Performing Digital Validation Manually and the Risk to Data Integrity

The need for remote work increased exponentially during the pandemic. Many industries had already embraced digitalization, but the pandemic forced companies and professionals to adapt more quickly.

Companies should have resources such as a validation lifecycle management system (VLMS) to generate and manage the entire validation cycle more efficiently. However, some companies have adopted digital validation but are still executing it manually during this period. Although valid in some situations with some precautions, that does not bring a significant efficiency gain to the validation process, as it is too time-consuming and error prone.

Some companies have incorporated an electronic document management (EDM) system into their routine to generate, index, review, and approve validation documents. Other companies have incorporated electronic signature systems to simplify the review and approval process and have kept the documents on their intranet.

In GO!FIVE®, the review, approval, and test execution are among the many functions available. However, its scope is much larger because the system was built on understanding the validation and qualification flow and its interconnections. We can see this exemplified in the following images.

Here are some risks associated with manually performing digital validation and its impact on data integrity.

Risk Scenario 1:

• Scenario 1: Editing pre-approved test documents to include the evidence and data in the test run.

• More information:
It is an essential feature of data integrity to ensure that a document is not changed after it has been signed without proper change control. According to the GAMP5® and ANVISA Guide, systems must perform tests according to a pre-defined and pre-approved specification. This certification ensures that information is accurate, reliable, and complete. In the pre-test approval phase, the content and scope of the test script are reviewed and approved, e.g., the objective, acceptance criteria, prerequisites, action, and expected result. In the post-approval phase, the execution of the tests is reviewed and approved, i.e., if the data and evidence are recorded to demonstrate the robustness and effectiveness of the mitigations implemented. All the work done in the previous step is called into question by allowing modification to a pre-approved test script to include evidence. This issue is because the information modification was separate from the approval, and it is impossible to guarantee the traceability of all changes.
• Mitigation:
1. Using a VLMS system as GO!FIVE® allows both the generation and execution of test scripts. Software with integrated management maintains all traceability of writing, review, approval, test execution, and incident management. • Benefits: With only one necessary software, it is a more straightforward process with faster test design, execution, and management. • Point of attention: Team adaptation to the new work model. 2. Print the pre-approved test scripts and manually fill in the test run notes. Create an attachment and reference the tests with their respective evidence. • Benefits: The team has adapted to the manual paper process. • Point of attention: It is necessary to format the evidence, manually fill open fields, and cancel blank fields according to good documentation practice rules (i.e., trace a straight line from left to right, from top to bottom, and initial and date each canceled field). It is also necessary to print and scan the documents for electronic storage. The process runs the risk for data integrity, e.g., retroactive signatures. It also requires a longer runtime and risks non-conformance. 3. Create gaps in the document to fill in during testing. For example, you can create fillable text fields when converting forms to PDFs. • Benefits: The approved document is not edited. It is possible to fail and approve the test on an individual basis. • Point of attention: There remain issues in editing and creating open fields throughout the document. There will be a need for manual management of incident reports and failed and passed tests.

Risk Scenario 2:

• Scenario 2: Using a single signature for approval of the test phase, not approving its executions in an individualized way, and needing help to identify the failed tests.

• More information:
Each test scenario has an action and an expected result. According to the GAMP5® Guideline, test results must be documented directly as testing occurs and should be retained. The test executor must decide whether the test passed or failed. By executing a single electronic signature on the document, it is impossible to segregate failed tests from passed tests or record the data in real-time (non-contemporaneous signatures). Also, according to the GAMP5® Guideline, the test execution process must be flexible enough to allow the executor to decide whether to fail or pass a test and that all corrections and retests are traceable. With the use of the GED or electronic signature, it is not possible.
• Mitigation:
1 – Use a VLMS system like GO!FIVE® allows for the inclusion of observations, evidence, and approval of test steps in an individualized way. Induce automatic generation of incident reports. The execution part requires approval of the test to proceed to its post-execution review and approval. The post-review and approval step can be performed individually or collectively after the analysis of the items. o o Benefits: This solution provides easier test execution. There is no need for document formatting or printing. All traceability is maintained, such as comments, justification, and changes. o Point of attention: Adaptation of the team to the new work model. 2 – Print the test scripts and manually fill in the observations of each run. If necessary, create an attachment and reference the tests with their respective evidence and incident reports. o Benefits: The approved document is not edited. It is possible to fail and approve the test on an individual basis. o Points of attention: The process requires evidence formatting, manual filling in, and cancellation of blank fields. There is a need to print and scan documentation for electronic storage.

