The implementation of a quality management system is major step for many laboratories, which want to ensure the consistent quality of their products and services. Consequently, the certification of ISO Standards is for many laboratories an essential component of the organizational culture, as successfully receiving the certification, organizations can present their customers with external evidence of the implementation of the quality standards. In some fields, for example medical engineering, the certification is even compulsory.
Software solutions can help to reduce the effort and costs as far as preparation and implementation of the certification and working in the certified environment is concerned. In this Whitepaper, we will explore which principles are the most important ISO Standards for laboratories to follow, and which requirements are related to laboratory management and documentation.
A brief list of information about what makes a laboratory ISO compliant and other benefits of using an ELN can be found here.
On the basis of worked examples from labfolder’s digital laboratory notebook, we can see how a specialized software solution can facilitate preparation, implementation and execution of a certification.
*If you would like to have the ISO compliance information as a file, you can get a free access of the PDF version of this whitepaper here:
Standards relevant to laboratories
ISO Standards have been produced by the International Organization for Standardization with the aim of providing internationally uniform and acceptable standards. For laboratories, the following standards are particularly relevant:
This standard is a general quality management standard for organizations from all associations and fields, and therefore one of the standards with the most certifications worldwide. ISO 9001 also builds the foundations for the standards specific to particular sectors.
(Medical equipment manufacturer)
The implementation of this standard is prescribed for medical equipment manufacturers due to certain regulations. Also, while ISO 13485 is a separate standard, it is still based on ISO 9001 but provides further criteria related to the specific field.
(Medical and diagnostic laboratories)
This standard is also derived from ISO 9001, even if it is implemented independently.
(Testing and calibration laboratories)
Similar to the ISO 13485 and 15189 standards, this standard is independent and derived from ISO 9001.
Principles and implications of quality management systems
Laboratory relevant ISO Standards all follow the same principles, meaning they result in harmonized requirements for organizations who implement the ISO Standards:
Quality management systems are all driven by processes. Therefore, processes are an essential component of all QM systems according to ISO Standards established processes, which are implemented using the PDCA cycle (Plan, Do, Check, Act). The subsequent steps are followed and repeated:
Plan: Processes are planned by analyzing the situation, by following the process requirements and deciding on the potential improvements.
Do: Processes are examined on their validity in a test environment, i.e. how effectively they meet the requirements.
Check: The results of the validation are reviewed and the process is either approved (after successful validation) or improved further.
Act: The validated process is defined on a wider scale as a standard process and is made available to all the users within the organization.
By following the process approach, it is necessary to document the processes in all of the phases of the PDCA cycle, together with their current validation status.
Therefore, digital laboratory management systems in ISO certified laboratories have to be capable of indicating document process descriptions concerning their validation status. In the course of the validation process, a read and/or write access has to be ensured for different groups of people.
Since quality management systems develop the efficiency of the entire organisation, all the members of the organisation focus on QM systems. With these, it must be ensured that:
- The management and all of the employees commit themselves to the quality management.
- The various roles with different responsibilities are allocated, e.g. the management role is split between the responsible laboratory manager and the QM representative.
- Documentation of the QM system is made available to all employees, depending on their role.
- Processes, including the process changes and the relevant documents, can only be implemented by the appropriate, authorized and qualified employees.
Hence, for digital laboratory management systems in ISO certified laboratories, the requirements, organization structure, roles, rights and the sharing of documents can all be managed.
ISO certification and documentation
A prerequisite for the implementation of ISO standards in laboratories is the creation of an infrastructure. Therein, the processes in documents can be described, and the validation status can be recorded and changed.
Write access to documents in various validation stages can only granted to employees, who, within the organisation’s structure, have been assigned the appropriate rights (e.g. QM manager).
The digital laboratory management system has to be also able to make the standard processes easily accessible and to integrate them effortlessly into the existing laboratory documentation. A system dedicated rights and role management also ensures that only authorised employees have access to the relevant standard regulations and protocols.Therefore, the requirements of classic laboratory documentation overlap with the requirements of documentation in ISO certified laboratories, especially when using a uniform system also clearly reduces effort.
Thus, labfolder has integrated functions into its digital laboratory notebook, which meet the common requirements of classic laboratory documentation; requirements of documentation that keep to ISO standards in the laboratory; and requirements of the ISO standards all on one unified platform. With this, a considerable amount of resources can be saved, as labfolder adheres to the documentation requirements without creating extra effort.
Requirements and functionalities in documentation
(according to ISO Standards)
In the ISO certified environment, whatever the standard may be, the following information and documents must be maintained:
- A quality handbook, in which the scope of the QM system, regulations for the process validation and for the document management and the definition of the roles has been detailed.
- Process regulations (Standard Operating Procedures, SOPs) in the respective validation status, including the appropriate authorizing person.
- Validated materials and equipment, including the authorizing person.
- Data from the processes, that can be collected for a process validation or optimization.
- Documentation from nonconformities within the analysis and production process.
- The organization structure, including the responsibilities of the employees within the QM system.
