16.08.2017
How to prepare for a Data Integrity Inspection
如何准备接受数据完整性检查
Data governance and integrity have been getting more and more in the focusof regulatory inspections. But companies can prepare for these inspections. Inthe following you will find out how this canbe accomplished with planned and periodic internal audits to ensurethat compliance and performance are sustained and enable corrective actions tobe taken at an early stage.
数据管理和完整性已越来越成为法规检查的关注点。但公司其实可以为这些检查做些准备。以下,你会了解如何完成计划和定期内审以确保维护合规性和其性能,促进及早采取纠正措施。
The ALCOA principle
ALCOA原则:
The acronym ALCOA is used as a framework for ensuring data integrity andgovernance. ALCOA relates to data, whether paper or electronic, and is definedas Attributable, Legible, Contemporaneous, Originaland Accurate:
ALCOA用作确保数据完整性和管理的框架。与纸质或电子数据有关的ALCOA原则详细解释为:可追溯性、清晰、同步、原始和准确:
· Attributable - who performed an action and when
· 可追溯性---是谁在何时执行了一个动作
· Legible - can you read a data file or all written entries
· 清晰---你是否可以读一个数据文件或所有书面条目
· Contemporaneous - documented at the time of the activity
· 同步---在活动执行时进行记录
· Original - written printout or observation or a certified copy
· 原始性—书面打印件或观察情况或经过认证的副本
· Accurate - no errors or editing without documented amendments
· 准确性—没有错误,编辑均有记录
This should be the basis for all your data governance activities and leadsthe way to control the integrity of your data.
这应该是你们所有数据管理活动的基础,指引你们控制数据完整性之路。
What to look for要查看什么
When you evaluate your systems to check whether compliance is met, youshould consider the following aspects:
当你评估你们的系统检查是否符合法规要求时,你应该考虑以下方面:
· Is all the data and meta data complete (how do you define data and how isdata collected)?
· 所有的数据和元数据是否定速(你如何定义数据,数据如何采集?)
· How is the data processed (how do you make sure that data is not changedor even falsified)?
· 数据是如何处理的(你如何确保数据没有变更甚至篡改)?
· How is the data reviewed (what is reviewed and to what extent)?
· 数据如何审核(审核内容以及审核程度)?
· How is data summarised and reported (how do you make sure that allrelevant data is used and data selection is prevented)?
· 如何总结和报告数据(你如何确保会使用所有相关数据,防止数据选择)?
· How do you retain and archive the data (what, how and where)?
· 你如何保存和存档数据(什么、如何以及何地)?
· Are all processes and interfaces validated?
· 是否所有流程和界面均经过验证?
What helps the auditor through all the data? 如何帮助审计员查核所有数据?
A systematic approach should be chosen and an auditor should:
应选择系统性方法,审计员应:
· Review applicable SOPs
· 审核适用SOP
· Review or create flow charts and process maps
· 审核或创建流程图和流程地图
· Identify critical steps
· 识别关键步骤
· Identify critical interfaces
· 识别关键界面
· Identify critical documentation
· 识别关键文件
· And, not to forget, review of previous internal and external auditfindings with corrective actions and their effectiveness
· 以及,不要记录,审核之前和内部和外部审计缺陷和纠正措施及其有效性
In detail, as an auditor, you should have a look at data entries andperform plausibility checks for various steps in data generation and transfer.You should also have a close look at the user and access management and thesegregation of duties. Furthermore, the following areas should be checked:
详细来说,作为一个审计人员,你应该查看数据条目,对数据生成和转移的不同步骤实施真实性检查。你还应该仔细看看用户和权限管理以及职责划分。另外,还要检查以下领域:
· Audit trail function
· 审计追踪功能
· Completeness of print-outs
· 打印件完整性
· Backup management
· 备份管理
That is certainly a lot of work which can not be covered in a shortinternal audit. So it might be advisable to develop a questionnaire orchecklist based on a data flow model or Mind Maps. Arrange interviews withsystem and process owners and maybe get support by an expert from your ITdepartment.
当然,在一次很短的内审里无法覆盖太多工作。所以,建议根据数据流模式或思维导图建立一份问卷或检查清单。安排与系统和流程所有者进行面谈,可以争取你们IT部门专家的支持。
After the audit, report the results and evaluate any (GMP) risk to definenecessary actions. And don't be afraid, negative feedback must be possible.Data Integrity assessments should then be part of every internal audit.
在审计之后,报告结果并评估所有GMP风险用以界定所需的措施。不要害怕,可能会有负面的反馈。数据完整性评估应该成为每次内审的一部分。
联系客服
