User:Shawndouglas/sandbox/sublevel11
This is sublevel11 of my sandbox, where I play with features and test MediaWiki code. If you wish to leave a comment for me, please see my discussion page instead. |
Sandbox begins below
3. Choosing laboratory informatics software for better ISO/IEC 17025 compliance
While ISO/IEC 17025 provides numerous benefits to a laboratory, it still asks a lot of the laboratory in order to conform with the standard.[1] Today, conforming to ISO/IEC 17025 without the help of an information management system is a daunting task, especially given requirements concerning timely data retrieval and security. Labs have increasingly turned to a laboratory information management system (LIMS), not only for helping to modernize and improve the quality of the laboratory but also aiding with compliance to standards like ISO/IEC 17025.[2][3] However, not all LIMS are built the same, and the laboratory must consider LIMS vendors who provide a solution that best helps them limit the burden of ISO/IEC 17025 compliance.
...
3.1 Evaluation and selection
3.1.1 Technology considerations
3.1.1.1 Laboratory informatics options
3.1.1.2 LIMS, quality management, and the QMS
In order to be most successful—while meeting the requirements of standards and regulatory pressures—a laboratory must focus on a culture of quality.[4] A quality management system or QMS is one means for a laboratory to put additional focus on quality, and ISO/IEC 17025:2017—at least in spirit—promotes the adoption of a QMS. At issue is that while Section 8 of ISO/IEC 17025:2017 addresses the laboratory's management system, it never directly calls it a "quality management system" or QMS; in fact, the word "quality" only appears once in this section. However, the implication is that the standard is addressing quality with its requirements for a management system, i.e., a QMS[5]:
The laboratory shall establish, document, implement, and maintain a management system that is capable of supporting and demonstrating the consistent achievement of the requirements of this document and assuring the quality of the laboratory results.
This discussion about the (quality) management system requirements of ISO/IEC 17025:2017 is important in the context of a LIMS, as related discussion of the role of a LIMS in better managing a lab's quality system has been occurring for at least several decades.[6][7] As early as 1999, the "contribution that both system design and functionality" of a LIMS can have on a lab's efforts towards "building quality" was being discussed by researchers.[6] Additionally, as Hull et al. noted in 2011, a LIMS that allows the lab to track and control anything affecting the quality of its operations is critical to successfully developing, implementing, and revising a QMS. "...there is more than just the end product or result that needs to be tracked and controlled," the authors add. "All of the intermediate products and resources play a significant role in producing the final product, and each of these needs to be included in the LIMS."[8]
With that, Hull et al.[8], as with their predecessors[6], highlight the importance of practical and consistent LIMS functionality to the efforts of maintaining quality in the lab. As such, with:
- laboratory adoption of ISO/IEC 17025:2017 increasing steadily since 2010, according to the International Laboratory Accreditation Cooperation (ILAC),[9] as a means to demonstrate "that [labs] operate competently and generate valid results"[5] (i.e., focus on quality); and
- LIMS vendors needing to improve their efforts with addressing a lab's need for tracking and controlling quality within its workflow[8]
... today's laboratories seeking to improve quality and meet ISO/IEC 17025 requirements with the help of a LIMS must be mindful of not only what ISO/IEC 17025 demands of the lab, but also what LIMS functionality is required to help the lab be more compliant.
3.1.2 Features and functions for ISO/IEC 17025 compliance
It's clear that a laboratory's quality goals can and should be tied to standards like ISO/IEC 17025[10], and compliance to the standard is better accomplished with the help of a laboratory informatics solution like a LIMS. However, the LIMS needs to have a bit more than generic functionality in order to best assist the lab with its goals.
What follows, in Table 1, is a demonstration of how a modern LIMS requirements specification like LIMSpec ties to the requirements of ISO/IEC 17025. LIMSpec is a robust laboratory informatics requirements specification document that has evolved significantly over the years, and we can turn to LIMSpec to better visualize what the critical requirements of a LIMS are in regards to better complying with ISO/IEC 17025. With the current version of LIMSpec having at its core standards such as ASTM E1578-18 Standard Guide for Laboratory Informatics[11] and ISO/IEC 17025 Testing and calibration laboratories[5], the LIMSpec makes for a durable requirements document that, when used to acquire an informatics solution, can better help a laboratory choose appropriate functionality based upon current standards, regulations, guidance, and more.
