Difference between revisions of "User:Shawndouglas/sandbox/sublevel3"

From LIMSWiki
Jump to navigationJump to search
(Added items)
Line 221: Line 221:
   | style="background-color:white; padding:5px;" | Through the Records Management module, the Records Management Site [http://docs.alfresco.com/rm2.2/tasks/rm-create-site.html can be set up] to be DoD 5015.2 Standard compliant.
   | style="background-color:white; padding:5px;" | Through the Records Management module, the Records Management Site [http://docs.alfresco.com/rm2.2/tasks/rm-create-site.html can be set up] to be DoD 5015.2 Standard compliant.
  |-  
  |-  
   ! style="padding:5px;" |
   ! style="padding:5px;" | Y
   | style="padding:5px; width:1200px;" |'''1.2.105''' The system maintains date- and time-stamped [[audit trail|audit trails]] of all data manipulation — such as changes to results, data analysis parameters, and methods — as consistent with all applicable regulations and standards, making the information available for review, copying, and reporting to authorized users.
   | style="padding:5px; width:1200px;" |'''1.2.105''' The system maintains date- and time-stamped [[audit trail|audit trails]] of all data manipulation — such as changes to results, data analysis parameters, and methods — as consistent with all applicable regulations and standards, making the information available for review, copying, and reporting to authorized users.
  |-
  |-
   ! style="background-color:white; width:100px;"| Response:
   ! style="background-color:white; width:100px;"| Response:
   | style="background-color:white; padding:5px;" |
   | style="background-color:white; padding:5px;" | As long as [https://wiki.alfresco.com/wiki/Content_Auditing content auditing is enabled] via configuration, reportable audit trails will be captured. The documentation [http://docs.alfresco.com/rm2.2/concepts/rm-auditing.html states]:
: The audit log contains the entire history of an object since the point it was added to the File Plan, and can be useful for finding out about specific events that have occurred during an objects life cycle, and any users that have been involved. Every entry in the audit log is timestamped and where metadata has been changed, the original values and changed values are recorded.
  |-  
  |-  
   ! style="padding:5px;" |
   ! style="padding:5px;" | U
   | style="padding:5px; width:1200px;" |'''1.2.106''' The system audit log retains all data, prohibits any deletions, and allows user comments.
   | style="padding:5px; width:1200px;" |'''1.2.106''' The system audit log retains all data, prohibits any deletions, and allows user comments.
  |-
  |-
   ! style="background-color:white; width:100px;"| Response:
   ! style="background-color:white; width:100px;"| Response:
   | style="background-color:white; padding:5px;" |
   | style="background-color:white; padding:5px;" | As stated in 1.2.105, the entire history of an object is retained. Access to view, export, or file the audit trail as a a record is allowed if the administrator [http://docs.alfresco.com/rm2.2/tasks/rm-audit-viewing.html assigns the "Access Audit" permission]. It's not explicitly stated whether or not the user can delete any audit content. If the audit log is filed as a record, then those with access to that record can comment on it. It's not explicitly clear if a non-filed audit log can be commented on.
  |-  
  |-  
   ! style="padding:5px;" |
   ! style="padding:5px;" | Y
   | style="padding:5px; width:1200px;" |'''1.2.107''' The system maintains audit trails at least as long as the records to which they pertain.
   | style="padding:5px; width:1200px;" |'''1.2.107''' The system maintains audit trails at least as long as the records to which they pertain.
  |-
  |-
   ! style="background-color:white; width:100px;"| Response:
   ! style="background-color:white; width:100px;"| Response:
   | style="background-color:white; padding:5px;" |
   | style="background-color:white; padding:5px;" | As stated in 1.2.105, the entire history of an object is retained. Additionally, disposition schedules allow associated metadata and an audit trail [http://docs.alfresco.com/rm2.2/tasks/rm-dispschedule-createsteps.html to remain] even after deletion as long as "Maintain Record Metadata after Delete" is enabled during the creation of a disposition schedule. Audit trails for [http://docs.alfresco.com/rm2.2/tasks/rm-create-hold.html held content] are also maintained.
  |-  
  |-  
   ! style="padding:5px;" |
   ! style="padding:5px;" | Y
   | style="padding:5px; width:1200px;" |'''1.2.108''' The system provides additional persistent auditing capabilities, such as the audit of cancelled uploads and scheduled system functions.
   | style="padding:5px; width:1200px;" |'''1.2.108''' The system provides additional persistent auditing capabilities, such as the audit of cancelled uploads and scheduled system functions.
  |-
  |-
   ! style="background-color:white; width:100px;"| Response:
   ! style="background-color:white; width:100px;"| Response:
   | style="background-color:white; padding:5px;" |
   | style="background-color:white; padding:5px;" | The Audit Filter [https://wiki.alfresco.com/wiki/Content_Auditing can be customized] to include additional auditing of system and more complex user tasks.
  |-  
  |-  
   ! style="padding:5px;" |
   ! style="padding:5px;" |

