data stored, controlled

and archived

• Audit Trails

• Traceability of all actions in CDS

• No loss of productivity

• Qualification

• Verify correct performance

• Time/costs must be minimized

Built for Compliance

6

• Multiple levels of access security

Built for Compliance – Security

Data Vault

Data Vault

Service

Raw Data Files

SQL Server

or Oracle

Database

User

Management

Service

License Service

Local System/IT Administrator

User Database

License File

Instrument

Controller

Instrument

Configuration

Scheduler

Windows User

Chromeleon CDS User

Chromeleon CDS Administrator

Chromeleon CDS Super User

Increasing security

Instrument

Configuration

Manager

Administration

Console

Console &

Studio

Relational
database

7

• Comprehensive user management

• Create unlimited users, roles and

access groups

• Role is collection of privileges

• Defines what user can and cannot do

• User can be assigned different roles

• At login can choose an assigned role

• Access and roles can be controlled at

every level

• Data Vault, Folder, Instrument

Built for Compliance – Security

8

• Data security

• No loss of data and 24/7 lab uptime with

Network Failure Protection (NFP)

• License and User Management information cached locally

• Instrument and user licenses always available

• Users can always logon and continue to work

• XVault technology ensures continuous operation

• NFP mode automatically enabled at network failure

• Uninterrupted data acquisition

• After network recovery, data automatically uploaded to central server

• User can log on to instrument controller to view and edit running queue,

submit new analyses, process and report data

• User management active to ensure data security

• All information and actions are audited and traceable to protect data integrity

Built for Compliance – Security

Network

Data Vault

Chromeleon CDS

Workstation

Instrument

Controller

9

• Flexible data organization options

• Integrated electronic signature functions

• Automatic scheduler tool for archiving

• Exporting in FDA-approved formats

Built for Compliance – Record Management

10

Flexible Data Organization

• Data Vault concept

• Mount multiple Data Vaults

• Local, regional and/or global

• Mount Chromeleon 6 CDS

Datasources

• Controlled access

• Flexible folder structure

• Can organize by anything, e.g.

project, location, date, user,
instrument, etc.

• Controlled access

Built for Compliance – Record Management

Flexible folder structure

11

Electronic Signatures

• 3 Levels of signature Submit, Review, Approve

• Applied to electronic report

• Complete sequence protected by checksums

• Controlled by privileges

Built for Compliance – Record Management

12

Built for Compliance – Record Management

Scheduler for Automatic Archiving

• Automatically move data by combining powerful injection queries with the Scheduler

• Easily organize your system

13

Exporting

• Chromeleon CDS provides automatic printing or

exporting of sequence results with just two clicks

• Print or export results in various formats, e.g.

• PDF or spreadsheet for client

• Result export as text or GAML file for LIMS

• Multiple output formats for all purposes

• Text (TXT, CSV)

• Excel (XLS)

• Portable document format (PDF)

• Generalized Analytical Markup Language (GAML)

• AnDI/NetCDF (CDF)

• Raw File (RAW)

• Chromeleon Data File (CMBX)

Built for Compliance – Record Management

14

• Qualification vs. validation

• Qualification – prove and document that systems are

properly installed, work correctly, and comply with
specified requirements

• Directly related to equipment, systems or software

• Validation – document evidence that assures a process

will consistently produce results within specifications

• Directly related to the process

• Qualification is part of validation

• Regulatory agencies take view that end-users of CDS are

responsible for its qualification and validation

Built for Compliance – Qualification

Quality is not an act; it is a habit.

