Compliance Data Security Header

Make compliance a competitive advantage

With the ever-evolving emphasis on data integrity, data security and compliance, it’s of vital importance that your CDS provides comprehensive preventative and detection technical controls to enable you to meet modern regulatory requirements including United States Federal Drug Administration (US FDA) 21 CFR Part 11 and European Commission (EU) Annex 11.

Learn how Chromeleon CDS gives you audit safety and delivers compliance, connectivity, productivity and confidence to your laboratory.

Data integrity: “The extent to which all data for its entire lifecycle is complete, consistent, and accurate.”

Electronic data is deemed more secure, reduces human oversight, is more difficult to manipulate or change, and any such changes easier to detect. This perception of electronic data is based on an assumption that the software has the technical controls to support compliance with 21 CFR Part 11 and that those technical controls are appropriately implemented and managed. Of course there are components of Part 11 that are not meant to be satisfied by technical controls within a computerized system. Therefore, it should always be understood that data integrity controls for electronic records are not limited to just technical controls but also require procedural controls.

CDS Layer Integrity
Overview of layers required to ensure integrity of CDS data

The World Health Organization and Food and Drug Administration add to it using the principles of ALCOA and ALCOA+

  • Attributable: Who acquired the data or performed the action
  • Legible: Can you read and understand the data entries?
  • Contemporaneous: Documented at the time of the activity
  • Original: First recording of data or a true copy
  • Accurate: Reflects what took place
  • Complete: The records show the complete picture
  • Consistent: Free of contradictions – inherently coherent
  • Enduring: Unchanged throughout the retention period
  • Available: Accessible to be viewed over the record lifetime

The regulatory guidance documents also outline the ‘red lines’ for inspectors, which in terms of a CDS relate to audit trails (traceability), user access and rights controls (security), review and retention of data (record management), and administrative controls.


Compliance and data security features



Ensuring Compliance and Data Integrity at Sterling Pharma Solutions

“Chromeleon CDS has really improved our data integrity and ticks all of the boxes for compliance with 21 CFR Part 11 and the MHRA GMP data integrity definitions and guidance for industry”



Automated system suitability test with intelligent run control for peptide mapping QC assays

Learn more about the simplicity and increased productivity using the compliance-ready automated SST and IRC features in Chromeleon CDS, as part of data acquisition and processing in routine biopharmaceutical peptide mapping applications.

Compliance and data security topics

CDS Traceability


Data governance is an integral part of a regulated company’s quality system, of which, data integrity is fundamental. With the increased focus on data integrity by international regulatory agencies, tracking who did what, when and why is critical to ensure traceability of data.

Chromeleon CDS is a vital partner in ensuring traceability and data integrity. It provides an automatically-created comprehensive set of secure, computer-generated, time-stamped audit trails which track and record any changes or actions in the software.

Chromeleon software utilizes a relational database to record all versions of data objects and provide sequence-centric storing of audit trails, facilitating audit trail review and retrieval. In addition, a tiered approach to the audit trail allows greater granularity and provides the capability to version data objects. A simple version comparison tool provides easy side-by-side comparison, and even restoring of previous versions of data objects.

Using Versioning to Understand the History of Data

Discover the importance of versioning of data objects the impact it can have in regulated labs.

Download product spotlight

CDS Security


Chromeleon software’s security system provides the user management capabilities required to meet the requirements of the latest guidance and 21 CFR Part 11. The advanced security system supports an unlimited number of security levels and is designed to fit any chromatography workflow. It is capable of linking to LDAP, tying into the operating system security so that users require only one login, while benefitting from all security levels.

CDS Record Management

Record management

Data and document retention arrangements should ensure the protection of records from deliberate or inadvertent alteration or loss. Audit trails must also be retained and protected for as long as the original record.

In Chromeleon CDS, beyond the protections afforded by the Operating System, data is managed using centralized relational databases and a comprehensive, chromatography-oriented security system controlling access to data and records.

Furthermore, the Electronic Records and Signatures Rule, known as 21 CFR Part 11, established requirements to ensure that electronic records and electronic signatures are trustworthy, reliable and equivalent substitutes for paper records and traditional handwritten signatures. It requires companies to have validation documentation and implement controls such as audit trails and electronic signatures.

Chromeleon CDS fully supports Part 11 and allows records to be electronically signed with two levels of protection:

  • Electronic Reports – providing a controlled pre-submission preview of final results for structured review
  • Electronic Signatures – the Electronic Report and entire sequence are locked and protected from further changes

Electronic Reports provides a pre-submission preview of your final results that can be signed at any time. By applying Electronic Signatures, these Electronic Reports and the entire sequence are locked and protected from further changes ensuring regulatory compliance.

Validation of chromatography systems usually includes installation, operational and on-going performance qualifications (IQ, OQ, PQ respectively) of both instruments and software.

Compliance and data security related products


Chromeleon XTR software: More than a Chromatography Data System

Thermo Scientific™ Chromeleon™ XTR Laboratory Management System adds key features to expand Chromeleon software capabilities beyond a traditional CDS. It manages the entire laboratory with secure, compliant control of all analytical data regardless of instrument vendor or type. It ensures adherence to processes, maintains data security and facilitates complete regulatory compliance.

All data, all instruments and all users in one compliant system.

Learn more


Contact us

Want to learn more about how Chromeleon software can help you drive your entire laboratory process, ensure data integrity and compliance and increase productivity? Contact us to now unlock the value of your data.

Request contact

HILIC Resource Library

Chromeleon CDS Software Resources

Here’s a collection of resources to learn about the feature sets that make this software both powerful and easy to use.

CMD SchemaApp code