Bioreq v2.0

GUIDELINE v2.
0
Table of Contents
Introduction............................................................................................................................................. 5
0.1 Background .................................................................................................................................... 5
0.2 Purpose and Scope ........................................................................................................................ 5
0.3 Audience ........................................................................................................................................ 5
0.4 Structure Overview........................................................................................................................ 6
0.5 Conventions ................................................................................................................................... 6
0.6 Works Consulted ........................................................................................................................... 6
0.7 Document Status ........................................................................................................................... 7
0.8 Adaptation ..................................................................................................................................... 7
1 Ethical Requirements ........................................................................................................................... 8
1.1. General ......................................................................................................................................... 8
1.2 Informed Consent.......................................................................................................................... 8
1.3 Anonymization ............................................................................................................................ 10
1.4 Independent Review ................................................................................................................... 11
1.5 Access to Biospecimens and Data ............................................................................................... 12
1.6 Intellectual Property .................................................................................................................... 13
2 Technical Requirements ..................................................................................................................... 14
2.1 Human factors ............................................................................................................................. 14
BIOBANK DIRECTOR....................................................................................................................... 14
STAFF ............................................................................................................................................. 14
TRAINING ....................................................................................................................................... 15
2.2 Accommodation and Environmental Conditions ........................................................................ 15
2.3 Safety ........................................................................................................................................... 16
BIOLOGICAL SAFETY ...................................................................................................................... 17
ELECTRICAL SAFETY ....................................................................................................................... 17
FIRE SAFETY ................................................................................................................................... 17
PHYSICAL SAFETY ........................................................................................................................... 18
CHEMICAL SAFETY ......................................................................................................................... 19
RADIOLOGICAL SAFETY.................................................................................................................. 19
SAFETY PROGRAMME AND ASSOCIATED TRAINING ..................................................................... 19
EMERGENCY PREPAREDNESS ........................................................................................................ 19
2.4 Acquisition, Maintenance and Provision ..................................................................................... 19
SAMPLING ..................................................................................................................................... 20
HANDLING OF BIOLOGICAL SAMPLES ........................................................................................... 21
SUPPLY ........................................................................................................................................... 23
DOCUMENTATION OF RETRIEVAL ................................................................................................. 23
SHIPMENT...................................................................................................................................... 24
2.5 Validation/authentication Methods ............................................................................................ 25
BioReq v2.0 2012 2

2.6 Equipment ................................................................................................................................... 26
CALIBRATION ................................................................................................................................. 27
FREEZER AND REFRIGERATOR ....................................................................................................... 27
REFRIGERATORS ............................................................................................................................ 27
CRYOGENIC FREEZERS ................................................................................................................... 28
LIQUID NITROGEN FREEZERS......................................................................................................... 28
MECHANICAL FREEZERS ................................................................................................................ 29
WALK-IN FREEZERS AND REFRIGERATORS .................................................................................... 29
BACK-UP STORAGE CAPACITY ....................................................................................................... 29
3 Management Requirements .............................................................................................................. 30
3.1 Organization and Management................................................................................................... 30
3.2 Training ........................................................................................................................................ 30
3.3 Quality Management System ...................................................................................................... 31
3.4 Document Control ....................................................................................................................... 32
3.5 Customer Relations ..................................................................................................................... 33
3.6 Purchasing Services and Supplies ................................................................................................ 33
3.7 Subcontracting Activities ............................................................................................................. 33
3.8 Control of Non-conformance, Corrective and Preventive Actions.............................................. 34
4. Biobank Software System Requirements .......................................................................................... 35
4.1 Metadata Requirements ............................................................................................................. 36
4.2 Entity Types ................................................................................................................................. 37
GENERAL REQUIREMENTS ............................................................................................................. 38
SAMPLES ........................................................................................................................................ 38
DOCUMENTS ................................................................................................................................. 40
EQUIPMENT AND STORAGE .......................................................................................................... 41
USERS............................................................................................................................................. 41
PROCEDURES ................................................................................................................................. 42
4.3 Sample Acquisition ...................................................................................................................... 42
SAMPLE COLLECTION: INFORMED PATIENT CONSENT ................................................................. 42
RECORDING SAMPLE DATA ........................................................................................................... 43
SAMPLE IMPORT............................................................................................................................ 44
SAMPLE VALIDATION/AUTHENTICATION ...................................................................................... 44
4.4 Sample and Data Management ................................................................................................... 45
STORAGE........................................................................................................................................ 45
ANONYMIZATION .......................................................................................................................... 47
DATA ACCESS ................................................................................................................................. 47
SAMPLE RETRIEVAL ....................................................................................................................... 48
PROCESSING SAMPLES FOR RESEARCH PURPOSES ....................................................................... 48
DATA PUBLICATION ....................................................................................................................... 49
4.5 Sample Retention and Distribution ............................................................................................. 49
BioReq v2.0 2012 3

SAMPLE RETENTION ...................................................................................................................... 50
SAMPLE DESTRUCTION.................................................................................................................. 51
SAMPLE TRANSFER ........................................................................................................................ 51
EXCEPTIONAL SAMPLE DISPOSITION............................................................................................. 52
4.6 Support of Laboratory Processes ................................................................................................ 52
4.7 User Management ....................................................................................................................... 53
USER PROFILES .............................................................................................................................. 53
CUSTOMER MANAGEMENT .......................................................................................................... 55
TRAINING AND QUALIFICATION .................................................................................................... 55
4.8 Search .......................................................................................................................................... 56
4.9 Presentation of Entities ............................................................................................................... 57
4.10 Printing ...................................................................................................................................... 57
4.11 Audit .......................................................................................................................................... 58
4.12 Non-functional Requirements ................................................................................................... 59
SECURITY: USER AUTHENTICATION............................................................................................... 59
SECURITY: LOG............................................................................................................................... 60
SECURITY: BACKUP AND RECOVERY .............................................................................................. 61
SECURITY: DATA VALIDATION ....................................................................................................... 62
SECURITY: ENCRYPTION ................................................................................................................ 62
USABILITY ...................................................................................................................................... 63
PERFORMANCE .............................................................................................................................. 63
SCALABILITY ................................................................................................................................... 64
4.13 External Interface Requirements .............................................................................................. 64
HARDWARE INTERFACE REQUIREMENTS ...................................................................................... 64
USER INTERFACE REQUIREMENTS................................................................................................. 65
SOFTWARE INTERFACE REQUIREMENTS: DATA EXPORT AND IMPORT ........................................ 66
SOFTWARE INTERFACE REQUIREMENTS: INTEGRATION WITH EXTERNAL SOFTWARE PRODUCTS
....................................................................................................................................................... 67
Glossary ................................................................................................................................................. 68
Contacts ................................................................................................................................................. 70
This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
BioReq v2.0 2012 4

Introduction
Model Requirements for the Management of Biological Repositories (abbreviated as BioReq) is a

comprehensive guideline which covers the full range of research and operation activities applicable
to biological repositories or biobanks.
0.1 Background
International standards ISO 17025 and ISO 15189 cover the operation of laboratories; NCI and OECD
recommendations provide guidance for biological resource centres in general; ISBER best practices
and the Council of Europe recommendation REC(2006)4 concern the treatment of human biological
samples and research involving the use of such materials. However, no single document has
managed to cover the full range of research and operation activities at biorepositories. By integrating
the best practices included in the aforementioned international standards and regulations, this
Guideline provides a comprehensive aid in operating biobanks and conducting research which
involve the use of biospecimen.
In recent years there has been an increasing need to automate many of the error-prone and time-
consuming tasks such as inventory tracking, report generation, management of patient consent
forms etc. As a growing number of software products target biorepositories, it is crucial that
potential users have a standard against which to compare services. The lack of relevant ICT standards
also hinders the interoperability of cooperating institutions. Electronic health record standards are
not adequate in this respect since (1) they have a narrower scope, (2) the data management needs of
medical records and biological sample records are different, (3) they do not cover all the processes
that form an integral part of managing biological materials.
0.2 Purpose and Scope

This recommendation applies to the full range of research activities in the health field involving the
removal of biological materials of human origin to be stored for research use. The use of biological
material of human origin may be accompanied by the use of associated personal data.
This Guideline is intended to be used for the following purposes:
As the basis for creating a custom Standard Operating Procedures (SOP) Manual: the
requirements presented in this Guideline can be transformed into SOP statements. Using the
Guideline as a basis of SOP guarantees that all relevant areas are covered.
As a checklist of standards compliance: This Guideline incorporates ISO, OECD and NCI
recommendations which apply to the operation of biorepositories. Since each requirement
articulates a single recommendation which is either adhered to or not, there is no need for a
separate audit checklist.
To guide the design and development of Biobank Software Systems (BSS): software vendors
can rely on this Guideline as an aid to guide product development.
To evaluate BSS products: this Guideline can be used to evaluate the services of an existing
BSS implementation, and compare the various BSS products available on the market.
0.3 Audience
This Guideline is intended to be used by the following parties:
Biobank Directors and senior management;
Clinical workers;
Laboratory workers;
Researchers;
BioReq v2.0 2012 5

Anyone who is involved in any biobank-related process such as supply, sample acquisition,
audit etc.
Biobank software vendors.
0.4 Structure Overview

This Guideline consists of the following four parts:
1. Chapter 1: Ethical Requirements
2. Chapter 2: Technical Requirements
3. Chapter 3: Management Requirements
4. Chapter 4: Biobank Software System Requirements
Each chapter is divided into sections which contain the requirements. Requirements are presented in
a table format: the first column, Ref. is the unique ID of the requirement with the first two numbers
reflecting the section numbering; the column Requirement contains the text of the requirement
itself; Source is optional and refers to the works consulted in preparing a particular requirement.
Longer sections are further divided into logical groups. Such groups improve the readability of the
guideline, but they are not given subsection numbers and do not interfere with the numbering of the
requirements either.
Note that this Guideline is a collection of carefully organized, easy-to-check requirements as opposed
to other standards, where the recommendations are provided in the form of unstructured narrative
paragraphs.
0.5 Conventions
The words MUST, MUST NOT, SHOULD, SHOULD NOT and MAY are to be interpreted as follows
(based on RFC2119):
MUST This word, or the terms "REQUIRED" or "SHALL", mean that the statement is an
absolute requirement of the Guideline.
MUST NOT This phrase means that the statement is an absolute prohibition of the Guideline.
SHOULD This word, or the adjective "RECOMMENDED", mean that there may exist valid
reasons in particular circumstances to ignore a particular item, but the full
implications must be understood and carefully weighed before choosing a different
course.
SHOULD NOT This phrase, or the phrase "NOT RECOMMENDED" mean that there may exist valid
reasons in particular circumstances when the particular behavior is acceptable or
even useful, but the full implications should be understood and the case carefully
weighed before implementing any behavior described with this label.
MAY This word, or the adjective "OPTIONAL", mean that an item is truly optional. In the
context of software system requirements, one vendor may choose to include the
item because a particular marketplace requires it or because the vendor feels that it
enhances the product while another vendor may omit the same item. An
implementation which does not include a particular option must be prepared to
interoperate with another implementation which does include the option and vice
versa.
0.6 Works Consulted

In the course of preparing the Guideline, all international recommendations and standards have been
considered which were judged as applicable to research-purpose biorepositores. Since the various
standards show a significant overlap in scope, repetitions have been removed, and conflicting
BioReq v2.0 2012 6

requirements have been resolved. We have paid attention to using a consistent terminology, i.e. if
two or more terms describe a particular phenomenon, one has been selected as a primary descriptor
and the rest as its synonyms.
The following recommendations and standards have been incorporated into the present
Guideline(the abbreviations show how these recommendations and standards are referenced by the
requirements):
ISBER International Society for Biological and Environmental Repositories. Best Practices for
Repositories I: Collection, Storage and Retrieval of Human Biological Materials for
Research, 2004.
ISO 15189 ISO/TC 212: ISO 15189:2003. Medical laboratories - Particular requirements for
quality and competence.
ISO 17025 European Standard EN ISO/IEC 17025. General Requirements for the competence of
testing and calibration laboratories (ISO/IEC 17025:2005 E)
ISO Guide 34 General Requirements for the competence of reference material producers, second
edition 2000.
MoReq2 European Commission. Model Requirements for the Management of Electronic
Records. Update and Extension, 2008.
NCI National Cancer Institute. First-Generation guidelines for NCI-supported
Biorepositories. Federal Register, 71(82), 25184-25203, 2006.
OECD OECD Best Practice Guidelines for Biological Resource Centers General Best Practice
Guidelines for all BRCs. DSTI/STP/BIO(2007)9/REV1
REC(2006)4 Council of Europe, Committee of Ministers. Recommendation Rec(2006)4 of the
Committee of Ministers to member states on research on biological materials of
human origin. 15 March 2006.
0.7 Document Status

Note that this Guideline is in a draft status which entails that it is subject to regular update and
modifications.
The latest version of the guideline can be downloaded from the following address:
http://bioreq.astridbio.com/bioreq_v2.0.pdf
Comments on the guideline should be sent to info@astridbio.com .
0.8 Adaptation
Different countries may have differing traditions, views and regulatory demands for operating
biorepositories and conducting research which involves the use of biological materials. This guideline
should be complemented with national requirements; if conflicts exist between national regulations
and the recommendations of this guideline, national requirements should be adhered to.
This Guideline may also be extended and adapted to the needs of other kinds of biobanks by
introducing additional requirements.
BioReq v2.0 2012 7

1 Ethical Requirements
Key discussions of ethics in human subjects research are found in the Declaration of Helsinki
adopted by the World Medical Association in 1964 and revised several times subsequently, most
recently in 2008 and the Belmont Report published by the US Department of Health and Human
Services in April 1979.
This chapter highlights the principles concerning informed consent and other biorepository-specific
issues.
1.1. General
The following requirements apply to all kinds of research conducted at biobanks.
Ref. Requirement Source
1.1.1 The principles of chapter VIII (confidentiality and right to information) of the REC(2006)4
Additional Protocol concerning biomedical research (CETS No. 195, 2005, Ch. VI Art.
Additional Protocol to the Convention on Human Rights and Biomedicine, 25
concerning Biomedical Research, Strasbourg, 25.I.2005) should be applied to
any research project using biological materials and associated personal data.
1.1.2 Research should be: ISBER
(a) well designed; L1.000
(b) conducted by persons with appropriate expertise;
(c) lead to meaningful conclusions.
1.1.3 Every measure should be taken to reduce the risk and ensure that the risk ISBER
does not exceed the benefit of the expected finding. L1.000
1.1.4 Studies in animals should provide reason to believe that the study of ISBER
humans is needed and is the only way to get the necessary information. L1.000
1.1.5 Freely-given informed patient consent must be in place before research on ISBER
humans may be conducted. L1.000
1.1.6 The risks for the persons concerned and, where appropriate, for their family, REC(2006)4
related to research activities, in particular the risks to private life, should be Ch. II Art. 5
minimized, taking into account the nature of the research activity.
1.1.7 Those risks should not be disproportionate to the potential benefit of the REC(2006)4
research activities. Ch. II Art. 5
1.1.8 Appropriate measures should be taken, in the full range of research REC(2006)4
activities, to avoid discrimination against, or stigmatization of, a person, Ch. II Art. 6
family or group.
1.1.9 To protect the health information of patients, adhere to privacy laws with NCI Ch. III
respect to electronic information systems. Art. 1E.4
1.1.10 Institute the level of security appropriate to the type of biorepository and to NCI Ch. III
protect study participant privacy for the biospecimens stored in the Art. 2C.1
biorepository.
1.1.11 The collection, storage and use of human specimens and associated data ISBER
must be done in a way that respects the individual and maintains privacy L2.220
and confidentiality.
1.2 Informed Consent

This section presents requirements pertaining to the management of informed consent. Informed
consent is the process by which information concerning the donation process is presented to the
donor or donors next-of-kin with an opportunity for them to ask questions, after which specific
approval is documented. The biobank has to be prepared to manage related agreement forms as well
as the alteration and withdrawal of consents.
BioReq v2.0 2012 8

Ref Requirement Source
1.2.1 No investigator may involve a human being as a subject in research without ISBER
having obtained the legally effective informed consent of the subject or the L2.100 /
subjects legally authorized representative for each biospecimen collection NCI Ch. III
event unless waived by an authorized Institutional Review Board constituted Art. 2A.1
in accordance with applicable law or regulation.
1.2.2 Consent should be sought only under circumstances that provide the ISBER
prospective subject or the representative sufficient opportunity to consider L2.120
whether or not to participate and that minimize the possibility of coercion
or undue influence.
1.2.3 The information that is given to the subject or the representative should be ISBER
in language understandable to the subject or the representative. L2.120
1.2.4 Consent may be for a specific research use or for future unspecified uses. ISBER
L2.120
1.2.5 If the use is unspecified, an Institutional Review Board review of the ISBER
research must be conducted to assure that the use is consistent with the L2.120
original consent.
1.2.6 Biobanks should adapt the template of the informed consent to their needs. NCI Ch. III
Art. 2A.1
1.2.7 The consent form should address the following: NCI Ch. III
(a) use of biospecimens or data by private entities; Art. 2A.1
(b) the possible future development of commercial products through
research;
(c) the release of individual research results to participants.
1.2.8 Research participants may specify the types of research for which their NCI Ch. III
biospecimens may be used, including use in additional future projects. Art. 2A.2
1.2.9 Research on biological materials should only be undertaken if it is within the REC(2006)4
scope of the consent given by the person concerned. The person concerned Ch. VI Art.
may place restrictions on the use of his or her biological materials. 21
1.2.10 The person concerned may freely refuse consent for the use in a research REC(2006)4
project of his or her identifiable biological materials, at any time. Ch. VI Art.
22.2
1.2.11 When a person has provided consent to storage of identifiable biological REC(2006)4
materials for research purposes, the person should retain the right to Ch. IV Art.
withdraw or alter the scope of that consent. 15.1
1.2.12 When identifiable biological materials are stored for research purposes only, REC(2006)4
the person who has withdrawn consent should have the right to have, in the Ch. IV Art.
manner foreseen by national law, the materials either destroyed or 15.1
rendered unlinked anonymized.
1.2.13 Users of the specimens and data must sign an agreement specifying how the ISBER
specimens and data will be used and to whom they may be transferred. L2.220
1.2.14 The logistics for a withdrawal of consent must be clearly defined and ISBER
conveyed to all subjects at the time of consent. L2.120
1.2.15 Even if an opt-out procedure is used, patient notification must include ISBER
instructions for later withdrawal of consent. L2.120
1.2.16 Develop policies to handle biospecimens and data for which consent has NCI Ch. III
been withdrawn. Art. 2A.4
1.2.17 The refusal, withdrawal or alteration of consent should not lead to any form REC(2006)4
of discrimination against the person concerned, in particular regarding the Ch. IV Art.
right to medical care. 15.1
1.2.18 Where authorisation has been given on behalf of a person not able to REC(2006)4
consent, the representative, authority, person or body provided for by law Ch. IV Art.
BioReq v2.0 2012 9

