Performing Digital Validation Manually and the Risk to Data Integrity

The need for remote work increased exponentially during the pandemic. Many industries had already embraced digitalization, but the pandemic forced companies and professionals to adapt more quickly.

As the pandemic compelled companies to adapt, companies not only had to look at new work models. They also had to prepare for new cybersecurity and data integrity risks. With validation activities, it was no different.

To enhance the efficiency of the validation process, companies should utilize a Validation Lifecycle Management System (VLMS) to generate and manage the entire validation cycle effectively. Despite the availability of digital validation options, some companies still rely on manual execution during this phase. While this approach may be suitable with certain precautions in specific situations, it lacks the potential for significant efficiency gains. Manual execution tends to be time-consuming and error-prone, hindering the overall validation process.

Some companies have incorporated an Electronic Document Management System (eDMS) or an EQMS (Enterprise Quality Management System) into their routine to generate, index, review, and approve validation documents. Other companies have incorporated electronic signature systems to simplify the review and approval process and have kept the documents on their intranet.

By incorporating systems to simplify the document review and approval process, text editor-based validation still requires manual activities, such as activity management, document creation from scratch, formatting, and digitalizing, which could affect data integrity.

In other words, for the digitalization of the test execution phase, an eDMS or electronic signature system will still require application lifecycle management (ALM) for the test execution. This requirement is because editing pre-approved test documents to include the evidence and data in the test run will cause a data integrity non-conformance.

In GO!FIVE®, the review, approval, and test execution are among the many functions available. However, its scope is much larger because the system was built on understanding the validation and qualification flow and its interconnections. We can see this exemplified in the following images.


Here are some risks associated with manually performing digital validation and its impact on data integrity.

Risk Scenario 1:

• Scenario 1: Editing pre-approved test documents to include the evidence and data in the test run.

• More information:
It is an essential feature of data integrity to ensure that a document is not changed after it has been signed without proper change control. According to the GAMP5® and ANVISA Guide, systems must perform tests according to a pre-defined and pre-approved specification. This certification ensures that information is accurate, reliable, and complete. In the pre-test approval phase, the content and scope of the test script are reviewed and approved, e.g., the objective, acceptance criteria, prerequisites, action, and expected result. In the post-approval phase, the execution of the tests is reviewed and approved, i.e., if the data and evidence are recorded to demonstrate the robustness and effectiveness of the mitigations implemented. All the work done in the previous step is called into question by allowing modification to a pre-approved test script to include evidence. This issue is because the information modification was separate from the approval, and it is impossible to guarantee the traceability of all changes.
• Mitigation:
1. Using a VLMS system as GO!FIVE® allows both the generation and execution of test scripts. Software with integrated management maintains all traceability of writing, review, approval, test execution, and incident management. • Benefits: With only one necessary software, it is a more straightforward process with faster test design, execution, and management. • Point of attention: Team adaptation to the new work model.2. Print the pre-approved test scripts and manually fill in the test run notes. Create an attachment and reference the tests with their respective evidence. • Benefits: The team has adapted to the manual paper process. • Point of attention: It is necessary to format the evidence, manually fill open fields, and cancel blank fields according to good documentation practice rules (i.e., trace a straight line from left to right, from top to bottom, and initial and date each canceled field). It is also necessary to print and scan the documents for electronic storage. The process runs the risk for data integrity, e.g., retroactive signatures. It also requires a longer runtime and risks non-conformance.3. Create gaps in the document to fill in during testing. For example, you can create fillable text fields when converting forms to PDFs. • Benefits: The approved document remains unedited, and there is the flexibility to pass or approve the test on an individual basis. • Point of attention: There remain issues in editing and creating open fields throughout the document. There will be a need for manual management of incident reports and failed and passed tests.

Risk Scenario 2:

• Scenario 2: Using a single signature for approval of the test phase, not approving its executions in an individualized way, and needing help to identify the failed tests.

• More information:
Each test scenario consists of an action and an expected result, as per the GAMP5® second edition guideline. It is imperative to document test results directly during the testing process and retain them appropriately. The test executor holds the responsibility of determining whether each test has passed or failed.

However, using a single electronic signature on the document poses limitations. It becomes impossible to segregate failed tests from passed ones or record data in real-time, as these signatures are non-contemporaneous. Additionally, the GAMP5® second edition guideline emphasizes the need for flexibility in the test execution process, enabling the executor to make decisions regarding test outcomes (pass or fail) and ensuring that all corrections and retests are traceable. Unfortunately, this level of flexibility and traceability cannot be achieved with the use of the Electronic Document Management System (eDMS) or electronic signatures.
• Mitigation:
1 – Utilizing a VLMS system like GO!FIVE® enables the inclusion of personalized observations, evidence, and approvals for each test step. It also facilitates the automatic generation of incident reports. During the execution phase, each test requires approval to proceed to its post-execution review and approval. This post-review and approval step can be conducted individually or collectively, based on the analysis of the items. This level of customization and automation significantly enhances the efficiency and effectiveness of the validation process.

Benefits: This solution provides easier test execution. There is no need for document formatting or printing. All traceability is maintained, such as comments, justification, and changes. o Point of attention: Adaptation of the team to the new work model.

2 – Print the test scripts and manually fill in the observations of each run. If necessary, create an attachment and reference the tests with their respective evidence and incident reports.

o Benefits: By utilizing this approach, the approved document remains unaltered, and it allows the possibility of individually marking tests as either failed or approved, offering greater flexibility in the validation process.
o Points of attention: The process requires evidence formatting, manual filling in, and cancellation of blank fields. There is a need to print and scan documentation for electronic storage.