Revision as of 23:03, 24 October 2014

This is sublevel3 of my sandbox, where I play with features and test MediaWiki code. If you wish to leave a comment for me, please see my discussion page instead.

Sandbox begins below

  • Y: Meets requirement in commercial off-the-shelf solution as delivered/configured (or vendor provides service)
  • YC: Meets requirement only with customization (additional code, using a third-party application, etc.)
  • N: Does not meet requirement
  • I: Informational response only, N/A
  • U: Unknown


1.0 Demonstration

1.0 Demonstration
Requirement code Requirement # and requirement
N 1.0.000 The system can be tried via an online and/or on-site demonstration.
Response: The developers do not seem to host an online demo of Alfresco Community Edition.

1.1 Information technology

1.1.1 General IT

1.1.1 General IT
Requirement code Requirement # and requirement
I 1.1.100 The system operates with a traditional client-server architecture, with software installed on each machine that needs to access the system.
Response: Alfresco uses client-server technology, though the client is web-based. See 1.1.101.
Y 1.1.101 The system operates with a web-based interface, hosted on a server and accessed via a web browser on most any machine.
Response: Alfresco operates with a content application server, while users connect to it via web, mobile, and other types of clients. As Alfresco is integrated into the webLiMS suite of applications, the content application server is hosted in the cloud.
Y 1.1.102 The system contains a single, centralized database that supports multiple sites and departments.
Response: Alfresco's content repository "is comparable to a database, except that it holds more than data." The development team describes this further in their documentation:
The actual binary streams of the content are stored in files managed in the repository, although these files are for internal use only and do not reflect what you might see through the shared drive interfaces. The repository also holds the associations among content items, classifications, and the folder/file structure. The folder/file structure is maintained in the database and is not reflected in the internal file storage structure.

Alfresco also allows users to set up "sites" for separate projects or user groups to manage custom content.

Y 1.1.103 The system's database conforms to the Open Database Connectivity Standard (ODBC).
Response: Alfresco Community comes bundled with PostgreSQL, which has an associated ODBC driver. The software can also be run against MySQL.
Y 1.1.104 The system is designed so upgrades to the back-end database do not require extensive reconfiguration or effectively cripple the system.
Response: Alfresco Community allows administrators to extend and override database properties through repository configuration files, presumably with little impact to the system.
Y 1.1.105 The system is designed to not be impacted by multiple users or failover processes.
Response: One of the guiding design principles of Alfresco Community is to be enterprise scalable. This aspect has been so important that the developers have created a Scalability Blueprint.
Y 1.1.106 The system applies security features to all system files.
Response: Alfresco Community system files, including configuration files, are only accessible to authorized administrators.
Y 1.1.107 The system applies log-in security to all servers and workstations accessing it.
Response: Users must provide a username and password before entering the system via web client. Administrators must also use a username and password to access server-side files. All of this accomplished through the authentication subsystem.
Y 1.1.108 The system provides a workstation and server authentication mechanism.
Response: Alfresco Community employs an authentication subsystem to ensure authentication between client and server.
U 1.1.109 The system applies Secured Socket Layer (SSL) encryption on the web client interface.
Response: Alfresco Community seems to be able to be used in HTTPS mode with some configuration , but it's not clear if it interfaces via HTTPS in default mode. The following suggests it's possible for the client to access the server via SSL: Item One; Item Two; Item Three
U 1.1.110 The system encrypts client passwords in a database, with support for multi-case and special characters.
Response: Alfresco Community does not seem to inherently include encryption capabilities, at least for repositories. The documentation for Community makes no mention of encryption on passwords. Several items seem to support the lack of encryption, though this matter needs to be researched further: Item One with associated video, and Item Two.
Y 1.1.111 The system uses TCP/IP as its network transport.
Response: Data can be transferred between client and server via FTP and HTTP high-level application protocols (among others).
Y 1.1.112 The system allows automated backup and restore capability without support intervention, as well as manual backups.
Response: Alfresco Community allows for manual backup and restore by the administrator. Further backup and recovery tools can be added with the Alfresco BART add-on.
U 1.1.113 The system maintains the transactional history of system administrators.
Response: It's not clear what user information Alfresco Community logs, if any.

