Agilent G1732AA MSD Security ChemStation Manager Guide · detector data only in combination with...

Agilent G1732AA MSD Security ChemStation

Manager Guide

Agilent Technologies

2 Manager Guide

Notices© Agilent Technologies, Inc. 2004

No part of this manual may be reproduced in any form or by any means (including elec-tronic storage and retrieval or translation into a foreign language) without prior agree-ment and written consent from Agilent Technologies, Inc. as governed by United States and international copyright laws.

Manual Part NumberG1732-90001

EditionFirst edition, March 2004

Printed in USA

Agilent Technologies, Inc.2850 Centerville Road Wilmington, DE 19808-1610 USA

Warranty

The material contained in this docu-ment is provided “as is,” and is sub-ject to being changed, without notice, in future editions. Further, to the max-imum extent permitted by applicable law, Agilent disclaims all warranties, either express or implied, with regard to this manual and any information contained herein, including but not limited to the implied warranties of merchantability and fitness for a par-ticular purpose. Agilent shall not be liable for errors or for incidental or consequential damages in connec-tion with the furnishing, use, or per-formance of this document or of any information contained herein. Should Agilent and the user have a separate written agreement with warranty terms covering the material in this document that conflict with these terms, the warranty terms in the sep-arate agreement shall control.

Technology Licenses The hardware and/or software described in this document are furnished under a license and may be used or copied only in accor-dance with the terms of such license.

Restricted Rights LegendIf software is for use in the performance of a U.S. Government prime contract or subcon-tract, Software is delivered and licensed as “Commercial computer software” as defined in DFAR 252.227-7014 (June 1995), or as a “commercial item” as defined in FAR 2.101(a) or as “Restricted computer soft-ware” as defined in FAR 52.227-19 (June 1987) or any equivalent agency regulation or contract clause. Use, duplication or disclo-sure of Software is subject to AgilentTechnologies’ standard commercial license terms, and non-DOD Departments and Agencies of the U.S. Government will

receive no greater than Restricted Rights as defined in FAR 52.227-19(c)(1-2) (June 1987). U.S. Government users will receive no greater than Limited Rights as defined in FAR 52.227-14 (June 1987) or DFAR 252.227-7015 (b)(2) (November 1995), as applicable in any technical data.

Safety Notices

CAUTION

A CAUTION notice denotes a haz-ard. It calls attention to an operat-ing procedure, practice, or the like that, if not correctly performed or adhered to, could result in damage to the product or loss of important data. Do not proceed beyond a CAUTION notice until the indicated conditions are fully understood and met.

WARNING

A WARNING notice denotes a hazard. It calls attention to an operating procedure, practice, or the like that, if not correctly per-formed or adhered to, could result in personal injury or death. Do not proceed beyond a WARNING notice until the indicated condi-tions are fully understood and met.

AcknowledgementsMicrosoft®, Windows®, Windows 2000®, and Windows XP® are U.S. registered trademarks of Microsoft Corporation.

InstallShield® is a registered US trademark of InstallShield Corporation.

Software RevisionThis manual is valid for A.01.xx revisions of the Agilent G1732AA MSD Security Chem-Station software, where xx refers to minor revisions of the software that do not affect the technical accuracy of this manual.

In this guide. . .This Manager Guide contains information and procedures needed for the administration of the G1732AA MSD Security ChemStation.

1 Introduction

This chapter describes the purpose of the MSD Security ChemStation and provides brief descriptions of the other chapters.

2 21 CFR Part 11 Compliance

This chapter compares the requirements of the 21 CFR Part 11 regulations with the features of the Agilent G1732AA MSD Security ChemStation. It identifies those requirements that are satisfied by the software and those that are the responsibility of the users, system administrators, and the organization that employs them.

3 Manager Tasks

The final chapter contains procedures for the duties that a Manager must perform, including instrument configuration, user management, archive management, and related tasks.

Manager Guide 3

4 Manager Guide

Contents

1 Introduction

The Security ChemStation 10

Capabilities and limitations 10Hardware and communications 10Product design 10Security groups and users 11The Windows Administrator 12Electronic records and signatures 12Audit trails 13Archiving and restoration 13Uninstalling 13

Standard Operating Procedures 15


Subpart A–General Provisions 18

Subpart B–Electronic Records 21

Subpart C–Electronic Signatures 26

3 Manager Tasks

Completing Installation (Configuring Instruments) 33

Managing Users 37

Creating a new user 37

New user initial login 40Electronic signatures 40Disabling a user 41

Manager Guide 5

Managing Passwords 42

Password rules 42Password aging 42Account lockout 43Good password practices 43Final word 43

Removing (Uninstalling) MSD Security ChemStation Software 44

File and Directory Names 46

Version files 46Version file name syntax 46Run directories 47

Managing Archives 48

Importing and Exporting Data and Methods from a Different ChemStation 49

Import 49Export 49

The MSD Security Monitor 50

The Default Printer 51

Setting or changing the default printer 51

Audit Trails 52

Method, sequence, and data audit files 52Event Viewer logs 52Notes for users running Windows® 2000 60

Unlocking Methods 62

Set Data Path 63

Predefined structure 64

User-defined structure 64

6 Manager Guide

To Save a Method in the \METHODS Directory 66

Example: Adding a Quant database to a method using AutoQuant Setup 66

To Reprocess a Sequence 67

View Previously-Generated Reports 68

Manager Guide 7

8 Manager Guide

Agilent G1732AA MSD Security ChemStationManager Guide

1Introduction

The Security ChemStation 10

Capabilities and limitations 10

Hardware and communications 10

Product design 10

Security groups and users 11

The Windows Administrator 12

Electronic records and signatures 12

Audit trails 13

Archiving and restoration 13

Uninstalling 13

Standard Operating Procedures 15

The Agilent “G1732AA MSD Security ChemStation” and the “G1742AA MSD Security ChemStation Upgrade” are designed to support the requirements of the U.S. Food and Drug Administration (FDA) regulations on the handling of electronic records and electronic signatures published as 21 CFR Part 11.

The systems, hereafter referred to as the MSD Security ChemStation, acquire data from one Agilent 5973 Series Mass Selective Detector (MSD) mounted on an Agilent 6890 Series Gas Chromatograph (GC).

NOTE The G1732AA MSD Security ChemStation is software that should be installed on a computer dedicated to this specific application. This software can support either GPIB or local LAN acquisition from one MSD instrument. Other applications and/or wide area network access should be performed on other computers.

9Agilent Technologies

Introduction

The Security ChemStation

The Agilent G1732AA MSD Security ChemStation is a conventional MSD ChemStation with support for U.S. Food and Drug Administration (FDA) 21 CFR Part 11 regulations. These regulations govern the use of electronic records, electronic signatures, and auditability of systems used in regulated laboratories.

Chapter 2 compares the FDA 21 CFR Part 11 text with the properties of the Agilent system.

Chapter 3 describes the tasks that are performed by an MSD Security ChemStation Manager.