Risk Scenario 3

• Scenario 3: Informal email review of validation documents.

• More information:
Email is not the most efficient tool for streamlining processes, and its usage can compromise the integrity and security of the information. When documents are sent for review via email, they are likely lost, and the entire process can become time-consuming. Even if participants respond promptly, each one may provide their input in separate documents, necessitating the effort to consolidate everything into a single version. Moreover, the traceability of comments and observations is lost in such a setup, leading to potential difficulties in tracking changes and feedback.
• Mitigation:
1 – Use a VLMS system as GO!FIVE® allows for flexible and robust adding of comments, historical views, review, and approval flow. o Benefits: All traceability is maintained, such as comments, justification, and changes. o Point of attention: Team adaptation to the new work model.

Comparison of validation cycles

Validation using a text editor (e.g., Microsoft Word®) is one of the bottlenecks in the regulated industry. This is because all the bureaucracy of the manual validation process remains.

Increased validation efforts are associated with document preparation and execution of testing phases, so rely on validation and qualifications content, including risk scenarios, requirements, and testing, as well as automating activities related to your application, such as document formatting, automatic evidence indexing, incident management, and test management, enables 5x faster validations.


The graphs illustrate the disparity in estimated efforts when comparing three validation models: one with a paper-based approach, another utilizing eDMS (Electronic Document Management Software), and the third with the GO!FIVE® system.While eDMS (Electronic Document Management Software) demands less effort compared to the paper-based approach, the difference is not as substantial as expected. The reason behind this is that even though eDMS streamlines review and approval processes, it still requires customization and design for validations, similar to the requirements of GO!FIVE® system.

Thus, both systems need appropriate setup and configuration to cater to the specific needs of the validation process, making the difference in effort between them relatively smaller.


Click to see some disadvantages of using eDMS to manage validations.

No mechanism for test executions
Typically, companies follow a process where approved protocols are printed out for manual execution, and afterward, they are converted back into electronic format by scanning. Subsequently, the digitalized documents are uploaded into the Electronic Document Management System (eDMS) . This practice exposes the process to significant human errors, considering the manual steps involved in the transformation and digitization of documents.
Absence of Automatic Traceability Matrix
The eDMS (Electronic Document Management software) does not have an automatic traceability matrix generation feature. Additionally, the system lacks the capability to link risks and requirements to tests, which is a valuable functionality for validation purposes. As a result, creating a traceability matrix manually becomes necessary. However, this manual construction and drafting process can be exceedingly time-consuming, costly, and prone to human errors, making it less efficient and reliable for managing traceability in the validation process.
Insufficient Information for Validation Management
Electronic Document Management Systems (eDMS) are equipped with suitable tools and resources for controlling quality documents, as they are specifically designed for this purpose. However, there is room for improvement in the tools required for effective decision-making in managing validations and qualifications. For instance, some eDMS may lack features that display essential information such as the total number of tests conducted, the number of failed tests, or pending incidents that need resolution. Additionally, the management of validation statuses may be insufficiently supported by certain eDMS. Enhancing these aspects would be beneficial for streamlining and optimizing the validation and qualification processes.
Lack of Accelerator Library (Pre-Prepared Validations as Examples)
EDMs do not have a database of stored information to contribute to the speed of the process of preparing the contents of the validation and qualification documents, as these are not the objectives of this type of system.

How GO!FIVE® Contributes to Data Integrity

The ALCOA+ concept of data integrity depends on data attributable, readable, contemporaneous, original, accurate, complete, consistent, durable, and available in paper or electronic form.

Technology has emerged as the greatest ally of transparency and a vital tool for increasing data reliability and integrity.

Now, it is possible to manage and execute validation and qualification projects using GO!FIVE®, a Digital Compliance Platform (DCP), where expert efforts will engage in the assessment of risk scenarios, including mitigations and data integrity items where applicable.

This platform contains pre-ready validations and data integrity assessments, including metadata and raw data considered relevant GxP in computerized system validation projects. You can easily import risk scenarios, requirements, and test scripts from the library that will bring data integrity, access control, audit trail, electronic signature, and more to evaluate the process and data related to systems and processes.

GO!FIVE® helps to increase compliance by complying with FDA 21 CFR Part 11 and enabling data integrity projects within the system, including evaluating paper and electronic records from the customer site.

  • Enhance and streamline the inspection and accessibility of data concerning validation and qualification projects through modernization and facilitation.
  • Automatic, real-time tracking of all changes
  • Change history by comparison
  • A knowledge base that facilitates sharing of global best practices
  • Team empowerment
  • Ensuring end-to-end integrity in projects
  • The system provides early warning of strange behavior, such as simultaneous access attempts and running documents in a different order from reference guides
  • Analyze data in real time and determine the best way to track and mitigate your risk scenarios
  • DCP (Digital Compliance Platform) or VLMS (Validation Lifecycle Management Software) lack the capability for retroactive signing.
  • DCP or VLMS do not support the exchange of evidence after the test execution has been approved.
  • Alert or block execution of test script with related requirement and/or risk scenario with pending review and approval
  • Adherence to the following regulations:
    • FDA 21 CFR Part 11
    • EudraLex Vol. 4, Appendix 17, Real-time release, and parametric release testing
    • EudraLex Vol. 4, Chapter 4, Guidelines
    • MHRA Guidance on GxP data integrity
    • WHO Guidance on good practice in data and records management

I hope you enjoyed this article. If you want to know more about our digital validation software and its application, please contact our experts at [email protected].

Interested? Click here to read the complete e-book on the subject!