The validation of LIMS

You are correct that LIMS validation is not as straightforward as checking a spreadsheet, but it is also important to distinguish between a standard commercial LIMS package and laboratory-specific customisation.

For a commercial off-the-shelf LIMS, the laboratory would not normally be expected to validate the entire software package from first principles. However, the laboratory should be able to demonstrate that the system selected is suitable for its intended use, that the correct version is controlled, and that supplier information, access control, backup, recovery, support, and maintenance arrangements are in place.

The validation or verification effort should focus mainly on the parts of the LIMS that are configured or customised for the laboratory’s own use. This includes any areas where incorrect configuration or system failure could affect sample identity, result validity, calculations, reporting, confidentiality, traceability, or data integrity.

Key elements to consider include:

1. Intended use and scope
   Define which laboratory processes the LIMS supports, such as sample registration, result entry, calculations, review, authorisation, reporting, storage, or data transfer.
2. Configured workflows and user requirements
   Document laboratory-specific workflows, user roles, access levels, approval steps, report templates, test methods, units, limits, flags, and decision rules.
3. Risk assessment
   Identify where errors in configuration, customisation, data transfer, or user access could affect the validity or integrity of laboratory results.
4. Testing of customised or configured functions
   Test the LIMS using realistic laboratory scenarios, including sample login, result entry, amendments, review and approval, report generation, and retrieval of records.
5. Calculations and data transfers
   Verify any laboratory-specific calculations, rounding rules, unit conversions, reference ranges, specification limits, decision rules, instrument imports, exports, and interfaces.
6. Access control and audit trails
   Confirm that permissions are appropriate, unauthorised changes are prevented, and changes to data or configuration are traceable.
7. Backup, recovery and business continuity
   Confirm that records can be protected, restored, and accessed when needed.
8. Change control
   Ensure that software updates, configuration changes, new methods, calculation changes, report template changes, and interface changes are assessed, tested, approved, and recorded before use.

The evidence should therefore show that the laboratory has assessed the commercial LIMS as suitable for its intended use and has tested the laboratory-specific configuration, customisation, calculations, interfaces, reports, access controls, and data integrity controls before routine use.