How to avoid Data Integrity problems in Pharmaceutical Quality Control Laboratory?
The scope should cover items such as
- How is access authorized and controlled? Are there different levels of accessibility such as user, analyst, administrator, service-engineer with different level of rights allotted?
- Have you justified access levels and the user privileges at each level? A good examples could be : User/Analyst < Manager < service engineer….
- Are there specific user profiles to access software and provide audit trails for traceability? Such as User, Manager, Service engineer should have different profiles…
- All Profiles such as User/Manager/Service engineer: Is there restricted privileges (can’t delete/ write-over / move)?
- Is the administration independent of the analytical function? Administration profile should not have analyst functionality.
- How an organization ensures that the passwords are not shared? How Quality assurance controls and monitors the administration of passwords.
- Are passwords changed periodically (that is every 15days, monthly, three months etc… and are they of high strength?
- Is the Audit Trail functionality switched on? Even admin, user, manager, service engineer should not able to break it.
- Is the Date/ time functionality locked by IT? Even admin, user, manager, service engineer should not able to break it.
- Has the system been validated for its intended use? That is IQ/OQ/PQ performed and periodical IQ/QQ/PQ if there is change in position and functionality of Instrument.
- Are all data processing methods validated and locked by the administrator? Administrator should review it periodically.
- Is it necessary to ‘save’ before it is submitted for review? Ensure it to be implemented
- Are accurate audit trail entries put in when prompted? All software should have this functionality; further ensure it to be implemented. (updated on 14/11/2020)
