What is Data Integrity?
12 ways to reduce data integrity risk
by Dvorah Finestone
Data integrity has become a serious issue over the past few years and therefore is a core focus of many enterprises. The FDA published a Data Integrity Guidance Document outlining compliance with CGMP that addresses the role of data integrity for industry. The document is a result of the FDA increasingly observing violations involving data integrity during inspections. These violations have led to FDA warning letters, import alerts, and consent decrees. The guidance document answers integrity questions and strives to clarify what the FDA expects from businesses.
What is data integrity?
It is important to understand what data integrity really means in order to be compliant. Data integrity refers to the fact that data must be reliable and accurate over its entire lifecycle. Data integrity and data security go hand in hand, even though they’re separate concepts. Uncorrupted data (integrity) is considered to be whole and then stay unchanged relative to that complete state.
Maintaining or keeping data consistent throughout its lifecycle is a matter of protecting it (security) so that it’s reliable. And data that’s reliable is simply able to meet certain standards, with which compliance is necessary. For example, the FDA uses the acronym ALCOA to define data integrity standards and to relate to good manufacturing practices.
Data is expected to be:
- Attributable – Data should clearly demonstrate who observed and recorded it, when it was observed and recorded, and who it is about.
- Legible – Data should be easy to understand, recorded permanently and original entries should be preserved.
- Contemporaneous – Data should be recorded as it was observed, and at the time it was executed.
- Original – Source data should be accessible and preserved in its original form.
- Accurate – Data should be free from errors, and conform with the protocol.
How can data integrity risks be minimized?
In today’s marketplace, companies need to feel confident that there is no loss of quality when using computer systems. To accomplish this, there are effective strategies that companies may implement to manage their data integrity risks and ensure their data respects the ALCOA principle. By moving from a reactive to a proactive way of thinking, the following key requirements and controls may be put in place to ensure data integrity and minimize risk for your organization.
1. Ensure all computer systems are 21 CFR Part 11 compliant
21 CFR Part 11 is an FDA regulation that applies to electronic records. It is required to ensure that electronic records are trustworthy, reliable, and equivalent to paper records. All computer systems that store data used to make quality decisions must be compliant, making it a perfect place to start with data integrity.
A Software Development Lifecycle methodology helps oversee that quality related tasks are performed to address pertinent lifecycle phases from software development, software testing, integration, and installation to ongoing system maintenance. All computer systems should be appropriately developed, qualified, tested, and assessed on a regular basis.
Software validation provides documented evidence to deliver assurance that a specific process consistently produces a product that meets its pre-determined specifications and quality attributes. To ensure your system can be validated, it is key to work with vendors that provide validation.
A secure, computer-generated, time-stamped audit trail records the identity, date, and time of data entries, changes, and deletions. Audit trails ensure the trustworthiness of the electronic record, demonstrate necessary data ownership, and assure records have not been modified or deleted.
Automated inspection software can help verify important documents to ensure their accuracy. Manual proofreading or inspections are proven to be inefficient and often cannot assure that files are error-free.
6. Secure your records with limited system access
All systems should require a login with at least two unique pieces of information and provide access only to required individuals to guarantee data integrity.
7. Maintain backup and recovery procedures
A backup and recovery strategy is necessary in the unexpected event of data loss and application errors. This procedure ensures the reconstruction of data is achieved through media recovery and the restoration of both physical and logical data and creates a safeguard to protect the integrity of your database files.
8. Design a Quality Management System with SOPs and logical controls
A Quality Management System with Standard Operating Procedures builds quality into the process by systematically controlling the process. It is essential to write and follow good effective procedures to ensure clear accountability.
9. Protect the physical and logical security of systems
Controls are needed to protect the physical and logical security of your systems, change management, service management, and system continuity. This will assure continuous development for your organization and support of systems.
10. Establish a vendor management qualification program
It is important to evaluate all vendors supplying products to certify that the products are quality products that meet needs (such as validation services). A continuous appraisal is required following the initial evaluation. Often asking what data integrity procedures your vendors have in place will help with your own organization’s data integrity practices.
11. Properly train users and maintain training records
Users should be properly trained so that they have the right education and expertise to perform their job competently. Documented training records provide this proof.
12. Conduct Internal Audits to evaluate controls and procedures
Internal audits ensure that all procedures are followed and that continuous improvement is emphasized.
Data integrity success
If you are reading this article, you are most probably aware of how important it is to ensure your data is not compromised. The impact of dangerous data can have resounding consequences on any organization no matter the size. However, if data integrity is thought of as a process, the data infrastructure can become an asset instead of a liability.