Data Integrity in Computer Systems - CBI | Powering ... · Data Integrity in Computer Systems ......

Data Integrity in Computer

Systems

Data Integrity Validation Europe

28 March 2017

Presented by:

Chris Wubbolt, BS, MS

Objectives

www.QACVConsulting.com 2

Understand the Data Integrity Lifecycle

What is Data Security?

What is Electronic Record/Electronic Signatures (ER/ES)?

Controls for Electronic Data

Current Regulatory Requirements

and Guidance

March 2015

• MHRA -GMP Data Integrity

Definitions and

Guidance for Industry

September 2015

• WHO -Guidance on Good Data and Record

Management Practices

April 2016

• FDA – Data Integrity

Guidance and

Compliance with CGMP

Current Regulatory Requirements

and Guidance

July 2016

• MHRA - GxPData Integrity

Definitions and

Guidance for Industry

August 2016

• PIC/S - Good Practices for

Data Management and Integrity in Regulated GMP/GDP

Environments

August 2016

• EMA – Data Integrity

Guidance Q&A

• What are electronic data controls?

• Where are data controls required?

• Learn how to implement data controls

• Apply controls to the computer systems

What is Data Integrity?

Data Integrity

Completeness, consistency, and accuracy of data.

Attributable

Legible

Contemporaneous

Original

Accurate

Enduring

Complete

Consistent

Available

(or true copy)

Attributable Person completing activity or recording data is identified.

Legible Data can be read.

Contemporaneous Data is recorded when the date/time that the task was

completed.

Original The original record or document where the data is recorded.

Accurate The data has validity.

Original Records & True Copies

21 CFR 211.180 (d)

• Records required under this part may be retained either as original records or as true copies such as photocopies, microfilm, microfiche, or other accurate reproductions of the original records.

Complete Records

21 CFR 211.188

• Batch production and control records shall be prepared for each batch of drug product produced and shall include complete information relating to the production and control of each batch.

21 CFR 194 (a)

• Laboratory records shall include complete data

Complete and Accurate

•Define data for each system, including each file type.

Chromatography Systems

• Raw Data File

• Integration Parameters

• Quantitation

• Sequence File

Other Laboratory Instruments

• Raw Data File

• Separate Audit Trail Log

FDA Guidance

•It is not acceptable to record data on pieces of paper that will be discarded after the data are transcribed to a permanent laboratory notebook.

Similarly, it is not acceptable to store data electronically in temporary memory, in a manner that allows for manipulation, before creating a permanent record.

Electronic data that are automatically saved into temporary memory do not meet CGMP documentation or retention requirements.

Data Integrity - Paper

Accurate and Complete

Attributable

Legible

Original

Contemporaneous

Data Integrity - Electronic

Accurate and CompleteAttributableLegible

Original

Contemporaneous

Data Integrity - Electronic

Event User ID Previous Value New Value Date Time Reason

Data Entry DOCon NA 94.7 1/17/2007 10:42 EST NA

Approval Cwubb NA NA 1/18/2007 09:45 EST NA

Data Change DOCon 94.7 95.1 1/19/2007 8:45 EST Calculation Error

Approval Cwubb NA NA 1/19/2007 9:33 EST NA

Accurate and Complete

Attributable

Legible

Original

Contemporaneous

Generate ModifyReview / Approve

UseRetain / Retrieve

Destroy

What does data integrity

lifecycle mean?

What does data integrity

lifecycle mean?

Control Measures

Access to clocks for recording timed events.

Accessibility of records at

locations where activities take

place so ad hoc data recording

and later transcription to

official records is not necessary.

‘Free access’ to blank paper

forms for raw/source data recording should

be controlled where this is appropriate.

Reconciliation may be

necessary to prevent

recreation of a record.

User access rights that

prevent (or audit trail)

unauthorized data

amendments.

Automated data capture or

printers attached to equipment

such as balances.

Control of physical

parameters (time, space,

equipment) that permit

performance of tasks and

recording of data as required.

Access to raw data for staff

performing data checking activities.

Destroy

Specify

Design

Configure

Verify

ALCOAAttributable

EDC System

• How long of a delay? 2-3 hours, sometimes next day

• Issue – system response is slow at times

• Cause – batch jobs being run cause slow system response

• Type of batch jobs? Principle Investigator approval of eCRFS

• What date/time is applied for electronic signature?

• Answer: When batch is run.

• Data integrity issue – date and time stamp is not the same as

when PI entered electronic signature user ID and password.

Understand the Data Flow

ELISA Data Process Flow

LIMSELISA SOftware Company Network

Protocol(.xyz file)

Sample Analysis

Setup Run

Data File(.db file)

Export .txt Data File

Secure Network Location

Save .db Data File

.db File backed up

.txt File backed up

LIMS Database

Import .txt file to LIMS

.db File archived

Secure Network Location

Backup Location

Data Security

How does data security apply to data integrity?

Know the different types of data security

How data security is a fundamental part of data integrity

Data Security

21 CFR 11.10 (b)

• The ability to generate accurate and complete copies of records in both human readable and electronic form.

21 CFR 11.10 (c)

• Protection of records to enable their accurate and ready retrieval throughout the records retention period.

21 CFR 11.10 (d)

• Limiting system access to authorized individuals.

Data Security

21 CFR 11.10 (g)

• Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.

21 CFR 11.10 (h)

• Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction.

Data Security – How do you

implement data integrity controls?

