In today's digital age, data is a valuable resource that businesses rely on for making critical decisions, improving customer experiences, and driving growth. However, with the increasing volume and complexity of data, ensuring its accuracy and consistency is becoming more challenging. That's where data integrity comes into play - a process that ensures the accuracy, completeness, and reliability of data throughout its lifecycle. In this article, we'll dive deeper into what data integrity is, why it's important, and how businesses can ensure it.
What is Data Integrity?
Data integrity is the process of ensuring the accuracy, completeness, and reliability of data throughout its lifecycle. It involves preventing unauthorized access, modification, or deletion of data, as well as ensuring that the data is consistent, accurate, and up-to-date. Data integrity is essential for ensuring the quality of data used for business decisions, compliance requirements, and maintaining customer trust.
Why is Data Integrity Important?
Data integrity is crucial for businesses for several reasons:
Accurate Business Decisions:
Accurate data is essential for making informed business decisions. If the data is inaccurate, incomplete, or inconsistent, it can lead to poor decision-making, which can ultimately impact business growth and profitability.
Compliance:
Many industries have strict regulatory requirements for data integrity, such as the healthcare and financial industries. Non-compliance with these regulations can result in hefty fines and legal consequences.
Customer Trust:
Customers expect businesses to handle their data with care and ensure its accuracy and security. A breach in data integrity can lead to a loss of customer trust, which can be challenging to regain.
Reputation:
A data breach or other data integrity issues can damage a business's reputation, leading to a loss of customers and revenue.
How to Ensure Data Integrity?
Here are some ways businesses can ensure data integrity:
Data Governance:
Data governance is a set of policies, processes, and controls that define how data is managed across an organization. It includes establishing data quality standards, data ownership, and access controls. By implementing data governance, businesses can ensure that data is managed consistently and accurately across the organization.
ALSO READ: SOP for Data Integrity
Data Validation:
Data validation is the process of ensuring that data is accurate, complete, and consistent. It involves using validation rules and algorithms to check data against predefined criteria. For example, data validation can ensure that the customer's date of birth is in the correct format and falls within a valid range of dates.
Data Backup and Recovery:
Data backup and recovery is the process of creating and storing copies of data to protect against data loss or corruption. It involves regularly backing up data to a secure location and having a plan in place to recover data in the event of a data loss.
Access Controls:
Access controls are security measures that restrict access to data based on the user's role and permissions. Access controls can help prevent unauthorized access to data and ensure that only authorized personnel can view, modify or delete data.
Data Encryption:
Data encryption is the process of converting data into a code or cipher to protect it from unauthorized access. It involves using encryption algorithms to scramble the data, making it unreadable to unauthorized users.
Regular Audits:
Regular audits can help identify data integrity issues and ensure compliance with data integrity regulations. Audits can include reviewing data quality, data access controls, and backup and recovery procedures.
Conclusion
Data integrity is essential for businesses to ensure the accuracy, completeness, and reliability of data. It involves implementing processes and controls to prevent unauthorized access, modification, or deletion of data and ensuring that the data is accurate, complete, and up-to-date. By implementing data governance, data validation, data backup and recovery, access controls, data encryption, and regular audits, businesses can ensure data
Frequently Asked Questions (FAQ): Data Integrity
1. Digital and electronic signatures:
Q: What is the difference between a digital and an e-signature?
A: A digital signature is attached to an electronic file and not maintained within an electronic system and stays with the data and moves with the data. The signature can be verified by the recipient. An e-signature is executed and maintained within a validated electronic system and stays in the electronic system. The e-signature can only be verified in the source system.
Q: What is the best practice to handle hybrid signature?
(Hybrid signature is mixing handwritten or ‘wet’ signatures and digital signatures/e-signature on the same document)
A: It is the preference to sign off documents fully wet or fully digital. Hybrid signature should be more exceptional if there are no other options.
In that case the handwritten signature(s) must be applied first and afterwards the document can be prepared for digital signature(s). In that way the metadata for the digital signature(s)/e-signature(s) can be maintained. The fully signed electronic document is the official GXP document. (a printout doesn’t contain the metadata and verification of digital signatures/e-signatures can’t be done) The wet or a true copy of the wet signature and e-signed copy must be kept as a linked document in a secure, validated for intended use, environment, in line with the company’s record management policy.
Q: Is it acceptable to use a scanned image of a wet signed document as GXP?
A: It is only acceptable if the scanned image is a verified true copy of the original wet signed record and allowed by your local, legal and regulatory requirements. The wet or a true copy of the wet signature must be retrievable, reproducible and unaltered for the retention period of the record.
Q: How do I need to handle a document with a scanned image of a wet signed document that I also need to sign? (external use, e.g. with third parties, working on different locations)
A: This document can be used if the party who’s sending this scanned document has an established true copy process in place and the scanned document is already verified and attested as a true copy. The sender should have and an established document retention policy in line with your expectations.
Q: How do we handle digitally signed documents in an electronic document management system? (e.g. loading an Adobe digitally signed document into your document management systems without losing the digital signature certificate)
A: The document management system should be validated for this intended use, verifying that the digital signature is maintained in the system and that it is possible to retrieve it when necessary. This process should be defined and documented.
If it is not possible to maintain this digital signature in the system, the digitally signed document should be stored in a secure validated environment.
2. Password management:
Q: How do I define when a password should be entered during a specific operation when data is being recorded?
A: This practice is described in 21CFR11, chapter 11.200 ‘e-signature and components’:
- When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components (= user ID and password or biometrics); subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.
- When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components
Q: Is the storage of passwords in the internet browser allowed for GXP applications?
A: No, ideally this feature should be deactivated in all browsers used for GXP applications.
3. Access management:
Q: Can I use generic accounts for 3rd party support employees? (e.g. lab technicians, on-line support SAP)
A: No. The account should be attributable to the person executing the actions and there should be processes and systems in place to manage this.
4. Record life cycle management:
Q: How to protect critical paper records? Is it necessary to scan all records or is physical protection (fire protected cabinets, location of the paper record archive(s)) sufficient?
A: Records should be protected and retrievable for the appropriate retention period. There is no need to scan under the condition that the documents are stored in a safe and secure environment.
Q: Is it allowed to replace a physical paper archive if your scan your records? Can the paper records be destroyed afterwards?
A: In practice this is possible if the digital copy is a true copy, however you need to comply with local legal and regulatory requirements to decide if you can destroy the paper records or not.
Q: If hardware and/or software packages are not supported anymore (Windows updates, application software), is it possible to print out the electronic data or do you need to keep the ‘old’ systems up and running? (with the risk that you’re not able to see the electronic data anymore in case of soft and hardware errors)
A: A print-out is only allowed if it is a true copy with all raw data and meta-data. In practice this is very difficult. The first option is to migrate those data to an appropriate system. Another option is to create a virtual environment where you can run the legacy system in a validated state and where all data can be retrieved.
5. Various:
Q: How to deal with analytical testing where data is a visual check? (appearance, insoluble matter testing, TLC, …)
A: See table 1 ‘Minimum system requirements based on categories’ in the guide.
Q: Is it allowed to use personal notes in a lab or production environment? (personal notes: containing training info/attention points you documented during training or during discussions with colleagues, …)
A: No. All information needed to perform activities in a GXP environment should be described in controlled procedures and work instructions. Any data supporting a GXP batch must be controlled, maintained and reviewed.
ALSO READ: Audit Checklist for Data Integrity
Tags
Quality Assurance