In particular—rather than looking at the entire LIMSpec, which is described in greater detail later—this section will sppecifically look at the touch points of ISO/IEC 17025 with LIMSpec and highlight their importance. In addition to Table 1 listing the specific ISO/IEC 17025 section number and the associated LIMSpec requirement, an attempt has been made to explain in clearer terms the impact of the requirement on the lab towards better complying with ISO/IEC 17025.
|
We can simplify Table 1 down to the following functionality as being important to a lab attempting to conform to ISO/IEC 17025, organized by workflow descriptors:
Test, sample and result management
- Complete capture of a registered sample's data and metadata
- Unique sample identifiers
- Free-form reception-based sample data
- Barcode and RFID support
- Preloaded and configurable sample types and analytical test methods
- Robust sampling and test method development
Quality, security, and compliance
- Multi-level review of test results
- Validation of sampling and test methods
- Support for mapping professional requirements to existing system tasks, sample types, and methods
- Instrument lock-out
- Consistent, retrievable calibration and maintenance records
- Calibration activity linkages
- Calibration and maintenance audit trail
- Nonconformance and deviation tracking
- Statistical trending and control charts
- Internal and external audit management
- Secure backup and retrieval
- Facility monitoring
- Environmental monitoring
- Data retention
- Robust system security
- LIMS validation
- Secure granular access
- Logical and physical access control
Operations management and reporting
- Document management, with versioning and release controls
- Controlled document access
- Provision of the most current document version
- User manuals and training documentation
- Support for unique document identifiers
- Support for training and certification records
- Complaint and problem management
- Unique identification of instruments
- Support for scheduled, frequency-based calibration and maintenance
- Support for data and metadata archiving
- Support for rapid and accurate retrieval of archived data and metadata
- Support for certificates of analysis or similar verification documents
- Support for changed, amended, or re-issued reports
3.1.3 Cybersecurity considerations
From law firms[14] to automotive manufacturers[15], the need to address cybersecurity is increasingly apparent. In 2018, the Center for Strategic & International Studies estimated that cybercrime causes close to $600 billion in damages to the global economy every year[16], though due to underreporting of crimes, that number may be much higher. That number also likely doesn't take into account lost business, fines, litigation, and intangible losses[17] In the end, businesses of all sizes average about $200,000 in losses due to a cybersecurity incident[18], and nearly 60 percent of small and midsize businesses go bankrupt within six months because of it.[19]
ISO/IEC 17025 laboratories are no exception, regardless of business size. Even tiny labs whose primary digital footprint is a WordPress website advertising their lab are at risk, as hackers could still spread malware, steal user data, add the website to a bot network, hack the site for the learning experience, or even hack it just for fun.[20][21][22] Even more importantly are those labs performing digital data management tasks that handle sensitive proprietary manufacturer data, requiring additional cybersecurity considerations.
ISO/IEC 17025:2017 doesn't use the word "cybersecurity," but it does address the proper control of data, in section 7.11. In particular, section 7.11.3 and 7.11.4 make it clear that the LIMS should be protected, whether hosted locally or hosted, in the cloud, by a third-party provider.[5] Importantly, the standard notes that the LIMS should have sufficient mechanism to protect its contents from unauthorized access, as well as from tampering and unexpected loss. It adds that the LIMS should "be maintained in a manner that ensures the integrity of the data and information" and promptly record any nonconformance or breaches of security, as well as any corrective actions taken.[5] These are most certainly cybersecurity concerns, which must be properly addressed by the ISO/IEC 17025 lab.
