OmniTrust – Your questions answered
In October, we were proud to unveil OmniTrust, our new solution for regulatory compliance and data integrity (including for 21 CFR Part 11). Designed to aid efficient and simple compliance, OmniTrust helps you reduce the administrative burden of doing so.
Despite having presented several live webinars, product demos and even the live launch of some Mastersizer accessories in the past, I found this one to be even more exciting and nerve-wracking (not least due to the unexpected connectivity issues we had leading up to going live, but thankfully it all came together in the end so hopefully no one noticed!).
It was a pleasure to be back on stage with Paul Kippax our Pharmaceutical Sector Director and host for the event, and to share the stage with new colleagues from Concept Life Science, Caroline German and Gregg Imrie. Gregg and Caroline are also customers of Malvern Panalytical and, more importantly, experts in ensuring the right analytics are deployed and validated to ensure data integrity.
Between us we covered many aspects around the analytical qualification guidance USP <1058>. I talked about how we worked with customers to understand their requirements for OmniTrust, and how our global development teams in Malvern, Almelo and Porto have worked hard as an integrated team to deliver it.
During this launch event, I gave a demo of the software, which you can watch here. Following that, we did a deeper dive with a demo at your desk event where our specialists Maryam Hussain and Martin Schreyer demonstrated OmniTrust with our Zetasizer Advance series and Aeris products.
During these events, questions came up, many of which were answered, but for those who missed the events or would like to look through the answers at a more leisurely pace, I have put together this Q&A blog to collate them. If you have any further questions, please don’t hesitate to get in touch.
Yes, there are different applications that work together to provide the full compliance toolset.
For example, for the Zetasizer Advance series there is: ZS Xplorer software which ensures events are recorded and displays the record audit entries; OmniAccess for set up and configuration of the compliance toolset; and OmniTrail for viewing the audit trail.
Similarly, for the XRD product family there are the tools within the relevant application software plus OmniAccess and OmniTrail.
OmniTrail’s audit trail utilizes SQLite database (i.e. an open-source, full feature database that minimizes license issues for our customers).
OmniAccess creates an event in the system audit trail every time a configuration file is deployed. This is viewable in OmniTrail with the relevant configuration files appended to the event, so they can be downloaded for review at any time.
All unsuccessful login attempts are recorded in the system audit trail, which is viewable with OmniTrail. Lock-out after X attempts is configured via the Windows Policy rather than OmniTrust.
Preventing testing into compliance has been designed-in through the development of a number of tools and features, including:
– Audit of aborted measurements
– It is not possible to start a measurement without an electronic record being created
– Use filters to search for non-standard behavior, e.g. application shut down unexpectedly
– Manual audit entry
Multiple roles aren’t compliant with our policies, do we have to use this feature?
Allowing multiple roles is optional. You can choose whether to use it or not in OmniAccess.
OmniTrail provides flexible filters that allow you to perform searches during audit reviews. Combinations of filters can be saved as a search, making routine analysis easy. A reviewer of the system audit trail can create an event signifying that the review occurred, and a list of everything that was reviewed is saved with this.
Yes, if signing is required for this event (as with any other), it can be configured in the ‘Signing and Reasoning’ section of OmniAccess. When a reviewer performs a review in OmniTrail, the event is recorded and a password and/or reason requested as per the configuration.
The OmniTrust package includes access to an e-learning course. Onsite or virtual training can also be arranged.
We believe central management will address many of the drivers that the Citrix environment provides, so it is not foreseen at this stage of the project. However, we welcome your feedback as to why this is important for you.
Retention of the system audit trail, backup and archiving is a customer responsibility. Data can be saved to a network location where ordinary users don’t have the authority to delete data. A procedure is provided for this.
Record audit trail data remains with the record if data is transferred for review.
Yes, with OmniTrust you can define where audit trail data is saved by defining a location within the applications. Note: folder permissions are controlled via Windows.
Yes, you can move to OmniTrust. However, we would suggest waiting till the next version. We are planning to provide a mechanism for converting existing audit trail data into a human-readable format for Empyrean customers who wish to transfer.
These will remain as separate files.
We are assessing this. Please note that the product support lifecycle depends not only on us, but also on third-party applications (such as Microsoft, anti-virus software etc). We cannot guarantee compatibility with future operating systems and upgrades by third parties.
Further reading
- The launch of OmniTrust – our solution for the regulated environment
- Demo at your desk – OmniTrust: Data integrity solution for the regulated environment
- OmniTrust Launch : Compliance solution for the regulated environment
- Improve your data integrity and be 21 CFR Part 11 compliant with OmniTrust software