Some common observations include:
• Failure to exercise sufficient controls over comput-
erized systems to prevent unauthorized access or
changes to data, and to provide controls to prevent
omission of data.
• The computerized system lacked access controls
and audit trail capabilities.
• All employees had administrator rights and shared
one user name.
• Electronic data could have been manipulated or
deleted without traceability.
• Raw data were copied to a CD and then deleted
from the hard drive. Data copied were selected
manually without assurance that all raw data was
copied before being deleted.
For each error, there is a technological, procedur-
al or combination solution that would have mitigated
the problem, such as:
• Unique usernames and passwords
• An inerasable audit trail or event log
• Separate administrator and user access rights
• Good standard operating procedures (SOPs)
• Oversight and regular review of processes
Seven ways to ensure data integrity
The following recommendations give an overview
of how to maintain data integrity for computerized
systems. Although developed over the past decade
of working with environmental monitoring system
customers, these methods can be applied to any
Perform risk-based validation
• Validate only systems involved in GxP-compliance. Ensure protocols address data quality
• If cost-effective, have the system vendor perform
system validation upon install.
• Use the ISPE’s GAMP5 categorizations to determine the system’s validation complexity.
• Account for all electronic data storage locations,