— Aristotle

15

Built for Compliance – Qualification

• Deliverables

• IQ plan, test scripts, report

• Functional Requirement Specifications

• System Configuration Document

• Project Plan

• Validation Plan

• OQ plan, test scripts (i.e. val kit), report

• User Requirement Specification

• PQ plan, tests, report

• Traceability Matrix

• Validation Report

ResponsibilityType

Qualification
Validation
Validation
Validation
Validation
Qualification
Validation
Qualification
Validation

Validation

















16

• Chromeleon CDS provides complete set of qualification procedures

• Certificate of Validation

• Automated Software IQ and OQ

• Automated Instrument IQ, OQ and PQ

• Automated System Suitability Testing

Built for Compliance – Qualification

• Qualification processes are fully automated

• Occasional, minor manual interaction for instrument IQ/OQ

(e.g. pump priming)

• Qualification can be performed in as short a time as possible

• All processes are available as standard

• Requalification can be performed by the customer

• Ensures down time and cost is kept to a minimum

17

Agenda

18

• What is “data integrity”?

• Completeness, consistency, and accuracy of data

Built for Data Integrity

Attributable

•Who did what,
when?

Legible

•Readable

throughout

lifecycle

Contemporaneous

•Recorded at time of
activity

Original

•Original record or
certified copy

Accurate

•Data with no
errors or

undocumented

editing

Complete

•All data including

repeat or reanalysis

Consistent

•Date/time stamped
in expected

sequence

Enduring

•Recorded in

enduring media

throughout lifecycle

Available

•Accessible for
review/audit

throughout lifecycle

ALCOA+

19

Built for Data Integrity

Data Integrity and Compliance

with Drug CGMP

• Data integrity for electronic records is not new

20

Built for Data Integrity

• Data integrity guidelines 2015 & 2016 from FDA, MHRA, CFDA & PIC/S

• Clarifies role of data integrity in current good manufacturing practice

(CGMP) for drugs

• Contains current thinking on creation and handling of data in

accordance with CGMP requirements

• FDA data integrity guidelines Dec 2018

• Introduces need for regular audit trail reviews

• US Food & Drug Administration (FDA)

• International Society for Pharmaceutical Engineering (ISPE)

• Medicines and Healthcare Products Regulatory Agency (MHRA)

• European Medicines Agency

• China Food and Drug Administration (CFDA)

• World Health Organization (WHO)

• International Council for Harmonisation of Technical Requirements for

Pharmaceuticals for Human Use (ICH)

• Pharmaceutical Inspection Co-operation Scheme (PIC/S)

21

Audit Trails

• What is an audit trail?

• “Secure, computer-generated, time-stamped

electronic record that allows for reconstruction
of events relating to creation, modification, or

deletion of an electronic record.”

• “Electronic audit trails include those that

track creation, modification, or deletion of data
and those that track actions at the record or

system level.”

The chronology of “who did what,

when, and why” of a record

Built for Data Integrity

• Audit trails are critical requirement of

electronic record regulations

• Enable detection of non-desirable activity

• Provide tool that influences users’ behavior

• Ensure data integrity

• Regulators use audit trails to review

trustworthiness of presented data

• They are aware of available audit trails and

expect to see them:

• Enabled

• Configured correctly

• Part of data review or periodic review cycle

22

• Chromeleon CDS version 7.2 already introduced many

compliance features to capture the ‘who, what, when
and why’

• 11 audit trailed areas

• Comprehensive user management

• Privileged Actions

• Version comparison with roll back

• Read-only Studio viewer

Built for Data Integrity

23

• Audit Trails

• Chromeleon CDS provides industry-leading

audit trails

• 11 audit trailed areas

• 3 main audit trails

• Instrument

• Data

• Administration

• All audit trails can be stored and

managed centrally in Chromeleon CDS

Built for Data Integrity

Instrument

Injection

Instrument

Config

Data

User

Administration

Station

Domain

Data Vault

eWorkflows

Org

Units

Global

Policies

Instrument

Data

24

• Audit Trails

• Chromeleon CDS provides industry-leading

audit trails

• 11 audit trailed areas

• 3 main audit trails

• Instrument

• Data

• Administration

• All audit trails can be stored and

managed centrally in Chromeleon CDS

Built for Data Integrity

Instrument

Data

Administration

25

Built for Data Integrity

• Data Audit Trail

• Log of all changes within Data Vault

• Separate audit trail maintained per Data

Vault and per data object, e.g., folder,
sequence, injection, etc.