should have the rights to withdraw or alter. 15.2
1.2.19 Monitor the need for obtaining informed consent when the biorepository NCI Ch. III
houses identifiable biospecimens and data from children, that were Art. 2A.5
obtained with parental or guardian permission, when a child reaches the
legal age to consent for a research study.
1.2.20 If the proposed use of identifiable biological materials in a research project REC(2006)4
is not within the scope of prior consent, if any, given by the person Ch. VI Art.
concerned, reasonable efforts should be made to contact the person in 22.1i
order to obtain consent to the proposed use.
1.2.21 If contacting the person concerned is not possible with reasonable efforts, REC(2006)4
these biological materials should only be used in the research project Ch. VI Art.
subject to independent evaluation of the fulfilment of the following 22.1ii
conditions:
a) The research addresses an important scientific interest.
b) The aims of the research could not reasonably be achieved using
biological materials for which consent can be obtained.
c) There is no evidence that the person concerned has expressly opposed
such research use.
1.2.22 Biological materials removed for purposes other than storage for research REC(2006)4
(residual biological materials) should only be made available for research Ch. III Art.
activities with appropriate consent or authorisation. 12
1.2.23 Biological materials should not be removed from the body of a deceased REC(2006)4
person for research activities without appropriate consent or authorisation. Ch. III Art.
13
1.2.24 Biological materials should not be removed or supplied for research REC(2006)4
activities if the deceased person is known to have objected to it. Ch. III Art.
13
1.2.25 Biological materials should not, as such, give rise to financial gain. REC(2006)4
Ch. II Art. 7
1.3 Anonymization
Anonymization is the process whereby identifying data are removed from biological sample records.
Biobanks have to distinguish between identifiable and non-identifiable biological materials:
1. Identifiable biological materials allow the identification of the persons concerned either
directly or through the use of a code. In the latter case, the user of the biological materials
may either:
a) Have access to the code: the materials are hereafter referred to as coded materials; or
b) Not have access to the code, which is under the control of a third party: the material are
hereafter referred to as linked anonymized materials
2. Non-identifiable biological materials are unlinked anonymized biological materials, which,
alone or in combination with associated data, do not allow, with reasonable efforts, the
identification of the persons concerned.
This section defines which data are to be treated as identifying, imposes restrictions on the access of
such data, and describes what processes can be employed to de-identify materials.(For detailed
definitions, see the Glossary.)
1.3.1 Biological materials and associated data should be anonymized as far as REC(2006)4
appropriate to the research activities concerned. Ch. II Art.
8.1
1.3.2 Any use of biological materials and associated data in an identified, coded, REC(2006)4
BioReq v2.0 2012 10

or linked anonymized form should be justified by the researcher. Ch. II Art.
8.2
1.3.3 Repositories may permit researchers to review protected health information ISBER
(subset of what is termed individually identifiable health information) in L2.200
medical records or elsewhere to prepare a research protocol, or for similar
purposes preparatory to research.
1.3.4 Protected health information may be de-identified in one of two ways: ISBER
The safe harbour method is to remove all identifiers including: L2.210
names of the individual or of relatives, employers, or household
members of the individual; all geographic subdivisions smaller than a
state, except for the initial three digits of the ZIP code if the
geographic unit formed by combining all ZIP codes with the same
three initial digits contains more than 20,000 people; all elements of
dates except year, and all ages over 89 or elements indicative of such
age; telephone numbers; fax numbers; email addresses; social
security numbers; medical record numbers; health plan beneficiary
numbers; account numbers; certificate or license numbers; vehicle
identifiers and license plate numbers; device identifiers and serial
numbers; URLs; IP addresses; biometric identifiers; full-face
photographs and any comparable images; any other unique,
identifying characteristic or code, except as permitted for re-
identification in the Privacy Rule.
The second way is to have a qualified statistician determine that the
risk is very small that the information could be used, alone or in
combination with other reasonably available information, by the
anticipated recipient to identify the subject of the information. The
qualified statistician must document the methods and results of the
analysis that justify such a determination.
1.3.5 Where only certain identifiers are needed, the researcher can be provided ISBER
with a limited data set. The following 16 direct identifiers must be removed L2.220
for protected health information to qualify as a limited data set: names; postal
address information, other than town or city, state, and ZIP code; telephone
numbers; fax numbers; email addresses; social security numbers; medical
record numbers; health plan beneficiary numbers; account numbers;
certificate or license numbers; vehicle identifiers and license plate numbers;
device identifiers and serial numbers; URLs; IP addresses; biometric
identifiers; full- face photographs and any comparable images.
1.3.6 For unidentified specimens and data, users must sign an explicit agreement ISBER
not to seek information about the subjects identity. L2.220
1.3.7 Unlinked anonymized biological materials may be used in research provided REC(2006)4
that such use does not violate any restrictions placed by the person Ch. 6 Art.
concerned prior to the anonymization of the materials. 23.1
1.3.8 Anonymization should be verified by an appropriate review procedure. REC(2006)4
Ch. 6 Art.
23.2
1.4 Independent Review

It is important that any government or state financed research project be reviewed by a competent
body in order to assess the importance and ethical circumstances of the research. The biobank may
set up an Institutional Review Board to this aim.
1.4.1 Research should only be undertaken if the research project has been subject REC(2006)4
BioReq v2.0 2012 11

to an independent examination of its scientific merit, including assessment Ch. 6 Art.
of the importance of the aim of the research, and verification of its ethical 24.1
acceptability.
1.4.2 National law may additionally require approval by a competent body. REC(2006)4
Ch. 6 Art.
24.1
1.4.3 Member states should apply the provisions concerning ethics committees REC(2006)4
contained in chapter III of the Additional Protocol concerning biomedical Ch. 6 Art.
research (CETS No. 195, 2005, Additional Protocol to the Convention on 24.2
Human Rights and Biomedicine, concerning Biomedical Research,
Strasbourg, 25.I.2005) to the review of research.
1.4.4 If the institution conducts a government or state funded research project, it ISBER
should set up an Institutional Review Board (IRB) to review and approve any L2.100
research involving the use of human subjects.
1.4.5 A repositorys processes and procedures for storage of human specimens for ISBER
research should be available for review by an IRB to assure that they are L2.110
appropriate to protect human subjects.
1.5 Access to Biospecimens and Data

Various international and national regulations impose restrictions on the use of biospecimens and
related data, especially which involve the risk of jeopardizing personal data. This section provides an
overview of what aspects of samples and data require special considerations in biobanks.
1.5.1 Clear guidelines must be established for sample distribution and clinical data NCI Ch. III
sharing consistent with ethical principles, prevailing laws, and, if applicable, Art. 2B.1
consent form language.
1.5.2 Access should be guided by policies and procedures such as the following: NCI Ch. III
(a) scientific validity of the research proposal; Art. 2B.2
(b) investigators agreement covering confidentiality, use, disposition,
and security of biospecimens and associated data;
(c) investigators written agreement in a Material Transfer Agreement;
(d) investigator and institutional research qualifications;
(e) ethical oversight where required by regulations or local institutional
requirements;
f) adequate funding for the biorepository.
1.5.3 In addition to the above, the following points should also be considered NCI Ch. III
while assessing access privileges: Art. 2B.2
(a) Biospecimens and associated clinical data should be appropriately
matched with the specific scientific investigations for which they are
intended.
(b) The local decision-making body should take local principles into
account. Ethical considerations should come first among principles
that guide the decision-making process.
(c) Biorepositories should establish an appeals process for addressing
disputes over allocation decisions.
1.5.4 Transfer should be consistent with the informed consent and allowable use NCI Ch. III
of biospecimens. Art. 2B.5
1.5.5 Within the biobank, a system of data access with defined levels of access NCI Ch. III
privileges must be used. Art. 2B.6
1.5.6 Restrict access to research subjects identities and medical, genetic, social, NCI Ch. III
and personal histories to necessary biobank staff members who need such Art. 2B.6
access as part of their duty or to persons permitted access by law.
BioReq v2.0 2012 12

1.5.7 Store human biospecimens only for research purposes according to NCI Ch. III
approved protocols, not to serve individual research participants needs or Art. 2B.7
wishes.
1.5.8 If a biobank must close due to lack of funding or otherwise cannot maintain NCI Ch. III
or use the biospecimens, the availability of biospecimens should be Art. 2B.5
announced for transfer to the research community (e.g. via a website).
1.5.9 Regular audits should be conducted of the implementation of procedures on REC(2006)4
access to, and use of, samples. Ch. V Art.
19.2
1.5.10 For clinical biospecimens, laws may also govern how long records must be NCI Ch. III
retained. For research specimens, the ideal is permanent storage if Art. 2A.7
resources and storage space are sufficient.
1.6 Intellectual Property

Research conducted at biobanks may sometimes lead to inventions whose inventorship needs to be
clarified in advance. Besides the requirements concerning the inventor status of contributors, this
section specifies the distribution of data which are protected by intellectual property rights.
1.6.1 Inventorship is determined by patent law and must be considered on a case- NCI Ch. III
by-case basis by trained legal personnel. Art. 2E.2
1.6.2 Biobank staff members as custodians of biospecimens should not be a priori NCI Ch. III
considered inventors under patent law for inventions made using materials Art. 2E.2
distributed by the biorepository.
1.6.3 In general, the staff should be informed that one whose sole contribution to NCI Ch. III
an invention consists of the routine collection, handling, storage, and Art. 2E.2
disbursement of biospecimens might not rise to the level of inventor of an
invention.
1.6.4 Biobanks should not have inherent rights to future IP, including reach- NCI Ch. III
through rights in inventions made by investigators using samples obtained Art. 2E.2
from the biobank.
1.6.5 For the transfer of materials in academic-industrial collaborations, a Letter NCI Ch. III
Agreement should be used. Art. 2E.1
1.6.6 Material Transfer Agreements (MTAs) should be used ensuring that research NCI Ch. III
data developed using biospecimens are made available to the research Art. 2E.4
community.
BioReq v2.0 2012 13

2 Technical Requirements
Chapter 2: Technical Requirements describes factors which contribute to the correct and reliable
operation of biorepositories. More specifically, the requirements apply to the acquisition,
maintenance and provision of biological materials and validation/authentication actions.
The present model requirements do not prescribe the specifics of particular laboratory procedures;
rather, they articulate principles by which evidence-based standard operating procedures (SOPs) can
be developed.
Aside from the principles outlined in Part 2, national or institutional regulations may further control
the biorepository or laboratory operation; such directives should be always taken into consideration.
2.1 Human factors

This section describes the responsibilities and rights of the biobank director and personnel. We also
cover the issue of training.
BIOBANK DIRECTOR
The Biobank Director is expected to meet the following requirements.
2.1.1 The Biobank Director should be qualified by training and experience to fulfill ISBER
the scope of activities conducted by the biobank. B2.110
2.1.2 The Biobank Director should implement policies of the organization. ISBER
B2.120
2.1.3 The Biobank Director should be responsible for all operations, including ISBER
compliance with current and applicable regulations and ensure that B2.120
repository activities are in compliance with national, and local authorities.
2.1.4 The Biobank Director should construct and maintain a current organizational ISBER
chart that delineates the functional relationships within the biobank. B2.130
2.1.5 The Biobank Director should appoint and direct the members of the ISBER
supervisory and technical staff. B2.130
2.1.6 The Biobank Director should approve and maintain job descriptions and ISBER
document staff responsibilities. B2.130
2.1.7 The Biobank Director should be responsible for developing and reviewing ISBER
employee training programs. B2.130
2.1.8 The Biobank Director should ensure that there is an appropriate and ISBER
acceptable safety programme. B2.130
2.1.9 The Biobank Director may ensure that the biobank operates within budget. ISBER
B2.120
2.1.10 The Biobank Director may ensure that all patient consent forms are updated ISBER
annually to be in compliance with Institutional Review Board regulations and B2.120
serving as a liaison for the Institutional Review Board.
2.1.11 The Biobank Director may serve as a liaison for researchers, for hospital staff ISBER
(surgeons, nurses, operating room staff, pathologists, and residents), this B2.120
would include ensuring that patient issues are addressed and that biobank
staff are responding in an appropriate manner.
STAFF
Biobank staff members are expected to meet the following requirements.
2.1.12 The biobank management must ensure the competence of all who operate ISO17025
specific equipment, perform acquisition, maintenance and provision of
BioReq v2.0 2012 14

biological materials and validation/authentication, evaluate biospecimens
and sign validation/authentication certificates.
2.1.13 When using staff who are undergoing training, appropriate supervision shall ISO17025
be provided.
2.1.14 The biobank must maintain current job descriptions for managerial, ISO17025
technical and key support personnel involved in acquisition, maintenance
and provision of biological materials and validation/authentication.
2.1.15 The management must authorize specific personnel to perform particular ISO17025
types of actions.
2.1.16 The biobank must maintain records of the relevant authorization(s), ISO17025
competence, educational and professional qualifications, training, skills and
experience of all technical personnel, including contracted personnel.
2.1.17 These records must be readily available and shall include the date on which ISO17025
authorization and/or competence is confirmed.
2.1.18 Authorisation to use specialist equipment should be documented in training OECD 4.3
records.
2.1.19 New staff should not be allowed to use autoclaves, centrifuges, freeze- OECD 4.3
drying equipment, cryopreservation facilities, safety cabinets until they have
been trained in their use and are proved competent.
TRAINING
Care must be taken to ensure the proper training of staff members in areas (1) prescribed by law
(e.g. safety) and (2) deemed necessary by management (e.g. how to operate specific equipment).
2.1.20 The biobank must have a policy and procedures for identifying training ISO17025
needs and providing training of personnel (requirements for training in
biohazards, chemical hazards and radiological hazards are the most
demanding).
2.1.21 As part of the bloodborne pathogen training, staff members may get ISBER
hepatitis vaccines. G5.000
2.1.22 Training in each area of safety must be given to employees before they ISBER
begin their work. G5.000
2.1.23 The training must be updated yearly for all employees. ISBER
G5.000
2.1.24 Training must be lead by knowledgeable trainers in a language that is ISBER
appropriate for the employees being trained. G5.000
2.1.25 Records of employee training must be maintained for at least 3 years, ISBER
although this requirement may vary nationally. G5.000
2.1.26 Biobank staff who come in contact with patients also should be trained in ISBER
bioethical regulations regarding the disclosure of confidential patient G5.000
information to patients and others.
2.2 Accommodation and Environmental Conditions

This section sets out the biobank policy for providing safe and healthy offices, laboratories and other
amenities. Laboratories must comply with the applicable provisions of national requirements.
2.2.1 Sufficient heating capacity must be provided to prevent freezing of water ISBER
and drain lines. D2.100
2.2.2 Where mechanical freezers and refrigerators are employed, sufficient air ISBER
conditioning must be provided to maintain the ambient temperature equal D2.100
or less than 72 F (22 C) at the level of the freezers/refrigerators.
BioReq v2.0 2012 15

2.2.3 Sufficient air circulation and control must be provided to prevent excess ISBER
moisture and condensation. D2.200
2.2.4 Sufficient space for air circulation must be provided especially in areas ISBER
where freezers and refrigerators are employed, to prevent excess heat D2.200
accumulation.
2.2.5 Adequate ventilation must be provided in liquid nitrogen repositories and ISBER
where dry ice is used to ensure that sufficient oxygen levels are maintained. D2.200
2.2.6 Lighting in a biobank must be sufficient to provide a safe working ISBER
environment and to allow materials to be accurately put away and retrieved. D3.100
2.2.7 General area lighting may be incandescent, florescent, metal halide, or ISBER
other. D3.100
2.2.8 Some biobanks may contain materials which are sensitive to light levels or ISBER
frequencies/colour temperature. In these instances adjustments to limit D3.100
levels or frequency must be made.
2.2.9 Where task lighting is employed, care must be taken that the lighting ISBER
method does not adversely affect the storage conditions (thawing). D3.200
2.2.10 Florescent lighting is generally recommended for task lighting of frozen ISBER
materials. D3.200
2.3 Safety
The operation of the biobank must be such as to ensure the protection of the staff, samples and
equipment against physical, chemical, biological, radiological and other potential types of hazards. In
this section, we cover the following safety policy areas:
biological safety;
electrical safety;
fire safety;
physical safety;
chemical safety;
radiological safety.
Guidance on how to prepare for potential emergency situations is also provided.
2.3.1 The Director or other designated individual (this may be the CEO in some ISBER
private institutions) must have total responsibility for the safe operation of G4.000
all components of the institution.
2.3.2 The institution may establish a Safety Committee which is responsible for ISBER
the overall safety plan of the institution, and for periodic monitoring and G4.000
updating, of the plan.
2.3.3 The Safety Committee may appoint a Safety Officer to administer the safety ISBER
programme, monitor and maintain compliance with the programme, G4.000
evaluate incidents and injuries and recommend changes to the Safety
Committee, as needed.
2.3.4 There must be effective separation between neighbouring areas in which ISO17025
there are incompatible activities.
2.3.5 The activities that must be accommodated separately are as follows: OECD 5.1
(a) Receipt and storage of the initial sample;
(b) Preparation, handling and processing of samples;
(c) Biological material storage area and back-up or safety duplicate
collection;
(d) Supply, delivery/sales (kept separate from incoming accessions);
BioReq v2.0 2012 16

(e) Decontamination and cleaning of equipment and processing of
wastes;
(f) Duplicate collection in a remote building or alternative site (as a
measure to mitigate against risk of disaster).
2.3.6 Alternatives that may be implemented to having separate areas: OECD 5.1
(a) To construct the biobank on the no way back principle;
(b) To carry out procedures in a sequential manner using appropriate
precautions to ensure sample integrity (e.g. use of sealed
containers);
(c) To segregate activities by time and space.
BIOLOGICAL SAFETY
Describes instructions on safe handling of biological materials, particularly infectious agents which
are classified on the basis of degree of risk to humans working with them.
2.3.7 The safe operational level or safety limit for the resources available should OECD 5
be justified and documented and the biobank should not operate beyond
these limits.
2.3.8 Assuming that all human biospecimens are potentially infective and NCI Ch. III
biohazardous, biobanks must handle biospecimens according to, at a Art. 1D.1
minimum, Biosafety Level 2 (BSL2).
2.3.8 All human specimens and to a lesser extent animal specimens, whether ISBER
fixed, paraffin embedded, fresh frozen or freeze-dried should be considered G6.100
as biohazardous.
2.3.10 Buildings should be cleaned on a regular basis. OECD 5.4
2.3.11 Cleaning and decontamination procedures should be documented. OECD 5.4
2.3.12 Cleaning of organism containment areas and specialist equipment should be OECD 5.4
performed by authorised and trained staff using appropriate personal
protection equipment following documented.
2.3.13 Documentation must be prepared at all incidents where personnel are NCI Ch. III
exposed. Art. 1D.5
ELECTRICAL SAFETY
Electrical safety involves using safe practices when working with or near electricity or electrical
devices.
2.3.14 Surge protectors are recommended for stand-alone freezers, if this is not ISBER
part of the building electrical infrastructure. G6.300
2.3.15 Computer systems and electronic systems, such as freezer controllers should ISBER
be protected by an uninterruptible power supply (UPS) system (motor D5.100
generator).
2.3.16 UPS, like a motor generator must have a fuel supply to run continuously for ISBER
a minimum of 48 hours and preferably a minimum of 72 hours, with an D5.200
ability to re-supply fuel storage supplies.
2.3.17 Pipeline natural gas supplied generator may serve as an unlimited source, ISBER
provided supply lines are not interrupted. D5.200
FIRE SAFETY
Fire safety is a group of equipment and/or behaviour designed to both reduce the risk of starting a
fire and reduce the risk of injury in the event of a fire.
BioReq v2.0 2012 17

