How good is documentation supplied by a vendor to support the qualification of an instrument or the validation of a laboratory computerized system?
We have all had them — letters from a vendor of a product you are using in your laboratory that begin with the dreaded words "Dear Esteemed Customer ...." Reading those three words, you know what's coming: a price increase, your instrument will not longer be supported, your software is obsolete, the company has been taken over, or most of the above items. So what's with the title of this column, you may ask?
Compliance with regulations or standards is an important part of my consultancy and on a few recent projects, I have had the pleasure of reviewing many examples of vendor qualification and validation documentation on behalf of clients. You might be interested to know that lifting some examples of this material is better than going to the gym. Why bother pumping iron when I can pump paper instead? However, reviewing many of these documents over a relatively short period of time, I was surprised with the following:
So this column has two objectives:
So we will discuss if vendor documentation for instrument qualification or computer validation meets the GXP regulations and is scientifically sound. Not prejudging the issue (very much), I will propose suggestions for you to evaluate such documentation and for improving vendor qualification/validation material. I will take this discussion wider than just spectrophotometers and also include some other instruments and systems such as balances, centrifuges, and high performance liquid chromatography (HPLC) systems that are commonly used in a laboratory.
I want to make it clear that not all vendor qualification and validation documents are poor as there are some exceptions but unfortunately not many. Regrettably, there are many more examples which require improvements to provide customers with value for money coupled with adequate regulatory compliance, rather than generate a pile of paper simply by ticking a box. Looked at from the perspective of a regulated laboratory user, it is unlikely that you will have a single vendor for all your instrumentation, therefore you will have multiple vendors providing you with documentation for installation qualification and possibly operational qualification. So this is not just a single source problem to manage but it is a multivendor and multidocument problem to manage. From my perspective a single vendor can have a few good documents and then some poor ones so beware after a baseline has been established as that is when a poor document could catch you out.
Over the past 20 years, it has dawned both on analytical scientists working in regulated laboratories and the regulators themselves that analytical instruments and computerized systems need to be fit for their intended use and that there must be documented evidence available to demonstrate this. This started in the early 1990s; the publication by Furman and colleagues (1) presented the FDA's viewpoint with the concept of modular and holistic qualification, Freeman and colleagues (2) from the Pharmaceutical Analytical Science Group (PASG) gave the UK pharmaceutical industry approach with the introduction of the 4Qs model to analytical instrumentation, and Burgess and colleagues (3) looked at some of the practical issues involved with qualifying instrumentation in regulated laboratories. The UK Laboratory of the Government Chemist (LGC) developed an approach for qualification of analytical instruments (4) and then two guidance documents for HPLC systems and UV–vis spectrophotometers in the late 1990s under the Valid Analytical Measurement (VAM) program (5,6).
However, many of the early attempts at analytical instrument qualification (AIQ) were conducted in-house but were often time consuming. So laboratories often would ask the vendors of their instruments if they could help. In principle this is a great idea, as the vendor knows their instrument, and therefore, they would be well placed to help qualify the instrument and to validate the computer system that controls it. The theory is great but the practice is often a let-down. Vendors typically have a wide market and GLP and GMP compliance is in a relatively narrow industry sector, such as the pharmaceutical or biotechnology sector. By sales, regulated laboratories can be a large market but it is small compared to the needs of the overall market requirements, from research to manufacturing, from petrochemicals to testing, from no-quality system to ISO 17025 and then to GMP/GLP. Furthermore, most vendors are certified to ISO 9001 for the delivery and support of a product or a service which can mean that documents written for compliance with ISO might not be compliant with GXP regulations. So unless a vendor specializes in this specific market sector, they can be at a loss as to understand what is required for a regulated laboratory especially as the regulatory framework has changed over the past ten years at an ever-increasing speed.
Over time, laboratories have realized the burden, both in terms of staff time and lost work, involved in the qualification of instruments and validation of the computerized systems is too great and so various ways have been tried to reduce the impact. The development of in-house groups that will focus on qualification and validation to the laboratories (these can often be an outgrowth of existing metrology groups) was one way of helping. However, these units are often vulnerable during reorganization or merger as they are not seen as a core operation to the laboratory. This is unfortunate, as it removes from the organization the very skills required to assess and critique vendor documentation.
