Research SOP: SOP FOR INFORMATION TECHNOLOGY AND DATA MANAGEMENT IN THE LABORATORY

SOP FOR INFORMATION TECHNOLOGY AND DATA MANAGEMENT IN THE LABORATORY

1.0 Purpose:

To ensure effective maintenance of if systems for trouble-free operation of all the peripherals and LIS Installed in the laboratory including upkeep and management of the same to protect data from Infringement, loss, and easy retrieval

2.0 Scope:

The scope of this procedure covers the availability, maintenance, and calibration of the following

a. Computers including peripherals

b. IT and the LIS System

3.0 Reference:

Quality System Manual.

Details:

4.1 Computer Systems & Peripherals Commissioning and Decommissioning

4.1.1 ResearchNeeds provides computer systems and peripherals depending on the use/requirement of the personnel. The type and configuration of the system are decided based on the requirement of the user and is approved by the Director.

4.1.2 It is the responsibility of the IT- Personnel to make the management aware of the latest systems and current software packages available in the market.

4.1.3 A List of all computers and peripherals Installed at ResearchNeeds is prepared and maintained by IT personnel. All the computers and peripherals are uniquely numbered for the purpose of Identification this list is revised when the new system is added or the old system is removed. The list also includes any additional privileges given to any user like internet of purchased software etc.

4.1.4 Decommissioning of the System: In case of any system is faulty or not as per the required configuration. The same is informed to the IT section. If the section would analyze the system and cost Involved in the repair/ upgrade of the system and present it to the management. After approval, the same is repaired/ upgraded. In case the repair / up gradation cost is not justified or the system is beyond repairs, the decision is taken to dispose of the system and purchase a new system.

Log of IT asset is maintained by the if section along with details of decommissioning if any in the format.

4.2 Preventive Maintenance & Breakdown servicing of Installed Computers & Peripherals:

4.2.2 Maintenance of computers and peripherals is the prime responsibility of outsourced form. The routine maintenance of Installed computers is taken care of by a visiting engineer for the purpose. In case of any breakdown, the user functional head Initiates the Company representative to rectify the fault. In the absence of the visiting engineer assigned to ResearchNeeds, backup personnel assigned by Progressive attends to the compliant/ breakdown call,

A log is generated for every breakdown/complaint generated and rectification of the same in the following format

CALL DETAILS

Case No.:

Log Date & time:

Log By:

User Email:

Phone/Ext No.:

Department:

COMPLAINT…….

Service Line: Severity:

Assigned To: Progressive Factory

Complaint Category:

Complaint Type: Case Detail:

CALL STATUS..........

Call Status:

Solution:

Comments:

4.2.3 In case any system or peripheral is sent outside the premises for maintenance and repairs, a Gate Pass is Issued for the same. The details of the receipt of the material are noted on the retained copy of the Gate Pass.

4.2.4 Bench Work Instructions for Operation and. Maintenance of the Instrument are available for easy reference of the staff along with the Instrument Manuals

4.3 Data Security of Installed Computers and Peripherals

4.3.1 The computers are protected from unauthorized access by the use of passwords that govern access limitation to Read. Write or Modify functions. The passwords are updated regularly at an interval of 50 days and are under the direct control of respective personnel to whom it is assigned in a unit-specific manner. The system is configured to automatically prompt the user to change passwords before 15 days of expiry. The passwords are defined by alpha-numeric characters. All the computer systems are configured for manual log-in and log-out.

4.3.2 All the computer systems are configured to automatically limit the number of logins. The system gets locked in case the login attempts exceed 5. The record of such failures is generated automatically.

4.3.3 Computers are used as standalone units of single-user function and data from one computer cannot be accessed from another computer unless any data is shared for specific use: This ensures that data/ Information confidentiality is maintained at all times. All the computers are programmed for auto lock within 2 minutes of the computer being ideal.

4.3.4 When an employee leaves an organization, their access to software/ computer system is blocked following mall from HR. The details of the handover are recorded in 'IT services form- ……… of the procedure manual-HR

4.3.5 Computer programs are checked for proper performance when first Installed and after any changes or modifications. Any changes or modifications to the systems are monitored on a regular basis by the IT section which includes, but is not limited to unauthorized software installation, usage of personal laptops, access to unauthorized websites, unauthorized data transfer, etc. For the internet security firewall is in place and unauthorized access is not allowed.

4.3.6 All the routes of data transfer like USB Interface. Floppy drives and CD drives are blocked by IT team. In case any port or interface is opened for use like backup/ transfer of data, the same is authorized by the respective section-in-charge and after the completion of work same is again blocked. A record of any such event is maintained by the personnel - IT systems.

4.3.7 Systems attached to any measuring Instruments / equipment sare maintained by the respective vendor for the Instrument, Care is taken to Include all such major instruments under AMC.

4.3.8 It is the sole responsibility of the Section-in-charge to take backup of the data stored in the systems attached to any instrument/ equipment. The schedule of the backup is decided based on the usage of the system and the frequency of data generated. The backup is taken either in pen drive or hard drives provided to respective section-in- charge for that matter. Apart from taking back up on the hard drive a copy of the same is transferred to "File server' allocated to each section-in-charge. A record of the same is kept with each section-in- charge.

4.3.9 Any changes to the computer systems are restricted and the laboratory director or designee approves all changes, additions and deletions in programs, and major computer functions before they are released. For any modification, requisition is accepted through written document either in form of email or circular, Also, confirmation is taken from the originator of change request. Record of any such communication is retained for at least two years beyond the service life of the system.