Capabilities and limitations

The MSD Security ChemStation supports the same hardware as the standard MSD Productivity ChemStation. However, it is focused on GC/MSD signal acquisition and will acquire GC detector data only in combination with GC/MSD data acquisition. It will also import and process existing GC/MSD files that contain GC data.

Hardware and communications

The ChemStation is designed for a system consisting of a personal computer (PC), a hub or bridge, a 6890 or 6890N gas chromatograph (GC), and a 5973 Mass Selective Detector (MSD). These components communicate either via an isolated local area network (LAN) or GPIB. Use on a site LAN is not supported.

Product design

The MSD Security ChemStation is a standalone application that addresses the requirements of 21 CFR Part 11 through a combination of operating system facilities and programmatic controls. It ships with Microsoft Windows operating system and takes advantage of its inherent user access security capabilities. File access privileges are defined on a per user basis for data

10 Manager Guide

Introduction

files, methods, sequences, and results. The operating system security features are used to protect data and manage user access to it. User-based file access is achieved by making use of individual file and folder permissions, impersonation, and local user and group management.

A mandatory logon requires users to enter user-ID and password when starting the application. The user must be a member of a MSD Security ChemStation user group. The access level is determined by the user group membership. The application logon is independent of the user who logged on to the operating system.

To protect it from unauthorized access, the application and its file system is entirely managed by an internal user called MSCFR. This user is created at installation time and has sole ownership of the entire file system belonging to the application (default directory name: MSDChem), which is created during installation. This system user manages the whole file system of the application and owns the entire MSDChem file tree—consisting of methods, sequences, data, and executable software.

The password of this user is set to a value known only within the MSD Security ChemStation application. It is Agilent-confidential and is not disclosed to other parties.

This arrangement discourages unauthorized access. In fact, even a Windows Administrator cannot access the files without first taking ownership of the file tree. Once ownership is taken, it cannot be given back. Log entries will show the change of ownership and reveal that security has been compromised.

Security groups and users

The install process creates three local groups. Users are created by a Windows Administrator and, if they are to have access to the security system, assigned to one or more of these groups.

• Operators are members of the MSDOperator group. They have user accounts that allow routine use and data acquisition.

Manager Guide 11

Introduction

• Analysts are members of the MSDAnalyst group. They have all the privileges of Operators, plus privileges that allow method development, and advanced data review.

• Managers are members of the MSDManager group. They have all the privileges of Operators and Analysts, plus privileges that allow system configuration and administration, and access to the command line.

Membership of users in these groups determines the level of access that they are permitted in the application. If a user is a member of more than one group, the higher level overrides the other group level. Users that are not a member of one of these groups have no access to the MSD Security ChemStation. This prevents unauthorized persons from using the software at all or from making changes to methods, data, and sequences.

The Windows Administrator

The Windows Administrator manages all MSD Security ChemStation users and owns the security policies. For these administrative tasks he is required to be a member of the local Windows Administrator group. However, he does not necessarily need to be a member of any of the MSD Security ChemStation user groups.

Windows Administrators are responsible for overseeing ChemStation usage and managing user access.

A Windows Administrator should be available whenever the system is in use to deal with such events as account lockout in a timely manner. We recommend having more than one administrator to ensure that there is sufficient coverage for these tasks.

Electronic records and signatures

Methods, sequences, and the data files derived from them are stored as Electronic Records. These records can be electronically signed for approval. A signature is mandatory whenever they are created, modified, or deleted. A deletion can only happen after successful archival, see below for details.

12 Manager Guide

Introduction

Audit trails

The system audit trail records system activities and is created and maintained by the software. They include logins (both attempted and successful), running the MSD Security applications, data archival, and similar actions.

Run-related audit trails document the record creation, all modifications, and electronic signatures and are associated with specific electronic records.

Archiving and restoration

The MSD Security ChemStation generates many files. For example, every change to a method creates a new method version. This allows data files to be linked to the exact method version that created them, so that they can be reprocessed correctly at any time.

This tends to fill up the hard disk. Archiving provides a means of transferring data (and associated methods and sequences) to an external medium to free up space. Restore is the opposite; it brings previously archived information back into the system.

Archiving is also used to transfer data for review. In this case, the archived data is not deleted from the hard disk.

Data archival should happen as the last step after completion of the review and approval cycles. All archiving activities are documented in the system audit trail.

Uninstalling

It may be necessary at some point to remove the MSD Security ChemStation software. The uninstall utility does this without removing any methods, sequences, or data.

Uninstall performs two functions:

• It deletes the executable software part of the ChemStation.

• It removes the security restrictions on the rest of the file tree.

Manager Guide 13

Introduction

Thus, if the software was installed in directory D:\MSDChem, that directory will still exist but can now be manipulated using Windows functions such as Copy, Delete, Rename, and so on.

Suppose that a new, updated version of MSD Security ChemStation is to replace the presently installed one. The new version requires a clean system (no residues from the present version) before it can be installed. The suggested steps are:

1 Perform a full archive to preserve the present state of the data.

2 Uninstall the present software.

3 Rename directory D:\MSDChem (or whatever other name you used) to make the name available for the new installation. Include the date in the (re)name.

4 Install the new software.

5 Restore the archived information.

This preserves the history of the original files.

Note that when uninstalling the software, a directory named C:\Agilent\SecurityGCMS remains. The directory can be manually deleted or left intact.

14 Manager Guide

Introduction

Standard Operating Procedures

The implementation of 21 CFR Part 11 consists of procedural controls (standard operating procedures, access security rules) that must be established in the laboratory and technical controls, that is, product functionality built into the software that is used to implement the paperless record processes.

The design of the Agilent MSD Security ChemStation is based on a closed system that uses procedural controls, such as access security rules established in the lab that only give authorized individuals physical access to the systems.

Procedural controls are manifested through Standard Operating Procedures (SOPs) created and enforced by the system owners.

An example is the use of electronic (rather than handwritten) signatures. Such signatures must be reported to the FDA before they can be used. It is the responsibility of the system organization to ensure that this is done. A written SOP, which requires the user to acknowledge that the user’s electronic signature is to be regarded as equivalent to a handwritten signature, must be created and enforced.

Chapter 2 discusses the regulations mandated by the FDA in more detail. In many cases, the notation is “Responsibility of the organization”, “Responsibility of an MSDManager”, or something similar. Such responsibilities require a written SOP.

With appropriate SOPs in place, the MSD Security ChemStation enables users to work in compliance with 21 CFR Part 11.

Manager Guide 15

Introduction

16 Manager Guide

221 CFR Part 11 Compliance

Subpart A–General Provisions 18

Subpart B–Electronic Records 21

Subpart C–Electronic Signatures 26

The opening paragraph of the U.S. Food and Drug Administration regulations on electronic records and electronic signatures states “The(se) regulations . . . set forth the criteria under which the agency considers electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper.”

