Difference between revisions of "User:Shawndouglas/sandbox/sublevel22"

From LIMSWiki
Jump to navigationJump to search
(Blanked the page)
Tag: Blanking
(41 intermediate revisions by the same user not shown)
Line 1: Line 1:
<div class="nonumtoc">__TOC__</div>
{{ombox
| type      = notice
| style    = width: 960px;
| text      = This is sublevel22 of my sandbox, where I play with features and test MediaWiki code. If you wish to leave a comment for me, please see [[User_talk:Shawndouglas|my discussion page]] instead.<p></p>
}}


==Sandbox begins below==
==32. System Validation and Commission==
{|
| STYLE="vertical-align:top;"|
{| class="wikitable collapsible" border="1" cellpadding="10" cellspacing="0"
|-
  ! colspan="2" style="text-align:left; padding-left:20px; padding-top:10px; padding-bottom:10px;"|
|-
  ! style="color:brown; background-color:#ffffee; width:500px;"| Regulation, Specification, or Guidance
  ! style="color:brown; background-color:#ffffee; width:700px;"| Requirement
|-
  | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-2-1]<br />[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.8]
  | style="background-color:white;" |'''32.1''' The vendor should be able to demonstrate the use of software development standards, secure coding practices, formal change control, and software revision control within its development practices. The vendor should also document its staff's skills and certifications.
|-
  | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-2-2]
  | style="background-color:white;" |'''32.2''' The vendor should be willing to provide access to source code through a suitable escrow.
|-
  | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-2-3]
  | style="background-color:white;" |'''32.3''' The system should be able to document a summary and evaluation of enterprise performance markers and processes.
|-
  | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-2-4]<br />[https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.3]<br />[https://www.iso.org/standard/66912.html ISO/IEC 17025:2017 7.11.5]
  | style="background-color:white;" |'''32.4''' The system should be well documented by the vendor in comprehensive training material for all aspects of system use, including administration, operation, and troubleshooting.
|-
  | style="padding:5px; width:500px;" |
[https://www.law.cornell.edu/cfr/text/21/11.10 21 CFR Part 11.10 (a)]<br />
[https://www.law.cornell.edu/cfr/text/21/820.70 21 CFR Part 820.70 (i)]<br />
[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-11]<br />
[https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. IV, Sec. 8.6]<br />
[https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. VI, Sec. 8.6]<br />
[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-1/dir_2003_94/dir_2003_94_en.pdf E.U. Commission Directive 2003/94/EC Article 9.2]<br />
[https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.3]<br />
[https://www.iso.org/standard/66912.html ISO/IEC 17025:2017 7.11.2]<br />
[http://www.oecd.org/chemicalsafety/testing/oecdseriesonprinciplesofgoodlaboratorypracticeglpandcompliancemonitoring.htm OECD GLP Principles 4.1]
  | style="background-color:white;" |'''32.5''' The system shall be validated initially and periodically, with those validation activities being documented, to ensure the accuracy, consistency, and reliability of system performance and its electronic records.
|-
  | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-2-2]<br />[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-4]
  | style="background-color:white;" |'''32.6''' The documentation associated with system validation shall discuss all applicable steps of the life cycle, justify applied methods and standards, and include change control records and observed deviations during validation, if applicable.
|-
|}
|}
==33. System Administration==
{|
| STYLE="vertical-align:top;"|
{| class="wikitable collapsible" border="1" cellpadding="10" cellspacing="0"
|-
  ! colspan="2" style="text-align:left; padding-left:20px; padding-top:10px; padding-bottom:10px;"|
|-
  ! style="color:brown; background-color:#ffffee; width:500px;"| Regulation, Specification, or Guidance
  ! style="color:brown; background-color:#ffffee; width:700px;"| Requirement
|-
  | style="padding:5px; width:500px;" |
[https://www.law.cornell.edu/cfr/text/21/11.200 21 CFR Part 11.200 (a)]<br />
[https://www.law.cornell.edu/cfr/text/45/164.312 45 CFR Part 164.312]<br />
[https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d-5)]<br />
[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-1]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.5]
  | style="background-color:white;" |'''33.1''' The system shall provide administrators with a configurable period of time to apply to user access or inactivity before again prompting a user for authentication credentials.
|-
  | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-2]