2.3.18 Fire safety can be evaluated by inviting an inspection by the local fire ISBER
department. G6.400
2.3.19 A fire prevention system is required by building codes for new construction, ISBER
and compliance with code is normally required if a facility is being converted D4.210
or renovated.
2.3.20 Fire drills should be practiced at least yearly. ISBER
G6.400
2.3.21 Emergency pathways should be posted at all room exits. ISBER
G6.400
2.3.22 Emergency exits should never be blocked, obstructed or locked and hallways ISBER
must not be obstructed or cluttered. G6.400
2.3.23 Flammable agents should be stored appropriately, including storage of large ISBER
amounts of flammable agents in fire cabinets if more than several quarts are G6.400
stored in one area.
2.3.24 Regulations for types of doors to serve as fire barriers should be followed as ISBER
should fire requirements for construction of buildings that house specific G6.400
activities (e.g. laboratories).
2.3.25 The fire suppression can be most commonly water sprinkler system (water ISBER
in the pipes at all times). D4.210
2.3.26 When computer equipment and electrical systems are in place, a pre-action ISBER
sprinkler system can be employed (pipes are dry until a fire is detected) D4.210
preventing water damage from accidental activation of the sprinkler system.
2.3.27 For high value materials and those samples which would be adversely ISBER
affected by exposure to water Non-Water Based Fire Retardants must be D4.220
employed.
PHYSICAL SAFETY
This subsection describes the responsibilities for site security and the procedures that must be
adopted to maintain the security and integrity of the exhibits, documents and other records and to
provide a secure working environment for the employees.
2.3.28 The purpose of any biobank is the safekeeping of the materials. To that end ISBER
every biobank should employ basic security systems that must be monitored D4.100
and alarms responded to 24 hours per day, 7 days per week.
2.3.29 Response systems must be in place such that a responsible individual can ISBER
take the necessary action to respond to an alarm in a time frame that D4.100
prevents or minimizes loss or damage to the collection materials.
2.3.30 Systems should allow for calls to other key staff from a list of staff phone ISBER
numbers when the first individual fails to acknowledge the alarm. D4.100
2.3.31 Emergency contact numbers should be posted in prominent locations in the ISBER
biobank. D4.100
2.3.32 Care should be taken with the overall security of the workplace; this includes ISBER
limiting access to the workplace by unauthorized personnel. G6.500
2.3.33 Doors should be locked. ISBER
D4.300
2.3.34 Keys should be controlled, with a record maintained of each person having ISBER
access to the biobank. D4.300
2.3.35 Keys which cannot be readily duplicated are highly preferred. ISBER
D4.300
2.3.36 Freezers or environmental storage equipment that store valuable or ISBER
sensitive specimens should be individually locked. D4.300
BioReq v2.0 2012 18

2.3.37 Magnetic locks should be placed. ISBER
D4.300
CHEMICAL SAFETY
Chemical safety pertains specifically to protection against the toxic effects of chemicals that may
arise.
2.3.38 Employers must develop a written chemical hygiene plan capable of ISBER
protecting employees from hazardous chemicals in the laboratory and G6.200
capable of keeping chemical exposures below the action level or in its
absence the Permissible Exposure Limit (PEL).
2.3.39 Organizations that fix tissues, for example for quality control, must follow ISBER
applicable areas of the Formaldehyde Standard. G6.200
RADIOLOGICAL SAFETY
Radiological safety protection of personnel against harmful effects of ionizing radiation by taking
steps to ensure that people will not receive excessive doses of radiation and by monitoring all
sources of radiation to which they may be exposed.
2.3.40 For organizations needing a radiological safety plan, the personnel who ISBER
utilize or come into contact with radioactive material require training as well G6.600
as specific monitoring equipment as do radiological safety personnel.
SAFETY PROGRAMME AND ASSOCIATED TRAINING

The following requirements apply to programs and trainings concerning safety issues.
2.3.41 An overall safety programme and training programmes must be developed ISBER
related to biohazards and biohazard safety based on published information, G7.000
national regulations as well as local and consultant experience.
2.3.42 These guidelines should be reviewed and updated periodically and modified ISBER
as soon as possible to correct any identified problems. G7.000
EMERGENCY PREPAREDNESS
Planning, exercising and education are necessary to achieve a state of readiness for disasters and
emergencies.
2.3.43 The facility should have in place an emergency preparedness plan (facility ISBER
disaster plan NCI) that addresses a wide variety of unlikely, but possible E4.000
emergencies (based on a local area risk assessment NCI). This would
include such natural disasters as earthquakes, hurricanes, tornados, flood,
fire, terrorist activities or political demonstrations.
2.3.44 The plan should include appropriate measures to protect personnel and NCI Ch. III
equipment during a disaster. Art. 1C.6
2.4 Acquisition, Maintenance and Provision

This section describes the details of the acquisition, maintenance and provision of biological samples,
i.e. biological materials including culturable organisms, replicable parts of these, viable but not yet
culturable organisms, cells and tissues, as well as databases containing molecular, physiological and
structural information relevant to these collections and related bioinformatics. The following issues
are discussed:
BioReq v2.0 2012 19

sampling;
handling of biological samples;
supply;
retrieval;
shipment.
2.4.1 All instructions, standards, manuals and reference data relevant to the work ISO17025
of the biobank must be kept up to date and shall be made readily available
to personnel.
2.4.2 For new acquisition, maintenance and provision of biological materials and ISO17025
validation/authentication methods, procedures should be developed prior
to the acquisition, maintenance and provision of biological materials and
validation/authentication being performed and should contain at least the
following information:
(a) appropriate identification, scope, description of the type of sample
to be validated/authenticated,
(b) parameters or quantities and ranges to be determined,
(c) apparatus and equipment, including technical performance
requirements,
(d) reference standards and reference materials required,
(e) environmental conditions required and any stabilization period
needed,
(f) criteria and/or requirements for approval/rejection,
(g) data to be recorded and method of analysis and presentation,
(h) the uncertainty or the procedure for estimating uncertainty and
description of the procedure.
2.4.3 The description of the procedure should include: ISO17025
(a) affixing of identification marks,
(b) handling, transporting, storing and preparation of items,
(c) checks to be made before the work is started,
(d) checks that the equipment is working properly
(e) where required, calibration and adjustment of the equipment
before each use,
(f) the method of recording the observations and results
(g) any safety measures to be observed.
2.4.4 The biological material should be preserved by at least two methods (where OECD 11.1
two distinct methods are not applicable to the biological material,
cryopreserved stocks should be maintained in separate locations) and as
master cell banks and as stocks for distribution. The details of the
preservation techniques are laid down in the domain specific criteria.
2.4.5 Biological materials with specific hazards should be clearly differentiated. OECD 11.1
SAMPLING
Sampling is a defined procedure whereby a part of a substance, material or product is taken to
provide for validation/authentication of a representative sample of the whole. Sampling may also be
required by the appropriate specification for which the substance, material or product is to be
validated/authenticated.
2.4.6 The sample labels should include at least the batch date or number and the OECD 11.1
biobank accession number.
BioReq v2.0 2012 20

2.4.7 A unique collection number is allocated to the biological material, which is OECD 12.1
never reassigned if the biological material is later discarded.
2.4.8 Identify specific clinical and epidemiological data by the same number NCI Ch. III
and/or barcode. Use the number or code to track a biospecimen from Art. 1E.1
collection through processing, storage, and distribution.
2.4.9 A base standard for labels is that they should be imprinted using a linear ISBER
(one-dimensional) bar code that includes human readable indication of I2.100
contents.
2.4.10 The unique identifier for the specimen may reflect the date of ISBER
collection/banking and/or sample type (these should be presented in human I2.200
readable form on the label). (Under certain circumstances this information
may need to be excluded in order to blind a laboratory that is performing
tests on the sample.)
2.4.11 Whenever information is included on a label that may allow for retracement ISBER
of a specimen to its donor, specific Institutional Review Board (IRB) issues I2.200
must be considered by the repository.
2.4.12 The biological material received should have the following information: OECD
(a) name (where one can be applied), other identifier or cell culture
description;
(b) depositors name and address;
(c) source, substrate or host from which the biological material was
isolated or derived (where identified) and date of isolation;
(d) geographical origin of material (the minimum requirement is the
country of origin or the furnisher of the source, substrate or host);
(e) depositors biological material number or other collection
number(s), if deposited elsewhere;
(f) growth media and conditions, cell preservation or storage
conditions where known;
(g) hazard information, e.g. in the form of a safety data sheet.
2.4.13 Where possible an indication of expiry date should be provided to the user OECD
of the biological material.
2.4.14 The biobank shall have a sampling plan and procedures for sampling when it ISO17025
carries out sampling of biospecimens for subsequent
validation/authentication.
2.4.15 Sampling procedures should describe the selection, sampling plan, ISO17025
withdrawal and preparation of a sample or samples from a substance,
material or product to yield the required information.
HANDLING OF BIOLOGICAL SAMPLES

Requirements in this subsection describe the circumstances of handling biological samples.
2.4.16 A risk assessment should be carried out on the biological material and the OECD 10.1
methods recorded to determine, as far as possible, the potential of harm to
personnel, the public and the environment.
2.4.17 The risk assessment should be reviewed and updated regularly. OECD 10.1
2.4.18 Where possible the identity of the biological material should be confirmed OECD 10.3
after receipt by a competent person (employed or contracted by the
biobank or its parental organisation). This step may include identity, purity
or property check of the biological material performed by the depositor.
2.4.19 The biological material should be checked again by these competent persons OECD 10.3
before (if there are additional transfers of the biological material before it is
preserved) and after preservation.
BioReq v2.0 2012 21

2.4.20 For tissue biospecimens, minimize the time for collection and processing as NCI Ch. III
much as possible (unless inadequate processing time is known to interfere Art. 1A.10
with the analysis method); reduce biospecimen temperature as soon as
possible after collection.
2.4.21 All staff should wear protective equipment, as appropriate, such as lab ISBER
coats, disposable gloves, freezer gloves, face shields, goggles (mandatory K4.100
when working with liquid nitrogen).
2.4.22 Specimens in plastic cryovials should be thawed at room temperature. ISBER
K4.100
2.4.23 Specimens in glass vials should be thawed slowly overnight in a refrigerator ISBER
to prevent cracking. K4.100
2.4.24 Open and aliquot specimens in a biological safety hood. ISBER
K4.100
2.4.25 Sterile vials and pipettes should be used to avoid contaminating samples. ISBER
K4.100
2.4.26 Proper pipette and tip to use should be determined depending on required ISBER
volumes. K4.100
2.4.27 Different pipette tip should be used for each specimen and pipette tip ISBER
should be rinsed with 10% bleach solution before discarding. K4.100
2.4.28 Exact freezing and thawing protocols should be developed to ensure that ISBER
the method used supports the known or anticipated use for the specimens. K4.200
2.4.29 The rate of cooling controls the size of ice crystals and how fast they are ISBER
formed, which may affect cell recovery. A uniform cooling rate of 1 C per K4.200
minute from ambient temperature is effective for a wide variety of cells. The
steady decline of temperature can be achieved by the use of commercially
available freezing devices that control the rate of freezing.
2.4.30 The opposite is required when thawing from the frozen state. Agitation of ISBER
the vial/ampoule in a 37 C water bath is preferable, but may be detrimental K4.200
to certain cell types if the process is too lengthy.
2.4.31 Upon receipt of the samples, abnormalities or departures from normal or ISO17025
specified conditions, as described in the acquisition, maintenance and
provision of biological materials and validation/authentication method,
must be recorded.
2.4.32 Biobanks should only accept deposits of biological material that meet its OECD 10.2
acquisition criteria and fall into the groups of its specialist expertise.
2.4.33 Specimens to be retrieved must be located in the appropriate specimen ISBER
inventory system. K5.100
BioReq v2.0 2012 22

SUPPLY
The supply of biological samples to users is subject to the following requirements.
2.4.34 The biobank should only supply to users who have the appropriate facilities OECD 12.1
and meet the specific requirements for receipt as required by relevant
national and international regulations and policies.
2.4.35 The materials should be distributed according to the policy of each OECD 12.1
depository.
2.4.36 The biobank should provide at least the following information to the user: OECD 12.3
(a) biological material identifier, accession number and batch number;
(b) an estimate of shelf-life, storage conditions, storage instructions and
if appropriate, conditions of growth;
(c) instructions for opening ampoules or vials (when appropriate and in
all cases where materials are being provided to new users);
(d) a safety data sheet including the containment level required for
handling the biological material, disposal measures and measures to
take in case of spillage;
(e) a Material Transfer Agreement: an essential requirement to protect
intellectual property rights (addressing donor privacy, as
appropriate, intellectual property, data sharing, and other similar
requirements) and mandatory where they are required by national
law. They are used to relay the depositors and/or country of origin
requirements on use of the biological material;
(f) fax-back sheet to acknowledge receipt of materials may be
desirable.
2.4.37 For frozen specimens keep vials on dry ice or in liquid nitrogen during the ISBER
retrieval process. K5.200
2.4.38 Confirm that all requisitioned specimens are accounted for in the freezer or ISBER
other storage container. K5.200
2.4.39 If specimens are missing, a deviation report should be produced to indicate ISBER
that specimens listed in the inventory system could not be located. K5.200
2.4.40 All requisition steps should be recorded in the record management system. ISBER
K5.200
2.4.41 In order to make certain that specimens can be tracked effectively from the ISBER
site at which they are collected through their arrival and subsequent I1.000
shipment from the biobank, certain systems must be in place:
(a) use of labels that identify the samples as they are transported and
stored,
(b) shipping logs which document specimen arrival and departure from
the repository
(c) an inventory system that allows specimen location within the
repository to be known to all appropriate staff.
DOCUMENTATION OF RETRIEVAL
The following requirements describe the conditions of sample retrieval, both temporary and
permanent (e.g. transfer).
2.4.42 Checklists and other forms are desirable to document the specimen retrieval ISBER
process including steps to confirm completeness of the process and steps K5.300
occurring after retrieval to document shipment and quality checks.
2.4.43 If specimens are to be shipped to an outside location, the recipient should ISBER
BioReq v2.0 2012 23

be contacted at least 24 hours prior to shipment. K5.300
2.4.44 Quality control checks should be performed to confirm that all specimens ISBER
listed on the requisition were retrieved. Confirmation at least a second time K5.300
by a separate person is recommended.
2.4.45 Records should be kept on any special considerations such as the number of ISBER
times specimens have been thawed and refrozen if applicable. K5.300
2.4.46 Records should be kept on problems noted with any individual containers, ISBER
such as: no visible specimen, volume significantly less than documented in K5.300
inventory system, container is cracked, label missing or unreadable.
SHIPMENT
Biological samples may be transferred or shipped to other institutions. The biobank has to ensure
that transfer conditions (e.g. temperature) do not result in the degradation of the samples. Shipment
details and confirmation of receipt need to be archived for future reference.
2.4.47 Each repository should maintain a shipment log to record the receipt and ISBER
dissemination of shipments sent from the repository. I4.000
2.4.48 The log may be computerized or it may be kept in a logbook. If ISBER
computerized, ideally it would be included in the functionality of the I4.000
inventory management system.
2.4.49 Each shipment entry should be given a unique shipment number. ISBER
I4.000
2.4.50 The log should track the following elements: ISBER
(a) Shipment/Invoice Number; I4.000
(b) recipient/source;
(c) date received or shipped;
(d) courier name and ID# for tracking package;
(e) sample description;
(f) number of samples received or sent;
(g) study name if available;
(h) study number if available;
(i) key investigator name(s);
(j) signature of individual receiving the specimen.
2.4.51 Adhere to biosafety, packaging, and shipping regulations. NCI Ch. III
Art. 1A.14
2.4.52 Air shipments should conform to International Air Transport Association ISBER
(IATA) standards. J1.000
2.4.53 Dry ice (solid carbon dioxide) and liquid nitrogen employed for frozen ISBER
shipments are hazardous materials, and appropriate labelling must be J1.000
included.
2.4.54 Specimens may be exposed to temperature fluctuations during transit. The ISBER
following are typical temperature conditions required for transport of J2.200
specimens and the insulation/refrigerant required to maintain that
temperature:
(a) ambient (20 to 30 C): insulated packaging to protect from extreme
heat/cold ambient conditions;
(b) refrigerated (2 to 8 C): gel packs designed for refrigerated
temperatures, conditioned at 15 C or phase change material rated
for refrigerated transport;
(c) frozen (-20 C): gel packs designed for frozen temperatures,
conditioned at or below 20C;
(d) frozen (-70 C): dry ice pellets or sheets;
BioReq v2.0 2012 24

(e) frozen (at or below 150 C): liquid nitrogen dry shipper.
2.4.55 Specimens sensitive to humid conditions may need to be shipped in sealed ISBER
bags with desiccant to prevent exposure to moisture during transit. J2.300
2.4.56 Light sensitive material should be sent in packaging that does not allow ISBER
penetration of light such as amber vials or amber coated bags. J2.400
2.4.57 Time sensitive specimens such as fresh whole blood must be consigned to ISBER
couriers with a proven reputation of successful on-time delivery. Time J2.500
required for processing should be considered as well.
2.4.58 For cold or frozen shipments, sufficient refrigerant should be included to ISBER
allow for a 24-hour delay in transport. For example, an overnight (24 hours) J2.500
shipment should have sufficient refrigerant for 48 hours.
2.4.59 Temperature sensitive material should be consigned with a courier capable ISBER
of replenishing refrigerant in the event of a delay. J2.500
2.4.60 Shipments of specimens with high value or those with critical temperature ISBER
requirements should include a temperature-recording device that can verify J3.200
the temperature of the material being shipped throughout the transport
cycle.
2.4.61 In some situations, especially relating to extremely valuable samples, ISBER
repositories may choose to send a test shipment that approximates the J3.300
characteristics of the actual shipment.
2.4.62 The shipper should provide a 24-hour emergency contact for all packages ISBER
transporting dangerous goods. J4.100
2.4.63 Confirmation of receipt and the condition upon arrival should be obtained ISBER
for every shipment coming to or leaving a biobank. J4.400
2.4.64 The biobank should keep records of all requests for biological materials, OECD 11.5
including those requests refused for any reason, showing the biological
material, method and date of shipment, and name and address of the
person to whom sent.
The records should be maintained to meet national law, regulations and
policies.
2.4.65 All work carried out for a client should be treated as strictly confidential to OECD
that client unless national requirements apply. This should apply to all
requests for biological materials, safe and patent deposits, information
supplied relating to these and to the fact that the product or service was
requested in accordance with national law, regulations and policies.
2.4.66 Information may be included in statistics produced to show biobank OECD
activities in a way that the customer is not identified.
2.4.67 The names of past or present clients should only be revealed with the clear OECD
permission of the client.
2.5 Validation/authentication Methods