The other way, providing there is a suitable budget, is to outsource to a third party such as the vendor or to a company dedicated to offering qualification and validation services for all vendor instrumentation. For the purposes of this article, I'll not consider directly the qualification services company as I wish to focus solely on vendor products and services. However, many of the principles discussed here apply equally to all documentation for qualification and validation regardless of the origin of the material.
Vendor services to the regulated laboratory can be very lucrative, especially when times are tough, as instruments still need to be qualified initially and thereafter on a regular basis and after a major repair. So if the instrument market is down, qualification documentation coupled with delivery by professional services or the field engineers can provide a good source of revenue for an instrument company.
It is important to understand the roles and responsibilities involved in this area. We typically have three roles to consider in qualification and validation: the system owner, quality assurance, and the vendor.
In addition, there are two other roles with the following responsibilities:
The basic problem is that many vendors think that they know the GXP regulations but given the evidence that I have seen when reading their documentation, this is not true. So let us look at the GMP regulations.
In Europe, we have the GMP regulations divided into three parts plus annexes to cover specific subject areas. Part 1 covers manufacturing of products, Part 2 is GMP for active pharmaceutical ingredients and is simply ICH Q7, and Part 3 is the draft section on the Site Master File. In addition, there are 20 annexes, of which the two main ones to consider are annex 11 on computerized system validation and annex 15. It is annex 15 (9), entitled qualification and validation, that is critical to this discussion, as the vendors do not appear to have read this part of EU GMP, which has been effective since September 2001. The main clauses for this discussion are presented in Table I but please take the time to read the full annex.
Table I: A selection of regulations for qualification and validation documentation
Similarly, there are the U.S. GMP regulations (10) that require scientifically sound work and a document for the work being carried out under the laboratory controls sub-part of these regulations. The major sections of the U.S. GMP regulations for this discussion are presented in Table I.
So let U.S. summarize the explicit requirements from the regulations that we need to consider further in this column. Qualification and validation documentation must meet the following:
These requirements are not the basis for negotiation, they are the law. All regulated GMP laboratories must follow them. If vendors are used they also must follow them, but, as we shall see, they rarely do, either by design or ignorance. In this the vendors are aided and abetted by naïve laboratory staff and management who also fail to appreciate some of the legal requirements of their work.
At this point, we have not looked at 21 CFR 11 on electronic records and electronic signatures (11), however, I will return to this later in this column. I also will discuss one or two aspects of USP <1058> on analytical instrument qualification (AIQ) (12) in this column but you will need to consider the whole of this general chapter when planning any work along with any other ones applicable to the instrument you want to qualify; for example, <41> for balances, <1119> NIR, <621> chromatography, and so forth. The next "Focus on Quality" column will look at USP <1058> as it is now two years since it has been effective. It is also important to realize that there is no equivalent chapter to <1058> in the European Pharmacopoeia.
The 4Qs model is the one that is outlined in USP <1058> (12). For those of you not familiar with the general chapter, I'll outline the four stages of the model.
The main area of the 4Qs model where a vendor can be most useful is the IQ installing their own instrument and checking it out to see it works as a system. However, as part of the outsourcing model a laboratory also can rely upon a vendor's specification for the DQ and typically will also use them for the OQ. A vendor OQ is only useful if the tests conducted match the laboratory requirements, a subject we shall return to later in this column.
A question now arises: How good is a vendor specification?
Of the four stages of the 4Qs model, the one that is performed the worst or indeed, is not performed at all, is the design qualification (DQ). The definition of DQ from earlier is "Is the documented collection of activities . . . ." Note the word activities, not activity. There is more than one in this process! However, in many laboratories, the approach is to use the manufacturer's specification. For simple instrumentation, this might be acceptable. The use of the vendor specification is enshrined in USP <1058> as being the "right" thing to do; however, read the next few paragraphs before you agree. Failure at later stages of the 4Qs model can be attributable directly to a failure to undertake an adequate DQ. So ask yourself a simple question: Have you ever purchased an instrument or system that failed to do its job? I have and so has virtually every other senior analyst. When you analyze the reason for this, it is down to the failure to specify exactly what you wanted or that you were too naïve to write a specification.
