Importance of username/ID and password in data integrity, importance of access control in the pharma industry, Risk of sharing ID and password in pharma industry

What is the importance of user ID and password in data integrity?

Why access control is important in the pharmaceutical industry?

Data integrity is a very popular concept in the pharmaceutical industry. All regulatory bodies required authentic, accurate, complete and trustworthy data.

FDA's general requirement is that, keep data in an unaltered and secure manner. So, the pharmaceutical industry secures its data in such a way that data should be unaltered. Only responsible and authorized person can able to handle data.

Hence, the pharmaceutical industry keeps restriction on data to maintain accuracy, reliability, trustworthiness of data.

Now, technology is playing the most important role in the pharmaceutical industry. Most of the work like testing, manufacturing is done by machinery. Hence, for data security reason, the industry provides a unique username/user ID and password to all authorized employee who is responsible for that respective work.

Importance of user ID and password in data integrity/ Importance of Access control in Pharma industry

1.0 What is data?

Data is facts, figures, and statistics recorded or generated (collected) during the GXP activity.

Refer Data Integrity, Common Issue of Data Integrity and How to minimize the risk of Data Integrity article for more details.

2.0 Type of data

2.1 Raw data – Means original data but this concept used in the non-clinical study or in QC laboratory.

2.2 Source data - Means original data but this concept used in a clinical study.

2.3 Metadata – Contextual information about the data. Data which indicates attributes (Specialty) of other data and gives reference and meaning of that other data. An audit trail is the type of metadata.

Refer Data Integrity, Common Issue of Data Integrity and How to minimize the risk of Data Integrity article for more details.

3.0 What is data integrity?

Completeness, accuracy and consistency of data is data integrity. Follow the ALCOA+ principle to maintain the integrity of data.

Refer Data Integrity, Common Issue of Data Integrity and How to minimize the risk of Data Integrity article for more details.

ALCOA+ is Attributable, Legible, Contemporaneous, Original, Accurate and ‘+’ for Available, Enduring, Complete, Consistent.

Refer ALCOA+ article for more details.

4.0 Importance of a user ID and password/access control in data integrity?

Almost all manufacturing, testing, packing activity is based on the equipment and instruments. Most pharmaceutical equipment and instruments having security issues. To maintain the security of data in the pharmaceutical industry, provide unique username/ user ID and password to all the authorized employees. Control on accessing the work on the instrument or equipment. This instrument and equipment may have a computerized system or PLC system or audit trail. So, here we are focusing on some of the factors which help to built trust in the data generated in the pharmaceutical industry.

4.1 Username and password or Access control

All equipment and instruments required access control to protect data from the unauthorized person to minimize the chance of data alteration and data destruction.

If access is limited, controlled manner then more chances of the data security/protection.

Access control is considered an important pillar of data/information security.

Authentication and Authorization are two parts of the Access control system.

4.1.1 Authentication is verifying the identity of a user or person that is accessing the system. The goal of authentication is also determining the location of the system and the way the resource is being accessed.

Authentication help to identify accessing location /system or working hours of person. Its confirmation of the physical availability and working time of that person.

Example – Entry and exit procedure in a restricted area by Figure print reader or punch card.

4.1.2 Authorization is permitting, limited, controlled, or restricting access to the information based on the role and responsibilities. – employee, administrator, or manager.

Example –

1.      System provides limited access for the prepared by a person, reviewed by person, approved by a person. So, maintain the flow of data integrity. E.g. TcU, CFS.

2.      Testing method setting access –

Analyzed by a person only access for testing or analysis. So, unable to alter the test method and its parameter.

Test method and its parameter change access only available to the Head QC.

Test method approval/rejection access is available to Head QA.

3.    Audit trail – access for the handling of audit trail only available for the reviewer or the Head QC. So, others cannot able to change or manipulate the raw data.

In above example person having limited access based on the role and responsibility of that person.

