Clarity Detailed GLP Compliance Overview

Significance of the topic

Clarity (DataApex) is a chromatography data system (CDS) used in regulated laboratories where electronic records and signatures must meet GLP/GMP requirements. Ensuring compliance with 21 CFR Part 11, EudraLex Annex 11 and equivalent national regulations is critical because regulatory authorities require that electronic records are attributable, legible, contemporaneous, original and accurate (ALCOA). For laboratories, proper configuration and procedural controls around a CDS are essential to protect product quality, enable audit readiness, and avoid regulatory enforcement actions.

Objectives and overview of the document

This summary synthesizes how Clarity (version 10 and higher) supports compliance with GLP/GMP electronic record requirements and what responsibilities remain with the end-user organization. It highlights capabilities (audit trails, user management, data export/archiving, IQ/OQ tools), constraints (closed-system assumption, no biometric signatures), and practical measures laboratories must apply (validation, SOPs, backups, training) to operate Clarity in a compliant manner.

Methodology and applied approach

The original document maps regulatory requirements to Clarity features and to the user organization’s responsibilities. For each regulatory clause (e.g., Part 11 sections on audit trails, signature controls, access), DataApex provides commentary indicating which controls are provided by Clarity and which controls must be implemented procedurally or through the IT environment and validation activities of the user organization. The approach distinguishes technical controls (software settings, built-in tools) from procedural controls (SOPs, user training, account management).

Used Instrumentation

• Clarity Chromatography Data System (DataApex) version 10 and higher (software features: audit trails, Archive tool, Auto-lock, user accounts, IQ/OQ procedures).
• Connected chromatography hardware components and vendor instruments uniquely identified by Clarity during acquisition.
• Windows operating system accounts and environment (Clarity ties actions to both Clarity user account and OS account).
• Optional system infrastructure: network shared drives for data storage, Windows Task Scheduler for automated Archive execution.

Main results and discussion

• Validation: Clarity includes IQ/OQ utilities and is tested by DataApex, but full validation of the complete computerized analytical system (software + instruments + IT infrastructure) is the responsibility of the user organization. Clarity does not provide dedicated tools to validate external infrastructure or cross-system data exchange.
• Security and access control: Clarity supports unique user accounts protected by passwords and role/privilege assignment. Best practice requires separate OS accounts for users and restricted access to audit trail configuration.
• Audit trails and attribution: Multiple in-file and station-level audit trails record user identity, timestamps, actions and (where applicable) previous and new values. Audit trails are integral parts of records, exportable and printable, and generally cannot be disabled.
• Data protection and retrieval: Clarity can export human-readable and electronic formats (PDF, CSV, XPS) and includes an Archive tool to support backups; however, the user organization must implement and validate backup procedures, off-site storage, and restore testing.
• System checks and device verification: Clarity monitors instrument communications, logs communication failures, and embeds read-only method fingerprints in chromatograms to document instrument configuration used for acquisition.
• Electronic signatures: Supported as optional feature. When used, signatures record signer name, date/time and meaning, and are bound to the record so cannot be excised. Clarity implements multi-component authentication behavior (username + password) consistent with Part 11 requirements; biometric signatures are not supported.
• Limitations and responsibilities: Clarity is intended for closed-system deployment as per Part 11 definitions. Deployment in open-system environments places additional obligations solely on the user organization. Clarity does not automatically verify correctness of manually entered critical data; procedural double-checks are required.

Practical benefits and recommendations for laboratories

• Leverage built-in features: Use Clarity audit trails, Archive tool, Auto-lock, and the IQ/OQ procedures as part of a documented validation package to demonstrate system integrity.
• Implement procedural controls: Maintain SOPs for user account lifecycle, password policy, data entry verification, backup and restore, change control, and review of audit trails.
• Enforce unique credentials: Ensure one Clarity account per person and one OS account per person to preserve attribution and prevent account reuse; avoid deleting accounts that are tied to historical records.
• Restrict privileges: Limit access to audit trail settings and administrative functions to dedicated roles separate from routine laboratory users.
• Backups and retention: Validate a backup strategy (Archive tool or alternative) with off-site storage, periodic restoration testing, and documented retention intervals matching regulatory requirements.
• Training and qualification: Keep documented training records for all personnel who develop, maintain or use the system; maintain evidence of competence and role-appropriate access controls.
• Data exchange and interfaces: Validate any data exchange between Clarity and external systems (LIMS, cloud services) and govern those exchanges with SOPs and appropriate risk assessment.

Future trends and potential applications

• Tighter regulatory focus on data integrity: Expect increased scrutiny of audit trails, backups and cross-system transfers; laboratories will need automated monitoring and reporting of data integrity metrics.
• Cloud and hybrid deployments: As laboratories adopt cloud-based storage and LIMS integrations, validated secure interfaces and clarified responsibilities between supplier and user will become critical.
• Advanced analytics on metadata: Automated review of audit trail patterns and anomaly detection (machine learning) could streamline periodic review and risk-based monitoring.
• Stronger identity controls: Wider adoption of hardware-backed tokens, multi-factor authentication and centralized identity management (while observing Part 11 uniqueness requirements) may replace simple password schemes.
• Immutable ledgers and provenance: Technologies that provide tamper-evident data provenance (blockchain-style or secure append-only storage) may be adopted for high-value regulated records.

Conclusion

Clarity provides a comprehensive set of technical features that support compliance with ALCOA-related requirements (audit trails, controlled access, export/print, archival support, IQ/OQ documentation, and optional electronic signatures). However, regulatory compliance is a joint responsibility: DataApex supplies software functionality and documentation, while the end-user organization must validate the complete system, configure the environment according to best practices (M132 manual), implement procedural controls (SOPs), ensure robust backup and restore procedures, and maintain personnel training and access governance. Failure to meet those responsibilities—particularly around account management, backups, validation of infrastructure, and procedural controls for manual data—remains a common regulatory risk.

References

• 21 CFR Part 11 — Electronic Records; Electronic Signatures (U.S. FDA).
• EudraLex, Volume 4, Annex 11 — Computerised systems (European Commission).
• FDA Data Integrity and Compliance With CGMP Questions and Answers Guidance for Industry (December 2018).
• ICH Q7 and ICH Q10 — Good Manufacturing Practice and Pharmaceutical Quality System guidance.
• Brazilian GMP regulations referenced (GMP 571, 572, 576, 577, 579, 580, 583, 584, 585, 589, etc.).
• China GMP requirements referenced (e.g., China GMP 18, 163).
• DataApex documentation: Clarity M132 manual; Clarity Declaration of Software Validation; DataApex ISO 9001 quality statements.