The requirements regarding these documents and their maintenance appear in the ISO Standards as the following:
Documents, test results and calibration certificates must have a title.
Example: In labfolder, every document can be assigned a title, that will be displayed in the document overview.
Date of the document, date of modification and date of validation/invalidation
For all the documents above (laboratory records, SOPs, validation protocols, calibration protocols and for the quality handbook), the time of creation, modification, validation and invalidation must be recorded.
Example: labfolder automatically adds a timestamp, to every document within the platform. The timestamps record when the document was created and the last time it was modified. Furthermore, additional timestamps can be added, depending on the user’s wishes. Digital signatures according to CFR 21 Part 11 are also labelled with a timestamp. For every document, all changes, including the timestamp in the Full Audit Trail of the document, can be held accountable.
All documents within the QM must have their own specific ID.
Example: labfolder assigns a unique ID to all documents. Additionally, a unique code composed of the relevant project and serial number is generated and added to the document.
Document access authorization
Versions can only be edited by the same authorized person.
Within the versioning and validation cycle of a document, only the person that has made changes, within the framework of the QM system within the organization’s structure, has the right to modify an entry.
Example: In labfolder within the sharing settings (e.g. which corresponds to a part of the validation process), documents can only be edited by an author, who possesses the appropriate rights. After the editing has be completed, the document can then be passed on and edited by other authorized persons.
Paper based documents (e.g. reports etc.) must have clearly marked page numbers, that reference to the exact page, including sections like the modification history.
Example: In labfolder’s digital format, the page numbers are not essential. However, when exporting and printing documents, serial page numbers are automatically added.
Documents have to contain information on who produced them.
Example: labfolder automatically adds information on the author to every document.
Documents have to make the names of the authorized persons available.
Example: labfolder has different document sharing settings, meaning the authorized person immediately gains permission to access them. This means the documents can also be organized into folders, making it easy to share and access increasing amounts of data. For SOPs, that are used very regularly, there is a dedicated area in labfolder which greatly facilitates sharing and the use of SOPs.
Full Audit Trail
All changes made to documents should be visible, including information on who the document was altered by and when.
Example: labfolder creates a Full Audit Trail for every document, which records the changes, including information on the time and author.
Invalid documents have to be rendered and marked as invalid.
Example: labfolder allows “Deletion under restrictions”, where invalid documents, like SOPs, are marked and no longer usable. However, while marked as unusable, all of these documents and versions still exist and cannot be permanently deleted.
All documents have to be managed in a “Master list”.
Example: labfolder has an “archive” button for all document categories, in which the entries are archived and individual entries can also reappear. In this overview, all the validity information is available, such as validation status, authors, dates etc.
Process regulations and SOPs have to be revised at regular intervals and actualized.
Example: Because of the timestamps on every document, it is easy to check whether a revision is due. Authorized persons are referred to the date of the revision in a task management system within labfolder.
Validation of the laboratory management software
(in certified laboratory environment)
A laboratory management software, like labfolder, has to be validated in a ISO certified environment, just like other materials and equipment, that are also used in the laboratory. Within the software validation context, no new functions are developed, there is instead a validation review. As part of this validation process, the following phases are completed:
Phase 1: Specification of the requirements and of the system tests
In this phase, the software is validated based on the demands within the laboratory environment . With this, it is also established, which functions will take on which tasks within the organisation.The execution of these security measures is also validated in this phase, like particular software requirements. On the basis of this analysis on critical paths and functions, a risk assessment is then carried out. At the end of phase 1, the tests for approval and the processes for maintenance and discontinuation of the software are specified.
Phase 2: Processes for design and implementation
In this phase, the design of the software in regard to the requirements, is examined. An active development process is part of the validation. Therefore, in this phase, either the processes within developing functions, or the technical details of the implementation, are specified. Processes for a design change as a corrective measure are also specified in this phase.
Phase 3: Inspection and test
In this phase a test plan is created, in the framework of the criteria that is established for a successful validation. After the validation of the test plan, the relevant tests are carried out.
Phase 4: Security measures
In this phase, processes for the detection and the documentation of nonconformities within the software are specified. For both newly found and well-known nonconformities, workarounds are specified.
Phase 5: Installation of the software
As part of the installation phase, the software installation is prepared, tested and after, depending on the test plan, validated.
Phase 6: Performance measuring, maintenance and closure
In this phase, processes for the continual measuring of performance and the conformity to the software are specified. Processes, which are necessary for software maintenance, are also established in this phase, which contributes to the software optimization. Additionally, in this phase, processes for the upgrade as well as the discontinuation of the software are implemented, if the situation should arise.
Software validation ensures that the software constantly fulfills its requirements and continually delivers consistent results.
labfolder supports the validation and implementation of the laboratory management software by means of a validation protocol, that you can easily install and execute validation and make additions to the quality handbook while saving resources.
In all of the phases of the certification and continual implementation of a quality management system, according to the ISO, it is possible to reduce costs and effort, through the use of labfolder, a specialised software for digital laboratory management.
Do you have further questions about digital laboratory management in ISO certified laboratories? Contact us! Our experts are happy to personally help you at any time.