I am sure you will get many more replies to this. (In fact, this is such a busy
group, I am surprised you have not received any already.)
While everything depends on the details of the system your are working with,
in my experience, getting to a state of compliance is not so much a matter of
adding more software, and even if it were, nothing in the area of compliance
could be considered “inexpensive”.
Data protection, for instance, should not be covered by software alone. The
use of UPS and RAID systems are minimum for data protection. As well as SOPs on
back-up procedures. Also, most schemes to validate systems include the creation
of multiple, identical instances of the system, one for production and one or
more for testing.
The ability to create and retain an audit trail should be built into the
program. All systems designed for compliance have this feature. The creation of
e-Signatures is another area that should be built into the system.
Finally, for any program you do find to cover the all your needs, there is
always long period of documentation and testing of the system.
In reality, and I do not mean this to offend, but the job of validating a
system for compliance is probably not the task for a summer intern. While I am
sure you are quite capable, I know of consultants that are paid extremely well
to do this work, even for small systems.
To clear some things up, you could answer some questions, is the system COTS
or designed in-house, or somewhere in between? (I know GAMP has guidelines for
this).
Is it a closed or open system?
Have user requirements and functional specifications been established?
Has a vendor audit been performed?
Does the company have SOPs on validating systems? Data backup? electronic
signatures? retiring systems?
Is the system subject to cGLP? (I am assuming, since you mentioned research
lab. If that is incorrect, feel free to substitute cGXP).
Most questions should be answered by in house SOPs and guidelines for
validating systems. If those don’t exist, as I understand it, nothing done
really counts, since the FDA will look to those during an audit to ensure
everything was done correctly.
I hope this helps.