Laboratories attempting to conform to ISO/IEC 17025 can integrate cybersecurity thinking into its laboratory informatics product selection in several ways. First, the organization should have a cybersecurity plan in place, or if not, it should be on the radar. This is a good resource to tap into in regards to deciding what cybersecurity considerations should be made for the software. Can the software help your organization meet your cybersecurity goals? What regulatory requirements for your lab are or are not covered by the software?[23] Another tool to consider—which may have been used in any prior cybersecurity planning efforts—is a cybersecurity framework. Many, but not all, cybersecurity frameworks include a catalog of security controls. Each control is "a safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements."[24] These controls give the implementing organization a concrete set of configurable goals to apply to their overall cybersecurity strategy. Other frameworks may be less oriented to security controls and more program-based or risk-based. Choosing the best frameworks will likely depend on multiple factors, including the organization's industry type, the amount of technical expertise within the organization, the budget, the organizational goals, the amount of buy-in from key organizational stakeholders, and those stakeholders' preferred approach.[23]
Finally, having an organizational cybersecurity plan that incorporates one or more cybersecurity frameworks gives the laboratory ample opportunity to apply stated goals and chosen security controls to the evaluation and selection process for its informatics software. In particular, a user requirements specification (URS) that incorporates cybersecurity considerations will certainly help a laboratory with meeting regulatory requirements while also protecting its data systems. A USR that is pre-built with cybersecurity controls in mind—such as LIMSpec, discussed later—makes the evaluation process even easier.
3.1.4 Regulatory compliance considerations
Consider approaching the question of regulatory compliance from the standpoint of adopting standards, in this case ISO/IEC 17025. Consider first that the risks and consequences of performing a task poorly drives regulation and, more preferably[25][26], standardization, which in turn moves the "goalposts" of quality and security among organizations. In the case of regulations, those organization that get caught not conforming to the necessary regulations tend to suffer negative consequences, providing some incentive for them to improve organizational processes and procedures.
One of the downsides of regulations is that they can at times be "imprecise" or "disconnected"[26] from what actually occurs within the organization and its information systems. Rather than focusing heavily on regulatory conformance, well-designed standards may, when adopted, provide a clearer path of opportunity for organizations to improve their operational culture and outcomes, particularly since standards are usually developed with a broader consensus of interested individuals with expertise in a given field.[25] In turn, the organizations that adopt well-designed standards like ISO/IEC 17025 likely have a better chance of conforming to the regulations they must, and they'll likely have more interest in maintaining and improving the goalposts of quality and security in the lab.
Additionally, reputable software developers of laboratory informatics software will not only adopt their own industry standards for software development but also understand how the ISO/IEC 17025 and LIMS requirements intersect. In turn, the developed software should meet regulations and standards, help the laboratory comply with its regulations and standards, and be of reliably good quality.
If you're a potential buyer of a laboratory informatics solution, it may be that you know a bit about your laboratory's workflow and have at least a remedial understanding of how ISO/IEC 17025 influences how that workflow is conducted, but you're not entirely informed about all the details of how a LIMS can help your lab better conform to the standard, along with other regulations and standards. Turning to a URS such as LIMSpec—which was developed around laboratory regulations and standards, including ISO/IEC 17025—and reviewing the various statements contained within may be necessary to help further inform you. Additionally, as you investigate various informatics options, you can then use the requirements in the URS as a base for your laboratory's own requirements list. Using the categories and their subdivisions, you can then add those requirements that are unique to your laboratory and industry that are not sufficiently covered by the base URS. As you review the various options available to you and narrow down your search, your own list of requirements can be used as both as a personal checklist and as a requirements list you hand over to the vendor you query. And since your URS is based off the standards and regulations affecting your lab, you can feel more confident in your acquisition and its integration into your laboratory workflow.
3.1.5 System flexibility
Before selecting a solution, your laboratory should also have internal discussions about how diversified its offered services are, as well as what the future may bring to the lab. If, for example, your lab is currently configured for food authenticity and adulteration testing, does your existing laboratory informatics system—or the ones you may be considering—have the flexibility to add other types of food and beverage testing, protocols, and workflows? Will you be doing the footwork to add them, or will the vendor of your system support you in that effort? If you're a start-up, will your lab be focusing solely on a specific type of food testing and expand into other types of analytical work later, or will your test menu need to be much broader right from the start? In most of these cases, you'll desire a LIMS that is flexible enough to allow for not only running the specific tests you need now, but also sufficiently expandable for any future testing services your lab may conduct in the mid- and long-term. Having the ability to create and customize sample registration screens, test protocols, labels, reports, specification limit sets, measurement units, and substrates/matrices while being able to interface with practically most any instrument and software system required will go a long way towards making your expanding test menu and workflows integrates as smoothly as possible.
