The previous posts of this series have analysed the evolution of the concept of Data Integrity and its growing importance in GxP audits. We have also analysed the key aspects of data management, both in paper and electronic records, and the steps for the implementation of a Data Integrity culture in companies, presenting an example in this case study by TDV. In the current post about Data Integrity evaluation, we want to talk about how to assess the level of implementation of this Data Integrity culture. This assessment is necessary in both internal audits and supplier audits. In both cases, the output of the assessment will provide the level of confidence we have in our system or that of our suppliers.
Some of the most significant challenges during audits come from the time constrictions. Therefore, the sampling of processes and related data should be very well selected, generally following risk-based criteria. The audit agenda should include some part reserved to explore specific documents and aspects related to data integrity. However, it should be kept in mind that data integrity is a consequence of the culture of the company and therefore will be assessed in combination with all the records reviewed during the audit.
Some key documents that can help us understand the implementations of this data integrity culture are the data integrity policy and the correspondent prospective assessments for the main processes (manufacturing, analytical and quality) with the related action plans.
During the audit the following typical covered points will include the data integrity assessment:
• Training evaluation: Evaluate if Data Integrity training is regularly conducted.
• Computerized Systems Validation (CSV): Evaluate how data integrity is considered in the implementation and validation of new systems.
• Batch Records and other manufacturing / QC documents:
o Evaluate how they are issued and controlled, evaluating the form reconciliation mechanisms. Check if data is written following the ALCOA principles. Check how Audit Trail is actually reviewed.
o Manufacturing or Analytical data review: Select one piece of information and trace back to see if full traceability is maintained with the raw data, methods, personnel involved, etc.
• Plant tour:
o Evaluate if the documentation is really up-to-date with the actions being conducted. Review the quality of documentation before it is reviewed by supervisors to understand how the Data Integrity is considered at all levels of the company.
o Select a computerized system (ideally one the auditor has knowledge of) and check if it has been configured in a way that fulfils data integrity requirements: Check the Audit Trail of the system (availability of full Audit Trail, search for deleted information, unexplained re-processes, etc.). Check the permissions (individual IDs, deleting permissions, administrator account). Check the data files (modifiable, deletion possibilities…) and the recycle bin. Finally check if the time of the PC can be modified.
o Search for a data transfer process and check the availability of double check in SOPs and evaluate it through comparison of a set of records in the source and destination documents or systems.
• Excel spreadsheets: Check the data transfer processes and how attributability of the calculations is maintained. Check how the company ensures that only valid sheets are used for calculations.
These assessments will provide a clear and reliable idea about “data integrity culture” in the audited department or company. This exercise should be performed by high experienced and skilled professionals, sometimes not present in the companies. Outsourcing this task will allow obtaining an accurate Data Integrity review and result evaluation, while members of the organization, auditees and auditors can learn from the process.
Data Integrity is very good indicator of the maturity of quality system and reliability of the operations and data management of the company. Nowadays is an essential part of the audits and should be evaluated as transversal concept that is inherent to all the activities as is part of the culture of the company.
Data Integrity evaluation requires a high level of expertise. At AFA, we have a team of professionals prepared to assist you in the evaluation of data integrity of your suppliers.