Laboratories involved in certain aspects of pharmaceutical or environmental research and development are subject to rules and regulations, such as 21 CFR Part 11, EPA CROMERR, Good Laboratory Practices (GLP), and Good Manufacturing Practices (GMP). AnIML provides mechanisms to help organizations address these requirements.
Certain regulations require the implementation of electronic signatures on data records. AnIML supports this by providing a standardized way of applying digital signatures to scientific data. Like all data formats, AnIML is not in a position to prevent unauthorized modification of a document. This is the job of the underlying storage system, where appropriate access controls need to be enforced. However, using digital signatures, such unauthorized changes can be detected. Besides detecting modifications, it is also possible to use signatures to implement sign-off workflows and multi-level approval processes in a paperless laboratory.
Users can apply multiple signatures to an AnIML document. Each signature can have a different scope, covering different parts of a document. This proves quite useful in practice: Each staff member can sign for those parts of the experiment he or she conducted. Eventually, one could envision instruments directly signing the results they produce, proving data authenticity. Such a mechanism allows for total traceability of scientific data – from the long-term archive all the way back to the original instrument.
The AnIML signature mechanism leverages the established W3C XML Digital Signature standard. This ensures compatibility with existing public key infrastructures, certificates, key tokens, and smart cards. In some jurisdictions, it is possible to create legally binding signatures this way.
Changes to AnIML documents can be recorded in the built-in audit trail. Each audit trail entry accurately records all aspects of a change. This includes the old and the new values, the person responsible, the reason for the change, as well as a time stamp. Using the audit trail, it is possible to examine the changes and revert the document into previous stages. To increase security, audit trail entries can be digitally signed.