The Agilent Technologies “G1732AA MSD Security ChemStation” and the “G1742AA MSD Security ChemStation Update” products provide the tools needed to comply with 21 CFR Part 11. When properly used, they produce Electronic Records (ER) and Electronic Signatures (ES) that meet the criteria stated above.

21 CFR Part 11 consists of three parts:

Subpart A–General Provisions States the scope and purpose of the regulations and defines some technical terms

Subpart B–Electronic Records States the requirements for reliable, trustworthy electronic records.

Subpart C–Electronic Signatures States the requirements for electronic, rather than handwritten signatures on electronic records.



Subpart A–General Provisions

Table 1 contains the complete text of 21 CFR Part 11, Subpart A–General Provisions, which defines the purpose, scope, and some technical terms used in the regulations.

Table 1 21 CFR Part 11, Subpart A–General Provisions


Sec. 11.1 Scope

a The regulations in this part set forth the criteria under which the agency considers electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper.

b This part applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted, under any records requirements set forth in agency regulations. This part also applies to electronic records submitted to the agency under requirements of the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act, even if such records are not specifically identified in agency regulations. However, this part does not apply to paper records that are, or have been, transmitted by electronic means.

c Where electronic signatures and their associated electronic records meet the requirements of this part, the agency will consider the electronic signatures to be equivalent to full handwritten signatures, initials, and other general signings as required by agency regulations, unless specifically excepted by regulation(s) effective on or after August 20, 1997.

d Electronic records that meet the requirements of this part may be used in lieu of paper records, in accordance with Sec. 11.2, unless paper records are specifically required.

e Computer systems (including hardware and software), controls, and attendant documentation maintained under this part shall be readily available for, and subject to, FDA inspection.

18 Manager Guide

21 CFR Part 11 Compliance 2

Sec. 11.2 Implementation

a For records required to be maintained but not submitted to the agency, persons may use electronic records in lieu of paper records or electronic signatures in lieu of traditional signatures, in whole or in part, provided that the requirements of this part are met.

b For records submitted to the agency, persona may use electronic records in lieu of paper records or electronic signatures in lieu of traditional signatures, in whole or in part, provided that:

1 The requirements of this part are met; and

2 The document or parts of a document to be submitted have been identified in public docket No. 92S-0251 as being the type of submission the agency accepts in electronic form. This docket will identify specifically what types of documents or parts of documents are acceptable for submission in electronic form without paper records and the agency receiving unit(s) (e.g., specific center, office, division, branch) to which such submissions may be made. Documents to agency receiving unit(s) not specified in the public docket will not be considered as official if they are submitted in electronic form; paper forms of such documents will be considered as official and must accompany any electronic records. Persons are expected to consult with the intended agency receiving unit for details on how (e.g., method of transmission, media, file formats, and technical protocols) and whether to proceed with the electronic submission.

Sec. 11.3 Definitions

a The definitions and interpretations of terms contained in section 201 of the act apply to those terms when used in this part.

b The following definitions of terms also apply to this part:

1 Act means the Federal Food, Drug, and Cosmetic Act (secs. 201-903 (21 U.S.C. 321-393)).

2 Agency means the Food and Drug Administration.

3 Biometrics means a method of verifying an individual's identity based on measurement of the individual's physical feature(s) or repeatable action(s) where those features and/or actions are both unique to that individual and measurable.

4 Closed system means an environment in which system access is controlled by persons who are responsiblefor the content of electronic records that are on the system.

5 Digital signature means an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified

Table 1 21 CFR Part 11, Subpart A–General Provisions (continued)


Manager Guide 19


6 Electronic record means any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.

7 Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature.

8 Handwritten signature means the scripted name or legal mark of an individual handwritten by that individual and executed or adopted with the present intention to authenticate a writing in a permanent form. The act of signing with a writing or marking instrument such as a pen or stylus is preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied to other devices that capture the name or mark.

9 Open system means an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system.

Table 1 21 CFR Part 11, Subpart A–General Provisions (continued)


20 Manager Guide


Subpart B–Electronic Records

Subpart B is concerned with the controls needed to ensure data integrity, user responsibility, and related matters.

Some additional definitions are needed for the Agilent product:

• Windows user—A person who has a login name and password for Windows.

• Security user—A Windows user with a login name and password that permit using the MSD Security ChemStation software. Security users are classified as Managers, Analysts, or Operators.

• Windows Administrator—An individual, who is a member of the Windows Administrator group, with responsibility for maintaining system security.

• Organization—The entity, usually a company, that owns the security system.

Table 2 compares the full text of the subpart with the MSD Security ChemStation.

NOTE MSDManager group members must explicitly be made members of the local Windows Administrator group if the Windows Administrator and MSD Security ChemStation Manager roles are to be held by the same individual.

Table 2 21 CFR Part 11, Subpart B–Electronic Records

Subpart B–Electronic Records text Agilent product

Sec. 11.10 Controls for closed systems

Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following:

• Responsibility of the organization. The design of the Agilent MSD Security ChemStation is based on a closed system which is achieved by implementing procedural controls such as access security rules established in the lab, that only give authorized individuals physical access to the systems.

Manager Guide 21


a Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.

• Agilent delivers a fully qualified data handling system together with all necessary services, which are needed to implement such a system to meet the requirements of the FDA regarding 21 CFR Part 11. Electronic records generated by the application are stored in a protected proprietary format using a SHAI secure hash algorithm. If such a record is altered through another application, this will be detected by the system when trying to read the record.

b The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency. Persons should contact the agency if there are any questions regarding the ability of the agency to perform such review and copying of the electronic records.

• The electronic record, associated meta data, audit trail, and electronic signature can be reviewed on screen.

• Printed or screen-viewable versions of reports representing the electronic record can be regenerated from the versions and compared to the originals.

• To read the electronic format the Agilent MSD Security ChemStation is required.

c Protection of records to enable their accurate and ready retrieval throughout the records retention period.

• The Agilent product provides archive/restore functionality for electronic records.

• Full protection in terms of regulatory agencies also includes application of additional procedural controls which the organization is responsible for.

d Limiting system access to authorized individuals.

• Unique combination of login name and user-supplied password required.

Table 2 21 CFR Part 11, Subpart B–Electronic Records (continued)


22 Manager Guide


e Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.

• Audit trails are generated automatically and independent of the user.

• Record changes create a new version and an audit trail entry; the original version is not altered.

• Retention is the responsibility of the organization.

• Each record is stored along with its creation date and time stamp. The associated audit trail lists all modifications with date/time stamp and the user name of the user doing the change.

f Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate.

• The application controls the ordering of operations to ensure appropriate behavior.

g Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.

• Check is by mandatory login to the application with login name, password, and user classification (Manager, Analyst, Operator).

h Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction.

• User input is strictly controlled. Input data is restricted to acquisition from the MSD or by import with electronic signature attached.

• Bi-directional connectivity check to the instrument before starting a run. GPIB address or IP address clearly identifies the instrument.

i Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks.

