Difference between revisions of "Template:LIMSpec/System administration"

From LIMSWiki
Jump to navigationJump to search
(Added NIST 800-53 to various items)
m (34.3)
 
(4 intermediate revisions by the same user not shown)
Line 12: Line 12:
[https://www.law.cornell.edu/cfr/text/45/164.312 45 CFR Part 164.312]<br />
[https://www.law.cornell.edu/cfr/text/45/164.312 45 CFR Part 164.312]<br />
[https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d-5)]<br />
[https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d-5)]<br />
[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-1]<br />
[https://www.astm.org/e1578-18.html ASTM E1578-18 S-3-1]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.5]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.5]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-11]
[https://clsi.org/standards/products/quality-management-systems/documents/qms22/ CLSI QMS22 2.4.2]<br />
   | style="background-color:white;" |'''34.1''' The system shall provide administrators with a configurable period of time to apply to user access or inactivity before again prompting a user for authentication credentials.
[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AC-11 and AC-12]
   | style="background-color:white;" |'''34.1''' The system shall provide administrators with a configurable period of time to apply to user access or inactivity before again prompting a user for authentication credentials. The system shall also be able to display an explicit message indicating how much time remains before the user session terminates.
  |-  
  |-  
   | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-2]
   | style="padding:5px; width:500px;" |[https://www.astm.org/e1578-18.html ASTM E1578-18 S-3-2]
   | style="background-color:white;" |'''34.2''' The system should provide a means for modifying personnel data in a batch.
   | style="background-color:white;" |'''34.2''' The system should provide a means for modifying personnel data in a batch.
  |-  
  |-  
   | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-3]
   | style="padding:5px; width:500px;" |[https://www.astm.org/e1578-18.html ASTM E1578-18 S-3-3]
   | style="background-color:white;" |'''34.3''' The system should support the storage of standard and industry-specific data formats.
   | style="background-color:white;" |'''34.3''' The system should support the storage and export of data in standard and industry-specific data formats, e.g., CSV, especially for regulatory reporting purposes.
  |-  
  |-  
   | style="padding:5px; width:500px;" |
   | style="padding:5px; width:500px;" |
Line 31: Line 32:
[https://www.law.cornell.edu/cfr/text/45/164.308 45 CFR Part 164.308]<br />
[https://www.law.cornell.edu/cfr/text/45/164.308 45 CFR Part 164.308]<br />
[https://www.law.cornell.edu/cfr/text/45/164.514 45 CFR Part 164.514]<br />
[https://www.law.cornell.edu/cfr/text/45/164.514 45 CFR Part 164.514]<br />
[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-7]<br />
[https://www.aphl.org/aboutAPHL/publications/Documents/GH-2019May-LIS-Guidebook-web.pdf APHL 2019 LIS Project Management Guidebook]<br />
[https://www.astm.org/e1578-18.html ASTM E1578-18 S-3-7]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.1]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.1]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2.4]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2.4]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.5]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy Appendix G.5]<br />
[https://clsi.org/standards/products/quality-management-systems/documents/qms22/ CLSI QMS22 2.4.2]<br />
[https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. IV, Sec. 8.6]<br />
[https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. IV, Sec. 8.6]<br />
[https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. VI, Sec. 8.6]<br />
[https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. VI, Sec. 8.6]<br />
[https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.1.14–15]<br />
[https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.1.14–15]<br />
[https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.2]<br />
[https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.2]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-2(7) and AC-3]<br />
[https://www.iso.org/standard/66912.html ISO/IEC 17025:2017 7.8.7.1]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, IA-2 and IA-8]<br />
[https://www.iso.org/standard/66912.html ISO/IEC 17025:2017 7.11.3]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, MA-4]<br />
[https://www.iso.org/standard/66912.html ISO/IEC 17025:2017 8.3.2]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, PS-4 and PS-5]<br />
[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AC-2(7) and AC-3]<br />
[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, IA-2 and IA-8]<br />
[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, MA-4]<br />
[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, PS-4 and PS-5]<br />
[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.2.4]<br />
[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.2.4]<br />
[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.5.1.2]
[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.5.1.2]<br />
[https://www.gmp-compliance.org/guidelines/gmp-guideline/who-guidance-on-good-data-and-record-management-practices WHO Technical Report Series, #996, Annex 5, 5.4 and Appendix 1]
   | style="background-color:white;" |'''34.4''' The system shall support the ability to define, record, and change the level of access for individual users to system groups, roles, machines, processes, and objects based on their responsibilities, including when those responsibilities change. The system should be able to provide a list of individuals assigned to a given system group, role, machine, process, or object.