Validation or authentication is the process by which biological materials are characterised up to a
defined level using appropriate technology to establish a conclusive basis for accepting the material
as genuine. Validation methods are subject to the following requirements.
2.5.1 The biobank should document all methods and procedures used in OECD
validation.
2.5.2 All methods and procedures should be subject to in-use quality checks. For OECD
example, a sample should be selected from a preserved batch and
appropriate stability checks carried out.
2.5.3 The biobank must validate non-standard methods, laboratory- ISO17025
designed/developed methods, standard methods used outside their
BioReq v2.0 2012 25

intended scope, and amplifications and modifications of standard methods
to confirm that the methods are fit for the intended use.
2.5.4 The biobank must record the results obtained, the procedure used for the ISO17025
validation, and a statement as to whether the method is fit for the intended
use.
2.5.5 The techniques used for the determination of the performance of a method ISO17025
should be one of, or a combination of, the following:
(a) calibration using reference standards or reference materials,
(b) comparison of results achieved with other methods,
(c) inter-biobank comparisons,
(d) systematic assessment of the factors influencing the result,
(e) assessment of the uncertainty of the results based on scientific
understanding of the theoretical principles of the method and
practical experience.
2.6 Equipment
Biobanks need to be well-equipped in order to facilitate the proper maintenance of samples and for
providing an infrastructure necessary to performing sample-related actions (e.g. validation,
preparation). A piece of equipment is any device that provides a readout, data, or has a meter
movement. In this section, we present general requirements pertaining to the tracking, maintenance
and calibration of equipment. Since freezers and refrigerators are the primary storage units in a
biobank, requirements related to following freezer types are also addressed:
cryogenic freezers;
liquid nitrogen freezers;
mechanical freezers;
walk-in freezers and refrigerators.
2.6.1 The biobank must be furnished with all items of acquisition, preparation and ISO17025
maintenance of biological samples and validation/authentication equipment 5.4.1
required for the correct performance of these activities (including
preparation, aliquoting, storage, sampling of validation/authentication
items, processing and analysis of validation/authentication data).
2.6.2 Each item of equipment and its software used for acquisition, maintenance ISO17025
and provision of biological materials and validation/authentication and
significant to the result must, when practicable, be uniquely identified.
2.6.3 Records must be maintained of each item of equipment and its software. ISO17025
The records shall include at least the following:
(a) the identity of the item of equipment and its software;
(b) the manufacturer's name, type identification, and serial number or
other unique identification;
(c) checks that equipment complies with the specification;
(d) the current location, where appropriate;
(e) the manufacturer's instructions, if available, or reference to their
location;
(f) dates, results and copies of reports and certificates of all
calibrations, adjustments, acceptance criteria, and the due date of
next calibration;
(g) the maintenance plan, where appropriate, and maintenance carried
out to date;
(h) any damage, malfunction, modification or repair to the equipment.
BioReq v2.0 2012 26

2.6.4 System maintenance should be performed at regular, established intervals ISBER
per manufacturers recommendation. E6.100
2.6.5 Maintenance records should provide a description of work that was done, ISBER
tests that were performed, and the results compared to the standards. E6.100
CALIBRATION
Calibration is the act of checking or adjusting the accuracy of a measuring instrument by comparison
with a standard. The following requirements apply to equipment which need calibration on a regular
basis.
2.6.6 The biobank shall have an established programme and procedure for the ISO17025
calibration of its equipment.
2.6.7 The calibration programme should include a system for selecting, using, ISO17025
calibrating, checking, controlling and maintaining measurement standards,
reference materials used as measurement standards, and equipment used
to perform acquisition, maintenance and provision of biological materials
and validation/authentication.
2.6.8 Calibration should be done annually or per manufacturers ISBER
recommendation. E6.200
2.6.9 Calibration should be performed against standards. ISBER
E6.200
2.6.10 Calibration records should include the appropriate standard readings taken ISBER
both before and after calibration. E6.200
2.6.11 Whenever practicable, all equipment under the control of the biobank and ISO17025
requiring calibration must be labelled, coded or otherwise identified to
indicate the status of calibration, including the date when last calibrated and
the date or expiration criteria when recalibration is due.
FREEZER AND REFRIGERATOR

The following requirements apply to all kinds of freezers and refrigerators that the biobank may
operate; note that these requirements are not repeated for the specific freezer types described
below.
2.6.12 The function and temperature of each storage unit should be checked and ISBER
recorded each workday. E2.000
2.6.13 All storage units must have a mechanism (continuous monitoring systems) ISBER
to generate an alarm in the event established temperature ranges are E2.000
exceeded.
2.6.14 All storage units should have a temperature-monitoring device that can be ISBER
read and recorded. Dual or multiple temperature sensing devices are E2.000
preferred.
2.6.15 Alarm conditions should be responded to in a time frame to ensure that no ISBER
damage to the stored material occurs. E2.000
2.6.16 Personnel with adequate training who can take corrective action should be ISBER
on call 24 hours per day, 7 days per week. E2.000
REFRIGERATORS
The operation of refrigerators is expected to meet the following requirements.
2.6.17 In refrigerator operation it should be ensured that the temperature is ISBER
maintained within the specified operating range, not just below a maximum E5.400
BioReq v2.0 2012 27

temperature.
2.6.18 The facility operator must ensure that high and low set points are ISBER
monitored, and that alarm response time is adequate to prevent excessive E5.400
temperature excursions.
2.6.19 For high value materials, the refrigerators should be equipped with dual ISBER
compressors that operate under an electrical alternating control system. E5.400
CRYOGENIC FREEZERS
The following rules must be in place if cryogenic freezers are employed in the biobank.
2.6.20 Where liquid nitrogen (LN2) refrigeration is employed, an adequate supply ISBER
of refrigerant must be maintained. E5.210
2.6.21 For freezers filled from Dewars or supply tanks, a minimum three-day supply ISBER
of LN2 at normal usage and replenishment intervals should be maintained, E5.210
with the assumption that a re-supply is readily available.
2.6.22 The supply maintained on hand should be at least 20 % more than the ISBER
normal refill usage to allow for emergency situations. E5.210
2.6.23 Bulk supply systems should maintain a minimum supply of 20 % of the bulk ISBER
tank capacity, or greater than 3 days working capacity, assuming a ready re- E5.210
supply system.
2.6.24 Self Contained Breathing Apparatus (SCBAs or air packs) should be ISBER
available for use in the event of a white out condition in the biobank (in the E5.210
event of a blockage or overpressure event, a number of relief valves will
vent nearly simultaneously with a consequent visibility-drop to near zero
and the oxygen level in the area may become less than that necessary to
sustain life).
2.6.25 Personnel should receive training on the effective use of these units. ISBER
E5.210
2.6.26 In the event of an emergency staff should evacuate the facility immediately ISBER
and not return until the environment is safe. E5.210
LIQUID NITROGEN FREEZERS

The following rules must be in place if liquid nitrogen freezers are employed in the biobank.
2.6.27 The use of liquid nitrogen freezers for long-term specimen preservation is ISBER
optimal only if the operating conditions within the freezer are less than the E5.220
critical storage temperature, generally considered to be -140 C or below.
2.6.28 Staff should be aware that the temperature of the freezer increases slightly ISBER
(some newer freezer models are more efficient with respect to temperature E5.220
loss) each time the freezer is opened and specimens are either placed in
storage or removed from storage. Care must be taken to minimize the
number of times a freezer is opened within a given time frame.
2.6.29 Some type of temperature map of the freezer should be conducted on a ISBER
periodic basis to verify the temperature at various locations within the E5.220
freezer.
2.6.30 Any container which has potentially been in the liquid phase be allowed to ISBER
equilibrate in the gaseous phase of the freezer prior to removal since plastic E5.240
and glass containers can easily explode if liquid nitrogen is trapped when the
container is removed from the freezer.
2.6.31 Alarm systems should be set to monitor the liquid nitrogen level and ISBER
temperature. E5.250
BioReq v2.0 2012 28

2.6.32 Alarm set points should be established which will permit sufficient time for ISBER
corrective action before significant warming occurs. E5.250
2.6.33 Heavy gloves, a face shield, and a protective garment should always be used ISBER
when handling liquid nitrogen. E5.260
2.6.34 Oxygen level sensors should always be employed when LN2 freezers are ISBER
used in a repository. Both installed and mobile/personal monitors may be E5.270
appropriate depending on the size of the facility.
2.6.35 Mobile oxygen monitors may be the best to use in a secure area where ISBER
liquid nitrogen freezers operate because the sensors in installed units will E5.270
degrade over time and sound false alarms.
MECHANICAL FREEZERS
Mechanical freezers are employed in a variety of storage temperature ranges, including -20, -40, -70
to -80C, and occasionally -140C.
2.6.36 Because mechanical freezers are devices attached to commercial power ISBER
systems, a back-up power plan and an emergency response plan must be in E5.300
place.
2.6.37 Common practice is to set the alarm point at about 10C warmer than the ISBER
nominal operating temperature of the unit. E5.300
WALK-IN FREEZERS AND REFRIGERATORS

The following rules must be in place if walk-in freezers and refrigerators are employed in the
biobank.
2.6.38 All building codes require that these units have safety releases to prevent a ISBER
person from being trapped in a unit by accidentally closing doors (i.e. E5.510
interior door release mechanism).
2.6.39 Both types of units should have some type of mat or grate to prevent ISBER
slipping. E5.520
2.6.40 Walk-in freezers should be kept free of dry ice (i.e. the solid phase of CO2), ISBER
since CO2 can rapidly build-up, displace the oxygen in the room, and cause E5.530
personnel working in the units to lose consciousness.
2.6.41 Where dry ice is employed, engineering controls to insure sufficient air or ISBER
oxygen level monitoring are required. E5.560
BACK-UP STORAGE CAPACITY

It is vital that the biobank be prepared with adequate back-up capacity for storing samples in case of
equipment failure.
2.6.42 Adequate back-up capacity for low temperature units must be maintained in ISBER
anticipation of possible equipment failure. E5.100
2.6.43 Extra capacity equal at a minimum to the capacity of the largest single ISBER
storage unit (determined empirically, but typically 1.5 % to 3 % of the total E5.100
freezer capacity) must be maintained at operating temperature at all times.
This applies to each temperature storage condition.
2.6.44 Personnel must be trained in processes and techniques for rapidly ISBER
transferring material to back up units when necessary. E5.100
2.6.45 A process should be in place for updating records of the specimen transfer, ISBER
documenting the event, and corrective action taken. E5.100
BioReq v2.0 2012 29

3 Management Requirements
This chapter describes the requirements that apply to the operation of biobanks. It explains the tasks
and responsibilities of the management and staff, document handling procedures and general quality
control requirements.
3.1 Organization and Management

This section summarizes organizational and management requirements.
3.1.1. The biobank or the organization of which it is part must be an entity that can ISO 17025
be held legally responsible. 4.1.1.
3.1.2. The biobank must meet the relevant requirements of this guideline ISO 15189
when carrying out work in its permanent facilities, or at sites other than 4.1.3.
the permanent facilities for which it is responsible.
3.1.3. The biobank should develop a strategy for its long-term sustainability. OECD 4.1
Adequate and reliable sources of funding vary from government support,
income from services and private support.
3.1.4. If its future of the biobank is threatened, it should have a plan to ensure that OECD 4.1
its key holdings remain available.
3.1.5. Management should support all biobank personnel by providing them ISO 15189
with the appropriate authority and resources to carry out their duties. 4.1.5.
3.1.6. The biobank must have arrangements to ensure that its management and ISO 15189
personnel are free from any undue internal and external commercial, 4.1.5.
financial and other pressures and influences that may adversely affect the
quality of their work.
3.1.7. The biobank must define the organization and management structure of the ISO 15189
biobank and the relationships between quality management, technical 4.1.5.
operations and support services.
3.1.8. Specified responsibilities, authority, and interrelationships of all personnel ISO 15189
must be defined. 4.1.5.
3.1.9. The biobank must appoint deputies for key managerial personnel. ISO 15189
4.1.5.
3.1.10. A member of staff must be appointed as quality manager (however named) ISO 15189
who must have defined responsibility and authority for ensuring that the 4.1.5.
management system related to quality is implemented and followed at all
times.
3.2 Training
The biobank management is responsible for the adequate training of staff members.
3.2.1. The biobank management must ensure the competence of all staff. ISO 17025
5.2.1.
3.2.2. The biobank must have a policy and procedures for identifying training ISO 17025
needs and providing training of personnel. 5.2.2.
3.2.3. Staff should be trained according to documented protocols in skills OECD 4.3
specific to the job and should receive training as new technologies or
practices are introduced.
3.2.4. As part of the bloodborne pathogen training, staff members may get ISBER
hepatitis vaccines. G5.000
3.2.5. When using staff who are undergoing training, appropriate supervision shall ISO 17025
be provided. 5.2.1.
BioReq v2.0 2012 30

3.3 Quality Management System
The biobank management is responsible for incorporating its policies and procedures into a Standard
Operating Procedures (SOP) manual, which helps ensure the high quality operation of the biobank.
The SOP is subject to regular review. This section also describes what actions need to be taken in
case the procedures are ignored.
3.3.1. Each biobank must develop written policies and procedures in a ISBER
standardized written format that must be incorporated into a Standard E1.100
Operating Procedures manual (SOP). The SOPs must state policies and
define and describe in detail, all procedures. These SOPs should be utilized
to ensure that all samples are appropriately stored so that they may be
effectively disseminated for subsequent research and other uses.
3.3.2. The SOP manual must specifically include, but should not be limited to: ISBER
(a) Specimen handling policies and procedures including supplies, E1.200
methods and equipment.
(b) Biobank procedures for tests performed in-house and any
specimen aliquoting or other specimen processing.
(c) Policies and procedures for shipping and receiving specimens.
(d) Records management policies.
(e) QA and QC policies and procedures for supplies, equipment,
instruments, reagents, labels, and processes employed in sample
retrieval and processing.
(f) Policies regarding safety programs. These would include pre- and
post-employment medical evaluations and immunization
records.
(g) Emergency and safety policies and procedures, including
reporting of staff injuries and exposure to potential blood-borne
pathogens.
(h) Policies and procedures for the investigation, documentation
and reporting of accidents, errors, complaints and adverse
outcomes.
(i) Policies, procedures and schedules for equipment inspection,
maintenance, repair and calibration for the purpose of
maintaining equipment.
(j) Procedures for disposal of medical waste and other hazardous
waste.
(k) Policies and procedures describing requirements of training
programs for technical and QA staff.
3.3.3. Either the biobank Director and/or the individual responsible for quality ISBER
management (see section 4.1.10.) must review and approve all SOPs and E1.300
associated process validation studies prior to implementation.
3.3.4. All staff must adhere to the policies and procedures prescribed in the SOP. OECD 7.1
Any departures from documented procedures must be agreed by senior
management prior to deviation. Written permission and justification must
then be included in the relevant records.
3.3.5. In the case where a procedure is not followed a deviation report is required OECD 7.1
outlining the specific error and corrective actions that will be taken. If failure
has been brought about by a misunderstanding or misdirection, the error
must be investigated, rectified and retraining implemented if necessary.
3.3.6. In accordance with a predetermined schedule and procedure, the biobanks ISO 17025
top management must periodically conduct a review of the biobank's 4.15.1.
management system and operations to ensure their continuing suitability
BioReq v2.0 2012 31

and effectiveness, and to introduce necessary changes or improvements.
The review must take account of:
(a) The suitability of policies and procedures.
(b) Reports from managerial and supervisory personnel.
(c) The outcome of recent internal audits.
(d) Corrective and preventive actions.
(e) Assessments by external bodies.
(f) The results of inter-biobank comparisons or proficiency tests.
(g) Changes in the volume and type of the work.
(h) Customer feedback.
(i) Complaints.
(j) Recommendations for improvement.
(k) Other relevant factors, such as quality control activities, resources
and staff training.
3.3.7. Findings from management reviews and the actions that arise from them ISO 17025
must be recorded. The management must ensure that those actions are 4.15.2.
carried out within an appropriate and agreed timescale.
3.4 Document Control

This section lists the requirements on managing biobank-related electronic and paper documents,
including vital documents pertaining to the proper operation of the biobank (e.g. instructions,
software manuals, drawings etc.) and quality control (e.g. procedures, guidelines), and also
documents produced as part of the daily operation of the biobank (e.g. equipment maintenance
reports, research plans, research reports etc.). On the possible use of electronic document
management systems see Section 4.2 and 4.9.
3.4.1. The biobank must establish and maintain procedures to control all ISO 17025
documents that form part of its management system (internally generated 4.3.1.
or from external sources), such as regulations, standards, other normative
documents, as well as drawings, software, specifications, instructions and
manuals.
3.4.2. Procedures must be adopted to ensure that: ISO 15189
(a) All documents issued to laboratory personnel as part of the quality 4.3.2.
management system are reviewed and approved by authorised
personnel prior to issue;
(b) Implementation dates should be recorded for all procedures.
(c) A list, also referred to as a document control log, identifying the
current valid revisions and their distribution is maintained;
(d) Only currently authorised versions of appropriate documents are
available for active use at relevant locations;
(e) Documents are periodically reviewed, revised when necessary, and
approved by authorised personnel;
(f) Invalid or obsolete documents are promptly removed from all points
of use, or otherwise assured against inadvertent use;
(g) Retained or archived superseded documents are appropriately
identified to prevent their inadvertent use.
3.4.3. All documents relevant to the quality management system must be uniquely ISO 15189
identified, to include: 4.3.3.
Title;
Edition or current revision date, or revision number, or all these.
Number of pages (where applicable);
Authority for issue; and
BioReq v2.0 2012 32

Source identification.
3.5 Customer Relations

Customer relations management (CRM) includes managing monitoring requests, feedback from
customers, and the resolution of complaints.
3.5.1. The biobank must be willing to cooperate with customers or their ISO 17025
representatives in clarifying the customers request and in monitoring the 4.7.1.
biobanks performance in relation to the work performed, provided that the
biobank ensures confidentiality to other customers.
3.5.2. The biobank must seek feedback, both positive and negative, from its ISO 17025
customers. The feedback must be used and analysed to improve the 4.7.2.
management system, operations and customer service.
3.5.3. The biobank must have a policy and procedure for the resolution of ISO 17025
complaints received from customers or other parties. 4.8.
3.5.4. Records must be maintained of all complaints and of the investigations and ISO 17025
corrective actions taken by the biobank. 4.8.
3.6 Purchasing Services and Supplies

The biobank has to ensure that the supplies it uses are of proven quality. The purchase of services is
subject to similar conditions.
3.6.1. The biobank must have a policy and procedure(s) for the selection and ISO 17025
purchasing of services and supplies it uses. Procedures must exist for the 4.6.1.
purchase, reception and storage of reagents and laboratory consumable
materials.
3.6.2. Supplies should be sought from reputable companies with, where possible, OECD 5.5
proven quality of products. Preference should be given to services and
supplies covered by certification schemes.
3.6.3. The biobank must ensure that purchased supplies and reagents and ISO 17025
consumable materials are not used until they have been inspected or 4.6.2.
otherwise verified as complying with standard specifications or
requirements concerned. Records of actions taken to check compliance
must be maintained.
3.6.4. The biobank must evaluate suppliers of critical consumables, supplies and ISO 17025
services and must maintain records of these evaluations and list those 4.6.4.
approved.
3.7 Subcontracting Activities

The biobank may rely on subcontractors to fulfil all or part of certain processes. Note that the
biobank is responsible for the quality of the subcontractors work.
3.7.1. When a biobank subcontracts work, whether because of unforeseen reasons ISO 17025
(e.g. workload, need for further expertise or temporary incapacity) or on a 4.5.1.
continuing basis (e.g. through permanent subcontracting, agency or
franchising arrangements), this work must be placed with a competent
subcontractor. A competent subcontractor is one that, for example,
complies with this Guideline for the work in question.
3.7.2. The biobank is responsible to the customer for the subcontractors work, ISO 17025
except in the case where the customer or a regulatory authority specifies 4.5.3.
which subcontractor is to be used.
BioReq v2.0 2012 33