4.3.10 Restricted entry to server room ensures prevention of un authorized access to the server and related peripherals. Log of any person visiting the server is maintained by the IT section

4.3.11 The laboratory maintains the disk space log when a new system is issued to user. The capacity provided is ensured that it should be enough to meet the need of user.

4.4 Laboratory Information System: Maintenance, Security and Data Management

A Maintenance & Up gradation

Step wise Instructions for operation of Laboratory Information System have been laid down for easy understanding and operation of LIS apart from the User Manual provided by the vendor

4.4.2 The users are trained to use the LIS and in case of any change or updating the software, same is communicated to all the users either via circular or during training sessions, in house IT personnel are trained by the vendor who in turn train the users

4.4.3 The up gradation and major maintenance is done by the vendor Busy Soft' Minor maintenance and Inclusion of data like client list, pricing and updating list of tests are done In-house by the IT section

4.4.4 All the users are given login ID and password specific for them which they need to change before expiry. The access rights are defined by respective section heads depending on their role in the dept.

4.4.5 Requisition for new test code and user ID in the US is forwarded in the respective formats to the Head - Lab Systems after approval from Lab Director. The Head-Lab Systems then verifies the correctness of Information provided before generating a new test code or user ID and authorized If personnel executes the same.

4.4.6 The users of the software are given security rights depending on their role in the organization and the same is approved by SIC and C.O.O before implementation: Accessioning team is given rights to perform accessioning of patient data and orienting of reports. Technical team is given rights for result entry and only SICs are authorized for report authentication and modification in patient results. The e signatures are appended to the report only after final authorization by the respective section in charge. The e signatures are in secured format such that it cannot be copied in soft form from the US Record of the authorized signatories is maintained by the IT personnel along with areas specialized to which they are authorized

4.4.7 All the patient report before release are verified and validated by respective section in charge to check the result against a defined reportable range and critical results for the fest, and ensure that the appropriate number of decimal places are present. Also during validation, correctness of result entry is checked against the worksheet(s) of the patient. For any unacceptable specimen, report is released with the comments on specimen quality Auto-verification of reports is not done.

4.4.8 Any modifications and deletions are recorded automatically by the software and con be verified by monitoring audit report gered bby the software which das species the me and details of user and the system Proved Any change in the entry is authorised by the respecte section in charge and Head Lobi tystems the audi tras con only be generated by authorised if personnel and of other uses are bored fom activity

B Downtime and Data Retrieval

4.4.9 Any issues related to software are communicated to the Head Lab systems who in turn communicate the same to Bury Soft' in case of any minor change in the software the vendor sends the e the via mall to head lab systems and authorized personnel if the responsibility of to update the excel file on systems of all the use A record of the some is maintained

4.4.10 Downtime is planned and documented via mail or circular to minimize interruption of service the schedule of the downtime is planned in off-work hours or at least-won hours. The delay in reporting if any is informed to all customers during partial or complete downtime and recovery of the system

4.4.11 After partial or complete shutdown and recovery of systems, the dummy patient registration and reporting is done to ensure complete recovery of data and ensure proper functionality of the software Downtime register is maintained and the procedure of restoring & documenting.

4.4.12 In case of unscheduled downtime, if required, the reports are released in Word/excel format to meet the set TAT

C Data Security

4.4.13 Unauthorized access to the server and inducement of any changes & prevented by restricting access to the server room, A log of any personnel visiting the server room is maintained in the absence of any if personnel in the server room a kept locked, Backup up key for emergency purposes available with the security guard

D Data Back up and retrieval

4.4.14 Data back done daily, weekly basis and monthly basis is maintained at the remote location to ensure the preservation of data ResearchNeeds has an agreement with '………' and '…….’ to maintain and preserve dala at the remote location. Daily and weekly Data back-up media/ mass storage drive is sent to 'Rouse Avenue' dolly by the IT personnel, Monthly data back-up media/ mass storage drive for yearly retention is sent to ……IT's copy of the gate pass is retained with I section. This procedure also helps in the preservation of data and equipment in case of an unexpected destructive event leg., fire, flood). software failure and/or hardware failure, and for The timely restoration of service.

4.4.15 Once in a month, stored data is checked for its completeness, For the same, one of the old patient reports, stored in backup data is randomly selected and retrieved by if person and then it is cross-checked for its completeness Including patient demographic, final result, Interpretive comments footnote, original reference ranges by Head lab systems. The comparison is made with the report saved in current data and the log of the same is maintained. Only when the two reports are the same, They are accepted. In case of any discrepancy. The manufacturing team is Informed.

4.5 Environment Conditioning & General Upkeep Management:

4.5.1 Suitable arrangements are planned and Implemented for provision of good work environment & security provision by management. This is to ensure following:

a. Sufficient space.

b. Latest and upgraded systems.

c. Safety of server room.

d. Optimized environmental conditions

e. Adequate back up.

f. Appropriate fire fighting equipments

g. Appropriate environmental conditions

4.5.2 Uninterrupted power supply: All servers, bench desktops, laptops, printers are connected through Uninterrupted Power Supplies to avoid any kind of surges and unconditioned power. The server room gets power from UPS. The UPS is being monitored on regular basis.

5.0 List of Formats & Records:

List of computer/ peripherals and status

Requisition for generating New Test Code in US

Requisition for generating new User ID in LIS

log of weekly retention- daily back up Log of monthly retention-weekly back up

log Yearly retention- monthly back up

Log-Temporary access to data transfer ports

Log-Up-gradation of the LIS

Log if data back-up from instruments and equipments

Log of personnel visiting Server Room

Record of List of computer/.peripherals and status

Record of Requisition for generating New Test Code in LIS