Such a system will typically be marketed as being highly user-configurable, giving labs a relatively painless means to adapt to rapid changes in test volume and type over time. However, once you've internally addressed current and anticipated future growth, your lab will want to learn what explicitly makes any given vendor's system user-configurable. How easy is it to configure the system to new tests? Add custom reports? What knowledge or skills will be required of your lab in order to make the necessary changes, i.e., will your staff require programming skills, or are the administrator and advanced user functions robust enough to make changes without hard-coding? These and other such questions should be fully addressed by the vendor in order to set your mind at ease towards a system's stated flexibility. Ultimately, you want the system to be flexible enough to change with the laboratory—and industry—itself, while minimizing overall costs and reducing the time required to make any necessary modifications.
3.1.6 Cost considerations
First, you'll want to be clear on what will be included in the sales agreement. Whether through an estimate or statement of work (SOW), it is important it includes exactly what is expected, being as specific as possible, since this will be the entire contractual obligation for both you the buyer and them the vendor. Note that line items may differ slightly from system to system, according to what features and functions are included by default with each vendor's solution and which, if any, are additional. Also keep in mind that any hourly amount in the the estimate or SOW is usually a best estimate; however, if sufficient attention to detailed requirements has been given, then it should be quite accurate, and in fact the final cost may even be below the quoted cost if you prioritize your own obligations so that the vendor's hours are used sparingly and efficiently.
The estimate or SOW should optimally include:
- licensing or subscription rates;
- required core items to meet federal, state, and local regulations;
- additional optional items and totals; and
- required services (implementation, maintenance and support, optional add-ons).
There are two primary ways to price a laboratory informatics solution: a one-time license fee or a subscription rate (cloud-hosted SaaS). If you have your own dedicated IT department and staff, you may prefer the former (although many system administrators are just as happy to let it be hosted elsewhere rather than add to their workload). Otherwise, a SaaS subscription may well be the better and more cost-effective way to go (since the primary IT cost is simply internet access). This item will be part of your up-front cost and, in the case of subscription, it will also figure into your first year and ongoing costs; otherwise only associated maintenance, support, and warranty (MSW) will figure in. Typically, your first year's subscription costs will be due at signing. More often, the vendor may require three months or even the first year up front, so be prepared to factor that into up-front costs. However, it still is almost always less expensive at the outset (and over time, if you factor in IT costs and annual MSW) than paying for a license fee.
In addition to the two types of software pricing, there are also sub-types. Generally these are based on the number of users (or, in some cases, "nodes," which are simply any entities that access the informatics system, including other systems, instruments, etc.). How these are counted can vary.
- Named users: This method bases pricing on the actual individual users of the system, even if they only log in sporadically. Users may not use each other's logins (this is a no-no regardless of pricing structure, for good laboratory practice and other regulatory reasons).
- Concurrent users: This bases pricing on the maximum number of users who will be logged in at any given time. You can define an unlimited number of named users in the system, each with their own login credentials. However, only the number of concurrent users specified in the license or subscription may be logged in at any one time. For example, you may have 10 staff, but due to work processes, shifts, etc., only up to six might ever be logged in simultaneously. Whereas this would require a named user license for 10, it would only require a concurrent user license for six.
- Unlimited users: In the case of very large labs (typically 30 to 50 and up), the license or subscription may simply be a flat fee that allows any number of users.
The line items in the estimate or SOW should reflect these nuances, as well as whether the listed costs are monthly or annual (for subscription services), hourly (typically for support and training), or a fixed one-time cost. Additionally, be cautious with fixed costs, as they typically represent one of two possible scenarios:
- Final fixed cost: In this case, the cost has been figured by the vendor so as to cover their worst-case hourly labor total. If a line item (e.g., an interface) is not "worst case," then you are overpaying.
- "Expandable" fixed cost: This is as bad as final fixed cost, and maybe even worse because it's almost a case of "bait-and-switch," popping up as a surprise. The initial "fixed cost" number is low, and additional hourly services are needed to actually deliver the item. This will have been provided for somewhere in the small print.
The bottom line is that everything in a laboratory informatics solution is really either licensing or hourly services. Just be careful if they are portrayed as anything else.
