Not all data or processing steps have the same importance to product quality and patient safety. Risk management should be utilized to determine the importance of each data/processing step.
An effective risk management approach to data governance will consider:
1. Data criticality (impact to decision making and product quality) and
2. Data risk (opportunity for data alteration and deletion, and likelihood of detection / visibility of changes by the manufacturer’s routine review processes).
The risk assessments should consider the vulnerability of data to involuntary alteration, deletion, loss (either accidental or by security failure) or re-creation or deliberate falsification, and the likelihood of detection of such actions.
Consideration should also be given to ensuring complete and timely data recovery in the event of a disaster. Control measures which prevent unauthorized activity, and increase visibility / detectability can be used as risk mitigating actions.
Data Integrity Risk Assessment Checklist
- Process complexity (e.g. multi-stage processes, data transfer between processes or systems, complex data processing);
- Methods of generating, processing, storing and archiving data and the ability to assure data quality and integrity;
- Process consistency (e.g. biological production processes or analytical tests may exhibit a higher degree of variability compared to small molecule chemistry);
- Degree of automation / human interaction;
- Subjectivity of outcome / result (i.e. is the process open-ended vs well defined);
- Outcomes of a comparison between electronic system data and manually recorded events (e.g. apparent discrepancies between analytical reports and raw-data acquisition times); and
- Inherent data integrity controls incorporated into the system or software.
Reference:
- PIC/S Guidance on Good Practices for Data Management and Integrity