4.2 Benefit of Access control/Username and password

4.2.1 Assurance of Presence/Availability/attendance of an authorized person

If any a system having access control then only authenticate and authorized person able to start the respective work. It indicates the physical presence/availability of that person. So, the person who is working in the access control area or system is totally responsible for that activity.

4.2.2 Assurance that access by Trained/qualified/Authorized person

Access control provides assurance of the person who is working in the area/system is trained and allocated for that section. The organization trained and decide the responsibility of the respective person before authorization for that activity. An only authorized person able to enter, operate, handle the restricted area/system.

4.2.3 Username and password is an Electronic signature/ E-signature

Username and password are considered as electronic signature and electronic signature is equivalent to a handwritten signature. So, do not share your username and password anyone to avoid misuse, miscalculation, manipulation. Electronic signature mostly used during electronic documentation, quality management system, analytical instruments like HPLC, GC, UV spectrophotometers etc.

The person who has a username and password. He/she is totally responsible for the activity or the results obtained.

Electronic signature looks like below:

Format of Electronic Signature / E-Signature
Format of Electronic Signature / E-Signature

4.2.4 To maintain the confidentiality of data

Some information or data in the pharma industry is confidential. Only can share or access with few individuals in such case also username and password required to prevent confidentiality of data. To protect data from the other proper authentication and authorization provided.

4.2.5 To maintain the Integrity of data

Username and password required to maintain data integrity and to protect safety, purity, identity, strength, quality, accuracy of the product. The integrity of data to be maintained by preventing unauthorized access, modification, destruction. This kind of alteration in pharma is considered a major quality issue and organizations take strict action against employees. If any kind of alteration in data found to the regulatory bodies during the audit then action will be taken against the organization.

Strictly follow the ALCOA+ principle to maintain data integrity. Data should be clear, readable, accurate, complete, prompt, original, data generated by whom and all persons involved in the activity must sign the record. Alteration should be capture by the audit trail.

4.2.6 To generate trustworthy data

Access control provides assurance about data accuracy and trustworthiness.

5.0 Access control required in pharmaceutical area/system (but not limited)

1. Entry-exit procedure

2. Clean Room area

3. Powder processing area

4. Documentation system (software issuance e.g. CFS, TcU)

5. QMS system (Trackwise)

6. Operational system (SAP, SCADA, PLC etc.)

7. Analytical instruments (HPLC, GC, UV spectrophotometer, particle size analyzer etc.) and LIMS software

8. Operational area (granulation, compression, coating, QC, filtration, mixing, sterilization, dispensing etc.

9. Training program software-based

10. Handling audit trail

11. Documentation storage area

12. Retained sample area

13. Rejected product area

14. Label printing area and software

6.0 Risk of sharing username & password or access control

1. Chances of misuse, manipulation, modification, destruction of data by an unauthorized person.

2. Unauthorized person may not qualified/authorized/trained for that activity.

3.  Chances of the major issue/problem with the safety, identity, strength, purity, quality, accuracy of the product

4. Electronic signature is equivalent to a handwritten signature. It means the person who has the username and password. He/she is responsible for that activity. If after sharing a username and password any integrity issue found, then management act against an authorized person only.

5.  Risk with ALCOA+ principle (data integrity)

6.  To secure the confidentially of data

7.  Wastage time and money of the organization

8. Risk of regulatory bodies strict action on organization

7.0 Abbreviations

PLC – Programme logic control

TcU – Team center unified

SAP – Systems, Applications, and Products

LIMS - Laboratory Information Management System

CFS – Controlled Form System

SCADA - Supervisory Control and Data Acquisition

HPLC – High performance/pressure liquid chromatography

GC – Gas chromatography

UV – Ultra Violet

Next Post »

I am glad that you visited my blogs. I hope you enjoyed this blogs. If you like this blogs and helpful to you then Please, comment and follow me here. If you have any concerns,doubt, query feel free to contact me. Email: Its really my pleasure, If you give me chance to help you. ConversionConversion EmoticonEmoticon