Home | Contact Us | Newsletter | Usersclub | Books | Audio Seminars

Labcompliance News, March 2002

March 18, 2002

Using Spreadsheet and Macros in a Regulated Environment

Spreadsheets are frequently used in regulated laboratories and production environment. They need to be validated and comply with 21 CFR Part 11 and other regulations. This is spelled out in the FDA part 11 validation guidance: "End users should validate any program macros and other customizations that they prepare" .

Missing or inadequate validation of Macros and Spreadsheet programs has also been subject to citations in FDA Warning Letters. Examples are: "No validation of Excel (073)", "No validation of spreadsheet (071), "No validation of spreadsheet, ... this off-the-shelf software shall be validated for its intended use (070). "There is no documentation covering Excel application software, or any procedures instituted covering the protection of electronic records (069)", "Failure to have an adequate validation procedure for computerized spreadsheets used for in-process and finished product analytical calculations (063)", "QA/QC Spreadsheet Validation, is deficient in that only a small range of values are being used to challenge computerized spreadsheet mathematical calculations (063)".

Labcompliance Users Club members can download five FDA warning letters cited above. Non members can preview extracts. To preview extracts and to order users club membership, click here.

March 04, 2002

NIST Releases Security Guide

The National Institute of Science and Technology (NIST) recently published a document titled "Security Self-Assessment Guide for Information Technology Systems." Although intended primarily for government agencies, NIST says "private-sector organizations may also find the self-assessment approach a valuable tool." The document features an extensive questionnaire containing control objectives and suggested techniques against which the security of a system or group of inter-connected systems can be measured.