It is important to be clear which category each line item falls under when figuring costs: up-front (due upon signing), annual, or ongoing (e.g., SaaS subscription). It is useful to clearly lay out each and compute initial costs, as well as first-year and subsequent years' costings. For example, your initial obligation may be as little as your first year's subscription plus the first 40 hours of services. Different vendors have different policies, however, and you may be required to pay for your first full year's subscription and all services, or some other combination. Normally, though, any instrument interface or other service charges aren't due until the they are implemented, which may be a few weeks or even a month down the road. This may depend on your budget, complexity of the SOW, and urgency. Your first year's expenses will include everything, including initial license fees; all setup and training; any interfaces and additional configurations or customization; and first annual MSW. (If this isn't included in the SaaS subscription, then it usually commences on full system delivery). Afterwards, your subscription and MSW will be the only ongoing expenses (included as one in this example), unless you choose to have additional interfaces or other services performed at any time.
3.2 Implementation
3.2.1 Internal and external integrations
3.3 MSW, updates, and other contracted services
3.4 How a user requirements specification fits into the entire process (LIMSpec)
References
- ↑ Douglas, S.E. (January 2023). "LIMS FAQ:How does ISO/IEC 17025 impact laboratories?". LIMSwiki. https://www.limswiki.org/index.php/LIMS_FAQ:How_does_ISO/IEC_17025_impact_laboratories?. Retrieved 14 January 2023.
- ↑ Boyar, Kyle; Pham, Andrew; Swantek, Shannon; Ward, Gary; Herman, Gary (2021), Opie, Shaun R., ed., "Laboratory Information Management Systems (LIMS)" (in en), Cannabis Laboratory Fundamentals (Cham: Springer International Publishing): 131–151, doi:10.1007/978-3-030-62716-4_7, ISBN 978-3-030-62715-7, http://link.springer.com/10.1007/978-3-030-62716-4_7. Retrieved 2023-01-14
- ↑ Apte, A. (20 October 2020). "Is Your Food Testing Lab Prepping for an ISO/IEC 17025 Audit?". Food Safety Tech. https://foodsafetytech.com/column/is-your-food-testing-lab-prepping-for-an-iso-iec-17025-audit/. Retrieved 14 January 2023.
- ↑ Kennedy, T.M.; Kennedy, J.L.; Donaldson, R.M. et al. (2022). "A Call for Action to Maintain a Culture of Quality in the Clinical Laboratory" (PDF). Genetics & Molecular Medicine 4 (1): 1–2. doi:10.33425/2689-1077.1013. https://www.scivisionpub.com/pdfs/a-call-for-action-to-maintain-a-culture-of-quality-in-the-clinical-laboratory-2116.pdf.
- ↑ 5.0 5.1 5.2 5.3 5.4 "ISO/IEC 17025:2017 General requirements for the competence of testing and calibration laboratories". International Organization for Standardization. November 2017. https://www.iso.org/standard/66912.html. Retrieved 14 January 2023.
- ↑ 6.0 6.1 6.2 Steele, T. W.; Laugier, Alain; Falco, François (3 March 1999). "The impact of LIMS design and functionality on laboratory quality achievements". Accreditation and Quality Assurance 4 (3): 102–106. doi:10.1007/s007690050324. ISSN 0949-1775. http://link.springer.com/10.1007/s007690050324.
- ↑ Çağındı, Özlem; Ötleş, Semih (1 December 2004). "Importance of laboratory information management systems (LIMS) software for food processing factories" (in en). Journal of Food Engineering 65 (4): 565–568. doi:10.1016/j.jfoodeng.2004.02.021. https://linkinghub.elsevier.com/retrieve/pii/S0260877404000846.
- ↑ 8.0 8.1 8.2 Hull, Carl; Wray, Bruce; Winslow, Ford; Vilicich, Mark (1 November 2011). "Tracking and Controlling Everything that Affects Quality is the Key to a Quality Management System" (in en). Combinatorial Chemistry & High Throughput Screening 14 (9): 772–780. doi:10.2174/138620711796957125. http://www.eurekaselect.com/openurl/content.php?genre=article&issn=1386-2073&volume=14&issue=9&spage=772.
- ↑ "About ILAC > Facts & Figures". ILAC. 2021. https://ilac.org/about-ilac/facts-and-figures/. Retrieved 14 January 2023.
- ↑ Douglas, S.E. (January 2023). "LIMS FAQ:What is the importance of ISO/IEC 17025 to society?". LIMSwiki. https://www.limswiki.org/index.php/LIMS_FAQ:What_is_the_importance_of_ISO/IEC_17025_to_society?. Retrieved 14 January 2023.