Unfortunately, this can be a misconception that you can easily and often fall into. It is also the same problem with USP <1058> that relies upon using a vendor specification for an apparatus in group A and instruments in group B. Does this help? In many situations, the answer might be yes but you need to check the specification and how it was measured. This is best illustrated by the example of a benchtop centrifuge that my colleagues and I were asked to qualify as part of a laboratory AIQ project. The centrifuge had a single-speed rotor with a timer that a user could set to determine how long the samples would be centrifuged. The manufacturer's specification for the rotor speed was 3500 ± 1 rpm. This is very tight and precise specification. When we asked the vendor how this was measured, we were informed that it was the pulse train from the stepper motor without a rotor attached — the rotor speed was not even measured directly! Let me ask you another simple question: How many of you centrifuge samples with no rotor? I suggest that in this case, the vendor's specification is useless and meaningless and these are the politest comments that the Editor will allow me.
Therefore, YOU need to define the intended purpose of the instrument or system you are going to purchase by defining your key operational parameters to enable it to do its job. Then compare these with the vendor's specification. Do not start from the vendor specification and work backwards. Also, forget USP <1058> about using a vendor specification, as this is simply the regulated industry being dumb and stupid. There is only one person responsible for defining the requirements for an instrument (group B) or a system (group C) and that person is currently reading this article. Aren't you?
Another thing you should consider about vendor specifications is that instrument specifications are, not surprisingly, designed to sell instruments and to demonstrate that vendor A's instrument is better than all other vendors. It is also, in my view, a damage limitation exercise in that if the instrument does not work, here's the specification to demonstrate that it does. However, as the centrifuge example from earlier shows, unless you have the test method associated with each specification parameter, then each parameter listed by a vendor is meaningless.
To be balanced, we also should consider the question from the vendor perspective. They do not work to GMP but comply with ISO 9001: 2008. Internal documentation written by their engineers is to comply with ISO 9001 accreditation and not GMP regulations. Furthermore, these documents typically are not written or intended for customer use but industry wants to reduce time and effort associated with instrument qualification.
So what should a user or system owner do? First, write your own requirements for key instruments and systems. Second, remember that the definition earlier that states that DQ is not simply a single activity. Therefore, I strongly suggest for larger instruments (group B) and complex systems (group C) that the vendor signs off the design qualification (typically the URS or a variant thereof) to state that the system to be purchased will perform all the listed functions. This simple process will save you a lot of agony and will prevent you having to find more space in that dark, dark cupboard in the depths of your laboratory where you consign unwanted instruments and systems (13). You might think this a waste of time but my colleague was working with one of our clients on the purchase of a NIR spectrometer. He developed a user requirements specification (URS) based upon the intended use of the system and the selected vendor stated that the system would meet that specification. Instead of saying OK, accepting the statement, and doing nothing, he requested that the vendor signed the URS to this effect. When the system was delivered, it did not meet the URS requirements. What happened? The vendor was contractually required to develop software to meet the specification. Initially, this was a custom macro but this would be included in the next release of the NIR software and therefore, would go from category 5 to category 3 software. Caveat emptor!
This is a two-edged sword and to be fair to vendors, they have a balancing act to perform. First, a vendor will have many customers working to GMP regulations and while there will be a broad consensus of what is meant by a specific regulation, there will be many nuances when you come to the detail of implementation. These nuances will be influenced by the organization's overall view of compliance and if the regulators have made adverse comments about their compliance practices in previous inspections. Alternatively, a vendor might have worked extensively with just one organization to develop the initial product, and this will have a single company's interpretation of the regulations rather than a broad spectrum approach. Also, vendors will learn from their customers about regulatory compliance or they might be large enough and have enough sales into regulated healthcare laboratories to justify a compliance post and have the expertise in-house.
Leading on from this is: How does a vendor understand and interpret regulations? Here is one example where the interpretation is way off the mark about 21 CFR 11, and I quote verbatim from the vendor documentation:
Is the vendor right? Of course not, but we need to demonstrate this conclusively. Some of you might know one of the corollaries of Murphy's Law, Cahn's Axiom, which simply states "when all else fails, read the manual," or in our case, the regulation:
Let us compare and contrast the vendor and the FDA definitions:
So if you want to outsource, you need to check the documentation you are getting before you part with any money. Are you getting quality documentation or simply agricultural fertilizer?
When a laboratory purchases an instrument or laboratory computerized system, the salesperson is always ready to sell additional goodies such as qualification services. You can imagine the scene as he or she slithers across the floor toward you: "We have IQ and OQ materials for you to help you get the system operational quickly." Mesmerized like a deer in the headlights of a car, a grateful user rapidly adds the standard packages to the quote and everything goes through the company sales process. This is followed by delivery and qualification of the system.