3.8 Control of Non-conformance, Corrective and Preventive Actions
Monitoring biobank processes may reveal work products or procedures which do not conform to the
relevant internal or external requirements. In such a situation the biobank has to evaluate the
consequences of non-conformance and initiate corrective actions. This section also describes
requirements on what preventive actions may be taken to help avoid non-conformance.
3.8.1. The biobank must have a policy and procedures that must be implemented ISO 17025
when any aspect of its operations, or the results of this work, do not 4.9.1.
conform to its own procedures or the agreed requirements of the customer.
The policy and procedures must ensure that:
(a) The responsibilities and authorities for the management of non-
conforming work are designated and actions (including halting of
work) are defined and taken when non-conforming work is
identified.
(b) An evaluation of the significance of the non-conforming work is
made.
(c) Correction is taken immediately, together with any decision about
the acceptability of the non-conforming work.
(d) Where necessary, the customer is notified and work is recalled.
(e) The responsibility for authorizing the resumption of work is defined.
3.8.2. Where the evaluation indicates that the non-conforming work could recur or ISO 17025
that there is doubt about the compliance of the biobanks operations with 4.9.2.
its own policies and procedures, the corrective action procedures must be
promptly followed.
3.8.3. The biobank must establish a policy and a procedure for implementing ISO 17025
corrective action when non-conforming work or departures from the 4.11.1.
policies and procedures in the management system or technical operations
have been identified.
3.8.4. Where corrective action is needed, the biobank must identify potential ISO 17025
corrective actions. It must select and implement the action(s) most likely to 4.11.3.
eliminate the problem and to prevent recurrence.
3.8.5. Corrective actions must be to a degree appropriate to the magnitude and ISO 17025
the risk of the problem. 4.11.3.
3.8.6. The biobank must document and implement any required changes resulting ISO 17025
from corrective action investigations. 4.11.3.
3.8.7. The biobank must monitor the results to ensure that the corrective actions ISO 17025
taken have been effective. 4.11.4.
3.8.8. Needed improvements and potential sources of nonconformities, either ISO 17025
technical or concerning the management system, must be identified. When 4.12.1.
improvement opportunities are identified or if preventive action is required,
action plans must be developed, implemented and monitored to reduce the
likelihood of the occurrence of such nonconformities and to take advantage
of the opportunities for improvement.
3.8.9. Procedures for preventive actions must include the initiation of such actions ISO 17025
and the application of controls to ensure that they are effective. 4.12.2.
BioReq v2.0 2012 34

4. Biobank Software System Requirements
Many of the time-consuming and error-prone tasks covered in previous chapters can be automated
by one or more software products; together these will be referred to as a Biobank Software System
(BSS). This part lists the requirements that Biobank Software Systems must fulfil.
The requirements in this chapter are based on MoReq2, a joint European specification of electronic
records management. Since records can describe any kind of entity from samples to equipment, a
records management specification is a sufficient basis of electronic sample management. MoReq2
requirements have been adapted to serve the needs of biobanks.
The requirements in Chapters 1-3 have been analysed and translated into software system
requirements so that the present chapter can be used on its own for BSS design purposes. From the
perspective of BSS vendors the rest of the guideline should be interpreted as a biobank domain
description.
The rest of this chapter is organized as follows.
Sections 4.1 and 4.2 help software analysts and engineers to design the data model of actual BSS
implementations. These sections cover metadata requirements and the outline of entity types
managed by a BSS.
The organization of the requirements in Sections 4.3-4.5 follows the natural order of general sample-
related processes as depicted in Fig. 1.
Section 4.6 outlines laboratory management features; as is the case with other sections of the
chapter, additional requirements may be introduced if required by the operating organization.
Requirements in Sections 4.7-10 are of a purely technical nature in terms that they are typical of any
software system, and are not strictly related to biobank-specific processes (e.g. user management,
search, log).
Section 4.11, Audit describes how the BSS supports biobank audits with features presented in earlier
parts of the guideline.
The non-functional requirements set out in Section 4.12 define system characteristics which
contribute to the success and long-term appeal of the BSS, e.g. performance, scalability. Security
measures are also addressed.
Section 4.13 provides guidance on the specifics of the hardware infrastructure supporting the BSS, on
user interface design considerations and on how to integrate the BSS with other type of software
applications.
BioReq v2.0 2012 35

1. Sample acquisition
Import Sample
from other collection
biobanks
2. Sample and
data management
Secure
Retrieval
storage
Data
publication Processing
3. Sample destruction and distribution
Destruction,
Distribution
loss, using up
Figure 1: Sample lifecycle processes
In addition to the requirements set out in this part, care must be taken to adhere to any national
regulations that may apply, including:
data protection acts;

accessibility guidelines;
domain specific standards depending on the type of samples managed by the BSS;
industry standards depending on the laboratory processes employed by the operating
organization.
4.1 Metadata Requirements

This section explains the treatment of metadata, i.e. data which describe the context, content and
structure of records and their management through time. Central to the BSS is the storage of sample
records, procedures and resultant research data, user data and related documents.

4.1.1 The BSS must be able to manage the following metadata properties (or MoReq2
BioReq v2.0 2012 36

metadata): 12.2.4,
(a) name or identifier; 12.2.8,
(b) value type; 12.2.13,
(c) entity type(s) which the metadata belongs to; 12.2.16,
(d) mandatory or optional; 12.2.17,
(e) system generated (e.g. Date of Creation, Identifier); 12.2.21,
(f) default value; 12.2.24.
(g) can be modified by user or user roles later;
(h) validation constraints.
4.1.2 The BSS must support the following metadata value types: Based on
(a) numeric, integer; MoReq2
(b) numeric, float; 12.2.5,
(c) text, string; 12.2.7,
(d) date (ISO 8601 compliant); ISO 8601
(e) Boolean: YES/NO.
4.1.3 The BSS must be able to sort values of the types listed in 1.1.2.
4.1.4 The BSS should be able to support the following metadata value types:
(a) file: to allow users to associate documents (e.g. scanned patient
consent forms), images (e.g. X-Ray images) etc. with entities;
(b) enumeration: to prevent errors, and for the management of types
which do not readily map onto value types listed in 1.1.2. , e.g.
MALE, FEMALE.
4.1.5 The BSS must be able to capture automatically the current date and time.
4.1.6 The BSS must be able to generate unique identifiers.
4.1.7 The BSS must not allow users to modify metadata values MoReq2
(a) generated automatically by the system; 12.2.23.
(b) if the metadatas properties (see 1.1.1., (g)) prohibit later
modification.
4.1.8 The BSS must allow authorized users to modify metadata values (except for
those which fall under the restrictions mentioned in 1.1.7.). When the user
modifies a metadata value, the BSS must store the following data:
(a) date and time of modification;
(b) previous value;
(c) user id of the user who initiated the modification.
The BSS must log the previous metadata value.
4.1.9 The BSS must be able to validate metadata when it is entered by users, and MoReq2
when it is imported. The validation mechanism must check the following 12.2.14.
constraints:
(a) value format (e.g. date format, number format);
(b) range of values permitted (e.g. age between 18 and 89);
(c) validation against a list of values maintained by an administrative
role.
4.2 Entity Types

Entity types capture the general characteristics of real world entities which are managed from within
the biobank, e.g. samples, equipment, storage units. For the purposes of the present discussion, not
only objects can be categorized into entity types, but abstract notions such as processes as well.
Particular occurrences of types in the physical world are referred to as instances.
In technical terms, entity types define which metadata describe particular instances of that real-
world type. For example, a sample type may prescribe that the system has to associate a unique ID
and the date of creation with samples. An instance or specific occurrence of an entity type in the BSS
BioReq v2.0 2012 37

is a record. A record, therefore, is the electronic equivalent of a physical entity. There is a one-to-one
correspondence between entities in the real world and records stored in the system.
A tissue sample with the code AA1234 is an instance of a sample type, and has a corresponding
record in the BSS which includes information about the sample kind (i.e. tissue) and also contains a
reference (it may be the code AA1234) to help identify the sample in the real world.
Entity types managed by the BSS may be grouped into the following categories:
Samples;
Patients;
Procedures and protocols;
Documents;
Equipment;
Collection sites;
Storage units;
Users.
GENERAL REQUIREMENTS
The following requirements apply to all entity types managed by the BSS.

4.2.1 The BSS must support the management of entity types. For each entity type, Based on
the following data should be stored: MoReq2
(a) entity type name (e.g. DNA sample); 12.2.3,
(b) entity type description; OECD
(c) set of compulsory and optional metadata.
4.2.2 The BSS must store the definition of entity types in a standard data format OECD
(e.g. XML Schema).
4.2.3 The BSS should allow authorized users to create custom entity types.
4.2.4 The BSS should allow administrative roles or authorized users to add new
metadata to existing entity types.
4.2.5 The BSS must support the following entity type categories:
(a) sample type;
(b) process type;
(c) document type;
(d) equipment type;
(e) storage unit type;
(f) user type (role).
4.2.6 The BSS must allow authorized users to create instances of existing entity
types. An instance of an entity type is a record.
4.2.7 For all records created in the BSS, the system must be able to capture the
following metadata:
(a) date of creation;
(b) ID of the user who created the record.
SAMPLES
The following requirements describe the specifics of sample types.

4.2.8 The BSS must support sample types whose metadata values are statistically
BioReq v2.0 2012 38

analysable. This entails that values are quantitative and can be mapped onto
numbers or clear-cut, predefined categories. E.g. height can be expressed as
a numeral value in cm or inches; sex can be mapped onto a two-member
category which comprises male and female.
4.2.9 The BSS must allow users to associate the following metadata with sample OECD,
records (sources are mentioned in brackets): ISBER
(a) sample type (mandatory; source: ISBER)
(b) bar code;
(c) ID (mandatory), and optionally bar code ID; (ISBER)
(d) batch number (OECD);
(e) biobank accession number (OECD);
(f) date of collection (mandatory, not necessarily the same as the date
of entering the data; ISBER)
(g) source (mandatory, possible values include donation and result of
an action)
(h) physical location (mandatory, ISBER);
(i) storage conditions (optional, OECD);
(j) storage instructions (optional, OECD);
(k) instructions on how to open ampoules or vials (optional, OECD);
(l) safety data sheet (optional, OECD);
(m) expected shelf-life (optional, OECD);
(n) information on retention and disposal (mandatory, OECD)
(o) sample authentication data (mandatory if relevant);
(p) sample validation data (mandatory if relevant);
(q) donor data (advisable, if relevant, ISBER)
(r) sample movement data (e.g. previous location, date of transfer,
person responsible etc.; advisable if applicable; ISBER).
4.2.10 The BSS must generate a system-wide unique ID for all biological samples.
4.2.11 The ID must not be changed.
4.2.12 The BSS should store the bar code ID of the samples. Bar code IDs may be: ISBER
(a) generated by the system;
(b) generated by an external application;
(c) assigned by a user.
4.2.13 Additional Information for Human Specimens (ISBER). In addition to the
information regarding specimen location, information relating to the
following should be maintained (if relevant and/or available):
(a) Donor information: Age of donor at the time of donation; gender,
occupation; race/ethnicity.
(b) Vitals: Height (cm), weight (kg), alcohol history, smoking history,
recreational drug history, special diet, date of last menstrual period,
date last follow-up, disease status at follow-up, cause of death
(c) Diagnosis: Site, histology, stage at diagnosis, date of diagnosis.
(d) Diagnostic procedures: Procedure, date of procedure.
(e) Type of treatment (e.g. chemotherapy, radiation, hormonal,
immunotherapy) prior to specimen donation.
(f) Surgical procedure information: Surgery, primary site, metastatic
site, stage of disease at time of surgery, diagnosis code (ICDO),
diagnosis text.
(g) Medical history: Drug name, dose/frequency, date started.
(h) Family history: Relationship, diagnosis, age at diagnosis.
(i) Clinical laboratory values (e.g. calcium, hemoglobin, etc.).
(j) Availability of other biological specimens (e.g. normal vs. diseased
tissue, other tissues, blood, buffy coat, and plasma, paraffin
BioReq v2.0 2012 39

embedded tissue, H&E slide, formalin fixed tissue, DNA, RNA, urine,
feces, saliva, ascites fluid, and synovial fluid) from the same donor.
4.2.14 Depending on the organizations needs, the following industry data OECD
standards may apply:
(a) DarwinCore/DiGIR (Distributed Generic Information Retrieval),
(b) ABCD (Access to Biological Collection Data) schema/BioCASE
(Biological Collection Access Service for Europe) for strain data,
(c) CCINFO (Culture Collection INFO) for the organizational information.
4.2.15 The BSS must support the management of sample types with any of the REC(2006)4
following anonymization status: Chapter I
(a) identifiable biological samples, including Article 3
I. identified samples;
II. coded samples;
III. linked anonymous samples;
(b) non-identifiable biological samples.
4.2.16 The BSS must treat the following data as identifying: ISBER
(a) names; Section
(b) postal address information, other than town or city, state, and ZIP L2.220
code;
(c) all elements of date except year;
(d) all ages above 89;
(e) telephone numbers;
(f) fax numbers;
(g) email addresses;
(h) social security numbers;
(i) medical record numbers;
(j) health plan beneficiary numbers;
(k) account numbers;
(l) certificate or license numbers;
(m) vehicle identifiers and license plate numbers;
(n) device identifiers and serial numbers;
(o) URLs;
(p) IP addresses;
(q) biometric identifiers;
(r) full-face photographs and any comparable images.
4.2.17 The BSS must not allow users to associate identifying data with non-
identifiable biological samples.
4.2.18 For identifiable biological samples, the BSS must allow users to:
(a) associate identifying data with the samples directly (identified
sample); or
(b) associate a unique code with each identifiable sample (coded or
linked anonymous sample).
DOCUMENTS
The BSS should be prepared to manage documents associated with the operation of the biobank.
Documents include digitally scanned documents and documents created with specific software
products (e.g. text editors, spreadsheet editors, reporting systems etc.). Examples of documents
include but are not limited to surgical pathology reports, H&E slide of representative portion of the
tissue, clinical lab reports, signed patient consent forms, manuals, and material transfer agreements.

4.2.19 The BSS should be able to store and present digitally scanned documents. ISBER
BioReq v2.0 2012 40

4.2.20 The BSS should be able to store documents created with specific software
products, e.g. text editors, reporting systems.
4.2.21 The BSS may support document management functions either by
(a) integrating an external electronic document management system
(EDMS), or by
(b) implementing these functionalities within the system.
4.2.22 The BSS should associate the following metadata with documents:
(a) title (name of the document);
(b) file name;
(c) path;
(d) date of creation;
(e) author.
EQUIPMENT AND STORAGE

Section 2.6 provides an in-depth treatment on what requirements apply to the management of
equipments employed in biobanks. The following requirements describe what metadata need to be
stored in equipment records.
4.2.23 The BSS must allow authorized users to maintain records of each item of ISO17025
equipment.
4.2.24 The BSS must allow authorized users to associate the following metadata
with equipment:
(a) serial number or other unique ID;
(b) manufacturer's name;
(c) type identification;
(d) current location if relevant;
(e) references to manuals if available;
(f) references to calibration and adjustment reports if available;
(g) due date of next calibration
(h) maintenance plan if relevant and maintenance carried out to date;
(i) references to compliance check reports;
(j) record of any damage, malfunction, modification or repair to the
equipment.
4.2.25 Equipment calibration and adjustment reports must include the following
metadata:
(a) date of calibration or adjustment;
(b) result of calibration or adjustment;
(c) acceptance criteria;
(d) the report itself or a reference to the document.
4.2.26 The biobank system should allow users to define unique identifiers for: ISBER
(a) freezers,
(b) refrigerators,
(c) room temperature storage cabinet.
4.2.27 The BSS should allow users to define numbering schemes for the
identification of physical specimen location (e.g. shelves, racks, boxes).
USERS
This section lists only the compulsory metadata associated with user records; for an in-depth
treatment of users, user roles and the BSS access control model see Section 4.7.
4.2.28 The BSS must be able to store and manage user profile data, which includes
the following:
BioReq v2.0 2012 41

(a) name (as used on ID);
(b) e-mail address;
(c) user name;
(d) user id;
(e) role.
4.2.29 The BSS should allow users to associate the following metadata with their
profile:
(a) address;
(b) phone number;
(c) marital status.
PROCEDURES
Records of procedures are also managed by the BSS. The following requirements specify the
management of procedure records.
4.2.30 The BSS must support the management of information related to the OECD
following sample lifecycle processes:
(a) sample acquisition, including sample collection and receipt of
samples from other institutions;
(b) storage of samples and associated data;
(c) processing of samples;
(d) disposition and transfer or distribution of samples.
4.2.31 The BSS must provide built-in workflows for the management of sample
lifecycle processes.
4.2.32 The BSS may allow administrative roles to customize BSS workflows.
4.3 Sample Acquisition

Samples may be collected from donors who are willing to participate in research or may be
transferred from other institutions.
SAMPLE COLLECTION: INFORMED PATIENT CONSENT

As specified in Section 1.2, the BSS has to be prepared to manage patient consent agreement forms
as well as the alteration and withdrawal of consents.
4.3.1 The BSS must allow users to upload and associate signed informed patient ISBER
consent forms (e.g. as scanned documents) with biological sample records. L1.000,
NCI Ch. III
Art. 2A.
4.3.2 The BSS should support the creation of informed patient consent form NCI Ch. III
templates which: Art. 2A.1-
(a) are in a language understandable to the subject or their 2,
representative; ISBER
(b) list the research projects for which the biological samples given by
the subject will be used;
(c) address the future use of the samples (including commercial use and
unspecified use);
(d) provide information about the release of individual research results;
(e) provide information about consent withdrawal or later modification.
4.3.3 The BSS should allow users to print the informed patient consent form
templates stored in the system.
4.3.4 The BSS must support the withdrawal of patient consents by the patient or REC
their legal representative. Upon withdrawal of a consent, the BSS must (2006)4
BioReq v2.0 2012 42

(a) make the sample records affected by the consent unavailable to Ch. IV Art.
research purposes enlisted in the withdrawn consent if the user has 15.1, 15.2
not requested the destruction or anonymization of their samples;
(b) delete the sample records affected by the consent and ask the user
to destroy the samples if the patient has requested that their
samples be destroyed;
(c) anonymize the sample records affected by the consent if the patient
has requested that their samples be rendered anonym.
4.3.5 The BSS must allow authorized users to alter the scope of patient consents REC
according to the patients or their legal representatives requests. The BSS (2006)4
must update the availability of the sample records affected by the modified Chapter
consent in line with the research purposes enlisted in the consent. IV Article
15.1
4.3.6 The BSS may notify the Biobank Director or a user appointed by the Director ISBER
that the annual review of patient consent forms is due.
RECORDING SAMPLE DATA

By default, the BSS does not offer the opportunity for users to enter identifying data. Recording
identifying data is subject to strict regulations.
4.3.7 The BSS must allow authorized users to enter new biological sample records.
4.3.8 When entering a new biological sample record, the BSS must
(a) require that users select the appropriate sample type, including
information about whether the sample record should be identified
or non-identified (anonymization status);
(b) allow users to fill in all the mandatory and optional metadata fields
defined by the selected sample type and anonymization status.
4.3.9 The BSS must not allow users to enter identifying metadata for non- REC(2006)
identified sample records. 4 Ch. I
Art. 3
4.3.10 The BSS must require that upon entering identifying metadata for REC(2006)
identifiable (identified, coded and linked anonymous) sample records users 4 Ch. II
justify the storage of protected health information. Art. 8.2,
ISBER
L2.210
4.3.11 The BSS must warn the user who creates a new sample record to fill in all
the required metadata fields.
4.3.12 In case required information is not available to the user at the time of
record creation (e.g. depends on the outcome of the sample validation
process, or can only be determined by another user who is qualified for the
task), the BSS should allow the user to
(a) fill in some of required metadata at a later point in time; or
(b) delegate the task of providing the missing data to another user who
has the required information.
4.3.13 The BSS must be able to record the following required metadata
automatically for new sample records:
(a) unique collection number (ID);
(b) date and time of creation;
(c) user initiating the record creation process.
4.3.14 The following principles apply to sample IDs: ISBER
(a) The BSS must be able to generate a unique collection number (ID) to
each biological sample or allow the allocation of such by authorized
BioReq v2.0 2012 43

users.
(b) Sample IDs must not be reassigned even after the sample and its
data have been destroyed.
(c) The identifier may reflect the date of collection, the sample type, or
its physical location.
4.3.15 The BSS must allow authorized users to associate donor information (clinical NCI
and epidemiological data) with sample records, e.g. through the use of an ID
or barcode.
4.3.16 All data entered by users must be validated according to predefined
constraints (see Section 11.4).
SAMPLE IMPORT
This section summarizes the requirements on recording information about the receipt of samples
from other institutions. For the import of sample data see Section 4.13, Data Export and Import.