- ↑ "ASTM E1578-18 Standard Guide for Laboratory Informatics". ASTM International. 23 August 2019. https://www.astm.org/e1578-18.html. Retrieved 14 January 2023.
- ↑ Sanchez, Juan M. (11 May 2021). "Use of Control Charts and Scientific Critical Thinking in Experimental Laboratory Courses: How They Help Students to Detect and Solve Systematic Errors" (in en). Journal of Chemical Education 98 (5): 1822–1828. doi:10.1021/acs.jchemed.0c00885. ISSN 0021-9584. https://pubs.acs.org/doi/10.1021/acs.jchemed.0c00885.
- ↑ Maxwell, G. (1 November 2003). "Using Workflows in LIMS to Reduce Customization". Scientific Computing. Archived from the original on 07 August 2009. https://web.archive.org/web/20090807034051/http://www.scientificcomputing.com/using-workflows-in-lims-to-reduce.aspx. Retrieved 14 January 2023.
- ↑ Sobowale, J. (1 March 2017). "Law firms must manage cybersecurity risks". ABA Journal. American Bar Association. http://www.abajournal.com/magazine/article/managing_cybersecurity_risk/. Retrieved 07 December 2022.
- ↑ Watney, C.; Draffin, C. (November 2017). "Addressing new challenges in automotive cybersecurity" (PDF). R Street Policy Study No. 118. R Street Institute. https://www.rstreet.org/wp-content/uploads/2018/04/118-1.pdf. Retrieved 07 December 2022.
- ↑ Lewis, J.A. (21 February 2018). "Economic Impact of Cybercrime". Center for Strategic & International Studies. https://www.csis.org/analysis/economic-impact-cybercrime. Retrieved 07 December 2022.
- ↑ "BLOG: Cost of Cyber Crime to Small Businesses". Virginia SBDC Blog. Virginia SBDC. 30 May 2017. Archived from the original on 05 July 2020. https://web.archive.org/web/20200705061737/https://www.virginiasbdc.org/blog-cost-of-cyber-crime-to-small-businesses/. Retrieved 07 December 2022.
- ↑ "Hiscox Cyber Readiness Report 2019" (PDF). Hiscox Ltd. April 2019. https://www.hiscox.com/documents/2019-Hiscox-Cyber-Readiness-Report.pdf. Retrieved 07 December 2022.
- ↑ Galvin, J. (7 May 2018). "60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack. Here's How to Protect Yourself". Inc.com. https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html. Retrieved 07 December 2022.
- ↑ Grima, M. (15 June 2022). "Top reasons why WordPress websites get hacked (and how you can stop it)". WP White Security. https://www.wpwhitesecurity.com/why-malicious-hacker-target-wordpress/. Retrieved 07 December 2022.
- ↑ Moen, D. (19 April 2016). "What Hackers Do With Compromised WordPress Sites". Wordfence Blog. Defiant, Inc. https://www.wordfence.com/blog/2016/04/hackers-compromised-wordpress-sites/. Retrieved 07 December 2022.
- ↑ Talaleve, A. (22 February 2022). "Website Hacking Statistics You Should Know in 2022". Patchstack. https://patchstack.com/articles/website-hacking-statistics/. Retrieved 07 December 2022.
- ↑ 23.0 23.1 Cite error: Invalid
<ref>
tag; no text was provided for refs namedDouglasComp20
- ↑ "security control". Computer Security Resource Center. National Institute of Standards and Technology. 2019. https://csrc.nist.gov/glossary/term/security_control. Retrieved 07 December 2022.
- ↑ 25.0 25.1 Ciocoui, C.N.; Dobrea, R.C. (2010). "Chapter 1. The Role of Standardization in Improving the Effectiveness of Integrated Risk Management". In Nota, G.. Advances in Risk Management. IntechOpen. doi:10.5772/9893. ISBN 9789535159469.
- ↑ 26.0 26.1 "Data Standardization: A Call to Action" (PDF). JPMorgan Chase & Co. May 2018. https://www.jpmorganchase.com/content/dam/jpmc/jpmorgan-chase-and-co/documents/call-to-action.pdf. Retrieved 07 December 2022.