   | style="background-color:white;" |'''34.4''' The system shall support the ability to define, record, and change the level of access for individual users to system groups, roles, machines, processes, and objects based on their responsibilities, including when those responsibilities change. The system should be able to provide a list of individuals assigned to a given system group, role, machine, process, or object.
  |-  
  |-  
   | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-8]
   | style="padding:5px; width:500px;" |[https://www.astm.org/e1578-18.html ASTM E1578-18 S-3-8]
   | style="background-color:white;" |'''34.5''' The vendor should provide maintenance agreements and support services for its applications and services.
   | style="background-color:white;" |'''34.5''' The vendor should provide maintenance agreements and support services for its applications and services.
  |-  
  |-  
   | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-9]<br />
   | style="padding:5px; width:500px;" |[https://www.astm.org/e1578-18.html ASTM E1578-18 S-3-9]<br />[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-3.3]<br />[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, SA-16]<br />[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.2.4]
[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-3.3]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, SA-16]<br />
[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.2.4]
   | style="background-color:white;" |'''34.6''' The vendor shall provide help desk, training, and installation support, as well as high-quality system documentation. The documentation should be reviewed to ensure that user requirements are fulfilled.
   | style="background-color:white;" |'''34.6''' The vendor shall provide help desk, training, and installation support, as well as high-quality system documentation. The documentation should be reviewed to ensure that user requirements are fulfilled.
  |-  
  |-  
Line 63: Line 67:
[https://www.law.cornell.edu/cfr/text/45/164.310 45 CFR Part 164.310]<br />
[https://www.law.cornell.edu/cfr/text/45/164.310 45 CFR Part 164.310]<br />
[https://www.aavld.org/accreditation-requirements-page AAVLD Requirements for an AVMDL Sec. 5.4.4.3]<br />
[https://www.aavld.org/accreditation-requirements-page AAVLD Requirements for an AVMDL Sec. 5.4.4.3]<br />
[http://www.abft.org/files/ABFT_LAP_Standards_May_31_2013.pdf ABFT Accreditation Manual Sec. D-5–D-8]<br />
[https://www.abft.org/files/ABFT_LAP_Standards_May_31_2013.pdf ABFT Accreditation Manual Sec. D-5–D-8]<br />
[http://des.wa.gov/sites/default/files/public/documents/About/1063/RFP/Add7_Item4ASCLD.pdf ASCLD/LAB Supp. Reqs. for the Accreditation of Forensic Science Testing Laboratories 5.4.7.2.1]<br />
[https://des.wa.gov/sites/default/files/public/documents/About/1063/RFP/Add7_Item4ASCLD.pdf ASCLD/LAB Supp. Reqs. for the Accreditation of Forensic Science Testing Laboratories 5.4.7.2.1]<br />
[https://www.astm.org/Standards/E1492.htm ASTM E1492-11 4.2.4]<br />
[https://www.astm.org/e1492-11r17.html ASTM E1492-11 4.2.4]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.2]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.8.1]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.8.1]<br />
Line 73: Line 77:
[https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.2]<br />
[https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.2]<br />
[https://www.iso.org/standard/66912.html ISO/IEC 17025:2017 7.11.3]<br />
[https://www.iso.org/standard/66912.html ISO/IEC 17025:2017 7.11.3]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, MA-5]<br />
[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, MA-5]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, MP-2]<br />
[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, MP-2]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, PE-3, PE-3(1), PE-6, PE-6(1), and PE-6(4)]<br />
[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, PE-3, PE-3(1), PE-6, PE-6(1), and PE-6(4)]<br />
[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.2.1]
[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.2.1]
   | style="background-color:white;" |'''34.7''' The vendor shall restrict logical access to database storage components to authorized individuals. If providing a hosted service, the vendor should also restrict physical access to database storage components to authorized individuals. (In the case of an on-site solution, the buyer is responsible for limiting physical access to database storage components to meet 21 CFR Part 11, HIPAA, and CJIS guidelines.)
   | style="background-color:white;" |'''34.7''' The vendor shall restrict logical access to database storage components to authorized individuals. If providing a hosted service, the vendor should also restrict physical access to database storage components to authorized individuals. (In the case of an on-site solution, the buyer is responsible for limiting physical access to database storage components to meet 21 CFR Part 11, HIPAA, and CJIS guidelines.)
Line 86: Line 90:
[https://www.law.cornell.edu/cfr/text/9/121.17 9 CFR Part 121.17]<br />
[https://www.law.cornell.edu/cfr/text/9/121.17 9 CFR Part 121.17]<br />
[https://www.law.cornell.edu/cfr/text/42/73.17 42 CFR Part 73.17]<br />
[https://www.law.cornell.edu/cfr/text/42/73.17 42 CFR Part 73.17]<br />
[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-10]
[https://www.astm.org/e1578-18.html ASTM E1578-18 S-3-10]
   | style="background-color:white;" |'''34.9''' The system should provide a means of integrating with an enterprise personnel security directory, as well as physical security systems.
