GLP and Digital Transformation
The use of computerised systems is indispensable in technologically well-equipped, competent laboratories. As this has become an integral part of laboratory processes, the security, accuracy, and traceability of electronic data must be controlled. These are crucial aspects within the framework of GLP (Good Laboratory Practice), and we can learn how to implement these points from the GLP Consensus Document No. 10 published by the OECD.
The document 'Application of GLP Principles to Computerised Systems' covers all types of computerised systems used in GLP work. These include:
- Data acquisition and analysis systems
- Laboratory Information Management Systems (LIMS)
- Automated Control Software
- Electronic Archiving Systems
These computerised systems must possess an appropriate design and sufficient capacity, have established suitable procedures for control and maintenance, and be developed and validated in accordance with GLP principles.
Aspects to consider when applying GLP principles to computerised systems
1. Responsibilities: To ensure compliance with GLP principles, responsibilities are outlined in the document as follows: responsibilities of management, responsibilities of the study director, responsibilities of laboratory personnel, and responsibilities of the Quality Assurance Unit.
In brief, management is responsible for ensuring that the computer system is properly developed, validated, and operated, and that policies and procedures for data processing are established.
The study director must ensure that work conducted under GLP is managed and that validated systems are used. In this context, laboratory personnel are responsible for operating the system in accordance with GLP principles.
The duties of the Quality Assurance Unit must be clearly defined in written policies and procedures. This includes system validation, operational processes, maintenance measures, and the evaluation of both acquired and internally developed systems.
2. System Validation: Every computerised system must be validated and documented according to its intended use. Validation ensures that the system functions correctly and consistently.
3. Authorisation and Access Control: It must be ensured that only authorised personnel can access the system; user identities, password management, and role-based access controls must be implemented.
4. Data Integrity and Security: Data must be indelible, unalterable, and logged. An audit trail must be used, ensuring every operation is traceable.
5. Change Control: Every change to the system must be logged and revalidated if necessary. This also applies to software updates.
6. System Backup and Restoration: All data must be regularly backed up and restorable when needed. Backup procedures must be established in writing.
7. System Support and Maintenance: The system manufacturer or the internal IT department is responsible for maintenance, repair, and technical support. All operations must be logged.
8. Training and Responsibilities: Personnel using the system must be trained in GLP and system-related procedures. Responsibilities must be clearly defined according to roles.
9. Documentation Requirements: All documents, such as user manuals, procedures, validation reports, and training materials, must be systematically archived.
10. Collaboration with External Service Providers (Outsourcing): If system services are procured from third parties (e.g., cloud services), their GLP compliance must also be documented and contractually agreed upon.