January 17, 2022
1. Inadequate Identification and Implementation of Controls of Electronic Records
Regulatory guidance regarding controls for electronic records include requirements for implementing appropriate controls to ensure the integrity of data. There are multiple areas that the organization needs to review to ensure data integrity controls are established to comply with FDA and other health authority guidance. The GMP guidance states that you need to implement appropriate controls to prevent and detect data integrity issues. That involves controls across the entire lifecycle. The organization needs to look at everything from the actual implementing and validating of the systems, as well as the controls that are needed when configuring, implementing, or installing these systems. Many times, the controls are related to security in terms of accessing the system, user roles that are established for the system, and configuration of the roles along with the system. There are also processes that have to be evaluated in terms of how the data is collected.
The most common challenges organizations face in this area have to do with inadequate controls over stand-alone instruments and systems where they are not networked. Also, the security of these systems are not in place or not strong enough. With respect to security, it is not uncommon to see people sharing a single account to access the systems. This is mainly due to a specific group in the organization being small, but constantly using the instrument or system. This is done for ease of use within the group, however, having this shared account is not traceable to who performed the activities in the system. It is therefore not a best practice for data integrity and the organization needs to figure out how to better control this aspect of security and access.
There are different types of systems in an organization that need to be reviewed holistically and relative to the process of data integrity and not just one specific process or validation area. The organization needs to perform a holistic assessment of the controls applicable to each system to establish the appropriate process and system usage policies. .
2. Lack of adequate User Management Procedures
Many times there is no real procedure or process to periodically review the user roles or the users in the system to ensure that they are still assigned the adequate authority or that they should no longer have access to the system. Because this may happen sometimes, there should be a periodic review and procedures for that aspect. Procedures should also exist to document as to what should happen if someone leaves a company or changes roles. When a role change occurs, it should be documented and recorded, ideally within one to three days depending upon the process or the procedure. This also needs to be double checked and on a yearly and more frequent basis for more privileged roles like administrators.
The organization needs to have defined procedures and documentation to support authorizing a user at a certain level. These procedures should discuss actual process steps / activities / tasks that a specific type of user performs and should be periodically reviewed to reflect changes in process steps / procedures.
3. Inadequate Audit Trail Review
Data integrity issues also revolve around audit trail challenges. It is common to have software systems that provide audit trail functionality, especially with the leading systems in the industry. The challenge is understanding what to actually do with the audit trails. Most of the time organizations fall into a routine of just setting it up and forgetting about it. The organization knows it is there, however, they don’t review it. The organization needs to know what is being captured and what isn’t. The organization needs to have someone or a group review particular aspects of the audit trail and do it on a specific schedule. Also understand what parts of the data is being submitted to the quality group for review.
4. Lack of Accountability
If an organization has multiple teams or departments relying on the same data, it’s not always obvious who is ultimately accountable for the integrity of that data. This can sometimes lead to challenges and finger-pointing A better approach is to appoint individuals as data stewards who are responsible for data integrity. This will ensure that there is a sense of accountability for the data.
5. Lack of training
Data accuracy is commonly effected by user error. If users have not been trained consistently, or not trained at all, they can be introducing errors into the data. What is needed is a comprehensive training process to ensure data is handled and entered in properly.
Organizations are faced with challenges to ensuring data integrity. These challenges impact all aspects of data integrity including data accuracy, validity, and consistency. Given the importance in the Life Sciences industry of data to product quality and patient safety, it is imperative that businesses focus on how to resolve any challenges impacting data integrity. The key challenges are in areas where organizations can make changes to improve. They include identifying and implementing appropriate controls over electronic records, having adequate user management procedures, ensuring audit trail reviews are performed, ensuring someone in the organization has accountability for the data, and that proper training is given to those working with this important company asset.
Why It Matters To You
Data Integrity is an imperative to ensure product quality and patient safety, however, organizations face challenges in this area to ensure that the accuracy, validity, and consistency of data is maintained. In this blog we discuss:
- The top challenges organizations face with ensuring data integrity.
- How user management procedures impact data integrity.
- Why accountability is imperative to data integrity.
- How the audit trail plays a role in data integrity.
For over 25 years, Astrix has been a market-leader in dedicated digital transformation & staffing services for science-based businesses. Through our proven laboratory informatics, digital quality & compliance, and scientific staffing services we deliver the highly specialized people, processes, and technology to fundamentally transform how science-based businesses operate. Astrix was founded by scientists to solve the unique challenges which science-based businesses face in the laboratory and beyond. We’re dedicated to helping our clients speed & improve scientific outcomes to help people everywhere.