In October, we were proud to unveil OmniTrust, our new solution for regulatory compliance and data integrity (including for 21 CFR Part 11). Designed to aid efficient and simple compliance, OmniTrust helps you reduce the administrative burden of doing so.  

Despite having presented several live webinars, product demos and even the live launch of some Mastersizer accessories in the past, I found this one to be even more exciting and nerve-wracking (not least due to the unexpected connectivity issues we had leading up to going live, but thankfully it all came together in the end so hopefully no one noticed!).   

It was a pleasure to be back on stage with Paul Kippax our Pharmaceutical Sector Director and host for the event, and to share the stage with new colleagues from Concept Life Science, Caroline German and Gregg Imrie. Gregg and Caroline are also customers of Malvern Panalytical and, more importantly, experts in ensuring the right analytics are deployed and validated to ensure data integrity.   

Between us we covered many aspects around the analytical qualification guidance USP <1058>. I talked about how we worked with customers to understand their requirements for OmniTrust, and how our global development teams in Malvern, Almelo and Porto have worked hard as an integrated team to deliver it.

During this launch event, I gave a demo of the software, which you can watch here. Following that, we did a deeper dive with a demo at your desk event where our specialists Maryam Hussain and Martin Schreyer demonstrated OmniTrust with our Zetasizer Advance series and Aeris products.

During these events, questions came up, many of which were answered, but for those who missed the events or would like to look through the answers at a more leisurely pace, I have put together this Q&A blog to collate them.  If you have any further questions, please don’t hesitate to get in touch.   

Are there technically separate applications for OmniTrust?

Yes, there are different applications that work together to provide the full compliance toolset.

For example, for the Zetasizer Advance series there is: ZS Xplorer software which ensures events are recorded and displays the record audit entries; OmniAccess for set up and configuration of the compliance toolset; and OmniTrail for viewing the audit trail.

Similarly, for the XRD product family there are the tools within the relevant application software plus OmniAccess and OmniTrail. 

What sort of file format does OmniTrust use? 

OmniTrail’s audit trail utilizes SQLite database (i.e. an open-source, full feature database that minimizes license issues for our customers).

Are administration changes tracked?  How does his show up in the audit trails?  

OmniAccess creates an event in the system audit trail every time a configuration file is deployed. This is viewable in OmniTrail with the relevant configuration files appended to the event, so they can be downloaded for review at any time.

Are unsuccessful login attempts recorded and do the various software applications lock you out after X unsuccessful attempts? 

All unsuccessful login attempts are recorded in the system audit trail, which is viewable with OmniTrail. Lock-out after X attempts is configured via the Windows Policy rather than OmniTrust.

What tools do you have in place to spot testing into compliance  

Preventing testing into compliance has been designed-in through the development of a number of tools and features, including:

– Audit of aborted measurements
– It is not possible to start a measurement without an electronic record being created
– Use filters to search for non-standard behavior, e.g. application shut down unexpectedly
– Manual audit entry

 
Multiple roles aren’t compliant with our policies, do we have to use this feature? 

Allowing multiple roles is optional. You can choose whether to use it or not in OmniAccess.

Do you have tools to review audit trails?  

OmniTrail provides flexible filters that allow you to perform searches during audit reviews. Combinations of filters can be saved as a search, making routine analysis easy. A reviewer of the system audit trail can create an event signifying that the review occurred, and a list of everything that was reviewed is saved with this.

Is it possible for a reviewer to sign a review event?  

Yes, if signing is required for this event (as with any other), it can be configured in the ‘Signing and Reasoning’ section of OmniAccess. When a reviewer performs a review in OmniTrail, the event is recorded and a password and/or reason requested as per the configuration.

Is any customer training provided to support OmniTrust? 

The OmniTrust package includes access to an e-learning course. Onsite or virtual training can also be arranged.

We have a Citrix environment for some of our instruments, can we utilize this?

We believe central management will address many of the drivers that the Citrix environment provides, so it is not foreseen at this stage of the project. However, we welcome your feedback as to why this is important for you.

Do you provide back up and archiving tools? 

Retention of the system audit trail, backup and archiving is a customer responsibility. Data can be saved to a network location where ordinary users don’t have the authority to delete data. A procedure is provided for this.

Record audit trail data remains with the record if data is transferred for review.

We want to create a new folder on the C: drive to automatically save audit trail data for every user. Is this possible? 

Yes, with OmniTrust you can define where audit trail data is saved by defining a location within the applications. Note: folder permissions are controlled via Windows.

I have an Empyrean system with the current audit trail solution, can I upgrade to OmniTrust and what support is available? 

Yes, you can move to OmniTrust. However, we would suggest waiting till the next version. We are planning to provide a mechanism for converting existing audit trail data into a human-readable format for Empyrean customers who wish to transfer.

For XRPD, will raw data (currently xrdml files) systems remain separate files using OmniTrust, or will the data be stored in a database? 

These will remain as separate files.

How long will Audit Trail 1.6 work? And how long will it be supported? 

We are assessing this. Please note that the product support lifecycle depends not only on us, but also on third-party applications (such as Microsoft, anti-virus software etc). We cannot guarantee compatibility with future operating systems and upgrades by third parties.

Further reading