4.3.17 In addition to compulsory sample data described in the BSS data model, the OECD
BSS must allow users to enter the following data when importing biological
samples from other institutions:
(a) name or other identifier;
(b) depositors name and address;
(c) source, substrate or host from which the biological material was
isolated or derived (where identified) and date of isolation;
(d) geographical origin of material (the minimum requirement is the
country of origin or the furnisher of the source, substrate or host);
(e) depositors biological material number or other collection
number(s), if deposited elsewhere;
(f) growth media and conditions, cell preservation or storage
conditions where known;
(g) hazard information, e.g. in the form of a safety data sheet.
4.3.18 The BSS must provide a consistent numbering scheme for the identification
of imported biological samples. In order to achieve this, the BSS may
(a) append the imported identifier to a system-generated ID;
(b) keep the old identifier as a separate metadata value, and generate a
new ID.
4.3.19 The BSS should be able to store the shipping records (shipping log) which ISBER
document biological sample arrivals, and associate these records with the
samples they accompany..
4.3.20 If the institution from which the samples have been imported uses an
electronic sample management system, the BSS should be able to import
the electronic records of imported samples (see Section 4.13).
SAMPLE VALIDATION/AUTHENTICATION
Sample validation or authentication is the process of confirming the identity of the biological
material by a competent person. Validation usually precedes the preservation of the sample. It is
desirable that the BSS should support sample validation by allowing users to enter the details of the
validation and generate validation reports.

4.3.21 The BSS should support the validation of biological samples by allowing OECD,
users to record details of the validation process, including the following ISO17025
data:
BioReq v2.0 2012 44

(a) location of the validation;
(b) list of items validated;
(c) customer name and address;
(d) date of receipt of items to validate;
(e) date of validation;
(a) type of action carried out on the sample (e.g. purity check, quality
check, identity check);
(f) reference to sample plans and procedures where relevant;
(g) validation results with units of measurement;
(h) any abnormalities observed
(i) person responsible for the validation results.
4.3.22 The BSS should be able to generate sample validation reports (also known as ISO17025
authentication reports or certificates), which should include the following
data:
(a) title;
(b) name and address of biobank and location of the validation if
different;
(c) unique report ID, the same put on each page;
(d) end of report indication;
(e) list of items validated;
(f) customer name and address;
(g) date of receipt of items to validate;
(h) date of validation;
(i) reference to sample plans and procedures where relevant;
(j) validation results with units of measurement;
(k) statement of scope;
(l) name, function and signature of the person authorizing the report.
4.4 Sample and Data Management

From the perspective of the BSS, the management of samples comprises the management of sample-
related data. This section addresses the following issues:
storing sample data;

anonymization of samples;
data access restrictions;
recording sample retrieval;
processing samples for research purposes;
data publication.
STORAGE
Requirements on recording data (see Section 2.2) guarantee that the storage of sample records
adheres to privacy protection regulations. This section provides requirements that biobank software
systems must fulfil in order to track the physical location of samples, their storage conditions and
information about their movement.

4.4.1 The BSS must be able to track the physical location of samples by allowing ISBER,
users to associate the following data with samples: MoReq2
(a) location; 10.1.1.
(b) container.
If the containers metadata include information about the containers
BioReq v2.0 2012 45

location, the BSS is not required to store the location of the sample
separately.
4.4.2 The BSS should allow users to include the following data in sample records: OECD
(a) storage conditions;
(b) storage instructions;
(c) safety data sheet.
4.4.3 The BSS must allow users to record the procedures by which the samples OECD
have been preserved (see Section 3.5. on recording information about
methods and procedures).
4.4.4 The BSS must allow authorized users to enter and maintain metadata (as MoReq2
specified by the data model) about physical containers. These data include: 10.1.2.,
(a) location; 10.1.7.
(b) type of container or storage unit (e.g. freezer, shelf);
(c) storage capacity.
4.4.5 The BSS should allow users to record problems with any individual container ISBER
and sample, such as: no visible specimen, volume significantly less than
documented in inventory system, container is cracked, label missing or
unreadable.
4.4.6 The BSS must be able to list the records of biological samples stored in a MoReq2
physical container. 10.1.6.
4.4.7 The BSS must allow users to track the movement of biological samples by MoReq2
recording the following data: 10.1.18.
(a) current location;
(b) a predefined number of previous locations;
(c) date moved from last location;
(d) date received at current location;
(e) person responsible for the move.
The BSS must also record these data in the log.
4.4.8 The BSS should allow users to print labels for the identification of biological OECD,
samples. The labels should include the following data: ISBER,
(a) barcode; MoReq2
(b) batch date or number; 10.1.21.,
(c) biobank accession number; 10.1.22.
(d) normal storage location (if not included in (b) and (c));
(e) expiry date;
(f) indication of any hazard.
4.4.9 The BSS must store sample records in a standard, preferably open format OECD
chosen by the organization.
4.4.10 The BSS should store entity and metadata names in (UK or US) English. Care OECD
must be taken to ensure that no metadata value is lost or corrupted if users
enter characters outside the standard ASCII character set (e.g. national
language characters).
4.4.11 The BSS must distinguish between a working database and one or more OECD
archive databases. The working database must contain records of samples
that are physically managed by the BSS. The archive database contains
records of samples which have been disposed of or transferred to other
institutions (see Chapter 4). Archive databases may contain duplicates of
working sample records.
BioReq v2.0 2012 46

ANONYMIZATION
Anonymization is the process of removing all identifying data (also known as protected patient data
from sample records. Anonymization may be requested by patients at any time as specified in
informed patient consult forms.

4.4.12 The BSS must support the anonymization of samples in the following ways: ISBER
(a) removal of identifying data; L2.210
(b) justification by a qualified statistician that the risk of finding out the
identity of the patient based on their data stored in the system is
very small.
4.4.13 For coded and linked anonymous sample records, the BSS must remove the
link between the sample record and the identifying data. If the identifying
data are managed by the system, the BSS must delete these data.
4.4.14 The BSS should support the review of anonymization, i.e. it should allow a REC(2006)4
suitably authorized user to confirm that all the necessary data have been Ch. 6 Art.
removed, or the justification provided by the statistician is plausible. 23.2
4.4.15 The process of anonymization and its review must be automatically logged
by the system.
DATA ACCESS
Access to records is subject to the following rules.

4.4.16 The BSS must be able to make records available to users subject to access NCI Ch.III
restrictions based on BSS roles, which comply with the organizations Art. 2A.3,
policies for data access. OECD
4.4.17 The BSS must allow authorized users to access all
(a) sample records;
(b) procedure records;
(c) documents;
(d) equipment records;
(e) storage unit records; and
(f) user records
for which the users have the required permission.
4.4.18 For coded samples, the BSS must allow users to access identifying metadata ISBER
only upon specific request. If users request to view identifying metadata, the L2.200
BSS must require that users sign an explicit agreement that they will treat
protected health information confidentially.
4.4.19 When accessing unidentified samples records for the first time, the BSS must REC(2006)4
require that users sign an explicit agreement that they will not seek Chapter 6
information about the subjects identity. Article 23.2
4.4.20 When accessing records, the BSS must make accessible all or selected
metadata elements of the record (see Chapter 9, Presentation of Entities).
4.4.21 The BSS must be able to list records which satisfy user-defined criteria.
4.4.22 If the BSS supports paid access to records, it must allow customers to choose
from a combination of the following payment options:
(a) subscribe for a set period of time;
(b) subscribe to a specified set of records;
(c) pay per record access.
4.4.23 The BSS must track record access by subscribed customers.
4.4.24 The BSS should be able to generate invoices based on record access
BioReq v2.0 2012 47

information.
SAMPLE RETRIEVAL
Samples may be retrieved either temporarily, or permanently for transfer. The transfer of samples is
covered in Section 4.5. This section deals with requirements on sample retrieval requests and the
management of temporary retrievals.

4.4.25 The BSS must track all requests for sample retrieval. This includes recording
the following data:
(a) date of request;
(b) list of samples requested;
(c) person who requested samples;
(d) purpose of retrieval;
4.4.26 The BSS must allow authorized users to approve, partially approve or reject
sample requests.
4.4.27 The BSS must be able to track the temporary retrieval of samples by MoReq2
allowing authorized users to record the following data: 10.1.10.,
(a) date of retrieval; 10.1.16.,
(b) person who retrieved the sample; 10.1.19.
(c) purpose of retrieval;
(d) optionally, the expected date of return.
4.4.28 The BSS should allow an authorized user to confirm that all and only the
requested samples have been retrieved.
4.4.29 The BSS must allow users to record the return of biological samples to their MoReq2
location. Authorized users must be able to record the following data: 10.1.16.,
(a) date of return; 10.1.19.
(b) person who returned the sample;
(c) any changes to the sample (e.g. change in quantity if the sample has
been partially used up, record of procedures carried out on the
sample).
4.4.30 The BSS should allow another user to confirm that all and only the retrieved
samples have been returned. This may be part of an audit process.
PROCESSING SAMPLES FOR RESEARCH PURPOSES

In a typical biobank environment, various kinds of procedures are carried out on samples for a range
of purposes. Examples of such procedures include sampling, validation methods, preservation
procedures, thawing etc. Since the description of all the possible procedures that may be applied at
different institutions extends the scope of the present guideline, this section sets out the general
requirements on what functionalities a BSS has to provide to help users manage procedures.

4.4.31 The BSS must allow authorized users to associate sample processing data NCI
with the original sample.
4.4.32 The BSS must be able to manage the following data about procedures (i.e. ISO17025
procedure types):
(a) name;
(b) description;
(c) type of samples that the procedure applies to;
(d) parameters;
BioReq v2.0 2012 48

(e) equipment required;
(f) reference materials;
(g) environmental conditions;
(h) stabilization period if needed;
(i) criteria for approval or rejection;
(j) data to be recorded and method of analysis and presentation;
(k) uncertainty.
4.4.33 The BSS must allow authorized users to modify the metadata of procedure
types if necessary.
4.4.34 The BSS should allow users to define custom procedures.
4.4.35 Each time a procedure is applied, the BSS must allow authorized users to
record the following data:
(a) date;
(b) person responsible for executing the procedure;
(c) samples affected;
(d) specific equipment used;
(e) specific parameters;
(f) any relevant observations;
(g) results;
(h) a statement that the procedure is fit for its use;
(i) procedure validation details if the procedure has been used outside
of its intended scope.
4.4.36 The BSS must restrict the modification of specific procedure records to
administrative roles only. This measure helps prevent the corruption of
procedure results and conditions.
4.4.37 If new biological materials are extracted during a procedure, the BSS must
allow users to enter and maintain the metadata of the new samples
according to the requirements outlined in Section 2.2. The BSS must be able
to link the new materials to the original sample.
DATA PUBLICATION
International regulations (e.g. NCI, OECD) demand that research data developed using biological
samples should be made available to the research community. This section suggests BSS functions
which support the publication of results.

4.4.38 The BSS must support the publication of research results which fall into the
scope of legal obligations. Support of publication may refer to any of the
following solutions:
(a) generation of research reports based on selected records and data,
which are then published by authorized personnel;
(b) automatic publication of selected research results.
4.4.39 The BSS should update regularly (as specified by the organization) published OECD
research results.
4.5 Sample Retention and Distribution

The BSS should be set up to support the theoretically permanent preservation of sample records.
A sample may get out of the scope of the biobank in one of the following ways:
transfer to other institutions (distribution);

destruction upon the subjects request;
BioReq v2.0 2012 49

loss.
SAMPLE RETENTION
The retention schedule defines how long samples and associated sample records have to be kept by
the BSS. Lack of resources (e.g. insufficient number of freezers) or other conditions (e.g. shelf life)
may require that samples should be destroyed or transferred to other institutions when their
predefined retention period expires. Sample records, however, must not necessarily be destroyed
with samples. It is preferable to keep sample records permanently unless regulations or transfer
agreements demand otherwise.

4.5.1 The BSS must follow the national and organizational policies on sample and NCI Ch. III
data retention. Art. 2A.7
4.5.2 The BSS must allow authorized users to associate retention schedules with: MoReq2
(a) individual sample records; 5.1.1.,
(b) sample types. 5.1.19.
The retention schedule includes a retention period or a disposition date for
the sample(s) represented by the record(s).
4.5.3 The BSS should allow authorized users to justify the retention schedule 5.1.21.
assigned to a sample record.
4.5.4 The BSS must ensure that every sample record has exactly one retention MoReq2
schedule. In other words, the BSS must not allow users to attach multiple 5.1.10.,
schedules to a single record. If conflicting demands arise (e.g. the sample 5.1.12.
type requires a different retention period than the research in which
selected samples will be used), users have to decide which retention period
to apply.
4.5.5 The BSS should allow authorized users to assign a retention period and its
justification to a selection of sample records in one operation.
4.5.6 The BSS must allow authorized users to modify retention schedules attached
to sample records.
4.5.7 The BSS must ensure that any changes to the retention schedule of samples MoReq2
are immediately applied. 5.1.7.
4.5.8 The BSS must require that the authorized user who changes a retention MoReq2
schedule should enter a reason. The BSS must log the reason. 5.1.8.
4.5.9 The BSS must preserve sample records for at least as long as the biological OECD
sample is managed by the BSS.
4.5.10 The BSS should be able to preserve biological sample records permanently if NCI Ch. III
resource and storage space are sufficient. Art. 2A.7
4.5.11 The BSS must allow authorized users to maintain information about how the MoReq2
samples should be disposed of. Possible disposal actions may include: 5.1.24.
(a) do not dispose of, preserve permanently;
(b) present for review;
(c) destroy;
(d) transfer to another institution.
4.5.12 The BSS should allow authorized users to justify the disposal action assigned MoReq2
to a sample record. 5.1.20.
4.5.13 The BSS should allow authorized users to assign a disposal action and its
justification to a selection of sample records in one operation.
4.5.14 The BSS should automatically notify an authorized user when any disposal MoReq2
action becomes due. 5.1.30.
4.5.15 The BSS should allow the notified user to delegate the disposition task to MoReq2
BioReq v2.0 2012 50

another user. 5.1.31.
4.5.16 Possible outcomes of a disposition review may include one of the following
actions:
(a) change the retention period;
(b) initiate the destruction or transfer of the sample.
SAMPLE DESTRUCTION
In rare instances, samples must be destroyed (possible reasons include lack of storage capacity or
sample degradation). This section comprises requirements which address the following questions:
How can a BSS support the sample destruction process?

How should the BSS manage records associated with the destroyed samples?

4.5.17 The BSS should allow authorized users to enter and maintain information
about how samples should be destroyed.
4.5.18 The BSS must support the sample destruction process by allowing users to
record the following data (see also 3.5.5):
(a) date;
(b) person responsible for executing the procedure;
(c) samples affected;
(d) specific equipment used;
(e) specific parameters;
(f) any relevant observations.
Note. These data may be recorded when executing a procedure (as defined
in Section 3.5) for the destruction of samples.
4.5.19 The BSS must be able to associate sample destruction records with records
of the samples destroyed.
4.5.20 The BSS must preserve records of destroyed samples for at least ten years. ISBER
4.5.21 Once a sample has been destroyed, the BSS must clearly indicate that the
sample represented by the sample record no longer exists.
4.5.22 The BSS must not allow users to modify records of destroyed samples.
SAMPLE TRANSFER
This section covers requirements pertaining to the transfer of samples to other institutions, including
the selling of samples. The BSS is expected to support all the phases of sample transfer from
preparation through review to generating shipment logs.
4.5.23 The BSS must keep record of all biological sample transfers. Records of OECD,
transfers must include the following data: ISBER
(a) shipment/invoice ID;
(b) list and number of samples to transfer;
(c) method of shipment;
(d) date of shipment;
(e) name and address of the receiving party;
(f) shipment receipt if recorded delivery, courier or similar shipping
mechanisms are used.
4.5.24 The BSS should present for inspection informed patient consents associated NCI,
with the samples that will be transferred to ensure that transfer is REC(2006)4
consistent with the consent and allowable use of materials.
4.5.25 The BSS should be able to store transfers agreements (Material Transfer
Agreements, Letter Agreements), and allow authorized users to associate
BioReq v2.0 2012 51

agreement documents with transfer records.
4.5.26 The BSS must record the retrieval of samples for transfer and the ISBER
confirmation of retrieval as specified in Section 3.4.
4.5.27 The BSS must not allow users to modify shipment records.
4.5.28 The BSS must not show customer information directly when viewing OECD
shipment records.
4.5.29 The BSS should allow authorized users to print labels for samples that will be ISBER
transferred. The label should include the following data (if available and
space permits):
(a) unique identifier (not to be included if the receiving laboratory
needs to do a blind test);
(b) barcode;
(c) name or id of the sender institution.
4.5.30 The BSS should allow authorized users to print the records of all the samples
that will be transferred in one single operation.
4.5.31 The BSS should allow authorized users to export records of samples that will
be transferred.
4.5.32 If the transfer agreement permits, the BSS should preserve records of ISBER
transferred samples for at least ten years.
EXCEPTIONAL SAMPLE DISPOSITION

This section covers the features that a BSS has to provide to tackle exceptional sample disposition
actions which arise when samples are lost or used up, the biobank suspends it operation, or patients
withdraw their consent.