• Injection audit trail logs all information

recorded for a specific injection

• Stored with & locked to raw data

26

Built for Data Integrity

• Instrument Audit Trail

• Daily event log per instrument

• Records all instrument operation events, e.g.,

system events, pre-run settings, commands
and errors

• Log of changes to instrument configuration

27

Built for Data Integrity

• Administrative Audit Trails

• Domain Resources

• Data Vault Manager

• eWorkflow Tags

• Station

• Global Policies

• Organizational Units

28

Privileged Actions

• Require authorization for specified actions

• Ensure users add appropriate comments for specified actions – enforcing the “why?”

• Use standardized comments or free entry

Built for Data Integrity

29

Version Comparison with Roll Back

• Show Changes

• View two object versions side by side

• Changes in objects easily identified

by symbols

• Restore

• In Data Audit Trail can roll back to

previous object version

• Restore is not permanent until saved

• Save creates new version

Built for Data Integrity

Change

Addition

Deletion

30

Built for Data Integrity

Read-only Studio Viewer

• Studio

• View object version in a read-only

Chromatography Studio session

• Selected item (e.g., injection, chromatogram,

Processing Method, Instrument Method,
Report Template, etc.) is automatically opened
in a read-only Studio window

31

Built for Data Integrity

• Selected version of sequence shown

in caption

• Easy visual comparison of results

• All sequence objects are read-only

except View Settings

• View Settings can be changed but

not saved

• Allows secure data review with zooming,

changing panes, resizing, etc.

32

Different Verisons

Different Versions

Built for Data Integrity

Identify Changes

Identify Differences

Read Only

• Open multiple read-only Studio sessions to compare different versions

33

Built for Data Integrity

• Compliant customers need to prove (regular) audit trail reviews

• Chromeleon 7.3 software provides framework

• Configurable Audit Trail Events to highlight specific use cases

• Connects Data, Instrument and Admin audit trails

• Workflows to search and report Audit Trail Events

34

• Audit Trail Events (ATE) configured in Admin Console (global policy)

• When new sequence created, ATE configuration is copied to sequence as read only. From that

point, sequence defines which ATE are recorded and which not

Built for Data Integrity

35

• ATE recorded in Data Audit Trail of Sequence

• Every Data Audit Trail record may have one or more events

Built for Data Integrity

36

Built for Data Integrity

• Audit Trail Query capability

• Executed via database Query

• Faster than normal Query

• Will also search for ATE

37

• Two report tables

• Configured ATE in sequence – shows which ATE were configured or not

• Recorded ATE in sequence – shows which events did and did not occur

• Option to show details of changes – old and new values

• Can be embedded in printouts / electronic reports

Built for Data Integrity

38

Agenda

39

Chromeleon CDS – Making Compliance Easier

Chromeleon CDS Delivers Ease of Compliance

and Chromeleon CDS has passed 1000’s of regulatory audits

Easy demonstration of

compliance during audits

Audit trails with Query

Version comparison

Audit Trail Events

Advanced reporting tools

Effective monitoring to

enhance behavior

Easy data review with

sequence-centered structure

Injection & audit trail queries

to detect potential issues

Login & logout auditing

Monitoring
Adherence

Comprehensive set of tools

Easy, centralized administration

User Management with reduced

admin settings

Electronic Reports

and Signatures

Technical

Controls

Technical

Controls

Demonstration

of Compliance

40

For more information on Chromeleon CDS software visit:

thermofisher.com/chromeleon

Like Charlie Chromeleon on Facebook to follow

his travels and get important updates on

chromatography software!

Join the LinkedIn customer forum to discuss

Chromeleon CDS with us and your industry peers.

Facebook.com/CharlieLovesChromatography Chromeleon CDS User Group

41

Thank You!