   | style="background-color:white;" |'''34.9''' The system should provide a means of integrating with an enterprise personnel security directory, as well as physical security systems.
  |-  
  |-  
Line 93: Line 97:
[https://www.law.cornell.edu/cfr/text/9/121.11 9 CFR Part 121.11]<br />
[https://www.law.cornell.edu/cfr/text/9/121.11 9 CFR Part 121.11]<br />
[https://www.law.cornell.edu/cfr/text/42/73.11 42 CFR Part 73.11]<br />
[https://www.law.cornell.edu/cfr/text/42/73.11 42 CFR Part 73.11]<br />
[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-11]<br />
[https://www.acmg.net/ACMG/Medical-Genetics-Practice-Resources/Genetics_Lab_Standards/ACMG/Medical-Genetics-Practice-Resources/Genetics_Lab_Standards.aspx ACMG Technical Standards for Clinical Genetics Laboratories C5.7]<br />
[https://www.aphl.org/aboutAPHL/publications/Documents/GH-2019May-LIS-Guidebook-web.pdf APHL 2019 LIS Project Management Guidebook]<br />
[https://www.astm.org/e1578-18.html ASTM E1578-18 S-3-11]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.4.1]<br />
[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.10.4.1]<br />
[https://clsi.org/standards/products/quality-management-systems/documents/qms22/ CLSI QMS22 2.1.4]<br />
[https://clsi.org/standards/products/quality-management-systems/documents/qms22/ CLSI QMS22 2.6.1]<br />
[https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.13]<br />
[https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.13]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, SI-2(5)]
[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, SI-2(5)]<br />
[https://www.wadsworth.org/regulatory/clep/clinical-labs/laboratory-standards NYSDOH CLEP Clinical Laboratory Standards of Practice, General Systems Standards]
   | style="background-color:white;" |'''34.10''' The vendor should provide timely upgrades and patches, with complete documentation, that have been tested before installation and can be rolled back.
   | style="background-color:white;" |'''34.10''' The vendor should provide timely upgrades and patches, with complete documentation, that have been tested before installation and can be rolled back.
  |-  
  |-  
   | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-12]
   | style="padding:5px; width:500px;" |[https://www.astm.org/e1578-18.html ASTM E1578-18 S-3-12]
   | style="background-color:white;" |'''34.11''' The system shall provide a means for migrating data to a new release upon system upgrade.
   | style="background-color:white;" |'''34.11''' The system shall provide a means for migrating data to a new release upon system upgrade.
  |-  
  |-  
   | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-13]
   | style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/21/part-1 21 CFR Part 1.1154 (b)]<br />[https://www.astm.org/e1578-18.html ASTM E1578-18 S-3-13]
   | style="background-color:white;" |'''34.12''' The system should be expedient with the retrieval of stored items.
   | style="background-color:white;" |'''34.12''' The system should be expedient with the retrieval of stored items.
  |-  
  |-  
   | style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/21/11.10 21 CFR Part 11.10 (b)]<br />[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-5]<br />[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-8.1]
   | style="padding:5px; width:500px;" |
[https://www.law.cornell.edu/cfr/text/21/11.10 21 CFR Part 11.10 (b)]<br />
[https://www.aphl.org/aboutAPHL/publications/Documents/GH-2019May-LIS-Guidebook-web.pdf APHL 2019 LIS Project Management Guidebook]<br />
[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-5]<br />
[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf E.U. Annex 11-8.1]
   | style="background-color:white;" |'''34.13''' The system shall allow the printing of stored electronic records in a complete, accurate, and human-readable format.
   | style="background-color:white;" |'''34.13''' The system shall allow the printing of stored electronic records in a complete, accurate, and human-readable format.
  |-  
  |-  
   | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-14]
   | style="padding:5px; width:500px;" |[https://www.astm.org/e1578-18.html ASTM E1578-18 S-3-14]
   | style="background-color:white;" |'''34.14''' The system should provide some sort of support for use on mobile technologies, particularly for the purpose of receiving notifications and monitoring processes.
   | style="background-color:white;" |'''34.14''' The system should provide some sort of support for use on mobile technologies, particularly for the purpose of receiving notifications and monitoring processes.
  |-  
  |-  
   | style="padding:5px; width:500px;" |[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-15]<br />
   | style="padding:5px; width:500px;" |[https://www.astm.org/e1578-18.html ASTM E1578-18 S-3-15]<br />[https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.13]<br />[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, CM-3(2)]<br />[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, SI-2]
[https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.13]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, CM-3(2)]<br />
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, SI-2]
   | style="background-color:white;" |'''34.15''' The system shall be able to install an upgrade into a test environment for testing purposes before upgrading the actual production environment.
   | style="background-color:white;" |'''34.15''' The system shall be able to install an upgrade into a test environment for testing purposes before upgrading the actual production environment.
  |-  
  |-  
|}
|}
|}
|}