Risk Scenario 3

• Scenario 3: Informal email review of validation documents.

• More information:
Email is not the best tool to make the process efficient, and it can impact the integrity and security of the information. When someone sends the document for review by email, the document is prone to loss, and the process consumes considerable time. Even if people respond immediately, each participant will make their considerations in a different document, and it is necessary to consolidate everything into a single version. Also, the traceability of comments and observations is lost.
• Mitigation:
1 – Use a VLMS system as GO!FIVE® allows for flexible and robust adding of comments, historical views, review, and approval flow. o Benefits: All traceability is maintained, such as comments, justification, and changes. o Point of attention: Team adaptation to the new work model.

Comparison of validation cycles

Validation using a text editor (e.g., Microsoft Word®) is one of the bottlenecks in the regulated industry. This is because all the bureaucracy of the manual validation process remains.

Increased validation efforts are associated with document preparation and execution of testing phases, so rely on validation and qualifications content, including risk scenarios, requirements, and testing, as well as automating activities related to your application, such as document formatting, automatic evidence indexing, incident management, and test management, enables 5x faster validations.


The graphs show the difference in the estimated efforts when comparing the three validation models: with paper, using GED (e.g., Electronic Document Management software), and with the GO!FIVE®

The GED requires less effort when compared to paper. Still, this difference is less significant because, despite streamlining review and approval flows, the system still needs to be built and designed for validations, as is the case with GO!FIVE®.

See some disadvantages in using GEDs to manage validations are:

No mechanism for test executions
In general, companies have to print out the approved protocols to be executed manually and transform them into electronic form again by scanning them after execution. They then upload the digitalized document into the EDM. The chances of human error are enormous.
Absence of Automatic Traceability Matrix
GED does not automatically generate any traceability matrix. This system is not designed to link risks and requirements to tests. This document’s manual construction and drafting are possible. However, the process is extremely time-consuming, expensive, and subject to human error.
Insufficient Information for Validation Management
GEDs have appropriate tools and information to control quality documents because they are platforms focused on this purpose but need to improve the tools necessary for decision-making to manage validations and qualifications. For example, do not show the amount of tests performed, failed, or incidences to be closed and management of the status of validations.
Lack of Accelerator Library (Pre-Prepared Validations as Examples)
EDMs do not have a database of stored information to contribute to the speed of the process of preparing the contents of the validation and qualification documents, as these are not the objectives of this type of system.

How GO!FIVE® Contributes to Data Integrity

The ALCOA+ concept of data integrity depends on data attributable, readable, contemporaneous, original, accurate, complete, consistent, durable, and available in paper or electronic form.

Technology has emerged as the greatest ally of transparency and a vital tool for increasing data reliability and integrity.

Now, it is possible to manage and execute validation and qualification projects using GO!FIVE®, a Digital Compliance Platform (DCP), where expert efforts will engage in the assessment of risk scenarios, including mitigations and data integrity items where applicable.

This platform contains pre-ready validations and data integrity assessments, including metadata and raw data considered relevant GxP in computerized system validation projects. You can easily import risk scenarios, requirements, and test scripts from the library that will bring data integrity, access control, audit trail, electronic signature, and more to evaluate the process and data related to systems and processes.

GO!FIVE® helps to increase compliance by complying with FDA 21 CFR Part 11 and enabling data integrity projects within the system, including evaluating paper and electronic records from the customer site.

  • Modernize and facilitate the inspection and access to data related to validation and qualification projects
  • Automatic, real-time tracking of all changes
  • Change history by comparison
  • A knowledge base that facilitates sharing of global best practices
  • Team empowerment
  • Ensuring end-to-end integrity in projects
  • The system provides early warning of strange behavior, such as simultaneous access attempts and running documents in a different order from reference guides
  • Analyze data in real time and determine the best way to track and mitigate your risk scenarios
  • DCP does not allow for retroactive signing
  • DCP does not allow the exchange of evidence once the test execution has been approved
  • Alert or block execution of test script with related requirement and/or risk scenario with pending review and approval
  • Compliance with:
    • FDA 21 CFR Part 211, 68, 188, and 192
    • EudraLex Vol. 4, Appendix 17, Real-time release, and parametric release testing
    • EudraLex Vol. 4, Chapter 4, Guidelines
    • MHRA Guidance on GxP data integrity
    • WHO Guidance on good practice in data and records management

I hope you enjoyed this article. If you want to know more about our digital validation software and its application, please contact our experts at [email protected].

Interested? Click here to read the complete e-book on the subject!