• Responsibility of the organization.



Manager Guide 23


j The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification.


k Use of appropriate controls over systems documentation including:

1 Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance.


2 Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation.


Sec. 11.30 Controls for open systems

Persons who use open systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to the point of their receipt. Such procedures and controls shall include those identified in Sec. 11.10, as appropriate, and additional measures such as document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality.

• Open systems expose data to persons other than those responsible for data integrity. Additional measures are necessary to protect such data.

• The MSD Security ChemStation is designed to operate in a closed system only.

Sec. 11.50 Signature manifestations

a Signed electronic records shall contain information associated with the signing that clearly indicates all of the following:



24 Manager Guide


1 The printed name of the signer; • Full user name is stored when user is created and applied in audit trail.

2 The date and time when the signature was executed; and

• Entered by the system.

3 The meaning (such as review, approval, responsibility, or authorship) associated with the signature.

• Required input at time of signature.

d The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout).

• Electronic signatures cannot be overwritten, modified, or deleted.

Sec. 11.70 Signature/record linking

Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.

• All signatures are electronic, encrypted, and attached to the electronic records.

• Printed records include the hash value of the electronic record and signature information.



Manager Guide 25


Subpart C–Electronic Signatures

Subpart C is concerned with the creation and use of electronic signatures as valid substitutes for handwritten signatures. Table 3 compares the full text of the subpart with the MSD Security ChemStation.

Table 3 21 CFR Part 11, Subpart C–Electronic Signatures

Subpart C–Electronic Signatures text Agilent product

Sec. 11.100 General requirements

a Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else.

• Responsibility of the system administrator.

b Before an organization establishes, assigns, certifies, or otherwise sanctions an individual's electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual.


c Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures.

• Responsibility of the organization and each system user (Manager, Analyst, Operator) who uses an Electronic Signature.

1 The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville, MD 20857.


2 Persons using electronic signatures shall, upon agency request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer's handwritten signature.


26 Manager Guide


Sec. 11.200 Electronic signature components and controls

a Electronic signatures that are not based upon biometrics shall:

1 Employ at least two distinct identification components such as an identification code and password.

• System requires a login name, which is also known to the Windows Administrator, and a password, which is known only to the individual.

• The login name should differ from the display name that is included in reports or shown on screen.

(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.

• The MSD Security ChemStation always requires both signature components.

(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.

• The MSD Security ChemStation always requires both signature components.

2 Be used only by their genuine owners; and

• Each individual is responsible for keeping both signature components secret.

3 Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.

• Responsibility of the organization.• Two tokens, user id and password, are

required for a signature. The password is known only to the user.

Table 3 21 CFR Part 11, Subpart C–Electronic Signatures (continued)


Manager Guide 27


d Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners.

• Biometric signatures are not supported.

Sec. 11.300 Controls for identification codes/passwords

Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include:

a Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password.

• Identification code (login name) is checked for uniqueness at time of assignment.

b Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging).

• Responsibility of the organization. SOPs define the password policies implemented as part of the local security policies.

• Identification codes (login names) are responsibility of a Windows Administrator.

• Passwords must be changed by users at specified intervals. Proposed password must not duplicate recent values.

c Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls.

• Responsibility of a Windows Administrator.• Devices such as token cards are not

supported.



28 Manager Guide


d Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management.

• Windows security logging and account security settings protect and record password and user id use.

e Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner.

• Such devices are not supported.



Manager Guide 29


30 Manager Guide

Agilent G1732AA MSD Security ChemStationManager Guide

3Manager Tasks

Completing Installation (Configuring Instruments) 33

Managing Users 37

Creating a new user 37

New user initial login 40

Electronic signatures 40

Disabling a user 41

Managing Passwords 42

Password rules 42

Password aging 42

Account lockout 43

Good password practices 43

Final word 43

Removing (Uninstalling) MSD Security ChemStation Software 44

File and Directory Names 46

Version files 46

Version file name syntax 46

Run directories 47

Managing Archives 48

Importing and Exporting Data and Methods from a Different ChemStation 49

Import 49

Export 49

The MSD Security Monitor 50

The Default Printer 51

Setting or changing the default printer 51

Audit Trails 52

Method, sequence, and data audit files 52

Event Viewer logs 52

Notes for users running Windows® 2000 60

31Agilent Technologies

Manager Tasks

Unlocking Methods 62

Set Data Path 63

Predefined structure 64

User-defined structure 64

To Save a Method in the \METHODS Directory 66

Example: Adding a Quant database to a method using AutoQuant Setup 66

To Reprocess a Sequence 67

View Previously-Generated Reports 68

32 Manager Guide

Manager Tasks

Completing Installation (Configuring Instruments)

Use this procedure to configure instruments in the MSD Security ChemStation software.

The System Configuration program allows you to configure instruments or to view instrument configuration information entered previously.

To configure instruments

Step Action Notes

1 Start configuration. • Double-click the Config icon on the desktop. The System Configuration screen appears with the security logon screen superimposed.

2 Log on. • Log on using the name Manager and the default password CS02security.

• Both entries are case-sensitive.

3 Select an instrument. a The Configure Instrument screen appears.

b If desired, change the Instrument Name.

c Make sure that Offline Instrument is not selected.

d Press Next>. The Mass Spectrometer screen appears.

4 Configure the MSD. a Check Include a Mass Spectrometer in this Instrument Configuration.

b Press New MS Device. The New Mass Spectrometer Device screen appears.

c Select the Model.• If the Model is 5973N, 5973 inert

MS, continue at Step 5.• If the Model is 5973A, continue at

Step 6.

Manager Guide 33

Manager Tasks

5 Configure the 5973N or 5973 inert MSD.

a Enter the IP Address of the MSD.b Click OK. The Mass Spectrometer

screen appears.c Inspect the entries. If correct, press

Next>. The Mass Spectrometer Options screen appears.

d Continue at Step 7.

• The default address is 10.1.1.102.

6 Configure the 5973A MSD. a Enter the GPIB Address of the MSD.b Click OK. The Mass Spectrometer


Next>. The Mass Spectrometer Options screen appears.


• The default address is 20.

7 Complete MSD configuration. a If your MSD has Chemical Ionization capability, check that box. Click Next>. The Set DC Polarity screen appears.

b See the Autotune report shipped with your MSD to determine optimum polarity. Make the selection and click Next>. The Gas Chromatograph screen appears.

• This completes MSD configuration.

8 Configure the GC. a Select Include a Gas Chromatograph in this Instrument Configuration.

b Press New GC Device. The New Gas Chromatograph Device screen appears.

c Select Model.d Select the communications Link.e If Link is IP, continue at Step 9.f If Link is GPIB, continue at Step 10.

9 Configure an IP Link. a Enter the IP Address of the GC.b Click OK. The Gas Chromatograph


Next>. The Data Analysis screen appears.


• The default address is 10.1.1.101.