Latest revision as of 17:14, 23 June 2023

Regulation, Specification, or Guidance Requirement

21 CFR Part 11.200 (a)
45 CFR Part 164.312
45 CFR Part 170.315 (d-5)
ASTM E1578-18 S-3-1
CJIS Security Policy 5.5.5
CLSI QMS22 2.4.2
NIST 800-53, Rev. 5, AC-11 and AC-12

34.1 The system shall provide administrators with a configurable period of time to apply to user access or inactivity before again prompting a user for authentication credentials. The system shall also be able to display an explicit message indicating how much time remains before the user session terminates.
ASTM E1578-18 S-3-2 34.2 The system should provide a means for modifying personnel data in a batch.
ASTM E1578-18 S-3-3 34.3 The system should support the storage and export of data in standard and industry-specific data formats, e.g., CSV, especially for regulatory reporting purposes.

7 CFR Part 331.11
9 CFR Part 121.11
21 CFR Part 11.10 (d)
21 CFR Part 211.68 (b)
42 CFR Part 73.11
45 CFR Part 164.308
45 CFR Part 164.514
APHL 2019 LIS Project Management Guidebook
ASTM E1578-18 S-3-7
CJIS Security Policy 5.5.1
CJIS Security Policy 5.5.2.4
CJIS Security Policy Appendix G.5
CLSI QMS22 2.4.2
EPA 815-R-05-004 Chap. IV, Sec. 8.6
EPA 815-R-05-004 Chap. VI, Sec. 8.6
EPA ERLN Laboratory Requirements 4.1.14–15
ISO 15189:2012 5.10.2
ISO/IEC 17025:2017 7.8.7.1
ISO/IEC 17025:2017 7.11.3
ISO/IEC 17025:2017 8.3.2
NIST 800-53, Rev. 5, AC-2(7) and AC-3
NIST 800-53, Rev. 5, IA-2 and IA-8
NIST 800-53, Rev. 5, MA-4
NIST 800-53, Rev. 5, PS-4 and PS-5
USDA Administrative Procedures for the PDP 5.2.4
USDA Administrative Procedures for the PDP 5.5.1.2
WHO Technical Report Series, #996, Annex 5, 5.4 and Appendix 1