Fast forward a few months and the door to the laboratory bursts opens and in walks the validation police: It's the corporate quality assurance audit! As a fully paid-up member of the validation police (sorry, I meant to say that I'm also an auditor), when I am reviewing a standard vendor qualification protocol in a laboratory, I will identify operating ranges for some of the key parameters from the document. Then I'll ask the system owner if there are methods that go outside of these ranges. For example:
So the information that the laboratory needs and the questions to be asked are before you purchase the documentation are
Now here's where you have to review the vendor qualification material critically to see if it meets the regulatory requirement of scientifically soundness. Let us take a look at two examples that are not, in my view, scientifically sound approaches:
Figure 1: Spectra of (a) caffeine (0.00068% w/v in water) and (b) holmium perchlorate (NIST SRM 2034) over the 200â300 nm wavelength range.
First, it is not traceable as a wavelength standard. If in doubt, read the calibration certificates provided by the various vendors:. The spectrometer that is used to measure caffeine is calibrated using traceable standards, but the caffeine itself cannot be traced to an agreed international standard. The best one can do is purchase a standard from the United States Pharmacopoeia, but this is sold only as an analytical standard for pharmacopoeial analysis. The certificate of analysis makes clear that any other use is at the user's own risk, and there is no mention of wavelength in the specification.
Second, caffeine does not have sharp bands but very broad ones, as you'll see in Figure 1, which leads to another unscientifically sound problem with caffeine: How accurately can you measure the peak maxima? The best that I can find on the certificates offered by various vendors is ±1 nm, which is 33–50% of the acceptance criteria required by the pharmacopoeias in Table II and leaves little room for instrument error.
Oh by the way, caffeine is inherently fluorescent (14)! So are you happy with using caffeine as a standard?
Looking on the bright side, caffeine is better than some materials used in the past as wavelength standards, e.g., uracil.
So with the roles and responsibilities defined and the key items from the regulations outlined, how do the various vendor qualification and validation documentation stacks up? Let me give you a clue: It's not good and this is not an all-inclusive list of problems with vendor documentation. So what you should be looking for is the following:
1. Who Wrote This Document?
When you write a report about developing a method or method validation, it will have your name on the front cover as the technical author along with the names of the other individuals who reviewed and approved it. This does not happen with the vast majority of vendor qualification documents. Why? Most qualification and validation documents are not authored by a named individual or group of individuals — the best we might get is an engineering part number. Is there a problem? Yes, as the regulations all ask for a combination of education, training or experience for anybody performing regulated work. So from the system owner's perspective in the laboratory, who is paying money for this service and why can't they have the names of the author and reviewers within the company?
2. Where Do I Sign to Preapprove a Document?
To comply with the GMP regulations outlined in Table I, each vendor qualification or validation document must be approved by the user company before execution. Some vendors allow this with space in the documentation. However, most vendors do not, which is a poor understanding by them of the applicable regulations in Table I. But it is even a bigger problem for users who allow vendors to get away with it and compound the noncompliance problem.
If a laboratory knows the document needs approval and there is no space for preapproval signatures, they will review the document and then sign a separate cover page to provide the pre-execution approval. However, here comes the catch 22: To do this, you need to get your hands on a copy of the qualification document before the engineer turns up on-site. Will the company allow you to review and document before you purchase with the risk of rejection and possible ripoff of ideas or do you have to stump up the cost of the document only to find you have purchased rubbish? One company I was involved with was provided with an example document for a review. However, this was eight years old. The most interesting fact was the supply of qualification data on a 3.5-in. diskette, which would be most entertaining given the current stock of laboratory PCs! How are we to review such rubbish accurately?
Perhaps the best way to get around ths problem is to have an agreement as part of the overall system purchase in which the laboratory sees the copy of the current protocol and, unless there are clear compliance or scientific reasons not to continue, then the vendor qualification purchase should go ahead.
3. Where Are the Specifications Being Tested?
Tests being carried out are usually adequately documented but the specifications against which each test passes or fails are not listed in the majority of vendor documents. Furthermore, how are the tests and the acceptance criteria traced back to your original specifications? Ideally, if there were a single section containing all the specifications along with the acceptance criteria, this would enable the users to link the specifications to their own user requirements specification to demonstrate traceability. However, in general, there is not this information and you have to hunt throughout the document to find what is being tested and do all the traceability yourself.
