Data integrity is a very popular concept in the pharmaceutical industry. All regulatory bodies required authentic, accurate, complete and trustworthy data.
FDA’s general requirement is that, keep data in an unaltered and secure manner. So, the pharmaceutical industry secures its data in such a way that data should be unaltered. Only responsible and authorized person can able to handle data.
Hence, the pharmaceutical industry keeps restriction on data to maintain accuracy, reliability, trustworthiness of data.
Now, technology is playing the most important role in the pharmaceutical industry. Most of the work like testing, manufacturing is done by machinery. Hence, for data security reason, the industry provides a unique username/user ID and password to all authorized employee who is responsible for that respective work.
Importance of data integrity and Access control in Pharma industry
1.0 What is data?
Data is facts, figures, and statistics recorded or generated (collected) during the GXP activity.
2.0 Type of data
2.1 Raw data – Means original data but this concept used in the non-clinical study or in QC laboratory.
2.2 Source data – Means original data but this concept used in a clinical study.
2.3 Metadata – Contextual information about the data. Data which indicates attributes (Specialty) of other data and gives reference and meaning of that other data. An audit trail is the type of metadata.
3.0 What is data integrity?
Completeness, accuracy and consistency of data is data integrity. Follow the ALCOA+ principle to maintain the integrity of data.
ALCOA+ is Attributable, Legible, Contemporaneous, Original, Accurate and ‘+’ for Available, Enduring, Complete, Consistent.
4.0 Importance of a user ID and password/access control in data integrity?
Almost all manufacturing, testing, packing activity is based on the equipment and instruments. Most pharmaceutical equipment and instruments having security issues. To maintain the security of data in the pharmaceutical industry, provide unique username/ user ID and password to all the authorized employees. Control on accessing the work on the instrument or equipment. This instrument and equipment may have a computerized system or PLC system or audit trail. So, here we are focusing on some of the factors which help to built trust in the data generated in the pharmaceutical industry.
4.1 Username and password or Access control
All equipment and instruments required access control to protect data from the unauthorized person to minimize the chance of data alteration and data destruction.
If access is limited, controlled manner then more chances of the data security/protection.
Access control is considered an important pillar of data/information security.
Authentication and Authorization are two parts of the Access control system.
4.1.1 Authentication is verifying the identity of a user or person that is accessing the system. The goal of authentication is also determining the location of the system and the way the resource is being accessed.
Authentication help to identify accessing location /system or working hours of person. Its confirmation of the physical availability and working time of that person.
Example – Entry and exit procedure in a restricted area by Fingerprint reader or punch card.
4.1.2 Authorization is permitting, limited, controlled, or restricting access to the information based on the role and responsibilities. – employee, administrator, or manager.
2. Testing method setting access –
Analyzed by a person only access for testing or analysis. So, unable to alter the test method and its parameter.
Test method and its parameter change access only available to the Head QC.
Test method approval/rejection access is available to Head QA.
In above example person having limited access based on the role and responsibility of that person.
4.2 Benefit of Access control/Username and password
4.2.1 Assurance of Presence/Availability/attendance of an authorized person:
If any a system having access control then only authenticate and authorized person able to start the respective work. It indicates the physical presence/availability of that person. So, the person who is working in the access control area or system is totally responsible for that activity.
4.2.2 Assurance that access by Trained/qualified/Authorized person:
Access control provides assurance of the person who is working in the area/system is trained and allocated for that section. The organization trained and decide the responsibility of the respective person before authorization for that activity. An only authorized person able to enter, operate, handle the restricted area/system.
4.2.3 Username and password is an Electronic signature/ E-signature:
Username and password are considered as electronic signature and electronic signature is equivalent to a handwritten signature. So, do not share your username and password anyone to avoid misuse, miscalculation, manipulation. Electronic signature mostly used during electronic documentation, quality management system, analytical instruments like HPLC, GC, UV spectrophotometers etc.
The person who has a username and password. He/she is totally responsible for the activity or the results obtained.
Electronic signature looks like below:
|Format of Electronic Signature / E-Signature|
4.2.4 To maintain the confidentiality of data
Some information or data in the pharma industry is confidential. Only can share or access with few individuals in such case also username and password required to prevent confidentiality of data. To protect data from the other proper authentication and authorization provided.
4.2.5 To maintain the Integrity of data
Username and password required to maintain data integrity and to protect safety, purity, identity, strength, quality, accuracy of the product. The integrity of data to be maintained by preventing unauthorized access, modification, destruction. This kind of alteration in pharma is considered a major quality issue and organizations take strict action against employees. If any kind of alteration in data found to the regulatory bodies during the audit then action will be taken against the organization.
Strictly follow the ALCOA+ principle to maintain data integrity. Data should be clear, readable, accurate, complete, prompt, original, data generated by whom and all persons involved in the activity must sign the record. Alteration should be capture by the audit trail.
4.2.6 To generate trustworthy data
Access control provides assurance about data accuracy and trustworthiness.
5.0 Access control required in pharmaceutical area/system (but not limited)
5.1. Entry-exit procedure
5.2. Clean Room area
5.3. Powder processing area
5.4. Documentation system (software issuance e.g. CFS, TcU)
5.5. QMS system (Trackwise)
5.6. Operational system (SAP, SCADA, PLC etc.)
5.7. Analytical instruments (HPLC, GC, UV spectrophotometer, particle size analyzer etc.) and LIMS software
5.8. Operational area (granulation, compression, coating, QC, filtration, mixing, sterilization, dispensing etc.
5.9. Training program software-based
5.10. Handling audit trail
5.11. Documentation storage area
5.12. Retained sample area
5.13. Rejected product area
5.14. Label printing area and software
6.0 Risk of sharing username & password or access control
6.1. Chances of misuse, manipulation, modification, destruction of data by an unauthorized person.
6.2. Unauthorized person may not qualified/authorized/trained for that activity.
6.3. Chances of the major issue/problem with the safety, identity, strength, purity, quality, accuracy of the product
6.4. Electronic signature is equivalent to a handwritten signature. It means the person who has the username and password. He/she is responsible for that activity. If after sharing a username and password any integrity issue found, then management act against an authorized person only.
6.5. Risk with ALCOA+ principle (data integrity)
6.6. To secure the confidentially of data
6.7. Wastage of time and money of the organization
6.8. Risk of regulatory bodies strict action on organization
PLC – Programme logic control
TcU – Team center unified
SAP – Systems, Applications, and Products
LIMS – Laboratory Information Management System
CFS – Controlled Form System
SCADA – Supervisory Control and Data Acquisition
HPLC – High performance/pressure liquid chromatography
GC – Gas chromatography
UV – Ultra Violet
1. Why is access control important in healthcare?
Access control is required to avoid alteration, manipulation in recorded data, protection of recorded data. So, trustworthy, reliable, accurate data is generated and recorded into the system. Ultimately, maintain the integrity of data.
2. Why is username and password Important?
1. Secure and protect your data
2. Avoid risk-related data like alteration, manipulation without permission.
3. Maintain confidentiality of data
4. Protect from unauthorized access
3. What is a username?
Username is an identity created for the system. So, the system recognizes your identity and gives you permission for access.
4. What is a password?
Password is code that protects the identity of a user or person that is accessing the system.