To configure instruments (continued)

Step Action Notes

34 Manager Guide

Manager Tasks

10 Configure a GPIB link. a Enter the GPIB Address of the GC.b Click OK. The Gas Chromatograph


Next>. The Data Analysis screen appears.


• To determine the GPIB address from the front panel, press [Options] [Communications].

11 Complete GC configuration. a Select Enhanced Quantitation as the Data Analysis Mode.

b Press Next>. The Review Configuration screen appears.

c Inspect the entries. If they are satisfactory, press Finish to save the data and return to the System Configuration screen.

• Three icons will appear on the desktop: Instrument #1, Instrument #1 Reprocessing, and Instrument #1 Data Analysis, assuming that you used the default instrument name.

12 Save the configuration. • Restart the computer.

IMPORTANT Every login must be associated with a User Full Name that corresponds to a real person. The Manager account must be assigned to a specific person. That person’s Full Name should replace the demo Full Name, and that person must select a password known only to that person. The same is true of the Operator and Analyst demo accounts. If either of these accounts will not be used, that account should be disabled.

13 Change the Manager name and password.

a On Control Panel, select Administrative Tools > Computer Management > System Tools > Local Users and Groups > Users.

b Double-click the Manager user id.c Change Full Name to the actual full

name of the person.d Click OK.e Right-click Manager.f Select Set Password. Change the

password to something other than the default.

• Full Name becomes part of the user’s electronic signature and is displayed on the screen whenever the user is logged in.

• See “Password rules" on page 42.


Step Action Notes

Manager Guide 35

Manager Tasks

14 Disable the other default accounts. a On Control Panel, select Administrative Tools > Computer Management > System Tools > Local Users and Groups > Users.

b Right-click on Analyst. Select Properties.

c Check Account is disabled. Click Apply, then OK.

d Repeat for user Operator.e Close the screens.


Step Action Notes

36 Manager Guide

Manager Tasks

Managing Users

Creating a new user

New users are created in the same way that new Windows users are created. However, the new MSD Security ChemStation user must be assigned to one of the three user groups that are created when the Security software is installed. They are:

MSDOperator Members of this group (Operators) acquire data using existing methods and sequences. An Operator has limited control over GC and MSD parameters, but cannot make permanent changes to methods. Operators can reprocess and integrate data as well as apply manual integration.

MSDAnalyst These group members (Analysts) have all the capabilities of an Operator but can also create, modify, and save methods, tune the MSD, set up retention time locking, and other tasks.

MSDManager These group members (Managers) have all the capabilities of both Operator and Analyst. A Manager has access to the system configuration and the command line.

A single user may be assigned to more than one group. If so, that user has the capabilities of the most privileged of the groups.

NOTE All data acquisition and reduction should be done by Operators and Analysts.

Reserve the Manager role for managing and configuring the application.

NOTE After the system is completely configured it should be entirely managed and used by newly created users. Before going into routine use, it is recommended to disable the built-in users Manager, Analyst ,and Operator.

Manager Guide 37

Manager Tasks

It may be convenient, for organizational purposes, to create multiple user accounts for a single individual. For example, the individual named Robert Jones may have MrJones (MSDManager) and Robert (MSDAnalyst). This might be necessary as the MSDManager privilege is reserved for administratrative purposes only and should not applied for routine use.

38 Manager Guide

Manager Tasks

To create a new MSD Security ChemStation user

Step Action Notes

1 Logon to Windows. • Logon as a Windows Administrator or other user with administrative privileges.

• The login name of a new user should be known only to the system administrator and the individual user. The default Manager login has Windows Adminstrative privileges.

2 Create the user. a Execute Start. Right-click My Computer and select Manage.

b Open Local Users and Groups.c On the Action menu, select New User.d Enter User name.e Enter Full name.f Description is optional.g Enter and confirm Password.h Check User must change password at

next logon.i Click Create.j Click Close.

• User name is the login identification.

• Full name is required by the FDA and the MSD Security ChemStation. The Full name represents the user and will be displayed on screen (security monitor) and printed in reports.

• The Password entered here is temporary. It will be replaced by the password chosen by the user at the first logon. The new password is to be known only to the user who selects it.

• See “Password rules" on page 42 for details.

3 Assign the user to a security group. a Double-click Groups to display the available group names.

b Select one or more of MSDOperator, MSDAnalyst, or MSDManager.

c On the Action menu, select Add to group.

d Click Add. Type in the User name (not the Full name) and click OK.

e Close the open screens.

• Use Ctrl-click for multiple selections.

• The user will have the capabilities of the most powerful group selected, but may want to login at times with a lower capability.

Manager Guide 39

Manager Tasks

New user initial login

If a newly-created user tries to log in for the first time, the user will be rejected. The user must first select a new password. See “Password rules" on page 42. This password must be known only to that user.

In the MSD Security Monitor in the lower right corner of the screen, select Change Password and fill in the form.

Electronic signatures

The MSD Security ChemStation makes use of electronic signatures. The FDA regulations require that:

Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures.

The organization should have, as part of their SOPs, a process by which individual system users acknowledge in writing that they accept their full name, when authenticated by user id and password as an electronic signature, with the same validity as their handwritten signature.

40 Manager Guide

Manager Tasks

Disabling a user

As system users change jobs or leave the laboratory, it will be necessary to remove them from the set of active MSD Security ChemStation users. This is an important administrative responsibility to ensure that invalid and old passwords and accounts do not remain in the system.

CAUTION Unused accounts should be disabled, not deleted, so that traceability in audit trails is maintained.

To disable a Security User

Step Action Notes

1 Logon to Windows. • Logon as a Windows Administrator or other user with administrative privileges.

2 Disable the user. a On Control Panel, select Administrative Tools > Computer Management > Local Users and Groups.

b Double click Users.c Right-click the user’s name.d Select Properties.e Check Account is disabled, click

Apply, and click OK.

• This disables the user account and removes the name from the active users.

Manager Guide 41

Manager Tasks

Managing Passwords

Passwords control user access to the MSD Security ChemStation software. It is important to control the use of passwords to make it very difficult for an unauthorized user to gain access.

Password rules

Each new user is required to select a password at first logon. The new password should be known only to that user and should be chosen to make it difficult to guess.

The default password settings applied by the MSD Security ChemStation during installation are:

• Must be at least six characters long.

• Must contain characters from three of the following four categories:

• English uppercase characters (A through Z)

• English lowercase characters (a through z)

• Base 10 digits (0 through 9)

• Nonalphanumeric characters (e.g., !, $, #, %)

• Must not contain all or part of your user’s account name

• Must be significantly different from your 24 most recent passwords

Password aging

A new password is good for no longer than 90 days. At the end of that time, a user will be required to select a new password.

CAUTION Many of the default settings mentioned below can be changed by a Windows Administrator, either to make the rules more rigid or less stringent to make them comply with your local security policies.

42 Manager Guide

Manager Tasks

Account lockout

If a user makes five unsuccessful attempts to log in during a 30 minute period, the account will be locked out for 5 hours or until a Windows Administrator unlocks the account.

