R.D. McDowall
|
Although this column discusses regulatory requirements and issues, it is important not to forget that the main reason for
backing up your application and data is a business one. You'll install your software and then configure the system by defining
items such as authorised users, user types, access control privileges, user-defined macros, libraries, and so forth. Imagine
the problem if your computer hard disk fails and you have no effective backup. What happens next?
You'll have to reinstall the base software from CD and then input all of the configuration data manually — assuming that you
remember what each one was. Not a pleasant thought, is it? Furthermore, consider the data and electronic records that you
have created since the original installation — how are you going to recreate these? The simple answer is that without backup
records you cannot.
Therefore, regardless of the regulations — if you are working in research, development or production — you need an effective
backup procedure for business reasons alone. Not convinced yet? Take the example where a spectroscopy laboratory only works
with paper. If a regulatory submission is needed and there are spectrometry data to be included you'll have to scan the paper
into a format that can be included into the electronic regulatory submission.
Key Sections of the Procedure Any standard operating procedure usually has the following sections as a minimum:
- Scope and purpose
- Roles and responsibilities
- Details of the procedure
- Generation of documented evidence (to demonstrate that the procedure was followed)
Every company has their own way of writing SOPs and different formats, so we'll focus on the main sections and look at each
of these in turn during this column.
Remember that the procedure is a formal document with management and QA approvals required as well as document controls (pagination
in the format of page x of y, document identity, version controls, and so forth), although we will not discuss these aspects here.
Purpose and Scope of the Procedure The purpose of the procedure should be described in a single sentence or paragraph. Typically, the purpose statement could
be written as, "Documenting the procedure for the backup and recovery of the application and electronic records of spectrometer
system X," or equivalent. There is no need to go into any more detail if your purpose sentence is simple and explicit.
The scope of the backup and recovery procedure can depend upon whether your spectrometer is a standalone or a networked system.
If the system is a standalone one, then you — the lucky user — are responsible for everything. However, if it is a networked
system then typically we're dealing with the IT department to back up the system on behalf of the laboratory. In the latter
case we're crossing departmental boundaries with all of the communication issues that that entail.
Similar to the purpose statement, there should be a simple scope statement to outline the SOP boundaries and identify what
is in the procedure and what is outside of the procedure. Establishing the boundaries of the procedure is important at the
beginning of the document to manage the expectations of any reader as to the details of the document.
Roles and Responsibilities Let's now look at the detail of the procedure by considering who is involved and what they should be doing: the roles and
responsibilities of all involved in the process. There are two main roles involved with backup and recovery in a networked
environment in most organizations:
- End users
- IT department personnel
