In a recent ISPEAK blog concerning electronic records (e-records) integrity1, Mark Newton discussed the e-records integrity concerns associated with in transit between infrastructures.

Eventually, e-records in transit are warehoused in a device such as a database server for short term storage or archiving.  It is anticipated that applicable built-in checks are performed before the data reaches the storage device.

The fundamental GxP controls/concerns related to e-records retained in computer storage include:

  • Controls must be established to maintain information as it was saved, and to verify its reliability throughout the retention period.
  • A design specification or similar document should be produced describing the file structure(s) for e-record storage, the capacity requirements for storage, the environmental specifications, and the security scheme.
  • Temporary memory is not an acceptable medium for the storage of e-records.
    • Physical protection of the e-records should influence the choice of storage device(s).
    • Logical security must include consideration of the network, server, application and/or database.
    • Procedural controls must be implemented to enforce the segregation of duties associated with any individuals accessing a repository containing e-records.
  • The physical location of web and database servers should be separated.  Database servers should be isolated from a website’s demilitarized zone (DMZ2).
  • Changes to e-records must follow an approved change control process.
  • Periodic back-ups must be performed to reduce the risk of losing the e-records and to guarantee accessibility of e-records to users.
  • Changes to computer infrastructure, application and/or database, require testing to ensure the ability to retrieve e-records.
  • Any e-records that are the subject of a litigation hold must be maintained.  These records often cannot be destroyed even after the retention period has expired.
  • Critical metadata associated with e-records should be saved with the e-records to preserve a complete record of activities.
  • Explicit accountability and responsibility must be assigned to person(s) for the ownership of the records in storage.
  • The time stamping feature pertinent to e-records and electronic signatures must be from a reliable source and, the time server and local system clock must be protected from unauthorized access.

The implementation of the above controls ensures3:

  • Consistency of data by preventing unauthorized creation, alteration, or destruction of data (integrity);
  • Availability of data and resources to legitimate users; and
  • Use of resources only by authorized persons in authorized ways (legitimate use).

By:  Orlando Lopez, E-records Integrity Subject Matter Expert

References:
1.  ISPE, “Data Integrity and Your Interfaces”, M. E. Newton, March 2016, http://blog.ispe.org/data-integrity-interfaces.
2.  The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network.
3.  López, O., “Trustworthy Computer Systems”, Journal of GxP Compliance, Vol 19 Issue 2, July 2015.

RELATED POSTS