4. How Does the Engineer Document the Test?
There are two issues to consider here:
5. Lack of Explicit Acceptance Criteria
One of the biggest problems in qualification and validation documentation is stating how tests have passed the acceptance criteria simply because many documents (user and vendor written) have no explicit acceptance criteria. Ideally, there should be a section in each document that summarizes the test and what the acceptance criteria are and if a test has passed these acceptance criteria or not.
6. No Overall Sign-Off of the Work by the Vendor Engineer
If an analyst in the laboratory is involved in executing any qualification or validation document, there will be a place for the individual to state that the instrument or computer system has passed or failed the test. They will put their name against this work or indeed any analytical work that the carry out in the laboratory. However, in the vendor documents, often there is no explicit statement and no overall sign off by the service engineer that the work has been completed and the instrument has passed. There is a general assumption that if the tests are OK then the instrument has been passed. However, the writers of this documentation do not appreciate that their potential audience nor had the document been written for auditability.
In one very poor example I have reviewed, the only people signing off the document were laboratory management. Here I think the vendor's legal eagles have reviewed the document and commented that their service engineer could not possibly sign off the document, as the vendor might get sued. In my opinion, if a regulated organization contracts with an instrument company to do the work, they should expect the instrument company's engineer to sign to say the work has been carried out and that the instrument passes or fails.
7. Is There an IQ Report Before the OQ Begins?
As required by EU GMP regulations there needs to be a report written and approved at the end of each phase of the work — for example, a report at the end of the IQ and another at the end of the OQ. Do we get this? No. What happens in practice is that the IQ leads straight into the OQ and at the end of the work there is a pile of paper left by the service engineer on the bench as they exit the laboratory. This is a area that both vendors and users need to be more aware of and ensure that the regulations are complied with. The report can be integrated into the existing documentation but approval of the work needs to take place before the next stage of the work begins.
So here are some of the issues system owners and senior scientists need to address with vendor supplied qualification documentation to ensure compliance with the regulations to which they operate. Otherwise would you prefer to explain this to an inspector?
And then we have software validation for USP <1058> group C systems. I will spend more time on this in my next column when I review <1058> two years after the implementation date. The approach to software validation varies from the sublime to the ridiculous. Sublime where group B instruments with embedded software are qualified as part of the overall instrument effort and ridiculous with group C systems and the reliance on a vendor to do most of the software validation work, which is naïve to say the least.
Implicit or indirect testing of embedded software in group B instruments is a practical approach and is good for the most part. There are some omissions with embedded software, which I will discuss in my next column, but overall the approach is sound. The problem comes with group C systems. Here I will discuss the vendor issues and leave the major omissions and problems with the approach to my next column.
1. Misclassification of Software Category
One of the biggest problems is the vendor misclassifying software category whether this is due to the deviousness of the marketing department or a misunderstanding of the current GAMP software classifications I will leave for you to decide. For example, one spectrometry software application is classified by its vendor as COTS without defining exactly what COTS means. It implies that the software is commercial off the shelf software or GAMP category 3 software (15) however in the same paragraph of the validation document it notes that the software can also be configured and that a user can define macros to manipulate data and results which are software category 4 and 5, respectively. Therefore it important that the system owner defines the software category according to their company standard operating procedures and CSV policies and that they should not rely on vendor self-classification. This is particularly important as companies transition from GAMP 4 to GAMP 5 software classifications which are substantially different.
Table II: Key requirements for a wave- wavelength standard
2. Vendor Software OQ Repeats the In-House Testing
Some enterprising vendors will adapt their release testing documents into the operational qualification that they will sell to users. What is required in the operational qualification is that the software works and where appropriate can control the instrument, users do not need time wasted on repeating in house release testing. This is especially true when the software will be configured afterward by the users to meet their own business needs, such as for electronic records protection and use of electronic signatures. I will return to this topic in a later column.
3. Poorly Written and Untestable Software Requirements
To help users, some vendors will provide a validation package from plan, through specification of requirements to testing. Treat these packages with great suspicion until you have had the time to examine the whole package critically. If a vendor does not allow you to see the document before you buy, my advice is do not purchase it. See the package before you buy — always.
