Data Integrity - To Infinity and Beyond, starting 2023!
Having just welcomed 2023 and watched way too many animated movies (including a household favorite 'Buzz Lightyear'), I realized that sometimes short, sweet and meaningful is the way to go! This Data Integrity snippet hopes to do just that as I examine a few of the challenges we face when ensuring accurate and complete data that we can trust.
In case you are new to this topic - Data integrity refers to the accuracy, completeness, and consistency of data over its entire lifecycle. In Life Sciences we often refer to the Holy Grail of data attributes - ALCOA+ or even ALCOA++ data. You will see lots of definition and explanation around this acronym but here in Figure 1 below is how we describe it during training Data Reliability and Integrity (erasciences.com):
Figure1 Explaining ALCOA+
It's unlikely that we will keep GxP data for an infinite amount of time, but we certainly need to understand upfront what the required lifecycle for our product and supporting GxP data is, what is meant by the + of ALCOA+, Complete, Consistent, Enduring and Available or even the more recently incorporated ++ Traceable!
Referring to FDA's predicate rules and EMAs GMPs and record retention requirements will give you the basics of how long records are required to be retained - it varies depending on record type and criticality.
Data Integrity Challenges at a glance
It's important that we understand who or what our enemies are to achieving data with integrity. (thanks Buzz)
Here are 4 big hitters from 2020-2022 and how they could be avoided as part of your 2023 Infinity and Beyond resolutions:
1. Human error: People may accidentally or intentionally enter incorrect data, or they may delete data unintentionally.
In the case of computerized systems use, effective controls both technical and procedural should be applied to prevent human error unlike Nortec Quimica SA - 639894 - 12/08/2022 | FDA who fell short in 2022.
2. Software bugs: A software bug can cause data to be entered incorrectly, or it can cause data to be lost or corrupted.
Computer system validation is probably the biggest tool in the toolbox to protect against this issue, but we can only test what we know - we focus our testing efforts on the requirements that make our systems fit for purpose. The reality is some bugs just can't be predicted; they are unexpected, unforeseen.
However, a newish kid on the block unscripted testing that allows a more holistic testing approach may help us to detect bugs earlier rather than later. GAMP 5 Guide 2nd Edition | ISPE | International Society for Pharmaceutical Engineering describes unscripted testing. Automated validation testing an even newer kid for Life Sciences may also lend itself well to this bug uncovering process.
3. Hardware failures: A hardware failure such as a hard drive crash can cause data to be lost or become inaccessible.
Prevention in this case, such as effective Application Lifecycle Management (ALM) of computerized systems can help to avoid hardware failures that occur due to aging machines and poorly maintained computerized systems.
Mitigation of the risk associated with computerized system failures is also a regulatory expectation - having backups in place and disaster recovery a key component of overall system administration and lifecycle management will certainly provide a high degree of assurance against data integrity issues associated with hardware or even application failures. Green Wave Analytical, LLC - 630965 - 08/19/2022 | FDA whose data was not securely backed failed to meet regulatory requirements and now have to address multiple gaps associated with data integrity.
4. Cyber-attacks: Hackers can compromise data integrity by altering or deleting data, or by adding false or malicious data.
This is a massive and growing concern for industry where increased digital adoption since 2019 and a more remote workforce leveraging the cloud add to the overall data risk associated with cyber-attacks.
When it comes to cyber-attacks, we actually hear very little about pharma data being compromised until the cleanup efforts are well and truly under way, whereas in everyday life we often feel the real-time impact as it happens.
On 14th May 2021, the HSE in Ireland was subjected to a serious criminal cyber-attack, through the infiltration of IT systems using Conti Ransomware. With over 80% of IT infrastructure impacted and the loss of key patient information and diagnostics, this resulted in severe impacts on the health service and the provision of care.
You can read more at HSE publishes independent report on Conti cyber-attack - HSE.ie
Attacks against passenger air travel increased by more than 15,000% between 2017 and 2018, according to NetScout's research. And NO, the decimal place is correct! these numbers continue to rise each year.
You can read more about LifeSciences cyber-attacks at the links below but Merck who were impacted by NotPetya in 2017 made us all aware that no matter how big or small you are, or how secure you believe yourself to be, protection and prevention are better than cure. Most importantly it's how quickly you can recover based on contingency planning that shows true Hydra like resilience to such data attacks.
NotPetya impacted many companies in addition to Merck and it was well documented in 2017 - we were warned! The Untold Story of NotPetya, the Most Devastating Cyberattack in History | WIRED
2020 saw cyber-attacks on AstraZeneca and Johnson and Johnson that we know of...
Resilience - The Face of 2023
Can these growing data integrity threats be avoided and allow us to have accurate and complete data keeping Buzz happy - it appears that technical and procedural controls on computerized systems, validation determining fitness for purpose, application lifecycle management and a new phrase for Buzz - "To Contingency and Beyond" may need to be our weapons of choice.
Join us virtually or in person if you want to learn more about any of the issues discussed or you want to upskill in key areas associated with data reliability and integrity Home (erasciences.com)