Assessing your LIMS supplier is a necessary process for laboratories operating in a regulated industry, but it is also considered, in general, good practice. The supplier assessment should be scaled appropriate to the risk, complexity of your LIMS, and the services provided. The assessment is most useful when conducted pre-purchase, and the objective of supplier assessment is to compare the supplier’s quality system against the quality expectations of your laboratory.
Benefits of Assessing Your Supplier
Supplier assessments can help provide the necessary evidence and justification for reducing the level of on-site testing; however, for regulated laboratories, it does not eliminate the need for testing completely.
The process of conducting the supplier assessment can also help build and further develop the client-supplier relationships. Depending on the complexity of the system or your laboratory’s policies, supplier assessment may be conducted multiple times throughout the systems lifecycle. With regular assessments, service levels and expectations can be continually evaluated and adjusted appropriately to maintain a good relationship.
Areas to Consider for the Type and Depth of Assessment
Not all computer systems require a detailed supplier assessment; however, a LIMS system usually has critical functionality that has a great impact on the fluid operations of a laboratory. All LIMS are not created equal, and the services provided can also vary between suppliers. Therefore, it is important to scale the level of assessment with the consideration of the following areas:
- Criticality of your LIMS – If you lost access, what would happen? If you lost data, what would happen?
- The risk to data integrity associated with intended use of the system.
- Complexity – Is the LIMS integrated with other third-party software? Is your laboratory process complex?
- Maturity of the product – version level and length of time in the market
- History and use of the system within a regulated industry
- Existing supplier knowledge of GMP requirements and technical competence
- Knowledge of the supplier’s quality management practices
- Results from previous assessments
- Quality certifications implemented by the supplier
What is Supplier Good Practice?
LIMS suppliers who operate a quality management system have implemented processes and procedures to ensure product and service quality is maintained and meets client expectations. Below we describe good practice for LIMS suppliers in each area of their operations:
- Establish QMS – The suppliers QMS may consist of: documented procedures and standards, evidence of competent and trained staff, evidence of compliance to documented procedures and a process for continuous improvement.
- Establish Requirements – LIMS suppliers who know their interested parties will be able to effectively establish requirements. Requirements of their products and services are not only derived from customers, but they can also be driven by regulations.
- Quality Planning – It is good practice for suppliers to define how their QMS will be implemented for a product, service or application.
- Assessments of Sub-suppliers – Any suppliers that your LIMS suppliers used should be assessed in a similar manner. The depth of their assessment will depend on the impact their subcontracted services have on the quality of the product and service provided. For example, hosted LIMS solutions frequently use a subcontracted service for cloud hosting.
- Produce Specifications – LIMS suppliers will usually have a set of specifications defined for their products that can be compared against the requirements.
- Perform Design Review – The design of the system should be evaluated against the requirements and the risks to ensure that it meets expectations and risks are adequately managed.
- Software Production / Configuration – Software development should be conducted in accordance with defined standards and programming practices. Configuration should follow pre-defined rules and be documented.
- Perform Testing – Testing functionality is good practice of LIMS developers, and is generally common practice through test driven development. The supplier should have evidence of testing performed against test plans and specifications.
- Commercial Release of the System – System release should be a formal process performed by the LIMS supplier, and it is important to understand that this is not release into the regulated environment which is the responsibility of the laboratory.
- User Documentation and Training – It is typical to receive user manuals and user training as part of the implementation process for your LIMS. In addition, for each new release issued by your supplier, updates to the user manual should be expected.
- Support and System Maintenance – Technology is always advancing and security updates are frequently available. Therefore, it is important to review the supplier’s controls for implementing changes or any routine processes, procedures and evidence of maintenance.
- System Replacement and Retirement – This would be how the supplier manages the withdrawal of products and how they communicate and manage the retirement of these systems.
References: GAMP 5 A Risk-Based Approach to Compliant GxP Computerized Systems