The reason for this is presented below. Here are two examples of software requirements from a vendor validation package that can be yours for a princely sum:
These requirements are untestable rubbish for which you, unsuspecting reader, have paid good money to acquire. Let us look in more detail at why I have described them as untestable rubbish. There is a software engineering standard number 1233 from the Institute of Electrical and Electronic Engineers (IEEE) entitled IEEE Guide for Developing System Requirements Specifications (16). In this document, there is a section on writing testable or verifiable user requirements. Space does not permit me in this column to explain in detail the whole process, but this is described in more detail in my book on validation of chromatography data systems (17). The essence for a requirement to be either testable or verifiable is that there should be a capability described that states what you want the system to do coupled with a condition that will makes the requirement testable or verifiable. For example "access to the system will be via password" is the capability and "consisting of eight alphanumeric characters" provides the conditions to make the requirement testable.
Now look at the one of the vendor examples presented above. The software fulfils regulatory requirements. So which regulatory requirements do we mean: GLP or GMP or even 21 CFR 11? To go further, does the requirement imply all requirements in each of these regulations or only the ones that relate to the laboratory? So back to my assertion. How will you test this requirement? You cannot is the simple answer. At best, the software fulfills regulatory requirements is a design concept that will have to be developed much, much further into a large number of specific and testable requirements. These requirements will cover areas in the software such as security and access control, data file integrity, review, approval and reporting of data including electronic signatures and audit trails.
The use of vendor qualification material, if it matches the laboratory needs, is a valuable resource. However, the material is often deficient in compliance with regulatory requirements such as not being scientifically sound nor provides for preapproval signatures to identify two areas. It is the responsibility of the system owner and the users in the laboratory to ensure that any material purchased meets both user needs and regulatory requirements. I hope this column will help users be more critical of vendor material and also help vendors develop better approaches to delivering this material. The relationship between vendor and user should be a partnership and not adversarial.
I would like to thank Chris Burgess for help and comment in the preparation of this article.
R.D. McDowall is principal of McDowall Consulting and director of R.D. McDowall Limited, and "Questions of Quality" column editor for LCGC Europe, Spectroscopy's sister magazine. Address correspondence to him at 73 Murray Avenue, Bromley, Kent, BR1 3DJ, UK.
(1) W.B. Furman, T.P. Layloff, and R. Tetzlaff, JOAC Int. 77, 1314–1317 (1994).
(2) M. Freeman, M. Lang, D. Morrison, and R.P. Munden, Pharm. Technol. Eur. 10, 45–48 (1995).
(3) C. Burgess, D.G. Jones, and R.D. McDowall, Analyst 123, 1879–1886 (1998).
(4) P. Bedson and M. Sargent, J. Accred. Qual. Assurance 1, 265–274 (1996).
(5) Guidance on Equipment Qualification of Analytical Instruments: High Performance Liquid Chromatography (HPLC), June 1998, LGC/VAM/1998/026.2.
(6) Guidance on Equipment Qualification of Analytical Instruments: UV-Visible Spectro(photo)meters (UV-Vis) Version 1.0 – September 2000, LGC/VAM/2000/079.
(7) EU GMP Chapter 1 on Quality Management.
(8) ICH Q10 Pharmaceutical Quality Systems.
(9) EU GMP Annex 15 on Qualification and Validation.
(10) FDA GMP for Finished Pharmaceutical Products (21 CFR 211).
(11) FDA 21 CFR 11 on Electronic Records and Electronic Signatures .
(12) United States Pharmacopoeia general chapter <1058> on Analytical Instrument Qualification (AIQ).
(13) R.D. McDowall, Spectroscopy 24 (12), 67–72 (2009).
(14) Standards in Absorption Spectrometry, UV Spectrometry Group, C. Burgess and A. Knowles, Eds. (Chapman and Hall, 1981), pp. 63–64.
(15) R.D. McDowall, Spectroscopy 25 (4), 22–31 (2010).
(16) IEEE Software engineering standard 1233 from the Institute of Electrical and Electronic Engineers (IEEE) is entitled IEEE Guide for Developing System Requirements Specifications.
(17) R.D. McDowall, Validation of Chromatography Data Systems, Meeting Business and Regulatory Requirements (Royal Society of Chemistry, Cambridge, UK, 2005).