Data Integrity in Computer Systems - CBI | Powering ... ?· Data Integrity in Computer Systems ... •The…

  • View
    214

  • Download
    1

Embed Size (px)

Transcript

  • Data Integrity in Computer

    Systems

    Data Integrity Validation Europe

    28 March 2017

    Presented by:

    Chris Wubbolt, BS, MS

  • Objectives

    www.QACVConsulting.com 2

    Understand the Data Integrity Lifecycle

    What is Data Security?

    What is Electronic Record/Electronic Signatures (ER/ES)?

    Controls for Electronic Data

  • Current Regulatory Requirements

    and Guidance

    www.QACVConsulting.com 3

    March 2015

    MHRA -GMP Data Integrity

    Definitions and

    Guidance for Industry

    September 2015

    WHO -Guidance on Good Data and Record

    Management Practices

    April 2016

    FDA Data Integrity

    Guidance and

    Compliance with CGMP

  • Current Regulatory Requirements

    and Guidance

    www.QACVConsulting.com 4

    July 2016

    MHRA - GxPData Integrity

    Definitions and

    Guidance for Industry

    August 2016

    PIC/S - Good Practices for

    Data Management and Integrity in Regulated GMP/GDP

    Environments

    August 2016

    EMA Data Integrity

    Guidance Q&A

  • Controls for Electronic Data

    www.QACVConsulting.com 5

    Controls for Electronic Data

    What are electronic data controls?

    Where are data controls required?

    Learn how to implement data controls

    Apply controls to the computer systems

  • What is Data Integrity?

    www.QACVConsulting.com 6

    Data Integrity

    Completeness, consistency, and accuracy of data.

    Attributable

    Legible

    Contemporaneous

    Original

    Accurate

    Enduring

    Complete

    Consistent

    Available

    (or true copy)

  • ALCOA

    www.QACVConsulting.com 7

    Attributable Person completing activity or recording data is identified.

    Legible Data can be read.

    Contemporaneous Data is recorded when the date/time that the task was

    completed.

    Original The original record or document where the data is recorded.

    Accurate The data has validity.

  • Original Records & True Copies

    www.QACVConsulting.com 8

    21 CFR 211.180 (d)

    Records required under this part may be retained either as original records or as true copies such as photocopies, microfilm, microfiche, or other accurate reproductions of the original records.

  • Complete Records

    www.QACVConsulting.com 9

    21 CFR 211.188

    Batch production and control records shall be prepared for each batch of drug product produced and shall include complete information relating to the production and control of each batch.

    21 CFR 194 (a)

    Laboratory records shall include complete data

  • Complete and Accurate

    www.QACVConsulting.com 10

    Define data for each system, including each file type.

    Chromatography Systems

    Raw Data File

    Integration Parameters

    Quantitation

    Sequence File

    Other Laboratory Instruments

    Raw Data File

    Separate Audit Trail Log

  • FDA Guidance

    www.QACVConsulting.com 11

    It is not acceptable to record data on pieces of paper that will be discarded after the data are transcribed to a permanent laboratory notebook.

    Similarly, it is not acceptable to store data electronically in temporary memory, in a manner that allows for manipulation, before creating a permanent record.

    Electronic data that are automatically saved into temporary memory do not meet CGMP documentation or retention requirements.

  • Data Integrity - Paper

    Accurate and Complete

    Attributable

    www.QACVConsulting.com 12

    Legible

    Original

    Contemporaneous

    www.QACVConsulting.com 12

  • Data Integrity - Electronic

    www.QACVConsulting.com 13

    Accurate and CompleteAttributableLegible

    Original

    Contemporaneous

    www.QACVConsulting.com 13

  • Data Integrity - Electronic

    Event User ID Previous Value New Value Date Time Reason

    Data Entry DOCon NA 94.7 1/17/2007 10:42 EST NA

    Approval Cwubb NA NA 1/18/2007 09:45 EST NA

    Data Change DOCon 94.7 95.1 1/19/2007 8:45 EST Calculation Error

    Approval Cwubb NA NA 1/19/2007 9:33 EST NA

    www.QACVConsulting.com 14

    Accurate and Complete

    Attributable

    Legible

    Original

    Contemporaneous

    www.QACVConsulting.com 14

  • Generate ModifyReview / Approve

    UseRetain / Retrieve

    Destroy

    What does data integrity

    lifecycle mean?

    www.QACVConsulting.com 15

  • What does data integrity

    lifecycle mean?

    www.QACVConsulting.com 16

  • Control Measures

    Access to clocks for recording timed events.

