What is the importance of user ID
and password in data integrity?
Why access control is important in
the pharmaceutical industry?
Data integrity is a very popular concept in the pharmaceutical industry. All regulatory bodies required authentic, accurate, complete and trustworthy data.
FDA's
general requirement is that, keep data in an unaltered and secure manner. So,
the pharmaceutical industry secures its data in such a way that data should be
unaltered. Only responsible and authorized person can able to handle data.
Hence,
the pharmaceutical industry keeps restriction on data to maintain accuracy,
reliability, trustworthiness of data.
Now,
technology is playing the most important role in the pharmaceutical industry.
Most of the work like testing, manufacturing is done by machinery. Hence, for
data security reason, the industry provides a unique username/user ID and
password to all authorized employee who is responsible for that respective
work.
 |
Importance of user ID and password in data integrity/ Importance of Access control in Pharma industry
1.0 What is data?
Data is facts, figures, and statistics recorded or generated (collected) during the GXP activity.
2.0 Type
of data
2.1 Raw data –
Means original data but this concept used in the non-clinical study or in QC
laboratory.
2.2 Source data -
Means original data but this concept used in a clinical study.
2.3 Metadata – Contextual information about
the data. Data which indicates attributes (Specialty) of other data and gives
reference and meaning of that other data. An audit trail is the type of
metadata.
3.0 What
is data integrity?
Completeness,
accuracy and consistency of data is data integrity. Follow the ALCOA+
principle to maintain the integrity of data.
ALCOA+ is Attributable, Legible, Contemporaneous, Original, Accurate and ‘+’ for Available,
Enduring, Complete, Consistent.
Refer
ALCOA+ article for more details.
4.0 Importance
of a user ID and password/access control in data integrity?
Almost
all manufacturing, testing, packing activity is based on the equipment and
instruments. Most pharmaceutical equipment and instruments having security
issues. To maintain the security of data in the pharmaceutical industry,
provide unique username/ user ID and password to all the authorized employees.
Control on accessing the work on the instrument or equipment. This instrument
and equipment may have a computerized system or PLC system or audit trail. So,
here we are focusing on some of the factors which help to built trust in the
data generated in the pharmaceutical industry.
4.1 Username and password or
Access control
All
equipment and instruments required access control to protect data from the
unauthorized person to minimize the chance of data alteration and data
destruction.
If
access is limited, controlled manner then more chances of the data
security/protection.
Access
control is considered an important pillar of data/information security.
Authentication
and Authorization are two parts of the
Access control system.
4.1.1
Authentication is verifying the identity of a
user or person that is accessing the system. The goal of authentication is also
determining the location of the system and the way the resource is being
accessed.
Authentication
help to identify accessing location /system or working hours of person. Its
confirmation of the physical availability and working time of that person.
Example – Entry and exit procedure in a
restricted area by Figure print reader or punch card.
4.1.2
Authorization is permitting, limited,
controlled, or restricting access to the information based on the role and
responsibilities. – employee, administrator, or manager.
Example –
1. System provides limited access for the prepared by a person, reviewed by person, approved by a person. So, maintain the flow of data integrity. E.g. TcU, CFS.
2. Testing method setting access –
Analyzed by a person only access for testing or
analysis. So, unable to alter the test method and its parameter.
Test method and its parameter change access only
available to the Head QC.
Test method approval/rejection access is available
to Head QA.
3. Audit trail –
access for the handling of audit trail only available for the reviewer or the
Head QC. So, others cannot able to change or manipulate the raw data.
In
above example person having limited access based on the role and responsibility
of that person.
4.2 Benefit of Access
control/Username and password
4.2.1
Assurance of Presence/Availability/attendance of an authorized person
If
any a system having access control then only authenticate and authorized person
able to start the respective work. It indicates the physical
presence/availability of that person. So, the person who is working in the
access control area or system is totally responsible for that activity.
4.2.2
Assurance that access by Trained/qualified/Authorized person
Access
control provides assurance of the person who is working in the
area/system is trained and allocated for that section. The organization trained
and decide the responsibility of the respective person before authorization for
that activity. An only authorized person able to enter, operate, handle the
restricted area/system.
4.2.3
Username and password is an Electronic signature/ E-signature
Username
and password are considered as electronic signature and electronic
signature is equivalent to a handwritten signature. So, do not share your
username and password anyone to avoid misuse, miscalculation, manipulation.
Electronic signature mostly used during electronic documentation, quality
management system, analytical instruments like HPLC, GC, UV spectrophotometers
etc.
The
person who has a username and password. He/she is totally responsible for the
activity or the results obtained.
Electronic
signature looks like below:
 |
| Format of Electronic Signature / E-Signature |
4.2.4 To maintain the confidentiality of data
Some
information or data in the pharma industry is confidential. Only can share or
access with few individuals in such case also username and password required to
prevent confidentiality of data. To protect data from the other proper
authentication and authorization provided.
4.2.5
To maintain the Integrity of data
Username
and password required to maintain data integrity and to protect safety, purity,
identity, strength, quality, accuracy of the product. The integrity of data to be
maintained by preventing unauthorized access, modification, destruction. This
kind of alteration in pharma is considered a major quality issue and
organizations take strict action against employees. If any kind of alteration
in data found to the regulatory bodies during the audit then action will be taken against
the organization.
Strictly
follow the ALCOA+ principle
to maintain data integrity. Data should be clear, readable, accurate, complete,
prompt, original, data generated by whom and all persons involved in the
activity must sign the record. Alteration should be capture by the audit trail.
4.2.6
To generate trustworthy data
Access
control provides assurance about data accuracy and trustworthiness.
5.0 Access control required in
pharmaceutical area/system (but not limited)
2.
Clean Room area
3.
Powder processing area
4.
Documentation system (software issuance e.g. CFS, TcU)
5.
QMS system (Trackwise)
6.
Operational system (SAP, SCADA, PLC etc.)
7.
Analytical instruments (HPLC, GC, UV spectrophotometer, particle size analyzer
etc.) and LIMS software
8.
Operational area (granulation, compression, coating, QC, filtration, mixing,
sterilization, dispensing etc.
9.
Training program software-based
10.
Handling audit trail
11.
Documentation storage area
12.
Retained sample area
13.
Rejected product area
14.
Label printing area and software
6.0 Risk of sharing username
& password or access control
1. Chances
of misuse, manipulation, modification, destruction of data by an unauthorized person.
2. Unauthorized person may not
qualified/authorized/trained for that activity.
3. Chances
of the major issue/problem with the safety, identity, strength, purity,
quality, accuracy of the product
4. Electronic signature is equivalent to a handwritten
signature. It means the person who has the username and password. He/she is
responsible for that activity. If after sharing a username and password any
integrity issue found, then management act against an authorized person only.
5. Risk with ALCOA+ principle (data integrity)
6. To secure the confidentially of data
7. Wastage time and money of the organization
8. Risk of regulatory bodies strict action on
organization
7.0 Abbreviations
PLC
– Programme logic control
TcU
– Team center unified
SAP
– Systems, Applications, and Products
LIMS -
Laboratory Information Management System
CFS
– Controlled Form System
SCADA
- Supervisory Control and Data Acquisition
HPLC
– High performance/pressure liquid chromatography
GC
– Gas chromatography
UV – Ultra Violet
I am glad that you visited my blogs. I hope you enjoyed this blogs. If you like this blogs and helpful to you then Please, comment and follow me here. If you have any concerns,doubt, query feel free to contact me. Email: pharmaguidesop@gmail.com. Its really my pleasure, If you give me chance to help you. ConversionConversion EmoticonEmoticon