m. Record Storage.
(1) Records must be stored in manner that protects them from damage and
from accidental or unauthorized destruction or modification.
(2) Records may be microfilmed, microfiched, or digitized, but there must be a
properly functioning viewer available on the premises. There must be documentation
that the transformed records are true copies of the material they replace.
(3) Records must be properly indexed and organized. Stored records must be
periodically inspected to assess the quality of the storage medium and the retrievability
of the information stored on it.
(4) For records maintained in a computer, there must be a method of verifying
accuracy of data entry. Standards require a system for display of data before final
(5) Hardware and software security measures must prevent unintended
deletion of data or access by unauthorized persons.
(6) A backup disk or tape should be maintained in the event of unexpected
loss of information from the storage medium. An archival copy of the computer
operating system and applications software should be stored off-site under appropriate
(7) There should be a COOP or continuous operations plan, in case the
computer system goes down. The backup system should be validated to ensure it
(8) There must be a secure means of identifying changes or corrections made
in the original records. The audit trail should identify the original data, the person(s)
entering the data, and the modification, the changed data, and the date/time of change.
n. Processing Records.
(1) Each significant step and critical control point of a procedure must be
recorded. Records must identify, for legal or investigational purposes, persons
responsible for each significant process.
(2) Processing records must be created as performance occurs. AABB
Standards requires that results of each test or critical step must be recorded as
observations are made or as each step is performed. Interpretation, if separate from
results, must be recorded upon completion of testing.