Data Integrity (DI), a vital part in the Compliance Framework of Life Science Companies, is mostly associated with GxP, but, it also applies to Information/IT-Security and Data Privacy. Take patient data of clinical studies, for example.
Data Integrity in general
Data Integrity is the maintenance and assurance of the accuracy and consistency of data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes, or retrieves data.
Data Integrity in the GxP-Environment
Data Integrity presents a major challenge to biotechnology and pharmaceutical companies as information needs to be properly recorded, traced, and reported to provide proof to regulatory authorities that products have indeed been produced according to the recognized protocols. In the GxP-Environment, Data Integrity follows the ALCOA principles published by the FDA and is one of the three Quality Management Core stones along with “Patient Safety and Product Quality”. In the Life Science industry, it is currently a hot topic due to increasing FDA citations which mostly arose from falsified data in laboratories.
In this environment different procedures and technical installations are required to ensure Data Integrity and provide written evidence that data integrity is ensured. Examples include:
- Audit Trail
- Data Flow visualizations
- Data Integrity Risk Assessments
- “Documentation of activities at time, when performed”
- “Backup Data are exact and complete” and “secure from alteration, inadvertent erasures, or loss”
Data Integrity in the Information/IT-Security-Environment
As more and more parts of our private and business lives become computerized, Data Integrity is gaining increased importance and also for non-GxP-Systems. In Information Security, which includes IT-Security, Data Integrity is just as important as Confidentiality and Availability to ensure secure systems and data. As in GxP, Data Integrity is hard to measure if you do not have sufficient controls in place. In the Information Security World, Data Integrity ensures the accuracy of data used in processes and transactions.
Just as in the area of GxP, any company that is not sure of the integrity of its data cannot be sure that critical operations are being carried out properly, that correct decisions are being made, or that the appropriate goods and services are delivered to customers and received from suppliers.
In addition, in IT-Security data integrity is necessary for non-repudiation—the ability to ensure the authenticity and accuracy of agreements and transactions.
Within the GxP field, Data Integrity focuses more on the reporting site, whereas, in IT-Security, Data Integrity also applies to the actual processing. Think about a Pharma Production Line, where the SCADA Monitoring system in a control room says: “everything okay”, but the production line already blew up.
To enable good Data Integrity practice in the Information Security world, the following principles should be applied (which are very similar to the ones used in the GxP field):
- Use an Audit Trail to log all system activities and reason why they were performed
- Taking ownership of data and accountability for data integrity
- Access rights and privileges based on “need to know” and “least privilege”
- Segregation of Duties
Data Integrity in the Data Privacy-Environment
In the Data Privacy Area Data Integrity is also important. In two articles of the EU-GDPR, data Integrity is mentioned:
Article 5 Chapter 1f: Personal Data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
Article 32 Chapter: …the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: …(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
Data Integrity in this context means, for example: That stored personal information is not falsified during a transfer from one system to another and result in harm to a natural person (data subject).
Where they come together
But where do those Data Integrity principles come together?
They come together, for example, in an electronical Trial Master File (eTMF). Take, for example, the study protocols of patients and medicines which includes personal identifiable information (PII), lab values, dosage form and dosage, etc. As a pharmaceutical company you would prefer that your study data is correct to get market authorization, which can be achieved by Data Integrity.
Author: Florian Schnettelker