4.5.33 If a sample is missing, the BSS must allow users to OECD
(a) indicate within the sample record that the sample is no longer
available;
(b) print the sample record in order to store on file.
4.5.34 If a sample is missing, the BSS should allow users to produce a deviation ISBER
report to indicate that samples managed by the BSS could not be located.
4.5.35 If a sample is used up, the BSS must allow users to indicate within the
sample record that the sample is no longer available.
4.5.36 Records of samples which are no longer available must be removed from the
working database and transferred to the archive database.
4.5.37 If a biobank must close due to lack of funding or otherwise cannot maintain NCI
or use its samples, the BSS must support the distribution of samples by
allowing users to transfer the samples and related records.
4.5.38 If a patient withdraws their consent and demands the destruction of
samples donated, the BSS must allow users to
(a) record that the patient consent has been withdrawn;
(b) initiate the sample destruction process;
(c) delete the sample records.
The BSS must log the destruction of the samples.
4.6 Support of Laboratory Processes

Depending on the size and needs of the operating organization, the BSS may be required to track
laboratory processes, including the maintenance and regular safety check of equipment, storage
units and room conditions.
BioReq v2.0 2012 52

4.6.1 The BSS must allow authorized users to record information about each item ISO17025
of equipment (see the BSS Data Model on what data may be recorded for
equipment).
4.6.2 The BSS should allow authorized users to record details of ISO17025
(a) equipment calibration;
(b) equipment adjustments;
(c) acceptance criteria.
4.6.3 The BSS should allow authorized users to manage equipment maintenance ISO17025,
actions, including OECD
(a) the maintenance plan;
(b) record of maintenance actions, including but not limited to repair,
cleaning and decontamination.
4.6.4 The BSS should allow users to record incidents involving safety of personnel NCI,
and corrective actions. ISBER
4.6.5 The BSS must allow users to record the function and temperature of each ISBER
storage unit.
4.6.6 The BSS must allow users to record information about the processing of OECD
waste.
4.6.7 The BSS should be able to produce reports on
(a) equipment maintenance actions;
(b) incidents involving safety of personnel;
(c) storage unit function and temperature;
for a given time period (e.g. last month, last year). See also Chapter 10 on
BSS report generation features.
4.7 User Management

Any person who has access to the BSS is a user from the systems perspective, and as such has a user
profile which describes the person (e.g. name, address) and defines what actions they are entitled to
perform in the system. Since donors cannot access the BSS, they are not BSS users and cannot have
user profiles.
Instead of granting permissions to individual users, it is preferable to set up roles or user groups for
allocating permissions to users. When users are assigned to roles or groups, they get access to all the
entities and features that their roles or groups permit. Managing permissions at the group level is
more efficient and less error-prone than allocating the very same set of permissions to users who
perform similar tasks in the system; it also makes creating new users faster. Roles typically represent
jobs, e.g. Manager, Clinical Worker, Systems Operator, whereas optional user groups represent
departments or working groups.
It is acceptable for administrative roles to manage users, roles and user groups by means of separate
directory management software. Note, however, that administrative roles only implement, from a
system perspective, policy decisions taken by more senior management.
USER PROFILES
Every BSS user has a user profile which (1) identifies the user, and (2) defines the permissions the
user is granted in the system. Modifying profile permissions is the privilege of administrative roles.

4.7.1 The BSS must support the management of
(a) individual users,
(b) roles.
BioReq v2.0 2012 53

4.7.2 The BSS should support the management of user groups. MoReq2
4.1.12.
4.7.3 Users, roles and user groups must have a user profile. The profile MoReq2
(a) contains the properties (e.g. Name, Address) of the user, role or user 4.1.10.
group that the profile represents,
(b) defines the associated permissions.
4.7.4 Permissions in the BSS must contain the following data: MoReq2
(a) Applies To: user, role or user group to which the permission applies; 4.1.2.,
(b) Action: action permitted; 4.1.4.
(c) Valid From, Valid To: specified period of time during which the user
is permitted to perform the action.
4.7.5 The BSS must allow administrative roles to use permissions to: MoReq2
(a) restrict access to specific entity types; 4.1.5.,
(b) restrict access to BSS functions. ISBER,
Permissions are granted in accordance with the job descriptions provided by ISO17025,
the Biobank Director. NCI Ch. III
Art. 2A.3
4.7.6 The BSS must allow administrative roles (and only administrative roles) to MoReq2
create new user profiles (i.e. new users, roles or user groups). 4.1.16.,
4.1.18.,
4.1.20.
4.7.7 The BSS must allow administrative roles to manage user profiles. The MoReq2
management of profiles includes: 4.1.4.,
(a) modification of profile metadata (e.g. Name, Description); 4.1.18.
(b) addition of new permissions to the profile;
(c) deletion of permissions;
(d) modification of permissions.
manage users. The management of users includes the following functions: 4.1.7.,
(a) manage the associated profile; 4.1.16.,
(b) add user to role; 4.1.18.,
(c) remove user from role; 9.1.5.
(d) add user to user group;
(e) remove user from user group.
manage roles. The management of roles includes the following functions: 4.1.7.,
(f) manage the associated profile; 4.1.11.,
(g) add user to role; 4.1.16.,
(h) remove user from role. 4.1.18.,
4.1.20.,
9.1.5.
4.7.10 The BSS should allow administrative roles (and only administrative roles) to MoReq2
manage user groups. The management of user groups includes the following 4.1.7.,
functions: 4.1.16.,
(a) manage the associated profile; 4.1.18.,
(b) add user to user group; 9.1.5.
(c) remove user from user group.
4.7.11 The BSS must distinguish between the following two types of roles:
(a) administrative role;
(b) user role.
4.7.12 When an administrative role adds a user to a role or a group, the BSS must
grant all the permissions of the specified role or group to the user. When
BioReq v2.0 2012 54

removing a user from the role or group, the BSS must take away those
permissions from the user that only the removed role or group had.
4.7.13 The ERMS must restrict systems functions and related events to MoReq2
administrative roles only. Examples of system functions are backup, system 4.1.15.
performance monitoring and network settings.
4.7.14 The BSS must allow users to view their individual profiles and the profiles of
those roles or groups that they are assigned to.
4.7.15 The BSS should allow users to modify their non-defining metadata. Examples
of non-defining metadata are address, e-mail address, qualifications etc.
Defining metadata (name, place and date of birth, mothers maiden name)
uniquely identify the user, the modification of these data is therefore
subject to strict security policies.
CUSTOMER MANAGEMENT
Large organizations have an extensive customer base and demand basic customer relationship
management operations. Based on the type of access to the BSS, biobank customers may be grouped
into the following two classes:
(1) Subscribed customer: the customer gets a user account and access to a specified range of
BSS features;
(2) Non-subscribed contractual partner: the customer is not allowed to access the BSS but
stands in a contractual relation with the operating organization, e.g. sells biological
samples, provides statistical analysis, orders samples etc.
In an ideal case, the BSS is able to manage both classes of customers. However, it is also acceptable if
the BSS relies on a CRM product for customer management features.

4.7.16 The BSS should allow Managers to maintain a fee structure for subscribed
customers which comprises the following elements:
(a) service paid for;
(b) subscription period;
(c) fee.
See also 3.3.7.
4.7.17 If the BSS manages subscribed customers, it must ensure that the same
access control rules are applies as to BSS personnel.
4.7.18 The BSS should be able to store invoices issued by and addressed to the
operating organization.
4.7.19 The BSS should allow Managers to enter and maintain information about
contractual partners.
TRAINING AND QUALIFICATION

By tracking the qualifications and skills of users, the BSS may ensure that no procedure is carried out
by incompetent persons. It may also be desirable for the BSS to track biobank personnel trainings,
and notify management when an update of skills is due.

4.7.20 The BSS must track the relevant qualifications of users involved in the ISO17025
lifecycle of biological samples in their user profiles. Qualifications include:
(a) educational qualifications,
(b) professional qualifications,
(c) trainings (including compulsory safety and fire drill practices),
BioReq v2.0 2012 55

(d) competence,
(e) skills.
4.7.21 The BSS must be able to store the dates the qualifications were attained if ISO17025
applicable.
4.7.22 The BSS may notify management or issue a warning if a user wants to
perform an operation without having the necessary qualifications or skills
recorded in the system.
4.7.23 The BSS may notify the Biobank Director or other suitably authorized
personnel if regulations demand that users must attend a compulsory
training (e.g. safety) within a predefined time period (e.g. one month).
4.7.24 The BSS may allow authorized users to enter and maintain information on
upcoming trainings.
4.8 Search
Search is the process of locating records and finding data within the BSS based on user-defined
criteria. In the BSS, search is the primary means of accessing records.

4.8.1 The BSS must provide a search function which allows users to search for any MoReq2
type of entity and their associated metadata. 8.1.2.
4.8.2 The BSS must support the following search criteria elements: MoReq2
(a) entity type; 8.1.3.,
(b) any combination of metadata elements (search terms) applicable to 8.1.8.
the selected entity type;
(c) database or scope (see 7.1.1).
4.8.3 The BSS must allow users to select the target database of the search. By
default, the BSS looks for entities in the working database (see 3.1.11).
4.8.4 The BSS search function must allow the use of the following Boolean MoReq2
operators: 8.1.13.
(a) AND;
(b) OR;
(c) NOT;
in any valid combination to combine an unlimited number of search terms.
4.8.5 When searching for entity types that have text files attached (e.g. analysis
reports), the BSS must allow users to search by terms in the file content.
4.8.6 The BSS must support the following search operators for numeric and date
values:
(a) greater than;
(b) lower than;
(c) equals.
4.8.7 The BSS must support the following operators for string values during
search:
(a) contains;
(b) equals.
4.8.8 The BSS search function should support partial match and wild card MoReq2
searching that allows for forward, backward and embedded expansion for 8.1.21.
values. The following two wildcards should be supported:
(a) * (asterisk), represents any number of characters;
(b) ? (question mark), represents one character.
4.8.9 The BSS search function should allow users to customize which metadata
elements should be present in the result list.
4.8.10 The BSS may allow users to save and re-use search criteria. MoReq2
BioReq v2.0 2012 56

8.1.26.
4.8.11 The BSS must display the total number of items found as a result of the MoReq2
search, and display the search results (the result list, or hit list). 8.1.10.
4.8.12 No BSS search function must ever reveal to a user any information where MoReq2
the access and security controls prevent access by that user. More 8.1.1,
specifically, if a user requests access to, navigates to, or searches for any 4.1.22,
object which the user does not have the permission to access, the BSS must 4.1.23.
provide no information about the object, thus providing no indication of
whether the object does or does not exist.
4.8.13 The BSS must allow users to customize the result list, including:
(a) the number of hits displayed on the screen per view;
(b) the ordering of the results (ascending or descending) by any of the
metadata displayed.
4.8.14 The BSS should allow users to refine (i.e. narrow) a search without having to MoReq2
re-enter the search criteria. 8.1.11.
4.9 Presentation of Entities

A BSS may store electronic entities in different formats. Formats include the proprietary or open
format used by the biobank to represent entity types, and the various file formats which may be
associated with samples, donors, equipment and other entity types, e.g. X-Ray images, patient
consent forms, equipment manuals.

4.9.1 The BSS must be able to display entities of any entity type managed by the
system (e.g. sample type, analysis type). Displaying an entity involves the
presentation of the entitys metadata elements and their values subject to
access control regulations.
4.9.2 Whenever a user reaches a view that indicates the existence of an entity, MoReq2
the BSS must be able to present its contents (if applicable) and its metadata 7.5.1.
by a mouse click or keystroke.
4.9.3 The BSS must be able to present the following file formats without launching
an external application:
(a) Image formats: BMP, JPEG, JPG, GIF, PNG;
(b) Archival format: PDF;
(c) Plain text: TXT;
(d) Web pages: HTML.
4.9.4 The BSS may be able to present video and audio formats without launching
an external application.
4.9.5 For other formats, the BSS must allow the user to view the entity with an MoReq2
external application installed on the users computer. E.g. OpenOffice 7.5.2.
documents.
4.10 Printing
The biobank must provide printing facilities which allow users to obtain printed copies of printable
entities, their metadata, reports, and other administrative information.

4.10.1 The BSS must support at least the following printing features: MoReq2
(a) use of configured printer (may be pre-configured by an 7.6.
administrator, or chosen by the user before printing);
(b) page numbering;
(c) dated headers or footers.
BioReq v2.0 2012 57

4.10.2 The BSS must allow users to print multiple copies of the same material
without launching the printer again.
4.10.3 The BSS must allow users to print entities of any type defined in the system MoReq2
(e.g. sample type, procedure type). The printed copy includes all or specified 7.6.2.
metadata elements that are accessible to the user.
4.10.4 The BSS must allow users to print selected metadata for a selection of MoReq2
entities (e.g. hit list) in a table format. 7.6.3.
7.6.4.
4.10.5 The BSS should allow users to print all the entities from a search result list in MoReq2
one operation. 7.6.7.
4.10.6 The BSS must allow administrative roles to print all or part of the log. MoReq2
7.6.18.
4.10.7 The BSS must be able to print files in formats specified by the organisation. MoReq2
Printing must: 7.6.19.
(a) preserve the layout produced by the generating application
package(s);
(b) include all the printable files of the entity with the given format.
4.10.8 The BSS should be able to print labels to identify samples. The label printing
feature
(a) must allow users to select which metadata to print on the label;
(b) must provide a default selection of metadata that will be printed on
the label.
4.10.9 By default, the BSS label printing feature should print the following data on OECD
labels:
(a) unique identifier;
(b) barcode;
(c) expiry date;
(d) hazards;
(e) organization details (e.g. institute name) for samples that will be
shipped.
4.11 Audit
The BSS must provide features which allow managers and auditors to monitor the BSS to ensure that
it is used appropriately. The BSS should provide a number of standard reports capable of being
configured by authorized users, and should be flexible to enable ad hoc reports to be produced on
demand. The amount and complexity of reporting will be determined by organisational features
including the number of ongoing researches, the amount and type of samples, and the user base. For
smaller institutions, it may also be acceptable to treat search results as reports.

4.11.1 The BSS must allow authorized users to produce periodic reports (daily, MoReq2
weekly, monthly, quarterly). 9.2.1.
4.11.2 The BSS must allow authorized users to specify ad hoc reports. MoReq2
9.2.1.
4.11.3 The BSS must include features for MoReq2
(a) generating reports; 9.2.2.
(b) printing reports;
(c) viewing reports on-screen.
4.11.4 The BSS should allow authorized users to store reports in the system. MoReq2
9.2.2.
4.11.5 The BSS should enable report requests to be saved for future re-use. MoReq2
BioReq v2.0 2012 58

9.2.8.
4.11.6 The BSS must be able to provide reports on: REC(2006)4
(a) samples (sorted by e.g. date of acquisition or physical location); Ch. V Art.
(b) basic sample lifecycle processes, including sample acquisition, 19.2
sample validation, procedures carried out on samples, and the
destruction and distribution of samples;
(c) laboratory equipment;
(d) laboratory processes;
(e) user activity;
(f) access control violation attempts;
(g) exceptional events recorded in the system, e.g. sample loss,
accidents involving personnel etc.
4.11.6 The BSS must allow authorized users to restrict the scope of reports with the MoReq2
following options: 9.2.4
(a) time ranges;
(b) specified users or roles.
4.11.7 The BSS should allow authorized users to restrict the scope of reports based MoReq2
on any metadata of the entity type which the report covers. (E.g. report on 9.2.13.
samples marked as hazardous.)
4.11.8 The BSS should be able to total and summarize report information. MoReq2
9.2.6.
4.11.9 The BSS must not include information about customers unless the customer OECD
has explicitly permitted.
4.11.10 The BSS must allow authorized users to produce reports based on MoReq2
information stored in the log. 9.2.18.
4.12 Non-functional Requirements

Some of the attributes of a successful BSS implementation cannot be defined in terms of
functionality. Non-functional requirements such as usability, security or performance are also
important to success. This chapter starts with requirements in areas which contribute to the security
of the system, namely:
user authentication;
log;
backup and recovery;
data validation;
encryption.
This is followed by an outline of requirements on usability, performance and scalability.
SECURITY: USER AUTHENTICATION

Organizations need to be able to control access to entities stored in the BSS (electronic sample
records, analysis results etc.) and restrict BSS functions based on the users responsibilities within the
organization. This section focuses on security features that allow users to access BSS entities and
functions in a safe way, and protects the authenticity of the entities managed by the BSS. For the
management of BSS users in general, see Chapter 6.

4.12.1 The BSS must not allow users to access the system without authentication. MoReq2
4.1.1.
OECD 8.3.
BioReq v2.0 2012 59

4.12.2 The BSS must support authentication by user ID and password. OECD 8.3.
It is the operating organizations responsibility to specify new identities and
passwords, which may be implemented as an administrative feature in the
BSS. Users are allowed to change their own passwords.
4.12.3 The BSS may further restrict user authentication with any of the following OECD 8.3.
measures:
(a) restriction by IP address: users outside the organizations facilities
cannot access the system even if they enter valid user IDs and
passwords;
(b) captcha: users may be prompted to type characters from a distorted
image to prove they are humans.
4.12.4 The BSS must ensure that the data entered by the user during OECD 8.3.
authentication cannot be intercepted by third parties (e.g. sent through a
secure HTTP connection).
4.12.5 The BSS may allow authentication by biometric data, e.g. fingerprint as an
alternative to authentication by password.
4.12.6 The BSS must log both successful and unsuccessful user authentication
attempts.
4.12.7 If the BSS receives an unsuccessful user authentication attempt, either
because the ID, the password or both are incorrect, the BSS must not reveal
any information about the validity of the user ID. This is to discourage
unauthorized parties from guessing valid user accounts.
4.12.8 If the BSS registers more than a predefined number of consecutive
unsuccessful user authentication attempts from the same IP address, the
BSS may refuse to accept further attempts from that address for 24 hours or
until intervention by an authorized administrative role.
4.12.9 The BSS should not allow users to have unsecure passwords, i.e. character
strings which:
(a) are less than 8 characters long;
(b) can be found in dictionaries;
(c) are not made up of a combination of letters, numbers and
punctuation marks;
(d) are the same as the user id;
(e) are on a list of prohibited character strings (e.g. password,
pass123).
4.12.10 The BSS should prompt users to change their passwords every three months.
SECURITY: LOG
A log is a record of actions taken in the BSS. This includes actions taken by users or administrative
roles, or actions initiated automatically by the BSS. The log shows whether business rules are being
followed and ensures that unauthorised activity can be identified and traced.
The volume of log information can become large if all actions are recorded. Consequently,
management may decide that selected actions need not be included in the log, or earlier log entries
should be deleted on a regular basis. Another solution is to move the BSS log onto secure offline
storage periodically.
The requirements that follow are in line with OECD regulations, which state that the biobank
[system must] provide traceability of data through a history of modifications (OECD 8.1.).

4.12.11 The BSS must record the following data per log entry: MoReq2
BioReq v2.0 2012 60

(a) action; 4.2.1.
(b) entities involved;
(c) the user undertaking the action;
(d) the date and time of the action.
4.12.12 The BSS must record automatically all critical actions in an unalterable log.
Critical actions are:
(a) actions which result in the deletion of entities, including
anonymization;
(b) data modifications;
(c) user management actions;
(d) user authentication attempts;
(e) access violation attempts;
(f) changes to log settings.
Unalterable means that no user or administrator may change or delete any
part of the log.
4.12.13 The BSS should allow administrative roles to customize which non-critical MoReq2
actions need to be logged. 4.2.4.
4.12.14 The BSS must record automatically all non-critical actions which have been MoReq2
selected by administrative roles to be included in the log. 4.2.1.,
4.2.4.
4.12.15 The BSS may support the transfer of log data to secure offline storage. MoReq2
4.2.2.
4.12.16 The BSS must preserve log entries for one of the following periods of time MoReq2
(decided by the operating organization): 4.2.7.
(a) as long as the entities referenced by the entry exist;
(b) a set period of time (e.g. one year);
(c) until review, e.g. periodic scrutiny of the log followed by its
destruction and replacement by a certificate of scrutiny.
4.12.17 The BSS must be able to present the log for inspection upon authorized MoReq2
request. 4.2.12.
4.12.18 The BSS must include features that allow authorised users to search for MoReq2
information in the log, including searches directed at finding 4.2.13.,
(a) actions; 4.2.14.
(b) entities;
(c) users;
(d) time periods or times.
4.12.19 The BSS should be able to export log data for specified entities without MoReq2
affecting the original log files or log database. 4.2.15.
SECURITY: BACKUP AND RECOVERY

International regulations demand that a BSS provide comprehensive controls for the regular backup
of the entities stored in the system (e.g. sample data, analysis results, user profile data, or log). The
BSS must also be able to recover entities if any are lost because of, for example, system failure,
accident or security breach. The BSS must strive for the consistency of data sets after a successful
restore from an earlier backup.
Regular automated backup and recovery can be provided by the BSS, by the database management
system supporting the BSS, or by a reliable third party software product.