  | style="background-color:white;" |'''33.2''' The system should provide a means for modifying personnel data in a batch.
|-
  | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-3]
  | style="background-color:white;" |'''33.3''' The system should support the storage of standard and industry-specific data formats.
|-
  | style="padding:5px; width:500px;" |
[https://www.law.cornell.edu/cfr/text/7/331.11 7 CFR Part 331.11]<br />
[https://www.law.cornell.edu/cfr/text/9/121.11 9 CFR Part 121.11]<br />
[https://www.law.cornell.edu/cfr/text/21/11.10 21 CFR Part 11.10 (d)]<br />
[https://www.law.cornell.edu/cfr/text/21/211.68 21 CFR Part 211.68 (b)]<br />
[https://www.law.cornell.edu/cfr/text/42/73.11 42 CFR Part 73.11]<br />
[https://www.law.cornell.edu/cfr/text/45/164.308 45 CFR Part 164.308]<br />
[https://www.law.cornell.edu/cfr/text/45/164.514 45 CFR Part 164.514]<br />
[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-7]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.1]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2.4]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.5]<br />
[https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. IV, Sec. 8.6]<br />
[https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. VI, Sec. 8.6]<br />
[https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.1.14–15]<br />
[https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.2]<br />
[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.2.4]<br />
[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.5.1.2]
  | style="background-color:white;" |'''33.4''' The system shall support the ability to define, record, and change the level of access for individual users to system groups, roles, machines, processes, and objects based on their responsibilities, including when those responsibilities change. The system should be able to provide a list of individuals assigned to a given system group, role, machine, process, or object.
|-
  | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-8]
  | style="background-color:white;" |'''33.5''' The vendor should provide maintenance agreements and support services for its applications and services.
|-
  | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-9]<br />[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-3.3]<br />[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.2.4]
  | style="background-color:white;" |'''33.6''' The vendor shall provide help desk, training, and installation support, as well as high-quality system documentation. The documentation should be reviewed to ensure that user requirements are fulfilled.
|-
  | style="padding:5px; width:500px;" |
[https://www.law.cornell.edu/cfr/text/7/331.11 7 CFR Part 331.11]<br />
[https://www.law.cornell.edu/cfr/text/9/121.11 9 CFR Part 121.11]<br />
[https://www.law.cornell.edu/cfr/text/21/11.10 21 CFR Part 11.10 (c)]<br />
[https://www.law.cornell.edu/cfr/text/42/73.11 42 CFR Part 73.11]<br />
[https://www.law.cornell.edu/cfr/text/45/164.310 45 CFR Part 164.310]<br />
[https://www.aavld.org/accreditation-requirements-page AAVLD Requirements for an AVMDL Sec. 5.4.4.3]<br />
[http://www.abft.org/files/ABFT_LAP_Standards_May_31_2013.pdf ABFT Accreditation Manual Sec. D-5–D-8]<br />
[http://des.wa.gov/sites/default/files/public/documents/About/1063/RFP/Add7_Item4ASCLD.pdf ASCLD/LAB Supp. Reqs. for the Accreditation of Forensic Science Testing Laboratories 5.4.7.2.1]<br />
[https://www.astm.org/Standards/E1492.htm ASTM E1492-11 4.2.4]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.8.1]<br />
[https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.6]<br />
[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-7.1]<br />
[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-12]<br />
[https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.2]<br />
[https://www.iso.org/standard/66912.html ISO/IEC 17025:2017 7.11.3]<br />
[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.2.1]
  | style="background-color:white;" |'''33.7''' The vendor shall restrict logical access to database storage components to authorized individuals. If providing a hosted service, the vendor should also restrict physical access to database storage components to authorized individuals. (In the case of an on-site solution, the buyer is responsible for limiting physical access to database storage components to meet 21 CFR Part 11, HIPAA, and CJIS guidelines.)
|-
  | style="padding:5px; width:500px;" |[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.1]
  | style="background-color:white;" |'''33.8''' The system shall be able to tag and document an individual, group, and system account as having been validated for regulatory purposes, and remind the administrator or authorized personnel on a configurable schedule when the account should be validated again.
|-
|}
|}

Revision as of 21:23, 5 May 2022