Ensure data integrity for QMS, DMS, and LMS integration
Data integrity plays a vital role in the pharmaceutical and life science sectors. It is typically important in describing patient safety, production process, and the final product quality. The data integrity of this whole process proves the integrity of the pharmaceutical company as a whole. Hence, regulated industries ensure data integrity as a part of GxP for all software solutions used internally such as DMS, QMS, and LMS.
Impact Systems help companies drive value through integration ensuring to maintain the data integrity defined by FDA (21CFR 211.192, 211.194, 212.50, 212.70.f.vi and EMA Guidance GMP)
What is Data Integrity?
Data integrity is the process of maintaining, validating, and assuring the accuracy of data in its complete life cycle. It is a key factor in regulated pharmaceutical and biotech industries to ensure the whole process meets the required quality standards.
Data integrity as a whole process is critical to design and implement. This involves the creation of data, processing it, storing it, and retrieving it when required. The data must also be protected from any accidental or intentional changes, unauthorized access, duplication, and deletion.
Data integrity is not always related to industry manufacturing/quality processes. It also involves activities related to software development or software solutions used by companies like for DMS, LMS, QMS, etc.,
6 Ways to ensure data integrity:
Data related to data integrity include instructions and reports in the process of producing a drug. The reports are necessary to reconstruct any regulated activity or decision, if any. These requirements must be considered in addition to those requirements dictated by the 21 CFR Part 11 Predicate Rules and (GxPs) covering the regulated business process. These requirements must be evaluated and included in the relevant requirements document as appropriate for the system and business process. In some cases, these requirements may need to be addressed within both the user and the system requirements documents.
Below are the technical and procedural controls that define the current regulatory requirements to ensure the data integrity of records generated in the business process.
Operational:
1. Use systems that are GxP compliant to ensure protocols address data quality and reliability.
2. Validated systems and solutions require a validation environment to ensure that records electronically transferred into the system are accurate.
3. System must also ensure the sequencing of steps and events.
4. System must employ device checks where appropriate, to determine the validity of the source of data input or operational instruction.
Data Life Cycle:
1. The system must ensure integrity (ALCOA, CCEA) throughout the life of data.
2. Back up and save all electronic data including archives and metadata to a secure location
3. The frequency of back-up, the nature of the back-up (full/incremental), and the length of time the backups are retained and recorded for periodical monitoring
4. The system must be able to provide accurate and complete copies of GxP electronic records in both human-readable and electronic form
Audit trail:
1. Audit trail is a sequence of events that records all associated data like event logs, history files, database queries, reports, in both human-readable form and electronically
2. The system must unambiguously link electronic records with any associated audit trails.
3. It must be an indelible record of all the data, including the edits or changes made in the file.
4. Review of an audit trail must answer 4Ws: When, What, Who, and Why. These are critical and related to business processes, patient safety, or product quality.
5. It must be ensured that all these actions are performed by an authorized user.
Security/Access:
1. Ensures that all these actions are performed by an authorized user.
2. Ensure the systems you use like QMS, DMS, or LMS are defined as the frequency, roles, and responsibilities to authorized users.
3. The system must also ensure the confidentiality of the system records
4. The system must ensure that generic administrator access is not provided; rather specified to a specific individual restricting access to the minimum number of people
Retention/Archival:
1. Back up and save all electronic data including archives and metadata to a secure location
2. The system must provide a mechanism to preserve the meaning of the original electronic data set, including its dynamic format that would allow the data to be reprocessed, queried, and/or tracked and trended electronically as needed.
CSV (Computer System Validation):
1. GxP electronic records created, processed, stored, or reported must be identified/defined.
2. System configuration settings must be defined, tested, and protected from unauthorized access and managed under change control
