I am sure you will get many more replies to this. (In fact, this is such a busy group, I am surprised you have not received any already.).
While everything depends on the details of the system your are working with, in my experience, getting to a state of compliance is not so much a matter of adding more software, and even if it were, nothing in the area of compliance could be considered “inexpensive”.
Data protection, for instance, should not be covered by software alone. The use of UPS and RAID systems are minimum for data protection. As well as SOPs on back-up procedures. Also, most schemes to validate systems include the creation of multiple, identical instances of the system, one for production and one or more for testing.
The ability to create and retain an audit trail should be built into the program. All systems designed for compliance have this feature. The creation of e-Signatures is another area that should be built into the system.
Finally, for any program you do find to cover the all your needs, there is always long period of documentation and testing of the system.
In reality, and I do not mean this to offend, but the job of validating a system for compliance is probably not the task for a summer intern. While I am sure you are quite capable, I know of consultants that are paid extremely well to do this work, even for small systems.
To clear some things up, you could answer some questions, is the system COTS or designed in-house, or somewhere in between? (I know GAMP has guidelines for this).
Is it a closed or open system?
Have user requirements and functional specifications been established?
Has a vendor audit been performed?
Does the company have SOPs on validating systems? Data backup? electronic signatures? retiring systems?
Is the system subject to cGLP? (I am assuming, since you mentioned research lab. If that is incorrect, feel free to substitute cGXP).
Most questions should be answered by in house SOPs and guidelines for validating systems. If those don’t exist, as I understand it, nothing done really counts, since the FDA will look to those during an audit to ensure everything was done correctly.
I hope this helps.