When assessing data integrity risks within an organisation, companies may focus immediately on those systems or areas that are the most obvious in this context, such as a particular software, a specific lab system or instrument etc.
Doing so creates the risk of forgetting less visible but still important areas, processes or systems, or of failing to address integrity issues concerning data flows between controlled environments.
It is suggested to approach data integrity in a holistic manner by looking at the organisation from a high-level business process perspective, subsequently diving deeper into underlying sub- processes and only at the end drilling down to individual activities or systems that involve cGxP data.
Read also: Data Integrity Risk Assessment (DIRA)
It should be noted that the proposed approach is suitable not only to assess risks related to systems or processes already present in the organisation but also to proactively evaluate the requirements of new systems.
- Identify the company’s high-level cGxP business processes (or having links to cGxP activities);
- Map each of the CGxP business processes and their sub-processes down to level of process flows that consist of individual activities;
- Identify the CGxP data elements and the way the data flows (IN/OUT) between the different process steps or activities (Data Process Mapping);
- Identify and isolate the individual systems (both paper and electronic) that manage (generate, store, transfer, or process) cGxP data;
- Assign cGxP data to a specific category based on a severity assessment;
- Create a profile of each system based on the way cGxP data is handled by that system (e.g., data generation, storage, processing, transfer, or a combination thereof) and assign a category to the system based on its profile;
- Identify the gap between the “as is” state of the system and the desired state (i.e., the set of data integrity requirements linked to the particular system category); a checklist should be used to accomplish this task;
- Analyse the data integrity risk considering the gaps identified above, which is an assessment of the failure mode, using severity, occurrence and detectability that are part of the risk assessment methodology (e.g., FMEA);
- Establish a remediation plan to remediate the gaps and set priorities based on the magnitude of the risk.
Post a Comment