Version 1.6.1
David Trew
Consulting Ltd
5 Risk Assessment and Management
The current regulatory and quality climate is centred around the assessment and management of the risks associated with the failure of quality systems. A number of risk assessment tools can be applied, however, one of the most common is Failure Mode and Effects Analysis (FEMA). This entails:
i. Identifying the potential consequences of an event and assessing the severity of those consequences. This can be done from the perspective of the patient or customer, regulatory consequences and the impact on the business.
ii. Estimating the likelihood of an event occurring
iii. Estimating the likelihood of detecting the event
These three components are then combined to give an overall risk factor.
The severity of a data integrity issue can be assigned to one of three categories14:
High severity should be assigned where there is a significant risk of harm to a patient, such as:
Fraud, misrepresentation or falsification of data.
Concealment of a product failing to meet specification at release or within shelf life.
Reporting of a ‘desired’ result rather than an actual out of specification result when reporting of QC tests, critical product or process parameters.
Medium severity should be assigned when a practice could impact on the product, but with no risk to patient health, or where there is no impact on the product but there is evidence of widespread failure, such as:
Data being miss-
Reporting of a ‘desired’ result rather than an actual out of specification result when reporting of data which does not relate to QC tests, critical product or process parameters.
Failures arising from poorly designed data capture systems (e.g. using scraps of paper to record info for later transcription).
Bad practices and poorly designed systems which may result in opportunities for data integrity issues or loss of traceability across a number of functional areas (QA, production, QC etc.). Each in its own right has no direct impact to product quality.
Low severity should be assigned when there is no impact on the quality of the product or limited evidence of failure, such as:
Bad practice or poorly designed system which result in opportunities for data integrity issues or loss of traceability in a discrete area.
Limited failure in an otherwise acceptable system.
Estimating the likelihood of some events occurring presents some challenges. This is particularly so when the initiator of an event requires dishonesty of an individual. This is the reason why installing the data integrity and quality culture, discussed in Section 5.3, is such a key activity.
The greatest opportunity to mitigate the risks associated with data reliability is to maximise your ability to detect data integrity events. This can be done by installing audit trails on computer systems and instituting rigorous quality review of all key data and records, with a particular focus on reliability and trustworthiness.
6 Training Strategy
A comprehensive training program is a key element of the data integrity strategy. All new members of staff must be inducted into the organisation’s data integrity and quality culture before commencing routine work. In addition, all members of staff should receive regular current awareness training on trends in data reliability and trustworthiness, such as the practices that undermine data integrity. In addition, all staff should receive training in the fundamentals and principles of data integrity discussed in Chapters 2 and 3 of the first paper in this series.
Training should also be given those charged with reviewing and assuring the reliability and trustworthiness of data and records. This should include instruction on to detect potential integrity issues and attempts to fabricate and falsify data. In particular, training needs to be provided on how to review and interrogate audit trails.
7 Strategies for Assuring the Integrity of Electronic records
In the modern business environment much data and many records are created in electronic format. Electronic records in the pharmaceutical industry are regulated by Annex 11 in the European Union and Pharmaceutical Inspection Convention countries, and 21 CFR Part 11 in the United States. Assuring the integrity of electronic records presents some particular challenges, such as, in the absence of appropriate controls and safeguards, it is possible to:
Alter and manipulate records without leaving any evidence of the change
Both intentionally and accidentally delete records leaving no evidence the original record ever existed
Lose all electronic records held by a system in the event of a computer crash
In light of these challenges it is imperative that adequate controls and safeguards are established. These would usually include implementing policies and procedures to.
i. Restrict access to computer systems to authorised personnel. This is usually achieved by allocating each user an account on a computer system which is specific to the individual user and must be for their sole and exclusive use. This will allow the organisation to attribute electronic records unambiguously to a specific individual. Computer accounts must not be shared between different users, such as group accounts, as this will undermine the ability to be able to attribute e-
ii. Establish adequate access and e-
iii. Establish controls to prevent passwords being discovered by someone other than their authorised user such as: minimum length, complexity, expiry and re-
iv. Create Different types of accounts for different roles. In particular, users should only be assigned privileges necessary to perform the tasks associated with their assigned roles. For example, on a chromatographic data system; laboratory staff performing analysis should be allocated privileges to create sequence, method, raw data, result and report files; process data etc. But will not have the privilege to create, suspend and disable user accounts, reset locked accounts, move or delete files, these functions are assigned to an administrator. Also, supervisors or data reviewers should only be allocated the privileges necessary to review sequence, method, data and audit trail files. But should not be able to create sequence, method, raw data, result and report files or reprocess data.
v. Ensure audit trails are establish and activated on all computer systems that handle and/or store records of activities, associated with legal, regulatory or key business functions should be equipped with activated audit trails. These audit trails should record all activities carried out or records created and any changes made to those records. In addition, audit trails should record
what was entered, processed or changed
The date and time of activity
Who performed the activity
The reason for the activity
Audit trails must not be disabled or altered under any circumstances, doing so will seriously undermine the integrity of your records. Audit trails must be appropriately reviewed during record and data review activities.
vi. Ensure, before allowing access to a computer system, that all users are certified as proficient with the system’s use. In addition, a list of all current and past authorised users, together with their associated privileges should be maintained for all computer systems. This will also facilitate compliance with GMP, GLP and ISO requirements.
vii. Ensure all records, created by a computer and maintained by a computer system, are defined together with the purpose of the record. It is particularly important to identify which records are considered raw data that are used to make quality decisions. Changes to the system should be controlled through the usual change management processes
viii. Create back up and achieve strategies
ix. Create policies and procedures to control removal of files from a server.
8 Electronic Data Security on Standalone Computers
The use of computers that are not connected to the corporate net present some particular risks. When data is stored on a standalone computer it is often stored on the computer’s hard disk drive along with the files for the operating system and other programs. If an error develops in the operating system, it is possible all the stored data will be lost.
Standalone computers present risks if data needs to be transferred to another computer. Transferring data from standalone computers is often done using Universal Serial Bus (USB) devices. However, this can present significant risks of data loss, due to their small size and ubiquity, USB drives are often not well controlled and are hard to track physically. They are often stored in bags, backpacks, laptop cases, jackets, trouser pockets, or left at unattended workstations. Thus, there is significant risk they could be misplaced and lost. A further significant vulnerability is the introduction of malware that could compromise all of the data stored on a network. If you do need to use USB devices to transfer data from standalone computer who should establish appropriate controls for their use. For example:
Avoid copying particularly sensitive personal data information on a USB device.
If you absolutely must put sensitive information on a USB device, encrypt it first. Well-
Use secure devices. Some other devices have built-
Only permit specific designated USB devices which have been individually marked with a specific identifier.
Establish controls to track their use and location.
Although it is possible to establish all the controls discussed in Section 5.2 on a standalone computer. It is not possible to remotely monitor activity on a standalone computer in real time. Thus, an attempt to gain unauthorised to a standalone computer, resulting in an account lockout due to consecutive failed login attempts, will not be detected until the authorised user attempts to logon.
A further issue with standalone computers is that backing up data generally cannot be carried out without human intervention especially if the data is being backed up onto a CD with a maximum capacity of 4.7 GB, would require someone to change the disks if large amounts of data needed to be backed up.
Although consumer and industry level Blue-
Page
Page