Back in June 2021, we emphasized that data integrity is a shared responsibility. The article sparked a lively discussion, highlighting numerous questions and insights. Now, three years later, it’s time to revisit this crucial topic.
Today, we have an array of GxP record solutions, yet paper-based records haven’t entirely phased out. Our electronic record solutions range from on-premise and enterprise systems to cloud-based models like Infrastructure, Platform, and Software as a Service (XaaS), and even Infrastructure as Code (IaC).
We now employ diverse methodologies like CSV and CSA, sometimes simultaneously, while embracing Agile as appropriate to rapidly address software changes and updates. However, as we advance, we must ask: have our data integrity assurance and maturity kept pace with this growth and are those responsibilities appropriately shared?
Data Integrity is often considered the responsibility of the QC department as the laboratory is where the majority of testing records originate and data integrity gaps are sometimes observed.
But, by mapping out business processes and looking at the full data lifecycle associated with GxP records (Data Flow Maps) it becomes clear that data integrity is way bigger than the lab. It is clear that Data Integrity compliance is a multi stakeholder, cross company assurance activity. Keeping pace with technology advancements also means re-evaluating how we look at risk and make risk informed decisions about our computerized solutions. To 'do risk right' we need to involve the right people and this increasingly means Business, IT, Compliance, Validation and Quality obviously leveraging vendor expertse where relevant.
Guidance on Data Integrity (picscheme.org) - 'Data integrity breaches can occur at any time, by any employee, so management needs to be vigilant in detecting issues'
Data may have many owners across the overall data lifecycle including External Vendors, Supply Chain and Warehouse, Manufacturing, Micro Laboratories, QC Laboratories, Product Support Laboratories, Engineering. I'm sure I have missed loads and you're calling them out in your head but this is where 'Everyone's Responsibility' comes in - by having a Data Integrity Culture of Excellence and getting everyone involved in the journey no matter how small their involvement you are building more robust data integrity compliance assurance for patients and consumers.
Poor data integrity can impact not just what you produce but what you plan to produce with forecasting taking a significant hit.
Did I purposely leave out IT from the list above? - maybe I did! Frequently DI is considered the IT departments responsibility because they provide the infrastructure, the IT tools to manage data, and implement IT solutions on the business's behalf. They is no doubt they are DI stakeholders as they provide key tools and play a key role but the buck doesn't stop with them - the data is ultimately owned by the business.
Having conducted Data Integrity assessments at many companies some of the best 'DI' catches have come from the most unexpected places, particularly at companies where everyone was engaged or informed about DI. For example - canteen staff who saw pages left on a restaurant window ledge that contained support data and contacted a site quality representative or DI champion. A cleaner who found results had fallen behind a radiator. and alerted her boss.
A contractor commented that the Server Room door was often left unlocked. As they were not directly employed they were reluctant to comment but did so because the openness DI culture was part of a site vendor induction module. Doing the right thing can be difficult if the open culture isn't encouraged and communicated.
For Data Integrity to be Everyone's Responsibility we need a common language and shared understanding
- an awareness, an informed understanding of what is required - this is often known as a 'Data Integrity Culture' and no matter how big or small the organisation getting the culture right will pay dividends and everyone will get a voice to speak up, speak out and be involved.
The images shown here sum up where we need to be - shared vision and everyone gets a voice
Watch out for our next blog in Data Integrity Everyone's responsibility series - Successful feedback forums for Data Integrity