+ All Categories
Home > Documents > Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The...

Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The...

Date post: 23-May-2020
Category:
Upload: others
View: 8 times
Download: 0 times
Share this document with a friend
21
Implementation of Data Integrity Guidance Requirements Jason Wakelin-Smith, Lead Senior GCP & GLP Inspector
Transcript
Page 1: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

Implementation of Data Integrity Guidance Requirements

Jason Wakelin-Smith, Lead Senior GCP & GLP Inspector

Page 2: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

2

A Quick Fix?• Understand the basics!• Understand the terminology!

• Organisation-wide implementation required• Cultural challenge• Technical challenge• Potentially significant changes ahead

• Multi-disciplinary input required• Management input required

Page 3: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

3

Data Integrity - ConceptsData lifecycle - “All phases in the life of the data (including raw data) from initial generation and recording through processing (including transformation or migration), use, retention, archiving, retrieval and destruction”

• Collection• Processing• Reporting• Review• Archival

Data Lifecycle

Page 4: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

4

Data Integrity - ConceptsData Governance – “The sum total of arrangements to ensure that data irrespective of the format in which it is generated, is recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle.”

• Process & Systems• Ownership• Monitoring/Audit• Environment• Training

Data Governance

Page 5: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

5

Define Your ‘Universe’(AKA an Exercise in Process Mapping)

SystemsProcessesEquipment

People / Roles

Data TransfersInteractions / Touchpoints

Internal Imports / Exports

External Imports / Exports

Time CriticalityProcess Criticality

Data Criticality

Page 6: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

6

A Complicated Picture?

Page 7: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

7

Next StepsUnderstand the use of your data at each step in the map:• What is the data used for?• What existing controls exist?• What oversight measures exist?• What potential risks exist?• Rationale for the decisions

made?

Page 8: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

8

Critical Data?Not all data is equal!

Data criticality is determined by its intended use

Expectation that risk management principles used

Page 9: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

9

Data Integrity Risk AssessmentAssessment of the vulnerability of the data to unintentional or unauthorised changes and the likelihood of detection

What can be done to mitigate the risks?• Control measures• Automation & validation• Awareness of potential problem areas àincreased scrutiny

Residual risks remain – how to acknowledge and control

Page 10: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

10

Data Criticality ExampleWhat is the data used for?• Determining whether an

analytical run is acceptable (e.g. QC values / calibration curve)

What existing controls exist?• Defined acceptance criteria• Defined analytical parameters• Instrument settings defined in

method

Page 11: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

11

Data Criticality Example (2)What oversight measures exist• Analytical run review and management approval• Audits

What potential risks exist?• Sample manipulation• Multiple sample acquisitions• Integration parameters altered (impact on calibration curve) • Data transfer (selection of results vs automated transfer)

Page 12: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

12

Data Criticality Example (3)Rationale• QA have access to raw data & appropriate training• Independent data review and approval• No selection of results as automated transfer• Audit trails• Instrument permission settings• Acceptance that data integrity measures are unlikely to stop someone

who is determined to falsify data but they should make it much harder to do and easier to detect

Page 13: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

13

Audit Trail Considerations• Know what audit trails exist and what they cover• Understand what is ’normal’• Understand the system terminology

• Data Integrity expectations – not a forensic approach• ? Review by exception• ? Targeted review based on run and study data

• If only audit the audit trail – then are you too late?

Page 14: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

14

Food for Thought: Cals and QCs (1)

How is this controlled? How would you know what approach was used?

Page 15: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

15

Food for Thought: Cals and QCs (2)

Can your process or systems allow this to happen and could it happen?Would your systems and processes permit or identify this?

Page 16: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

16

‘Red Flags’• Controls not activated• Stand alone systems• Manual data recording• Local data storage• Manual data transfers• ‘Opaque’ data• Shared log-ins

Page 17: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

17

Quality AssuranceTo include assessment of both technical and GCP aspects

QA Staff• Knowledge• Access• Time / people• Control step in the process!• Report?

Page 18: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

18

Trying to avoid this…None of the instruments or associated software within the laboratory had been configured to enable individual user accounts and to ensure appropriate data integrity controls.

• The software version used did not permit access to the ‘User Set Up’ functions stating that this functionality was only ‘available in the secure edition of the software’. This indicated that functionality to control individual user permissions was available within the software albeit in an additional module.

• The Scientist was both an analyst using the analyser and the system administrator with full rights to modify users and instrument settings.

Page 19: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

19

Trying to avoid this (2)

• Analysts using the computer associated with the system had access

to the Windows folder where CSV files containing the acquired

analytical data would be stored. It would therefore be possible to

manipulate and resave this data outside of the instrument software.

• The software version used with the instrument gave the user the

option of turning off the connection to the LIMS and to amend the

folder where the data for uploading would be found. It was therefore

possible for the analyst to stop the upload, amend or replace the

dataset and then upload to LIMS.

• It was possible to change the system date and time settings

Page 20: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

Any Questions?

Page 21: Implementation of Data Integrity Guidance …...4 Data Integrity -Concepts Data Governance –“The sum total of arrangements to ensure that data irrespective of the format in which

21

© Crown copyright 2018

About copyrightAll material created by the MHRA, including materials featured within these MHRA presentation notes and delegate pack, is subject to Crown copyright protection. We control the copyright to our

work (which includes all information, database rights, logos and visual images), under a delegationof authority from the Controller of Her Majesty’s Stationery Office (HMSO).

The MHRA authorises you to make one free copy, by downloading to printer or to electronic,

magnetic or optical storage media, of these presentations for the purposes of private research, study and reference. Any other copy or use of Crown copyright materials featured on this site, in any

form or medium is subject to the prior approval of the MHRA.

Further information, including an application form for requests to reproduce our material can be found at https://www.gov.uk/government/publications/reproduce-or-re-use-mhra-information/reproduce-or-re-use-mhra-information

Material from other organisationsThe permission to reproduce Crown copyright protected material does not extend to any material in

this pack which is subject to a separate licence or is the copyright of a third party. Authorisation to reproduce such material must be obtained from the copyright holders concerned.


Recommended