    Accessibility of records at

    locations where activities take

    place so ad hoc data recording

    and later transcription to

    official records is not necessary.

    Free access to blank paper

    forms for raw/source data recording should

    be controlled where this is appropriate.

    Reconciliation may be

    necessary to prevent

    recreation of a record.

    User access rights that

    prevent (or audit trail)

    unauthorized data

    amendments.

    Automated data capture or

    printers attached to equipment

    such as balances.

    Control of physical

    parameters (time, space,

    equipment) that permit

    performance of tasks and

    recording of data as required.

    Access to raw data for staff

    performing data checking activities.

    www.QACVConsulting.com 17

    Generate ModifyReview / Approve

    UseRetain / Retrieve

    Destroy

    Specify

    Design

    Configure

    Verify

  • www.QACVConsulting.com 18

    ALCOAAttributable

    EDC System

    How long of a delay? 2-3 hours, sometimes next day

    Issue system response is slow at times

    Cause batch jobs being run cause slow system response

    Type of batch jobs? Principle Investigator approval of eCRFS

    What date/time is applied for electronic signature?

    Answer: When batch is run.

    Data integrity issue date and time stamp is not the same as

    when PI entered electronic signature user ID and password.

    Understand the Data Flow

  • Understand the Data Flow

    www.QACVConsulting.com 19

    ELISA Data Process Flow

    Data

    Flow

    LIMSELISA SOftware Company Network

    Protocol(.xyz file)

    Sample Analysis

    Setup Run

    Data File(.db file)

    Export .txt Data File

    Secure Network Location

    Secure Network Location

    Save .db Data File

    .db File backed up

    .txt File backed up

    LIMS Database

    Import .txt file to LIMS

    .db File archived

    Secure Network Location

    Backup Location

  • Data Security

    www.QACVConsulting.com 20

    How does data security apply to data integrity?

    Know the different types of data security

    How data security is a fundamental part of data integrity

  • Data Security

    www.QACVConsulting.com 21

    21 CFR 11.10 (b)

    The ability to generate accurate and complete copies of records in both human readable and electronic form.

    21 CFR 11.10 (c)

    Protection of records to enable their accurate and ready retrieval throughout the records retention period.

    21 CFR 11.10 (d)

    Limiting system access to authorized individuals.

  • Data Security

    www.QACVConsulting.com 22

    21 CFR 11.10 (g)

    Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.

    21 CFR 11.10 (h)

    Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction.

  • www.QACVConsulting.com 23

    Data Security How do you

    implement data integrity controls?

    Generate ModifyReview / Approve

    UseRetain / Retrieve

    Destroy

    Specify

    Design

    Configure

    Verify

    Validation

  • Chromatography Data Acquisition System

    User roles tested during initial validation

    Current user roles do not reflect validated system

    No change control for user role changes

    Additional role added that was not included in original validation; no change control

    No User Requirements Specification

    No process to authorize users or disable accounts for terminated users.

    User accounts for personnel no longer employed still active

    Data Integrity Issues Security

    www.QACVConsulting.com 24

  • Electronic Records/Electronic

    Signatures

    www.QACVConsulting.com 254/10/2017

    Subpart A: General Provisions

    Subpart B: Electronic Records Closed systems

    Open systems

    Signature manifestations

    Signature/record linking

    Subpart C: Electronic Signatures Electronic signature components

    and controls

    Controls for identification codes/passwords

  • Electronic Records/Electronic

    Signatures

    www.QACVConsulting.com 26

    21 CFR 11.10 (a)

    Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.

  • Electronic Record

    Create

    Modify

    Archive Retrieve

    Distribute

    OR

    Electronic Recordkeeping System

    Maintain

    www.QACVConsulting.com 27

  • When do you apply E-Records / E-

    Signatures?

    User

    Requirements