The procedure to unlock an account is the same as to create a user, except left-click to open the Users folder. Double-click the locked user id. When the screen appears; uncheck the Account is Locked Out box.

Good password practices

To help protect the system:

• Never write down your password.

• Never reveal your password to someone else.

• Change your password every 60 to 90 days.

• Be sure that your password is different from any other passwords you use.

Final word

Attacks on passwords use three methods: guessing, dictionary based attack, and brute force (try all possible combinations).

The rules of the MSD Security ChemStation software, as outlined above, are intended to prevent the first two methods from being successful. Brute force can always break a password, but it can take months to do so with a properly chosen password.

Manager Guide 43

Manager Tasks

Removing (Uninstalling) MSD Security ChemStation Software

The uninstall procedure performs two tasks:

• It removes all executable code from the hard disk.

• It removes the security restrictions from the remaining file structure.

The first task deletes all MSD Security ChemStation programs and some related files from the disk in preparation for installing a new revision of the software. It does not affect any files (methods, sequences, data) that were created by that software.

The second task makes the entire MSDChem file tree, which no longer contains any of the programs, accessible to ordinary Windows functions such as Copy, Edit, Delete, and so on.

To uninstall the MSD Security ChemStation software

Step Action Notes

1 Log on as a Windows Administrator.

2 Save important information. a Backup or archive any data, methods, libraries, or other files or directories that you want to save.

b Close all MSD Security ChemStation applications.

3 Remove the ChemStation software.

a On Control Panel, select Add or Remove Programs.

b Select Agilent MSD Security ChemStation G1732AA A.xx.xx.

c Click Change/Remove.d When the Modify/Repair/Remove

screen appears, select Remove and click Next>.

e Confirm the uninstall.f When the Maintenance Complete

screen appears, click Finish.

• The uninstall process may take several minutes.

4 Log on again. • Same logon name as before.

44 Manager Guide

Manager Tasks

5 Remove MSD users and groups. a On Control Panel, select Administrative Tools, then select Computer Management.

b Open Local Users and Groups.c Double-click Users.d Delete user MSCFR.e Delete all MSD Security ChemStation

users.f Double-click Groups.g Delete groups MSDAnalyst,

MSDOperator, and MSDManager.h Close all screens.

• To identify the users, examine the Description column. If it mentions MSD ChemStation, remove that user.

6 Remove icons from the desktop. • Right-click and delete any MSD Security icons on the desktop.

7 Remove the Start menu item. a Execute Start >All Programs.b Right-click and delete MSD Security

ChemStation.

8 Rename the MSDChem directory. a Press + e to open Windows Explorer.

b Right-click the MSDChem directory and select Rename.

c Supply a new name.

• The purpose of these steps is to make the name MSDChem available for the new version installation.

To uninstall the MSD Security ChemStation software (continued)

Step Action Notes

Manager Guide 45

Manager Tasks

File and Directory Names

Version files

A version file is a snapshot of the state of data recorded in the .M (method), .D (data), or .S “files”.

Method and data “files” are actually directories. Version files live in Versions subdirectories of method (.M) and data (.D) directories.

Sequence files are really files and so the sequence.s file cannot have a Versions subdirectory. Instead, a sequence directory, which has the same name as the associated sequence.s file but without the .s suffix, contains the version files.

Version file name syntax

<prefix>-<version>.<suffix>

where

<prefix> = METHmethod versionSEQsequence versionACQacquisition data versionPROCresults data version

<version> = <year>-<month>-<day>-<hour><minute><second><msec>UTC<year> = 4-digit year<month> = 2-digit zero left padded month<day> = 2-digit zero left padded day of month<hour> = 2-digit zero left padded 24-hour clock hour<minute> = 2-digit zero left padded minutes<second> = 2-digit zero left padded seconds<msec> = 3-digit zero left padded millisecondsUTC = a constant, included as a reminder

<suffix> = a combination of r, v, and s, indicating the kind of hash blocks appended to the file

r = reference block, contains link to other filesv = validation block, system-applied signature of user of record,

no explicit authentications = signature block, interactively applied signature of user of

record, explicit authentication by signature panel

46 Manager Guide

Manager Tasks

There is no space or other separator in the time field: 152903005 is 15:29:03.005 in 24-hour clock format (a little before 3:30PM). 043000000 is 4:30AM. All times are Universal Coordinated Time (Greenwich Mean Time).

Dashes, UTC, and period are explicit.

The names sort by <prefix>, then oldest to newest <version>, in a simple alphabetical file listing. The names are unique on a ChemStation. Note that <version> does not necessarily coincide with the file creation or modification dates—it is generated in the software command that eventually saves the file.

Run directories

Run directories are where the results of Run Method, Run Sequence, or Import Data File are stored. The data path to the run directory is configurable (see “Set Data Path" on page 63).

Run Directory Name Syntax

<prefix>-<version>

where

A Run-<version> directory contains the data file and a copy of the method version run on that data.

A Seq-<version> directory contains data files, a copy of the sequence that generated the data files, and a copy of each method used in the sequence.

An Imp-<version> file contains one data file, and may contain methods copied there after the data file was imported.

There may be multiple versions in the ‘Versions’ subdirectories within the data, method, and sequence files in these run directories.

<prefix> = Run results of Run MethodSeq results of Run SequenceImp results of Import Data File

<version> = As described above

Manager Guide 47

Manager Tasks

Managing Archives

Archive and Restore use a fixed format defined by the software. For data in any other format, use Import/Export instead.

To create an archive

Step Action Notes

1 Log on. • You must logon as a Manager.

2 Start Configuration. a On the desktop, double-click Config.b Log on again.

• If you used a different name when you configured the software, use that name instead.

3 Set up the archive. a Select the Archive/Restore menu.b Select a menu item.c Select a destination for the archive.d Select the specific items to be

archived. Use the Select button. When done, click OK.

e Specify whether to delete items after archiving (normal behavior to recover space) or not delete (for sending data to a regulatory body).

• Although you cannot archive to a network device, you can archive to a file on the hard disk and then copy that file to an external device.

• If deletion is chosen, defaults (method, sequence), locked items, and items in use are not deleted.

4 Create the archive. • Click OK.

To restore an archive

Step Action Notes

1 Log on. • You must logon as a Manager.

2 Start Configuration. a On the desktop, double-click Config.b Logon again.

• If you used a different name when you configured the software, use that name instead.

3 Set up the restore. a Select the Archive/Restore menu.b Select the Restore Archive item.c Select the archive file to be restored.

• The file must be on the hard disk.

4 Restore the file. a Click OK.

48 Manager Guide

Manager Tasks

Importing and Exporting Data and Methods from a Different ChemStation

These two functions provide a bridge between the MSD Security ChemStation and other MSD ChemStations.

They operate on files with suffixes .m (method), .s (sequence), and .d (data).