4.12.20 The BSS must provide an automatic backup feature that allows for regular MoReq2
backup of all or selected entities managed by the BSS. 4.3.1.,
BioReq v2.0 2012 61

OECD 8.2.
4.12.21 The BSS must allow administrative roles to schedule automatic backup by: MoReq2
(a) specifying the frequency of backup; 4.3.2.
(b) selecting the entities to be backed up;
(c) selecting backup target location (e.g. offline storage device, remote
server).
4.12.22 The BSS must allow administrative roles to initiate a custom backup process
outside the schedule.
4.12.23 Selected entities should be backed up daily on a network or remote server. ISBER
4.12.24 Selected entities should be backed up weekly on a secure offline storage ISBER
medium.
4.12.25 Media containing backup files should be stored in a secure cabinet. ISBER
4.12.26 The BSS must provide a recovery feature for restoring entities from backup MoReq
files. 4.3.1.
4.12.27 The BSS must allow only authorised administrative roles to restore from MoReq2
backups. 4.3.3.
4.12.28 After a restore from backup, the BSS must ensure the full integrity and MoReq
consistency of data, including the log. 4.3.4.,
OECD 8.3.
4.12.29 Entities which have been disposed of and are present in the backup should MoReq2
not be restored. 4.3.4.
SECURITY: DATA VALIDATION

Validation must be both applied to the input of new data as well as to pre-existing data managed by
the BSS. For existing data, checks should target the integrity of the database to ensure that data have
not been corrupted. For new data, the aim of validation is to test that the values comply with the
data model and do not violate business constraints.

4.12.30 The BSS must maintain the accuracy and integrity of the system. Possible ISBER
measures may include: ISO17025
(a) periodic counts of the entities stored in the system;
(b) cycle counting method.
4.12.31 The BSS may support the formal validation of the system. ISBER
4.12.32 The BSS must test whether the input value matches the format specified for
the given field. E.g. if Quantity is defined as an integer, it cannot accept
values in date or Boolean format. See also 1.1.9.
4.12.33 The BSS must ensure that the input value satisfies metadata constraints. E.g.
although Age is not an identifying property by itself, values above 89 years
of age do count as identifying and should be treated accordingly. See also
1.1.9.
4.12.34 The BSS must check the spelling of all text field inputs. OECD
4.12.35 The BSS should check specified text field inputs against authorized reference OECD,
lists or thesauri to prevent errors such as mistyping. See also 1.1.9. MoReq2
6.1.28.
SECURITY: ENCRYPTION
Encryption is the process of applying a complex transformation to an electronic object so that it
cannot be presented by an application in a readable or understandable form unless the
corresponding decryption transformation is applied. This can be used to secure electronic objects, by
use of transformations which require the use of secure electronic key codes.
BioReq v2.0 2012 62

4.12.36 The BSS should be able to send and receive encrypted messages.
4.12.37 The BSS must be able to store information about encrypted objects.
4.12.38 The BSS must store passwords and similar credentials in an encrypted form.
4.12.39 The BSS should store protected health information and users personal data
in an encrypted form.
USABILITY
Usability or ease-of-use requirements specify how BSS functions should be made available to users so
that it could minimize the time spent on performing tasks in the system, and reduce the amount of
training required to be able to perform these tasks.

4.12.40 The biobank software system must be documented in sufficient detail. This ISO17025
means the thorough documentation of:
(a) functions;
(b) fields in data entry forms;
(c) errors and possible solutions.
4.12.41 The BSS must provide online help throughout the entire system. The online MoReq2
help should: 11.1.2.,
(a) be context sensitive; 11.1.4.,
(b) provide visual guidance, i.e. picture and video illustrations. 11.1.30.
4.12.42 The BSS should assist data entry by any of the following measures: MoReq2
(a) suggest possible text values from integrated thesauri; 11.1.6.,
(b) use drop down menus when possible; 11.1.18.,
(c) provide default values; 11.1.17.
(d) suggest previously entered values.
4.12.43 All error messages produced by the ERMS must be meaningful, so that users MoReq2
can decide how to correct the error or cancel the process. The BSS must 11.1.7.
clearly identify which operation caused the error.
4.12.44 Frequently-executed BSS functions must be designed so that they can be MoReq2
completed with a small number of interactions (e.g. mouse clicks). 11.1.17.
4.12.45 The BSS should show only those functions to the user which are relevant to
the given task.
4.12.46 The BSS should allow users to perform a task on a selected set of elements
in a single operation. E.g. the BSS may allow users to attach a shipment
record to all the affected sample records in one operation.
PERFORMANCE
The performance of the system comprises the response times of the BSS to user interactions given a
specific platform and workload. The requirements provided in this section are subject to change
depending on the organizations business needs. Measures in angle brackets (< and >) should be
replaced by exact numbers specified by the organization. Measures written without brackets must be
interpreted as is.

4.12.47 The BSS must provide adequate response times to meet business needs for MoReq2
commonly performed functions under standard conditions, for example: 11.2.1.
(a) <100%> of the total anticipated user population logged on and
active;
(b) <100%> of the anticipated total volume of records managed by the
system;
BioReq v2.0 2012 63

(c) users performing a typical mix of transaction types at various rates;
(d) with consistency of performance over at least <10> transaction
attempts.
4.12.48 The ERMS must be able to return the results of MoReq2
(a) a simple search within <3 seconds>; 11.2.2.
(b) a complex search (combining more than <3> criteria) within <10
seconds>
regardless of the storage capacity or number of records on the system.
4.12.49 BSS operations must respond to the user in no more than 10 seconds.
4.12.50 For operations that take longer than 3 seconds, the BSS must indicate the
progress of the operation.
SCALABILITY
A system is scalable when it is able to maintain its expected performance under reasonably
increasing workload without significant changes or redevelopment. Scalability is a design time
consideration and should be addressed accordingly. Measures in angle brackets (< and >) should
be replaced by exact numbers specified by the operating organization.

4.12.51 The system must be scalable to accommodate a moderate growth in the 11.2.7.
number of customers, up to <1000>.
4.12.52 Any increase in the number of customers must not degrade system
availability to an extent noticeable by any users.
4.12.53 The BSS must allow a single implementation of the system MoReq2
(a) to have an electronic record store of at least <n 11.2.5.,
gigabytes/terabytes/petabytes> or <n thousand/million/billion> 11.2.6.
records, and
(b) to serve at least <n hundred/thousand> users simultaneously
with the performance levels specified in this section.
4.12.54 The effort needed to administer the system (as measured in hours per week
of system administrators time) must not grow as the number of customers
grows. That is, if there is any increase in system operation work, it must be
proportionately less than the increase in customers.
4.13 External Interface Requirements

External interface requirements specify the characteristics of the systems interaction with:
the hardware platform,

BSS users, and
other software components outside the boundary of the BSS (e.g. other BSS products, e-mail
servers etc.).
HARDWARE INTERFACE REQUIREMENTS

The hardware infrastructure of the BSS includes the computers running the BSS itself, the storage
media used for the preservation of records, and optional peripheral devices, including printers,
scanners, or fax machines. Optimally, BSS operations do not depend on vendor-specific infrastructure
elements; however, the infrastructure must support the performance requirements specified in
Section 11.7. The rest of the section highlights what actions need to be taken to preserve records in
the face of hardware obsolescence. The risk from media degradation arises because all digital storage
media have a limited lifetime. It is vital therefore that storage media are handled in suitable
BioReq v2.0 2012 64

environmental conditions, and are replaced when their life expectancy reaches its end or the BSS
detects that the device is faulty.

4.13.1 The BSS must be able to perform its operations without explicit interaction
with the supporting hardware infrastructure.
4.13.2 The BSS should be able to receive images from scanners. MoReq2
6.5.
4.13.3 The BSS should be able to send documents to and receive documents from MoReq2
fax machines. 10.12.
4.13.4 Automated equipment and computers running the BSS must be maintained ISO17025
to ensure proper functioning.
4.13.5 The hardware infrastructure of the BSS must be provided with the ISO17025
environmental and operating conditions necessary to maintain the integrity
of sample records.
4.13.6 The BSS storage media must be used and stored in environments which are MoReq2
compatible with the desired/expected lifespan, and which are within the 11.7.1.
tolerance of the media manufacturers specification.
4.13.7 The BSS must support the monitoring and replacement of storage media to MoReq2
guard against media degradation. This requires the BSS to report on media 9.2.17,
error rates and to permit the replacement of media that is faulty or that is 11.7.2.,
nearing the end of its life, without compromising the records. OECD
4.13.8 The BSS must allow the bulk migration of records and data to new media MoReq2
and/or systems in line with the standards relevant for their formats. This 11.7.4.
may be accomplished by exporting selected records into a transfer format,
and importing them in the target system.
4.13.9 The hardware infrastructure of the BSS should be protected by an ISBER
uninterruptible power supply (UPS) system (motor generator). UPS, like a
motor generator must have a fuel supply to run continuously for a minimum
of 48 hours and preferably a minimum of 72 hours, with an ability to re-
supply fuel storage supplies.
4.13.10 A pre-action sprinkler system (pipes are dry until a fire is detected) should ISBER
be employed in rooms where BSS hardware infrastructure elements are
located to prevent water damage from accidental activation of the sprinkler
system.
USER INTERFACE REQUIREMENTS

This section addresses the logical characteristics of the interface between the software product and
the users. The requirements include screen layout constraints, specific presentation considerations,
and user interface conventions that should be satisfied by the BSS.

4.13.11 The BSS must support a graphical user interface. MoReq2
11.1.13.
4.13.12 The ERMS user interface rules and behaviour must be consistent across all MoReq2
aspects of the system including windows, menus and commands. These 11.1.11.
must also be consistent with the operating system environment in which the
ERMS operates.
4.13.13 The BSS must be able to display the text elements of the user interface (e.g.
button text, tool tips, error messages) in the local language.
4.13.14 The BSS should be able to display the text elements of the user interface in OECD
English (UK or US English).
BioReq v2.0 2012 65

4.13.15 The BSS may replace certain scientific symbols with standard ASCII text or OECD
images in order to avoid any errors due to incorrect reading of a character
set. The following scientific notations and symbols may be subject to
replacement:
(a) Greek letters: may be fully spelled (e.g. alpha instead of );
(b) subscripts and superscripts: may be replaced with normal letters
(e.g. cm3 instead of cm3);
(c) the symbol for temperature: may be omitted (e.g. 37C instead of
37C).
4.13.16 The BSS user interface should follow standard colour conventions, where
(a) red stands for error and danger;
(b) green stands for successful operation and completeness;
(c) yellow stands for warning.
4.13.17 The BSS must mark mandatory input fields on data entry screens (e.g. with
the conventional asterisk * next to the input field).
4.13.18 The BSS user interface should reflect the access control model of the system
by distinguishing entities and functions that the user is allowed to access.
The BSS should:
(a) not display
(b) or mark as disabled
graphical controller elements (e.g. buttons, menu items) to the user when
that user is not authorized to access the function associated with the
element.
4.13.19 If the BSS allows saving entities with missing metadata, the BSS must mark
with a graphical symbol (e.g. a small icon) that the item is incomplete.
4.12.20 The BSS must mark records of hazardous biological samples with a graphical
symbol (e.g. a small icon) to notify users of the risk.
4.12.21 The BSS should support drag and drop functionality when applicable. MoReq2
11.1.29.
4.12.22 The BSS user interface should comply with regulations on accessibility or be MoReq2
compatible with common specialized accessibility software. 11.1.8.
SOFTWARE INTERFACE REQUIREMENTS: DATA EXPORT AND IMPORT

The BSS may interact with other BSS instances, as well as a number of special-purpose software
components.
To ensure the smooth communication of BSS instances, the BSS should follow transaction standards
and be able to export records into an open or a well-documented proprietary format. Although data
export is a mandatory feature, the ability to import data is not compulsory because of the
unpredictable diversity of import formats. Exporting records does not affect the samples in the
system, i.e. they remain unchanged.

4.12.23 The BSS must use an open or a well-document proprietary data interchange MoReq2
format to support the interaction of BSS instances. 11.7.5.
4.12.24 The BSS must allow authorized users to export
(a) sample records, and
(b) a catalogue of sample records
into the format(s) specified by the operating organization.
4.12.25 The BSS should allow authorized users to export
(c) records of other entity types,
(d) data stored in the log, and
BioReq v2.0 2012 66

(e) reports
into the format(s) specified by the operating organization.
4.12.26 The BSS must log all export operations.
4.12.27 The BSS should be able to import
(a) sample records, and
(b) records of other entity types
in the format(s) specified by the operating organization. Imported records
are subject to data validation.
SOFTWARE INTERFACE REQUIREMENTS: INTEGRATION WITH EXTERNAL SOFTWARE PRODUCTS

The BSS may allow access to its services to external software products; this, however, requires strict
security measures to be in place. The BSS may rely on services provided by other specialized
software, including statistical analysis tools, report generating software, or e-mail management
applications. None of these components are mandatory, and the list serves illustrative purposes only.

4.12.28 The BSS must use an open or a well-document proprietary data interchange MoReq2
format to support the interaction of the BSS and external software products. 11.7.5.
This format may differ from the one chosen for the interoperability of BSS
instances as specified in 12.3.1.
4.12.29 The BSS may publish APIs to allow authorized software products direct
access to any of the following BSS services:
(a) access to sample records;
(b) access to research results;
(c) entering records.
Strict security measures must be followed to authenticate the software
product which requests access.
4.12.30 The BSS should be able to interact with workflow management systems to
manage and customize sample-related processes.
4.12.31 The BSS should be able to interact with e-mail management systems to
enhance the communication of BSS users.
4.12.32 The BSS should be able to interact with directory management software to
manage user data and access control rules.
4.12.33 The BSS should be able to interact with statistical analysis tools to help users
enter sample data for statistical analysis and record the results in the BSS.
4.12.34 The BSS should be able to interact with report generating software to
produce high quality reports.
4.12.35 The BSS should be able to interact with customer relationship management
(CRM) software to manage BSS customers.
BioReq v2.0 2012 67

Glossary
AUTHENTICATION
The process by which biological materials are characterised up to a defined level using
appropriate technology to establish a conclusive basis for accepting the material as genuine.
Source: OECD
BIOLOGICAL MATERIAL
All materials listed below: culturable organisms (e.g. micro-organisms, plant, animal and
human cells), replicable parts of these (e.g. genomes, plasmids, viruses, cDNAs), viable but
not yet culturable organisms, cells and tissues, as well as data bases containing molecular,
physiological and structural information relevant to these collections and related
bioinformatics.
Source: OECD
BIOLOGICAL RESOURCE CENTER/BIOBANK
Essential part of the infrastructure underpinning biotechnology consisting of service
providers and repositories of the living cells, genomes of organisms, and information relating
to heredity and the functions of biological systems.
Source: OECD
IDENTIFIABLE BIOLOGICAL MATERIAL
Biological materials which, alone or in combination with associated data, allow the
identification of the persons concerned either directly or through the use of a code. In the
latter case, the user of the biological materials may either:
a) Have access to the code: the materials are hereafter referred to as coded materials;
or
b) Not have access to the code, which is under the control of a third party: the material
are hereafter referred to as linked anonymized materials.
Source: REC(2006)4
INFORMED CONSENT
A process by which information concerning the donation process is presented to the donor
or donors next-of-kin with an opportunity for them to ask questions, after which specific
approval is documented.
Source: ISBER
INSTITUTIONAL REVIEW BOARD (IRB)
Any board, committee, or other group formally designated by an institution to review
biomedical research involving humans as subjects, to approve the initiation of and conduct
periodic review of such research.
NON-IDENTIFIABLE BIOLOGICAL MATERIAL
Referred to as unlinked anonymized material, are those biological materials which, alone or
in combination with associated data, do not allow, with reasonable efforts, the identification
of the persons concerned.
Source: REC(2006)4
SAFETY
BioReq v2.0 2012 68

Processes, procedures and technologies to ensure freedom from danger or harm.
Source: ISBER
SAMPLING
Sampling is a defined procedure whereby a part of a substance, material or product is taken
to provide for validation/authentication of a representative sample of the whole. Sampling
may also be required by the appropriate specification for which the substance, material or
product is to be validated/authenticated.
Source: ISO17025
STANDARD OPERATING PROCEDURES (SOP) MANUAL
A group of SOPs detailing specific policies of a repository and the procedures used by the
staff/personnel.
Source: ISBER
VALIDATION
Validation is the confirmation by examination and the provision of objective evidence that
the particular requirements for a specific intended use are fulfilled. Validation includes
specification of the requirements, determination of the characteristics of the methods, a
check that the requirements can be fulfilled by using the method and a statement on the
validity.
Source: ISO17025
BioReq v2.0 2012 69

Contacts
Astrid Bioscience GmbH Astrid Research Kft

Whringerstrae 61/2/7 Cegld u. 22/A
A-1090 Vienna H-4029 Debrecen
Austria Hungary
Phone: +43 1 236 7289 7207 Phone: +36 52 533 173

Fax: +43 1 229 73 29 Fax: +36 52 533 174
E-mail: info@astridbio.com E-mail: info@astridbio.com
BioReq v2.0 2012 70

Bioreq v2.0

Uploaded by

Copyright:

Available Formats

You might also like

Bioreq v2.0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bioreq v2.0

Uploaded by

Copyright:

Available Formats

GUIDELINE v2.

BioReq v2.0 2012 2

BioReq v2.0 2012 3

BioReq v2.0 2012 4

Model Requirements for the Management of Biological Repositories (abbreviated as BioReq) is a

0.2 Purpose and Scope

BioReq v2.0 2012 5

0.4 Structure Overview

0.6 Works Consulted

BioReq v2.0 2012 6

0.7 Document Status

BioReq v2.0 2012 7

1.2 Informed Consent

BioReq v2.0 2012 8

BioReq v2.0 2012 9

BioReq v2.0 2012 10

1.4 Independent Review

BioReq v2.0 2012 11

1.5 Access to Biospecimens and Data

BioReq v2.0 2012 12

1.6 Intellectual Property

BioReq v2.0 2012 13

2.1 Human factors

BioReq v2.0 2012 14

2.2 Accommodation and Environmental Conditions

BioReq v2.0 2012 15

BioReq v2.0 2012 16

BioReq v2.0 2012 17

BioReq v2.0 2012 18

SAFETY PROGRAMME AND ASSOCIATED TRAINING

2.4 Acquisition, Maintenance and Provision

BioReq v2.0 2012 19

BioReq v2.0 2012 20

HANDLING OF BIOLOGICAL SAMPLES

BioReq v2.0 2012 21

BioReq v2.0 2012 22

BioReq v2.0 2012 23

BioReq v2.0 2012 24

2.5 Validation/authentication Methods

BioReq v2.0 2012 25

BioReq v2.0 2012 26

FREEZER AND REFRIGERATOR

BioReq v2.0 2012 27

LIQUID NITROGEN FREEZERS

BioReq v2.0 2012 28

WALK-IN FREEZERS AND REFRIGERATORS

BACK-UP STORAGE CAPACITY

BioReq v2.0 2012 29

3.1 Organization and Management

BioReq v2.0 2012 30

BioReq v2.0 2012 31

3.4 Document Control

BioReq v2.0 2012 32

3.5 Customer Relations

3.6 Purchasing Services and Supplies

3.7 Subcontracting Activities

BioReq v2.0 2012 33

BioReq v2.0 2012 34