Destroy

Specify

Design

Configure

Verify

Validation

Chromatography Data Acquisition System

• User roles tested during initial validation

• Current user roles do not reflect validated system

• No change control for user role changes

• Additional role added that was not included in original validation; no change control

• No User Requirements Specification

• No process to authorize users or disable accounts for terminated users.

• User accounts for personnel no longer employed still active

Data Integrity Issues – Security

Electronic Records/Electronic

Signatures

www.QACVConsulting.com 254/10/2017

• Subpart A: General Provisions

• Subpart B: Electronic Records– Closed systems

– Open systems

– Signature manifestations

– Signature/record linking

• Subpart C: Electronic Signatures– Electronic signature components

and controls

– Controls for identification codes/passwords

Electronic Records/Electronic

Signatures

21 CFR 11.10 (a)

• Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.

Electronic Record

Create

Modify

Archive Retrieve

Distribute

Electronic Recordkeeping System

Maintain

When do you apply E-Records / E-

Signatures?

Requirements

Specification

Identify

intended use

Specify, Design,

Implement

SystemSystem

Specifications

Manual Process > Automate

Laboratory Reporting

Analyze

Sample

Collect

DataAnalyze

Report

Test Plans /

Scripts

Test/Verify that the

System Meets

Specifications

Electronic Signatures

• Non-Biometric

• Digital

• Biometric

Handwritten Signatures

• Applied to paper

• Applied to electronic media

www.QACVConsulting.com 294/10/2017

Signatures

Typical Criteria for Compliant E-sigs

• Password length

• Strong passwords

• Password aging

• Lock account after X invalid attempts

• Date and time stamp controls

• Validated Electronic Recordkeeping System

• Authorized users

• Certifications

Printed Name, Date, Time, Meaning

Record / Signature Linking

User ID / Password Controls

Unique

Written Policies

Verification of Identity

Certification Letter

Individual Certification

Procedural

Technical

Electronic Signature Controls

Are scanned images valid?

Signatures

Adobe Digital/Electronic Signatures

• Claims 21 CFR Part 11 Compliancehttp://www.adobe.com/support/techdocs/323231.html

• “Adobe Acrobat 4.0 and later includes digital

signature functionality, which is provided by an

Adobe-supplied signature framework and

signing method plug-ins from Adobe and third-

party vendors.”

Considerations when using Adobe

• User ability to create own electronic

signature

– No certification

– No verification of identity

Four Options

• Date/time stamp

controls

• Procedure

– Password aging

– Password length

– Strong passwords

– Locking records

• Authorization

Summary

Reviewed the Data Integrity Lifecycle

Discussed Data Security Requirements

Electronic Record/Electronic Signatures (ER/ES)

Discussed Controls for Electronic Data

Questions

Chris Wubbolt

QACV Consulting, LLC

Telephone: 610-442-2250

E-mail: chris.wubbolt@QACVConsulting.com

Data Integrity in Computer Systems - CBI | Powering ... · Data Integrity in Computer Systems ......

Documents

COMPUTER DATA SYSTEMS

Introduction to Computer Systems (2019Fall) · 2019-09-05 · Introduction to Computer Systems (2019Fall) Seungbum Jo Chungbuk National University Course introduction

CS 230 Introduction to Computers and Computer Systems

Introduction of Signal Integrity and Power Integrity for ...¹€종훈.pdf · Power Integrity Modeling and Design for Semiconductors and Systems ¾Ege Engin, Madhavan Swaminathan,

Modulhandbuch Master Research in Computer & Systems ... fileMaster Research in Computer & Systems Engineering 2012 Nachdem Studierende die Veranstaltungen dieses Moduls besucht haben,

Taxonomies of Attacks and Vulnerabilities in Computer Systems

Lecture 3 : Personal Computer Systems II · 2005. 9. 12. · Computer Engineering Lecture 3 : Personal Computer Systems II Video and Video Adapters Professor Ming-Jer Tsai 붲ꧺ귵

: COMPUTER BUSINESS : • INFORMATION SYSTEMS : (CBIS ...dfl.hancockcollege.edu/2016Accreditation/Evidence/StandardI/I.B.9-5... · COMPUTER BUSINESS INFORMATION SYSTEMS (CBIS

The history of computer systems

Computer Systems - RISC · Computer Systems Overview How can we manage the complexity of computer systems? •A computer can be regarded as a hierarchy of levels. – Each level performs

INTRUSION DETECTION SYSTEMS for Computer Networksgiacinto/PAPERS/IDS-Giacinto.pdf · INTRUSION DETECTION SYSTEMS for Computer Networks Giorgio Giacinto ... Stallings, Network Security

Humboldt University Computer Science Department Systems Architecture Group Operating Systems Principles Lab 3 – User

Introduction to Computer Systems - AndroBenchcsl.skku.edu/uploads/TEMPS14/01-intro.pdf · 2014. 6. 29. · Computer Systems Operating System (Kernel) Software Development Environment

Chapter 5 Computer Systems Organization

Laboratory of Digital Systems and Computer Architecture

ΔΙΑΛΕΞΗ 7: Parallel Computer Systems · 7: Parallel Computer Systems. Ack: ... Coarser-level parallelism, as in MPs, ... Latency larger than for uniprocessor

Bryant and O’Hallaron, Computer Systems: A Programmer’s ...ece600/lectures/lecture11.pdf · Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition

Fujitsu Computer Systems 1 Un survol des Technologies e-Business / e-Gouvernement Partie 4 Jacques Durand Fujitsu Computer Systems

Introduction to Parallel Distributed Computer Systems

Introduction to Computer Systems Recitation 2 Yao Guo