Import

Import copies files from an external medium such as a CD-ROM or floppy disk into the MSD Security ChemStation. The imported files are inserted into the secure file system.

Export

Export writes files from the secure file system either to the hard disk or to an external device. Security restrictions are removed from the exported copies. The original files are not changed.

Manager Guide 49

Manager Tasks

The MSD Security Monitor

This window appears in the lower right corner of the screen after installation (Figure 1).

It can be moved to other positions but must remain visible whenever the MSD Security ChemStation software is in use. If it is not present, restart it using Start > All Programs > MSD Security ChemStation > MSD Security Monitor.

The monitor displaces the Full Name of the current user, as required by the FDA regulations. It also provides these functions:

• Change Password—Used at first login to set the user password, and to change password when the current one times out.

• Lock Session—Locks the session until an authorized user who is a member of one or more of the MSD Security ChemStation user groups unlocks it.

• Private Lock—By checking this function and pressing Lock Session, the session is locked until the current user or a Manager unlocks it.

• Help—Opens an online help screen.

The non-private lock is typically used when operators change while the system is running, for example, during shift changes.

Figure 1 The MSD Security Monitor

50 Manager Guide

Manager Tasks

The Default Printer

The MSD Security ChemStation needs certain information before it can print reports, methods, etc. The Set Default Printer icon prepares the software to use the Windows default printer.

Setting or changing the default printer

1 Login to Windows as a Windows Administrator. The default Manager user is a member of both the Administrator and MSDManager groups.

2 Shut down all instances of the MSD Security ChemStation.

3 Set up a default printer. The printer must be local to the ChemStation computer; network printers are not supported.

4 Double-click the Set Default Printer icon to identify the printer to the MSD ChemStation software.

5 All instances of the MSD Security ChemStation applications will use that printer when they are started.

Manager Guide 51

Manager Tasks

Audit Trails

Method, sequence, and data audit files

Every electronic record created by the MSD Security ChemStation is associated with an audit file. The audit file is written by the software and records the creation, modification, and other changes to the electronic record. There are three types of audit files: Method, Sequence, and Data.

To view an audit file, open Data Analysis and select Tools/View Audit File. Audit files cannot be edited or deleted.

To print an audit file, right-click in the audit file window and select Print from the popup menu.

Event Viewer logs

The MSD Security ChemStation uses the Windows Event Log Service to record security and application events in the system audit trail. The logs can be viewed using the Event Viewer, which is accessed from the Control Panel Administrative Tools dialog.

Security events

The Windows Security Event Log can record security events such as valid and invalid logon attempts, as well as events related to resource use, such as creating, opening, or deleting files. An administrator can specify what events are recorded in the security log. For example, if you have enabled logon auditing, attempts to log on to the system are recorded in the security log. The MSD Security ChemStation installation sets the default events that are recorded to be:

• Logon/Logoff, success and failure

• Policy Change, success and failure

• Account Management, success and failure

• Account Logon, success and failure

52 Manager Guide

Manager Tasks

For example, each time an MSD Security ChemStation user is successfully authenticated, there will be a logon event, a logoff event, and an account logon event recorded in the security log. If an administrator changes the auditing policy or adds a new user, those events will be recorded. Unsuccessful logon or authentication attempts will also record events in the security log. The Security Event Log is a standard Windows Event Log.

Agilent MSD Security ChemStation events

The MSD Security ChemStation records application-specific events during normal operation in a custom event log named Agilent MSD Security ChemStation Log. These include program startup and shutdown, warning, and error events at the application level such as changes to the current “user of record” of the applications.

Other events

Besides the Security Event Log, two other logs are standard with Windows, the Application Event Log and the System Event Log. They record events from other applications, and events of significance to the operating system, respectively.

Log file settings

At MSD Security ChemStation installation, the log sizes are set to be approximately 10 MB each and the retention period is set to 1 week. An administrator can change these values in the Event Viewer. The values should be set to reflect the backup frequency that you prefer; the defaults are for a weekly backup of the event logs.

Examine the logs frequently over the first few weeks of operation to see how fast they grow in your environment, then adjust the log sizes to be somewhat larger (for example, 25%) than the growth during the retention (backup) period you choose. Then, when you backup at the chosen retention interval, the saved log files will have slightly overlapping entries, to be sure that none are missed.

Manager Guide 53

Manager Tasks

Backup

To schedule regular backups of the event logs, use the Windows Backup facility. The files that need to be backed up are in %SystemRoot%\Config, where %SystemRoot% represents the name of the directory where the Windows operating system is installed, usually C:\Windows.

Log on to Windows as the local Administrator to set up the backup schedule for event logs.

The files to be backed up are listed in Table 4.

Table 4 Event logs to be backed up

File Name Description

AppEvent.Evt Windows application event log

SecEvent.Evt Windows security event log

SysEvent.Evt Windows system event log

AgtMSDSC.Evt Agiilent MSD Security ChemStation log (custom)

To start the backup utility and set up a scheduled backup

Step Action Notes

1 Log on to Windows. • Log on as Administrator or a user with administrative privileges.

2 Start the Backup and Restore wizard.

a Execute Start > All Programs > Accessories > System Tools > Backup to see the Welcome screen.

b Click Next> to continue. The Backup or Restore screen appears. Select Backup files and settings and click Next>. The What to Back Up screen appears.

c Select Let me choose what to back up and click Next>. The Items to Back Up screen appears.

• The other choices are not appropriate to event log backup.

54 Manager Guide

Manager Tasks

3 Select the files to back up. a Browse to %System Root%\Config and select the files listed in Table 4.

b When all files are selected, click Next>. The Backup Type, Destination, and Name screen appears.

• %System Root% is usuallyC:\Windows.

4 Select the backup destination. • Select a listed device or Let me choose a location not listed here. Click Next>.

• The Let me choose... selection allows you to create and backup to a new file on the hard drive.

5 Name the backup file (if you selected Let me choose...).

a The Save As screen appears. Indicate where the file should be saved and supply a file name.

b Click Save. The Completing the Backup or Restore Wizard screen appears.

6 Specify the backup type. a Click Advanced. The Type of Backup screen appears.

b Select Normal and click Next>. The How to Back Up screen appears.

• If you click Finish, the backup will be performed using the existing settings. Advanced allows you to make additional settings.

• Normal backs up the files and marks them as such.

To start the backup utility and set up a scheduled backup (continued)

Step Action Notes

Manager Guide 55

Manager Tasks

7 Verify data, if desired (recommended).

a Select Verify data after backup.b Click Next>. The Backup Options

screen appears.

• Verify will perform the backup, then read the backed up data and compare it with the original files.

8 Select how to treat existing backups.

a Select either • Append this backup to the existing

backups OR• Replace the existing backups

b Click Next>. The When to Back Up screen appears.

• For backup locations on the system disk, Append is usually appropriate.

9 Optional. Schedule automatic backups.

a Select Later.b Enter a Job Name and click Set

Schedule. The Schedule Job screen appears.

