After data integrity, Governance.

The integrity of critical data in Life Sciences industries is an issue that, if taken with the care deserved and required by regulatory agencies, keeps the company aligned with Good Manufacturing Practices and avoids issues detrimental to the production process and business.

To achieve and maintain the compliance status it is necessary to implement and maintain a Data Governance policy, which is efficient to ensure the status of data integrity achieved by the company, which involves the sustainability of the data, from its generation until the end of its life cycle, whether on paper or electronic.

Critical data arises all the time, and adhering to compliance requirements can contribute to reduce the degree of business exposure to risks, whether of sanctions, financial losses and/or reputation, and speed up the decision making process, through assertiveness and data availability.

Moreover, companies around the world are aware of the value of their confidential data, requiring organizations to have a posture and actions consistent with this reality.

Governance can also contribute to meeting the requirements of the LGPD for personal data protection, which aims to regulate how organizations capture, handle, treat, and use their customers' information.

In short, data governance is the ability to manage data as a true business asset. This does not necessarily imply costs, but rather: bringing clarity about the meaning of each piece of data; leveraging your data and using it to identify new opportunities; making smarter decisions; maintaining more efficient operations, consequently higher profits, and happier customers.

The importance of considering these needs already in the System Validation process helps the implementation of an efficient Data Governance policy.

Areas involved in the Data Governance process

These are procedures that trigger professionals from different areas of the industry, but above all require the essential support of senior management to implement data integrity policies, promote training and potentially change the culture, which provides autonomy to those involved with the topic and disseminates among other professionals its importance to the company's business.

The guarantee of data integrity, which involves its life cycle, must be based on risks. To propose mitigations, it is important to involve the company's organizational and technical areas, with routine procedures, team training, control of data generation and registration, implementation of a Data Governance program, and inspections to verify its effectiveness.

When implemented in the company, the policy creates a structure that involves the Quality Management System, with subsection of responsibilities for the areas of quality control and Quality System, because there are data generated throughout the company, as is the case of periodic product review and Quality Risk Management.

Roles of professionals involved in implementing and maintaining effective Data Governance

In a way, the roles suggested by the guides in the implementation of a Data Governance policy already exist within companies, lacking only a reorganization and objective definition of which is the responsibility of the designated professional. The role of a Data Integrity management committee, corporate or local, responsible for essential activities to maintain the policy emerges.

Process owner, data owner, system owner.

Professionals who know the details of the process, responsible for each computerized system, its applications, and for managing the actions that ensure the integrity of the data, authorizing or denying access to it.

In addition to the "owner" roles, there are the roles of the data and technology administrator, who must implement requirements requested by the data owner and ensure that the platform used meets the data integrity requirements.

I.T.'s Role in Data Governance

Due to its broad access to the database, the I.T. team has been gaining a lot of attention in the process of maintaining data integrity.

Already in the Risk Analysis, done by the system validation team, this condition must be observed, so that actions can be taken to minimize the risk to the integrity of GxP data (impact on good practices), such as access to the system and procedures to not block the process, in the case of an exceptionality, that goes against the Data Integrity Guidelines.

The I.T. department is the key player in avoiding direct changes to the database, which can lead to deviation openings by procedures that pose risks to the integrity of the data. 

System Suitability

Data Governance should be in the scope of the Pharmaceutical Quality System and involves different areas and procedures for its implementation. After the identification of critical records generated by the system, a series of actions begins to identify the risks to data integrity and consequently to Good Manufacturing Practices.

Electronic System

If the critical quality attributes are generated by electronic system, you can identify the relevant GxP data through a GAP ASSESSMENT, a document that provides a complete view of existing Data Integrity items in the system, such as adherence to FDA 21 CFR Part 11, presence of system procedures, and handling of relevant GxP data.

Manual System

If the data generation is manual, a risk analysis is performed to define the degree of SOPs implementation and suggest a change in procedures, such as double check implementation.

For the system to meet Data Integrity requirements and to implement an efficient Data Governance policy, the adjustments made must be recorded and challenged over time, to ensure that quality actions are being followed.

Non GxP data

Data Integrity guides generally focus efforts on the data that is GxP relevant, but what about other data?

Given the above, it is possible to identify several advantages in Data Governance, and a similar methodology can be applied to non-GxP relevant data that may impact the business.

Companies that have shares traded on the New York Stock Exchange, for example, need to comply with the SOX law. The idea of SOX is that companies demonstrate efficiency in Corporate Governance and defines a series of controls that are necessary to ensure the security, veracity, integrity, among other aspects of the information.

How can we help you?

GO!FIVE® software that manages and expedites validations helps increase compliance by complying with FDA 21 CFR Part 11, and enables data integrity projects within the system, including evaluation of paper and electronic records.

GO!FIVE® contains pre-prepared validations and data integrity assessments, which include metadata and raw data deemed relevant for GxP. You can easily import risk scenarios, requirements, and test scripts from the library that will bring items related to data integrity, access control, audit trail, electronic signature, and others to evaluate the process and data related to systems and/or processes.

You can segregate relevant and non-relevant GxP data integrity projects, and can analyze the data, verify and generate reports, from these proofs.

If you would like to know more, please contact our experts: [email protected]