Data governance and integrity have been getting more and more in the focus of regulatory inspections. But companies can prepare for these inspections. In the following you will find out how this can be accomplished with planned and periodic internal audits to ensure that compliance and performance are sustained and enable corrective actions to be taken at an early stage.
The ALCOA principle
The acronym ALCOA is used as a framework for ensuring data integrity and governance. ALCOA relates to data, whether paper or electronic, and is defined as Attributable, Legible, Contemporaneous, Original and Accurate:
This should be the basis for all your data governance activities and leads the way to control the integrity of your data.
What to look for
When you evaluate your systems to check whether compliance is met, you should consider the following aspects:
What helps the auditor through all the data?
A systematic approach should be chosen and an auditor should:
In detail, as an auditor, you should have a look at data entries and perform plausibility checks for various steps in data generation and transfer. You should also have a close look at the user and access management and the segregation of duties. Furthermore, the following areas should be checked:
That is certainly a lot of work which can not be covered in a short internal audit. So it might be advisable to develop a questionnaire or checklist based on a data flow model or Mind Maps. Arrange interviews with system and process owners and maybe get support by an expert from your IT department.
After the audit, report the results and evaluate any (GMP) risk to define necessary actions. And don't be afraid, negative feedback must be possible. Data Integrity assessments should then be part of every internal audit.