Data Integrity in Computer Systems - CBI | Powering ... ?· Data Integrity in Computer Systems ... •The…

  • View

  • Download

Embed Size (px)


  • Data Integrity in Computer


    Data Integrity Validation Europe

    28 March 2017

    Presented by:

    Chris Wubbolt, BS, MS

  • Objectives 2

    Understand the Data Integrity Lifecycle

    What is Data Security?

    What is Electronic Record/Electronic Signatures (ER/ES)?

    Controls for Electronic Data

  • Current Regulatory Requirements

    and Guidance 3

    March 2015

    MHRA -GMP Data Integrity

    Definitions and

    Guidance for Industry

    September 2015

    WHO -Guidance on Good Data and Record

    Management Practices

    April 2016

    FDA Data Integrity

    Guidance and

    Compliance with CGMP

  • Current Regulatory Requirements

    and Guidance 4

    July 2016

    MHRA - GxPData Integrity

    Definitions and

    Guidance for Industry

    August 2016

    PIC/S - Good Practices for

    Data Management and Integrity in Regulated GMP/GDP


    August 2016

    EMA Data Integrity

    Guidance Q&A

  • Controls for Electronic Data 5

    Controls for Electronic Data

    What are electronic data controls?

    Where are data controls required?

    Learn how to implement data controls

    Apply controls to the computer systems

  • What is Data Integrity? 6

    Data Integrity

    Completeness, consistency, and accuracy of data.










    (or true copy)

  • ALCOA 7

    Attributable Person completing activity or recording data is identified.

    Legible Data can be read.

    Contemporaneous Data is recorded when the date/time that the task was


    Original The original record or document where the data is recorded.

    Accurate The data has validity.

  • Original Records & True Copies 8

    21 CFR 211.180 (d)

    Records required under this part may be retained either as original records or as true copies such as photocopies, microfilm, microfiche, or other accurate reproductions of the original records.

  • Complete Records 9

    21 CFR 211.188

    Batch production and control records shall be prepared for each batch of drug product produced and shall include complete information relating to the production and control of each batch.

    21 CFR 194 (a)

    Laboratory records shall include complete data

  • Complete and Accurate 10

    Define data for each system, including each file type.

    Chromatography Systems

    Raw Data File

    Integration Parameters


    Sequence File

    Other Laboratory Instruments

    Raw Data File

    Separate Audit Trail Log

  • FDA Guidance 11

    It is not acceptable to record data on pieces of paper that will be discarded after the data are transcribed to a permanent laboratory notebook.

    Similarly, it is not acceptable to store data electronically in temporary memory, in a manner that allows for manipulation, before creating a permanent record.

    Electronic data that are automatically saved into temporary memory do not meet CGMP documentation or retention requirements.

  • Data Integrity - Paper

    Accurate and Complete

    Attributable 12



    Contemporaneous 12

  • Data Integrity - Electronic 13

    Accurate and CompleteAttributableLegible


    Contemporaneous 13

  • Data Integrity - Electronic

    Event User ID Previous Value New Value Date Time Reason

    Data Entry DOCon NA 94.7 1/17/2007 10:42 EST NA

    Approval Cwubb NA NA 1/18/2007 09:45 EST NA

    Data Change DOCon 94.7 95.1 1/19/2007 8:45 EST Calculation Error

    Approval Cwubb NA NA 1/19/2007 9:33 EST NA 14

    Accurate and Complete




    Contemporaneous 14

  • Generate ModifyReview / Approve

    UseRetain / Retrieve


    What does data integrity

    lifecycle mean? 15

  • What does data integrity

    lifecycle mean? 16

  • Control Measures

    Access to clocks for recording timed events.

    Accessibility of records at

    locations where activities take

    place so ad hoc data recording

    and later transcription to

    official records is not necessary.

    Free access to blank paper

    forms for raw/source data recording should

    be controlled where this is appropriate.

    Reconciliation may be

    necessary to prevent

    recreation of a record.

    User access rights that

    prevent (or audit trail)

    unauthorized data


    Automated data capture or

    printers attached to equipment

    such as balances.

    Control of physical

    parameters (time, space,

    equipment) that permit

    performance of tasks and

    recording of data as required.

    Access to raw data for staff

    performing data checking activities. 17

    Generate ModifyReview / Approve

    UseRetain / Retrieve






  • 18


    EDC System

    How long of a delay? 2-3 hours, sometimes next day

    Issue system response is slow at times

    Cause batch jobs being run cause slow system response

    Type of batch jobs? Principle Investigator approval of eCRFS

    What date/time is applied for electronic signature?

    Answer: When batch is run.

    Data integrity issue date and time stamp is not the same as

    when PI entered electronic signature user ID and password.

    Understand the Data Flow

  • Understand the Data Flow 19

    ELISA Data Process Flow



    LIMSELISA SOftware Company Network

    Protocol(.xyz file)

    Sample Analysis

    Setup Run

    Data File(.db file)

    Export .txt Data File

    Secure Network Location

    Secure Network Location

    Save .db Data File

    .db File backed up

    .txt File backed up

    LIMS Database

    Import .txt file to LIMS

    .db File archived

    Secure Network Location

    Backup Location

  • Data Security 20

    How does data security apply to data integrity?

    Know the different types of data security

    How data security is a fundamental part of data integrity

  • Data Security 21

    21 CFR 11.10 (b)

    The ability to generate accurate and complete copies of records in both human readable and electronic form.

    21 CFR 11.10 (c)

    Protection of records to enable their accurate and ready retrieval throughout the records retention period.

    21 CFR 11.10 (d)

    Limiting system access to authorized individuals.

  • Data Security 22

    21 CFR 11.10 (g)

    Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.

    21 CFR 11.10 (h)

    Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction.

  • 23

    Data Security How do you

    implement data integrity controls?

    Generate ModifyReview / Approve

    UseRetain / Retrieve







  • Chromatography Data Acquisition System

    User roles tested during initial validation

    Current user roles do not reflect validated system

    No change control for user role changes

    Additional role added that was not included in original validation; no change control

    No User Requirements Specification

    No process to authorize users or disable accounts for terminated users.

    User accounts for personnel no longer employed still active

    Data Integrity Issues Security 24

  • Electronic Records/Electronic

    Signatures 254/10/2017

    Subpart A: General Provisions

    Subpart B: Electronic Records Closed systems

    Open systems

    Signature manifestations

    Signature/record linking

    Subpart C: Electronic Signatures Electronic signature components

    and controls

    Controls for identification codes/passwords

  • Electronic Records/Electronic

    Signatures 26

    21 CFR 11.10 (a)

    Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.

  • Electronic Record



    Archive Retrieve



    Electronic Recordkeeping System

    Maintain 27

  • When do you apply E-Records / E-