• You may want to wait until you know how fast the files grow (see page 53) before setting up a schedule.

c Select an appropriate schedule.d Click OK when finished. The Set

Account Information screen appears.

• Explore the Settings tab as well to determine if the options there apply to your situation.


Step Action Notes

56 Manager Guide

Manager Tasks

10 Select the user who will make the backup.

a Enter the user name in Run as:b Enter and confirm the password.c Click OK.

• The user must have access to the files to be backed up. The local Administrator account is usually appropriate.

11 Perform the backup. • You have reached the end of the Backup or Restore Wizard. Verify that the information shown is correct and then click Finish. Your scheduled backup will be created.


Step Action Notes

Manager Guide 57

Manager Tasks

Restore

A similar wizard guides you through the restore process. The key to restoring these event logs is to restore to an alternate location, so the old archives do not overwrite the current logs.

For Windows XP®, selected wizard dialogs are shown here.

After selecting Restore and making all the entries, the Completing screen appears.

Click Advanced... to open the Where to Restore screen.

58 Manager Guide

Manager Tasks

The choices are:

• Original location which overwrites the active log file with the contents of the archive. You probably do not want to do this because it destroys current information.

• Alternate location allows you to select a directory and restores the entire backup file tree using that directory as the root. It does not alter the active log files.

• Single folder is similar to Alternate location, except that it does not maintain the file tree; all files are placed in the root directory.

For most purposes, you will want Alternate location.

Continue with the wizard by clicking Next>.

Manager Guide 59

Manager Tasks

Notes for users running Windows® 2000

Backup

The wizard or the standard view quickly presents a dialog to select the files.

Make the same selections as for Windows XP, then click Start Backup. The backup does not start immediately! An additional dialog appears.

60 Manager Guide

Manager Tasks

It provides access to advanced options and scheduling features. Choices and procedures are similar to those for Windows XP.

Restore

In Windows 2000, select the Restore tab and then be sure to select either Alternate location or Single folder before proceeding.

Manager Guide 61

Manager Tasks

Unlocking Methods

You may encounter a message stating that a method is locked. If so, that method cannot be used until it is unlocked.

A method is unlocked by executing cfr_unlockall in the command line. This must be done by a member of the MSDManager group.

62 Manager Guide

Manager Tasks

Set Data Path

The MSD Security ChemStation allows for using a predefined directory structure to contain run directories, or a user-defined structure. To select where run data directories should be created, open the Instrument view and the Method menu. Select Set New Data Paths. . . A dialog box appears (Figure 2):

Select the desired option.

Figure 2 Selection Mode screen

Manager Guide 63

Manager Tasks

Predefined structure

In this mode, the predefined directory structure for data is shown in Figure 3.

This structure insures that no single folder is overloaded with data files, and the use of Year\Month\Day is closely associated with the naming convention of the actual run and sequence subfolders.

If this structure is used, the Browse button on the Start Run and Start Sequence panels is disabled. The Data File Directory (Data Path) text box is inactive and displays a message indicating the predefined structure will be used.

User-defined structure

Users can design their own structure below the ..\DATA\ directory. This allows a user to group data by product (or any other criterion) rather than strictly by date.

Figure 3 Predefined data structure

MM (month)

DD (day)

Run-yy-mm-dd-xxxxxxxxxUTC

Run-yy-mm-dd-xxxxxxxxxUTC

Seq-yy-mm-dd-xxxxxxxxxUTC

Seq-yy-mm-dd-xxxxxxxxxUTC

DATA

YY (year)

64 Manager Guide

Manager Tasks

To set up a user-defined structure, select User Defined Path from the Selection Mode screen (Figure 2 on page 63) and click OK. The path entry box appears (Figure 4):

Use this dialog box to type in or Browse to a directory path, then select OK.

• New directories and subdirectories can be created.

• All user-created directories are browsable when running sequences and methods, so multiple directories can be created in advance.

There are some limitations upon the paths that a user can specify.

• Must be a subfolder to systemdirectory\….\DATA\

• Folder name cannot include Run-

• Folder name cannot include Seq-

• Folder name cannot include Imp-

When a user-defined path is in use, the Browse button and the Data File Directory/Data Path text fields are active in the Start Sequence and Start Run panels.

To return to the predefined data directory structure, go back to the Set Data Path selection mode dialog. Select Predefined Path and OK.

Figure 4 Select Path for Data Files

Manager Guide 65

Manager Tasks

To Save a Method in the \METHODS Directory

A method saved in the \METHODS directory is protected from changes by Operators. Only Managers and Analysts can save methods in this directory and must explicitly specify it as the save location.

Example: Adding a Quant database to a method using AutoQuant Setup

Consider adding a quant database to a method (for details on each step, see the Help system).

1 In Data Analysis, load the method and data file.

2 Select Calibrate / AutoQuant Setup.

3 Enter information and compound data as appropriate.

4 When prompted to Quantitate now?, select Yes. As quantitation proceeds, two signature panels appear. These panels show that the quantitated method version will be saved under the loaded data file’s path.

5 Complete the tasks required by the Edit Compounds dialog box.

At this point, the quant database has been added to the method. However, note that the method version was saved under the loaded data file’s path. To save the quantitated method as a protected method in the \METHODS directory, select Method/Save method... and browse to \METHODS.

66 Manager Guide

Manager Tasks

To Reprocess a Sequence

The MSD Security ChemStation provides a new tool for reprocessing sequences: Reprocessing. Reprocessing runs independently of the online instrument, so reprocessing a previously-run sequence can occur while collecting new data. It can also reprocess a sequence using an edited Sample Log Table, such as one containing different sample amounts. When the modified sequence is run, any revised file versions are saved under the sequence’s run directory path.

If reprocessing requires any changes to the method parameters for a run, use Data Analysis instead.

Note that during reprocessing, the program creates a subdirectory named \2 under the results directory path. This directory contains temporary files that are deleted when reprocessing ends.

Manager Guide 67

Manager Tasks

View Previously-Generated Reports

The CFR Report selection on the Data Analysis Tools menu allows you to view, print, and export previously-generated reports.

To view previously-generated reports

Step Action Notes

1 Open the CFR Report screen. a Run Data Analysis.b Select CFR Report in the Tools menu.

2 Select the data file. • Highlight the desired data file in the Electronic Records part of the screen.

• The Electronic Records screen opens.

3 Select the report. • Highlight the desired report in the Reports part of the Electronic Records screen.

• The report is displayed.

4 Perform optional actions. a Print sends the report to the default printer.

b Export sends the report to a specified device.

c Add signature adds another signature, with comments, to the data file.

d Click OK to return to Data Analysis.

• Print prints only the selected report.

• Export exports all reports attached to the selected data file.

68 Manager Guide

Agilent G1732AA MSD Security ChemStation Manager Guide · detector data only in combination with...

Documents

Transcript of Agilent G1732AA MSD Security ChemStation Manager Guide · detector data only in combination with...