1.1.2 Hardware environment

1.1.2 Hardware environment
Requirement code Requirement # and requirement
1.1.200 The system proves compatible with a variety of hardware environments.
Response:
1.1.201 The system can be utilized with a touch-screen.|
Response:

1.1.3 Software environment

1.1.3 Software environment
Requirement code Requirement # and requirement
1.1.300 The system proves compatible with a variety of software environments.
Response:
1.1.301 The system utilizes a non-proprietary database such as Oracle or Microsoft SQL Server.
Response:

1.2 Regulatory compliance and security

1.2.1 Regulatory compliance

1.2.1 Regulatory compliance
Requirement code Requirement # and requirement
1.2.100 The system can generate accurate and complete copies of records in both a human-readable and original electronic format for review and copying.
Response:
1.2.101 The system supports 21 CFR Part 11 and EU Annex 11 requirements, including log-in security, settable automatic logouts, periodic requirements for mandatory password changes, limits on reusability of passwords, and full electronic signature.
Response:
1.2.102 The system supports USP <232>/<233> requirements.
Response:
1.2.103 The system supports GALP and/or GAMP standards.
Response:
Y 1.2.104 The system supports the U.S. DoD 5015.2 Standard.
Response: Through the Records Management module, the Records Management Site can be set up to be DoD 5015.2 Standard compliant.
Y 1.2.105 The system maintains date- and time-stamped audit trails of all data manipulation — such as changes to results, data analysis parameters, and methods — as consistent with all applicable regulations and standards, making the information available for review, copying, and reporting to authorized users.
Response: As long as content auditing is enabled via configuration, reportable audit trails will be captured. The documentation states:
The audit log contains the entire history of an object since the point it was added to the File Plan, and can be useful for finding out about specific events that have occurred during an objects life cycle, and any users that have been involved. Every entry in the audit log is timestamped and where metadata has been changed, the original values and changed values are recorded.
U 1.2.106 The system audit log retains all data, prohibits any deletions, and allows user comments.
Response: As stated in 1.2.105, the entire history of an object is retained. Access to view, export, or file the audit trail as a a record is allowed if the administrator assigns the "Access Audit" permission. It's not explicitly stated whether or not the user can delete any audit content. If the audit log is filed as a record, then those with access to that record can comment on it. It's not explicitly clear if a non-filed audit log can be commented on.
Y 1.2.107 The system maintains audit trails at least as long as the records to which they pertain.
Response: As stated in 1.2.105, the entire history of an object is retained. Additionally, disposition schedules allow associated metadata and an audit trail to remain even after deletion as long as "Maintain Record Metadata after Delete" is enabled during the creation of a disposition schedule. Audit trails for held content are also maintained.
Y 1.2.108 The system provides additional persistent auditing capabilities, such as the audit of cancelled uploads and scheduled system functions.
Response: The Audit Filter can be customized to include additional auditing of system and more complex user tasks.
1.2.109 The system provides the ability to both automatically and manually add secure electronic signatures to documents and other data.
Response:
1.2.110 The system can automatically validate and approve data prior to being moved to the main database.
Response:

1.2.2 Security

1.2.2 Security
Requirement code Requirement # and requirement
1.2.200 The system allows administrators and other authorized users to configure multiple levels of user rights and security by site location, department, group, role, and/or specific function.
Response:
1.2.201 The system allows administrators and users to reset user passwords.
Response:
1.2.202 The system features and enforces adjustable rules concerning password complexity, reuse, and expiration.
Response:
1.2.203 The system can lock a user out after a specified number of consecutive failed log-in attempts.
Response:
1.2.204 The system provides the option for automatic user logout based on keyboard or mouse inactivity.
Response:
1.2.205 The system makes authority checks to ensure only authorized individuals can use the system to perform an operation.
Response:
1.2.206 The system allows authorized users to modify records, while also maintaining an audit trail of such actions.
Response:
Y 1.2.207 The system allows authorized users to manually delete records, while also maintaining an audit trail of such actions.
Response: Records can manually be deleted while retaining an audit trail as long as auditing is enabled via configuration. Records can also be deleted automatically as part of a disposition schedule in the Records Management module. Associated metadata and an audit trail will remain as long as "Maintain Record Metadata after Delete" is enabled during the creation of a disposition schedule.
1.2.208 The system prompts users to declare a reason for making changes to or deleting data in the system.
Response:
1.2.209 The system allows authorized users to generate a detailed user access record.
Response:
1.2.210 The system provides email notification of lockout, security access, and improper workstation access.
Response:
1.2.211 The system provides a mechanism to allow a user read-only access to stored data.
Response:
Y 1.2.212 The system allows automatic and/or manual holds or locks to be placed on data to ensure it goes unaltered or remains retrievable during a retention period.
Response: Through the Records Management module, users can manually set up holds with user permissions and apply records or folders to the hold.
1.2.213 The system can first feed data from connected non-CFR-compliant instruments through a virtual environment that is compliant (audit trailed, secure, versioned, etc.) before being stored.
Response:
1.2.214 The system can control whether users are able to export data to portable long-term storage media like a USB flash drive or recordable DVD.
Response:
U 1.2.215 The system employs automatic file encryption on stored data.
Response: Alfresco Community does not seem to inherently include encryption capabilities, at least for repositories. Several items seem to support the lack of encryption, though this matter needs to be researched further: Item One with associated video, and Item Two.
1.2.216 The system employs checks to enforce permitted sequencing of steps and events.
Response:

1.3 General system functions

1.3.1 General functions

1.3.1 General functions
Requirement code Requirement # and requirement
1.3.100 The system offers non-SDMS trained personnel the ability to easily access system data via an intuitive, user-friendly Windows-type graphical user interface (GUI) which permits the display of stored data.
Response:
1.3.101 The system allows authorized users to configure their GUI to a specific language, character set, and time zone.
Response:
1.3.102 The system permits remote access for users, system admins, and support agents.
Response:
1.3.103 The system allows for the use of navigation keys to freely move from field to field.
Response:
1.3.104 The system allows tabular data to be sorted and filtered.
Response:
1.3.105 The system can send on-screen output to a printer or file without contradicting view-only statuses.
Response:
1.3.106 The system contains one or more spell-check dictionaries that allow authorized users to add, edit, or remove entries.
Response:
1.3.107 The system uses human-readable metadata tags to better describe, index, and store all captured and archived data.
Response:
1.3.108 The system can generate metadata tags via derived value rules.
Response:
1.3.109 The system allows users to manually add metadata tags to files.
Response:
1.3.110 The system provides full metadata, keyword, and field search capability, including the use of multiple search criteria.
Response:
1.3.111 The system allows users to search for similar records based upon a set of metadata tag values.
Response:
1.3.112 The system allows users to build, save, and edit queries for future use.
Response:
1.3.113 The system can automate the search for and extraction of pertinent data, including the export of that data to external applications for additional processing and calculation.
Response:
1.3.114 The system allows users to attach comments to data and files.
Response:
1.3.115 The system's file viewer/explorer allow users to view native, processed, and archived data in its native file structure.
Response:
1.3.116 The system can link objects to other objects, e.g. linking a standard operating procedure (SOP) to a test result.
Response:
1.3.117 The system notifies users of events like the scheduling and completion of tasks.
Response:
1.3.118 The system includes the ability to set up alerts via email.
Response:
1.3.119 The system offers integrated or online user help screens.
Response:
1.3.120 The system includes data analysis and calculation tools.
Response:

1.3.2 Configuration and customization

1.3.2 Configuration and customization
Requirement code Requirement # and requirement
1.3.200 The system architecture is modular or extensible and can easily and efficiently be modified to facilitate the addition of new functionality as business needs change.
Response:
1.3.201 The system has an application programming interface (API) or a similar software development toolkit (SDK). If web-based, the API should support Simple Object Access Protocol (SOAP), representational state transfer (REST), or both.
Response:
1.3.202 The system allows a user to independently add fields without requiring reconfiguration of the system, even after routine upgrades and maintenance.
Response:
1.3.203 The system allows for the integration of additional printers and scanners both locally and externally.
Response:

1.3.3 Data capture

1.3.3 Data capture
Requirement code Requirement # and requirement
1.3.300 The system can manage and store both sample- and non-sample-related data, including images from microscopes, GCMS scans of peaks, PDF files, spreadsheets, or even raw data files from instrument runs for later processing.
Response:
1.3.301 The system can manage and store media objects like digital photos, bitmaps, movies, and audio files.
Response:
1.3.302 The system allows multiple native instruments and users to enter data into the system simultaneously without disruption.
Response:
1.3.303 The system can interface with and import existing data from other databases and file shares.
Response:
1.3.304 The system supports data capture from a Citrix-based environment.
Response:
1.3.305 The system allows file indexes to be stored centrally while associated files are stored geographically.
Response:
1.3.306 The system allows users to organize captured data by project, date, location, instrument, etc.
Response:
1.3.307 The system can route captured data based upon specified metadata tags.
Response:
1.3.308 The system allows full on-screen review and approval of native instrument data prior to database commitment.
Response:
1.3.309 The system keeps all captured data and its format intact and captures modifications of that data as a version, including date and time of those modifications, for regulatory purposes.
Response:
1.3.310 The system has a tool that allows users to capture data printed to it as a searchable PDF file.
Response:
1.3.311 The system can automatically normalize and store incoming data to a technology-neutral format like XML.
Response:
1.3.312 The system allows incoming and entered files to be converted into other open formats like JCAMP-DX, TraML, mzML, mzXML, AnIML, pepXML, and protXML.
Response:
1.3.313 The system can capture and store native instrument and processed data based on a scheduled time or a real-time event, such as upon file creation.
Response:
1.3.314 The system allows users to manually upload instrument data files that are not part of a scheduled upload.
Response:
1.3.315 The system allows for the specification of a retention period for captured native instrument and processed data and can enact it based on date-based metadata fields or a future event.
Response:
1.3.316 The system can remove data from client machines upon upload and/or backup, based on a schedule or retention policy.
Response:
1.3.317 The system allows users to review, restore, and reprocess original native instrument data on the original instrument acquisition software.
Response:
1.3.318 The system allows users to open and view captured native instrument files without restoring them.
Response:
1.3.319 The system allows captured processed data to be reused by other applications without having to reprocess it.
Response:
1.3.320 The system provides a method to extract data points from captured processed data and present it in a human-readable format.
Response:
1.3.321 The system can parse captured data files containing specified metadata into a live results table.
Response:

1.3.4 Data archiving and migration

1.3.4 Data archiving and migration
Requirement code Requirement # and requirement
1.3.400 The system provides data archiving functionality for all contained data, without requiring an off-line mode.
Response:
1.3.401 The system allows for a configurable scheduled archive, not requiring human interaction with the data to be archived.
Response:
1.3.402 The system allows for a scheduled archive of data directly captured from a specific native instrument.
Response:
1.3.403 The system permits native instrument data to be archived and restored with its original directory structure.
Response:
1.3.404 The system allows for the specification of a retention period for archived and migrated data and can enact it based on date-based metadata fields or a future event.
Response:
1.3.405 The system ensures that held or locked native instrument data not captured during a scheduled archive will be captured during the next scheduled archive.
Response:
1.3.406 The system can perform archive and restore functions simultaneously with data capture and viewing functions, without disruption.
Response:
1.3.407 The system allows native instrument and processed data migrated from an old SDMS version to be backed up and restored without alteration.
Response:

1.3.5 Instruments

1.3.5 Instruments
Requirement code Requirement # and requirement
1.3.500 The system bilaterally interfaces with instruments and related software based on the Unix and Windows platforms.
Response:
1.3.501 The system can download data directly from laboratory instruments.
Response:
1.3.502 The system can track and report on the usage of attached laboratory instruments.
Response:
1.3.503 The system can automatically (or manually allow an authorized user to) remove an instrument from potential use when it falls out of tolerance limit or requires scheduled calibration.
Response:
1.3.504 The system maintains a reportable database of preventative maintenance, calibration, and repair records for attached laboratory instruments.
Response:
1.3.505 The system can schedule calibration, verification, and maintenance tasks on attached instruments and make that schedule available for viewing.
Response:
1.3.506 The system allows users to create and edit instrument maintenance profiles.
Response:

1.3.6 External system interfaces

1.3.6 External system interfaces
Requirement code Requirement # and requirement
1.3.600. The system supports a library of common electronic data deliverable (EDD) formats.
Response:
1.3.601 The system can transfer data to and from other record management systems.
Response:
1.3.602 The system integrates with Microsoft Exchange services.
Response:
1.3.603 The system can import data from and export data to Microsoft Word, Excel, Access, and/or Powerpoint.
Response:
1.3.604 The system can interface with non-Microsoft programs.
Response:
1.3.605 The system can interface with enterprise resource planning (ERP) systems.
Response:
1.3.606 The system can interface with internal and external laboratory systems like laboratory information management systems (LIMS) and electronic laboratory notebooks (ELNs).
Response:
1.3.607 The system can leverage the application programming interface (API) of other systems to establish integration between systems.
Response:
1.3.608 The system provides a real-time interface for viewing live and stored data transactions and errors generated by interfaced instruments and systems.
Response:
1.3.609 The system supports dockable mobile devices and handles information exchange between them and the system.
Response:
1.3.610 The system supports the use of optical character recognition (OCR) software.
Response:

1.3.7 Reporting

1.3.7 Reporting
Requirement code Requirement # and requirement
1.3.700 The system includes a versatile report writer and forms generator that can generate reports from any data in the system.
Response:
1.3.701 The system can interface with a third-party reporting application.
Response:
1.3.702 The system allows the development of custom templates for different types of reports.
Response:
1.3.703 The system maintains template versions and renditions, allowing management and tracking of the template over time.
Response:
1.3.704 The system uses Microsoft Office tools for formatting reports.
Response:
1.3.705 The system provides multiple ways to visualize data in reports, including graphs, trend bars, pie charts, spectrum, etc. for the purpose of presenting information and identifying trends.
Response:
1.3.706 The system makes graphic and tabular data vector-scalable in reports.
Response:
1.3.707 The system allows for internal hyperlinking to source data in reports.
Response:
1.3.708 The system allows users to manually adjust inaccurate data parsing routines for reports.
Response:
1.3.709 The system can indicate whether a report is preliminary, amended, corrected, or final while retaining revision history.
Response:
1.3.710 The system can automatically generate laboratory reports of findings and other written documents.
Response:
1.3.711 The system provides an ad-hoc web reporting interface to report on user-selected criteria.
Response:
1.3.712 The system can automatically generate and post periodic static summary reports on an internal web server.
Response:
1.3.713 The system can transmit reports in a variety of ways including fax, e-mail, print, and website in formats like RTF, PDF, HTML, XML, DOC, XLS, and TXT.
Response:
1.3.714 The system supports PDF/A, an ISO-standardized version of the Portable Document Format (PDF).
Response:
1.3.715 The system includes a rules engine to determine the recipients of reports and other documents based on definable parameters.
Response:
1.3.716 The system provides printer-friendly audit trails for cleaner reporting of audit data.
Response:
1.3.717 The system provides an interface for external clients to search, generate, and view processed data reports based on metadata tags.
Response:
1.3.718 The system provides document workflow management tools for streamlining their creation, review, modification, and approval.
Response:
Retrieved from "https://www.limswiki.org/index.php?title=User:Shawndouglas/sandbox/sublevel3&oldid=16273"