Clarity Detailed GLP Compliance Overview

Clarity (v10+) — Detailed GLP/GxP Compliance Overview and Practical Guidance

Importance of the topic

Regulated pharmaceutical and related laboratories must ensure electronic records meet ALCOA principles (Attributable, Legible, Contemporaneous, Original, Accurate) and remain trustworthy for the full retention period. International regulations (21 CFR Part 11, EudraLex Annex 11, national GMPs) set requirements for security, auditability, signature handling, data protection and system validation. A chromatography data system (CDS) such as Clarity must therefore provide technical controls that, together with organizational procedures, allow laboratories to demonstrate compliance during inspections and audits.

Objectives and scope of the document

This summary synthesizes how Clarity (version 10 and higher) supports regulatory requirements and clarifies user responsibilities. Goals are to: (1) map regulatory expectations to Clarity features; (2) identify which controls Clarity supplies and which remain the end-user organization’s responsibility; and (3) outline practical measures (technical and procedural) needed to operate Clarity in a compliant GLP/GMP environment.

Methodology and approach

The original datasheet interprets regulatory clauses (21 CFR Part 11, Annex 11, national GMPs and FDA guidance) and comments on how corresponding functionality is implemented in Clarity. The approach highlights both software-provided technical controls (audit trails, user accounts, electronic-signature support, archive/export tools, method fingerprints, auto-lock) and required procedural controls (SOPs, training, backup policies, validation of network/infrastructure). Documentation and validation practices (IQ/OQ procedures provided by Clarity; ultimate responsibility lies with the system owner) are emphasized.

Used instrumentation

• Clarity Chromatography Data System (CDS), version 10 and higher
• Connected chromatography instruments and controllers (each instrument uniquely identifiable and fingerprinted in chromatogram files)
• Microsoft Windows operating system accounts (OS-level user accounts required)
• Network or local storage (data repositories recommended to be validated and access-controlled)
• Clarity Archive tool and standard Windows Task Scheduler (for backup automation)
• Output devices and formats: printers and electronic export to PDF, XPS, CSV, Excel, DBF, text

Main features and how they address regulatory requirements (results and discussion)

• Validation support: Clarity provides IQ/OQ procedures and is development-tested under DataApex QA (ISO 9001). However, validation of the entire computerized system (software + instruments + infrastructure) is the responsibility of the user organization; Clarity’s IQ/OQ cannot alone validate networked or instrument-specific components.
• Security and authorized access: Clarity supports unique user accounts with password protection and configurable privileges. Users should also have individual OS accounts. Proper configuration according to the recommended M132 manual is required to ensure a closed-system environment consistent with Part 11 definitions.
• Audit trails and attribution: Clarity implements embedded, time-stamped, computer-generated audit trails per file type (chromatograms, calibrations, sequences, methods) and a station-level audit trail. Trails include user identity (Clarity and OS account), timestamp, action type and, where applicable, old and new values. Audit trails are stored within the relevant files and can be exported or printed for review.
• Data protection, backups and retrieval: Clarity can export and print human-readable copies and provides an Archive tool for data/backup operations (automatable via Windows Task Scheduler). The user organization must implement validated backup strategies, off-site storage, and periodic recovery testing to satisfy local GMP rules.
• System checks and device validation: Clarity continuously monitors instrument communications and records communication failures in audit trails. Chromatograms contain read-only method fingerprints for components involved in an analysis. Operational sequencing mirrors standard laboratory workflows.
• Electronic signatures: Optional in Clarity. When used, signatures are bound to records and include signer name, date/time and intended meaning. Clarity enforces username/password-based signing and supports auto-lock; biometric signatures are not supported. Policies for uniqueness, identity verification, and legal equivalence of signatures remain the laboratory’s duty.
• Controls over documentation and personnel: Clarity development and testing documentation is available from DataApex on request; however, SOPs, training records, and organizational policies (user provisioning, account lifecycle, change control) must be created and enforced by the user organization.

Key practical takeaways and benefits

• Clarity supplies core technical controls that support ALCOA: immutable audit trails, unique user accounts, exportable human-readable formats, method fingerprints and device communication checks.
• Using Clarity according to the M132 guidance enables a closed-system configuration preferred for regulated use; this reduces inspector concerns about uncontrolled access.
• The Archive tool and export capabilities simplify evidence production for audits and help satisfy requirements for readable and retrievable copies.
• Built-in IQ/OQ assists validation activities and accelerates system qualification when combined with user-generated validation artifacts (risk assessments, URS, PQ, SOPs).

Limitations and responsibilities (where procedural controls are required)

• User organizations must validate their complete computerized analytical system, including network infrastructure, instrument firmware, and data exchange interfaces (e.g., LIMS), and maintain associated change-control records.
• Backups, off-site archival strategies, and restore verification are the laboratory’s responsibility; Clarity’s Archive tool is a facilitator, not a complete compliance solution.
• Manual data entry critical to quality must be covered by procedural controls (double-checks, second-operator verification) since Clarity cannot validate the semantic correctness of manually entered values.
• Deployment in an open system is not supported by DataApex for regulated environments; if chosen, full compliance with related requirements becomes the user’s accountability and is unsupported by DataApex.

Benefits and practical use cases

• Supports regulatory inspections by providing auditable electronic records and printable/exportable documentation.
• Enables traceability of results back to operator, instrument and method configurations—essential for batch release investigations and deviations.
• Facilitates routine qualification activities with built-in IQ/OQ procedures while allowing integration into laboratory quality systems (SOPs, training, change control).

Future trends and opportunities for use

• Stronger regulator focus on data integrity and vendor-supplier oversight will continue; laboratories will need tighter contractual and audit arrangements with software suppliers.
• Tighter integration between CDS, LIMS and cloud platforms will increase demand for validated, secure interfaces and automated, auditable transfer mechanisms.
• Automation of backup, monitoring and integrity checks (and more sophisticated anomaly detection) will reduce manual workload and improve data assurance.
• Support for advanced authentication methods (e.g., centralized identity management, hardware tokens, biometrics) could be an area of future enhancement, though Clarity currently does not support biometrics.
• Risk-based approaches to auditing audit trails and selective review workflows will become more common to focus QA resources where they matter most.

Conclusion

Clarity v10+ provides a comprehensive set of technical controls aligned with GxP expectations: secure user accounts, immutable audit trails, signing mechanisms, device checks, and export/archival tools. However, compliance is a combination of technology plus organization: the final responsibility for validation, backup strategies, procedural controls (SOPs), training, and account lifecycle management rests with the Clarity user organization. Proper configuration per DataApex guidance (M132), documented validation (including IQ/OQ and system-level testing), and robust SOPs are required to demonstrate regulatory compliance.

References

1. 21 CFR Part 11 — Electronic Records; Electronic Signatures
2. EudraLex Volume 4, Annex 11 — Computerised Systems
3. FDA Data Integrity and Compliance With CGMP — Questions and Answers (Draft Guidance, 2018)
4. ICH Q7 and ICH Q10 guidance documents
5. China GMP and Brazil GMP provisions cited (multiple paragraphs addressing backup, access control and personnel)
6. GAMP 5 (good automated manufacturing practice principles)
7. ISO 9001:2015 — DataApex development quality system