34.4 The system shall support the ability to define, record, and change the level of access for individual users to system groups, roles, machines, processes, and objects based on their responsibilities, including when those responsibilities change. The system should be able to provide a list of individuals assigned to a given system group, role, machine, process, or object.
ASTM E1578-18 S-3-8 34.5 The vendor should provide maintenance agreements and support services for its applications and services.
ASTM E1578-18 S-3-9
E.U. Annex 11-3.3
NIST 800-53, Rev. 5, SA-16
USDA Administrative Procedures for the PDP 5.2.4
34.6 The vendor shall provide help desk, training, and installation support, as well as high-quality system documentation. The documentation should be reviewed to ensure that user requirements are fulfilled.

7 CFR Part 331.11
9 CFR Part 121.11
21 CFR Part 11.10 (c)
42 CFR Part 73.11
45 CFR Part 164.310
AAVLD Requirements for an AVMDL Sec. 5.4.4.3
ABFT Accreditation Manual Sec. D-5–D-8
ASCLD/LAB Supp. Reqs. for the Accreditation of Forensic Science Testing Laboratories 5.4.7.2.1
ASTM E1492-11 4.2.4
CJIS Security Policy 5.5.2
CJIS Security Policy 5.8.1
EPA ERLN Laboratory Requirements 4.9.6
E.U. Annex 11-7.1
E.U. Annex 11-12
ISO 15189:2012 5.10.2
ISO/IEC 17025:2017 7.11.3
NIST 800-53, Rev. 5, MA-5
NIST 800-53, Rev. 5, MP-2
NIST 800-53, Rev. 5, PE-3, PE-3(1), PE-6, PE-6(1), and PE-6(4)
USDA Administrative Procedures for the PDP 5.2.1

34.7 The vendor shall restrict logical access to database storage components to authorized individuals. If providing a hosted service, the vendor should also restrict physical access to database storage components to authorized individuals. (In the case of an on-site solution, the buyer is responsible for limiting physical access to database storage components to meet 21 CFR Part 11, HIPAA, and CJIS guidelines.)
CJIS Security Policy 5.5.1 34.8 The system shall be able to tag and document an individual, group, and system account as having been validated for regulatory purposes, and remind the administrator or authorized personnel on a configurable schedule when the account should be validated again.

7 CFR Part 331.17
9 CFR Part 121.17
42 CFR Part 73.17
ASTM E1578-18 S-3-10

34.9 The system should provide a means of integrating with an enterprise personnel security directory, as well as physical security systems.

7 CFR Part 331.11
9 CFR Part 121.11
42 CFR Part 73.11
ACMG Technical Standards for Clinical Genetics Laboratories C5.7
APHL 2019 LIS Project Management Guidebook
ASTM E1578-18 S-3-11
CJIS Security Policy 5.10.4.1
CLSI QMS22 2.1.4
CLSI QMS22 2.6.1
EPA ERLN Laboratory Requirements 4.9.13
NIST 800-53, Rev. 5, SI-2(5)
NYSDOH CLEP Clinical Laboratory Standards of Practice, General Systems Standards

34.10 The vendor should provide timely upgrades and patches, with complete documentation, that have been tested before installation and can be rolled back.
ASTM E1578-18 S-3-12 34.11 The system shall provide a means for migrating data to a new release upon system upgrade.
21 CFR Part 1.1154 (b)
ASTM E1578-18 S-3-13
34.12 The system should be expedient with the retrieval of stored items.

21 CFR Part 11.10 (b)
APHL 2019 LIS Project Management Guidebook
E.U. Annex 11-5
E.U. Annex 11-8.1

34.13 The system shall allow the printing of stored electronic records in a complete, accurate, and human-readable format.
ASTM E1578-18 S-3-14 34.14 The system should provide some sort of support for use on mobile technologies, particularly for the purpose of receiving notifications and monitoring processes.
ASTM E1578-18 S-3-15
EPA ERLN Laboratory Requirements 4.9.13
NIST 800-53, Rev. 5, CM-3(2)
NIST 800-53, Rev. 5, SI-2
34.15 The system shall be able to install an upgrade into a test environment for testing purposes before upgrading the actual production environment.