UL is a trusted leader in safety science, providing a variety of certification, inspection, and testing services for businesses around the globe. Customers turn to UL to help them achieve safety, security, and sustainability goals in order to manage risk effectively and achieve regulatory compliance.
With 230 laboratories in more than 143 countries and 14,000 laboratory personnel, UL is dedicated to empower trust between businesses and their consumers.
UL first implemented LabWare’s Laboratory Information Management System (LIMS) in 2005. To date, UL has deployed LabWare LIMS across 110 sites around the world. As a result, LIMS is a crucial enterprise system in UL’s IT infrastructure.
UL’s LabWare implementation is constantly evolving to meet new and changing requirements. Hundreds of change requests are implemented each year with new specifications and analyses, and new and changing workflows. It’s a fast-paced environment required to keep up with UL’s evolving growth and business requirements.
Kaizad Dinshaw, Sr. Manager of Enterprise Architecture at UL, was given the challenge of making UL’s LabWare implementation compliant with the Sarbanes-Oxley Act of 2002 (SOX) and ISO27001. A key requirement of Sarbanes-Oxley (SOX) compliance is separation of duties in the change management process. In a packaged application environment, separation of duties means that the same individual cannot make a change to the development database and then move that change to the production database. To stay in compliance with SOX, the company needed the ability to show a Separation of Duties (SoD) between their LIMS administrators and their IT operations staff.
Their management must be able to demonstrate a suitable change control process and SoD which will be subjected to internal and external audits.
The quality of data is crucial to support the services UL provides to their customers. UL needed to mitigate the ultimate risk of potential human error or misconduct in deploying the system that manages and reports laboratory data.
UL also faced an additional risk of non-compliance with SOX and ISO27001. If an auditor found the data that came out of LIMS couldn’t be trusted, then UL would be non-compliant with SOX. If UL customers couldn’t trust the data, it meant all certification lost its value—resulting in their value proposition and services crumbling.
To mitigate these risks, UL needed to separate the duties between those who deploy the changes and those who create them. For example, changes were typically made in a development environment. However, when the time came to deploy these changes, someone without administrative access could overwrite the changes.
LabWare needed to develop controls that kept LIMS administrators from having access to overwrite the system’s configuration that could result in unqualified data.
LabWare’s LIMS did have a built-in functionality called Changes Manager, which provided some insight into changes, but it had its limitations: it couldn’t provide a complete picture of changes made in the system, and it was not user-friendly or robust enough to meet compliance. The limitations with Changes Manager meant UL could not produce a complete, detailed, and auditable record of change.
Controls were needed to maintain the quality of their brand. They required the LIMS to:
- Monitor and record all changes in any given period
- Monitor and record reviews and stages of change as they happened
- Ensure administrators and developers could not review their own work per IT Best Practices
UL and LabWare’s solution was to develop an Environment Manager that could provide change management at a higher level to deal with the complex changes and deployment of their enterprise-level systems globally.
Dinshaw had seen a demonstration of LabWare Environment Manager (LEM) at a LabWare Customer Education Conference. Shortly after, UL and LabWare initiated a development partnership to extend the LabWare Environment Manager solution.
UL worked closely with LabWare to enhance the LEM product by building on its inherent capabilities and flexibility. A key change was to accommodate UL’s use of the Agile development methodology.
Using LEM’s configuration package kanban, Dinshaw was now able to see what changes were ready to be promoted to the LabWare production system during any two-week sprint cycle.
After six months of collaboration, UL went live with LEM to manage all of their LIMS changes, in the process, helping LabWare to create an enterprise-level environment management solution that truly meets robust regulatory compliance and reporting requirements.
Dinshaw says a considerable advantage of using LabWare Environment Manager is LEM’s audit reporting capability.
“We can run a single report from LEM to show an auditor what has been changed in our LIMS in any given period,” said Dinshaw. “So for each change, we see who did the configuration, the review, the change request, the approval, and who in IT operations installed it into production.”
Other benefits of LabWare’s enterprise-level LabWare Environment Manager:
- System updates are carried out without needing to log into systems such as staging and production
- Enforcement of change control now meets compliance
- The package installation is restricted to IT operations staff for staging and production
- LEM now automates the update of all servers in a single step
- LEM centralizes logs, such as package installation logs
- Enforcement of peer review, object dependency checks and prevention of changes to checked-out objects
- Control of schedulers from LEM
- Built-in robust monitoring capabilities including configurable alerts
How significant were these improvements? Dave Jackle, a Program Manager at UL, noted that the deployment of changes to production would previously take more than 2 hours. LEM cuts the time down to 5 minutes. The LEM data views and reporting capability made supporting quality audits significantly simpler and more complete.
LabWare Environment Manager
The LabWare Environment Manager is designed to manage the initial and ongoing development of a LIMS to ensure it stays in step with technology developments and ever-evolving business requirements. LEM includes issue management, change control, configuration management, automated wiki generation of configuration documentation and system monitoring capabilities.
LEM is a separately licensed LabWare solution specifically designed for LIMS administrators in enterprise-level organizations that need to manage complex LIMS and ELN deployments. If you have multiple sites or instances of LabWare with a complex configuration, your business is dealing with a change management platform. If customers face a new set of requirements that need to be developed, changes involved can be facilitated and tracked to ensure compliance with IT standards such as SOX and ISO27001. The system manages the complete lifecycle of changes until it’s deployed to the end user.