Various industry influences have challenged how we, as scientists, and quality control professionals approach the protection and security of the data we collect during the manufacture and release of products impacting human and animal health. One key influence is the general shift of industry from paper-based data collection systems to fully integrated electronic data collection platforms with traceability from raw material to QC laboratory to final finished product. This shift has changed the way we operate in the industry and has allowed for great improvements in product quality, manufacturing capacity, and organizational efficiency.
Electronic systems have also altered the way we generate and store data, which has impacted our compliance stance with world regulators around the integrity of that data. Updated and released at the end of 2018, the United States Food and Drug Administration (FDA) published a comprehensive guidance for the industry in the form of a question and answer document, for current Good Manufacturing Practices (cGMP), around compliance with data integrity regulations in the laboratory and beyond. Let’s keep in mind that the data we collect in the laboratory to determine product quality ensures that we can establish that our products will be safe for the patients that we serve. As laboratory professionals in the industry, what questions should we be asking to ensure our electronic systems are up-to-date and compliant?
Who has access to my electronic systems?
Answering this question has always been important with regard to data and electronic systems. For example, with electronic banking systems, it’s important that only the person who owns the account has access to the information due to the sensitivity and security of financial and social security numbers. It’s also important for laboratories to identify who should have the ability to generate data, access to review generated data, and more importantly, who within the laboratory can modify or delete various data sets and records. To facilitate the needs of the business, all the following tasks could be necessary, but there needs to be a strategy to control them. Most of the time this strategy is executed with a mixture of software design and laboratory procedure around different levels of user access and each user’s role within the software platform. Passwords restrict unauthorized access to the software itself; user levels restrict who can perform various tasks in the software and who has access to generated data; and defined roles and responsibilities have the added benefit of proceduralizing this strategy for the laboratory and the organization overall.
Can I recover from a disaster?
When most of us consider disasters, we first go to the natural ones like tornadoes, hurricanes, wildfires, or earthquakes. While these are important events to keep in mind when planning recovery efforts for laboratory data, it’s important to also consider how you would respond to something like a prolonged power blackout or a network hacking event. In these circumstances, large portions of data could be inadvertently lost or stolen. In the pharmaceutical industry, it’s universal to back up paper and electronic manufacturing records critical to quality attributes or laboratory quality control data. Redundant controls allow organizations to return to a normal operating state after a major event takes place where loss of data has occurred. It’s important for laboratories to consider ease of backup and restoration of data when evaluating electronic data platforms for validated use.
How do I know when a change has been made in my system?
Audit trails are an important part of every electronic data platform in every industry. They allow laboratories to investigate and respond to events that do not typically take place in the process of creating, storing, and reviewing quality control data and records. Audit trails capture information including the creation or changes of records and files, and deletion of important laboratory data. In the event that an action is taken inside any software, there is a good chance that it is recorded in the audit trail. It’s no surprise then that audit trails can carry with them thousands of lines of data, which the laboratory must store, backup, and even review. It’s important to have an audit trail that fits the structure and daily operations of the laboratory, and it needs to add value by making the laboratory more efficient. One way that an audit trail can add value is by having a function that makes it fully searchable. Searchable audit trails allow laboratories to review them efficiently and effectively by only drawing the reviewer’s attention to well defined events that need to be investigated.
These are some of the items to consider when incorporating an electronic data collection platform into your data integrity strategy. As manufacturing standards continue to evolve around data integrity, ensuring your electronic system is compliant will become increasingly important. Our team of product specialists can help you address data integrity and guide you toward the best solutions for your requirements.