|
Regulation, Specification, or Guidance
|
Requirement
|
ASTM E1578-18 S-2-1 CJIS Security Policy Appendix G.8
|
33.1 The vendor should be able to demonstrate the use of software development standards, secure coding practices, formal change control, and software revision control within its development practices. The vendor should also document its staff's skills and certifications.
|
ASTM E1578-18 S-2-2
|
33.2 The vendor should be willing to provide access to source code through a suitable escrow.
|
ASTM E1578-18 S-2-3
|
33.3 The system should be able to document a summary and evaluation of enterprise performance markers and processes.
|
ASTM E1578-18 S-2-4 ISO 15189:2012 5.10.3 ISO/IEC 17025:2017 7.11.5
|
33.4 The system should be well documented by the vendor in comprehensive training material for all aspects of system use, including administration, operation, and troubleshooting.
|
21 CFR Part 11.10 (a)
21 CFR Part 820.70 (i)
E.U. Annex 11-11
EPA 815-R-05-004 Chap. IV, Sec. 8.6
EPA 815-R-05-004 Chap. VI, Sec. 8.6
E.U. Commission Directive 2003/94/EC Article 9.2
ISO 15189:2012 5.10.3
ISO/IEC 17025:2017 7.11.2
OECD GLP Principles 4.1
|
33.5 The system shall be validated initially and periodically, with those validation activities being documented, to ensure the accuracy, consistency, and reliability of system performance and its electronic records.
|
ASTM E1578-18 S-2-2 E.U. Annex 11-4
|
33.6 The documentation associated with system validation shall discuss all applicable steps of the life cycle, justify applied methods and standards, and include change control records and observed deviations during validation, if applicable.
|