Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
•Data Integrity in the Cloud
– so what’s new?
•
Mark Stevens, Managing Director,
Formpipe Life Science
JPAG Conference: Assuring data
integrity best practice
Thursday 16th March 2017, Royal
Society of Chemistry, London
Proprietary and Confidential
Not for Disclosure Without Written Permission from Formpipe
www.formpipe.com/lifescience
Agenda
• Introduction
• Cloud computing and GxP compliance
• Data Integrity
• The Bus
• Case Study
• Managing Risk and Compliance in the Cloud
• Close
www.formpipe.com/lifescience
• Managing Director, Formpipe Life
Science
• Chemical Engineer
• 20+ years Pharma industry
• Design engineering, commissioning,
validation, project management and
range of GxP Compliance consulting
projects around the world
• 2005 – 2017 GxP compliance
remediation and data integrity
improvement projects
• Likes cycling up and down hills
The presenter – Mark Stevens
www.formpipe.com/lifescience
Cloud computing from a
GxP perspective
www.formpipe.com/lifescience
What Is the ‘Cloud’?
■ Distributed and flexible computing over a network
■ Provides the ability to run an application on many connected
computers simultaneously
■ Allows Software, Platforms and Infrastructure to be sold as a service
and separately dependent on need
■ Offers cost savings in hardware and infrastructure components
because of scale
www.formpipe.com/lifescience
Where did the name ‘cloud computing’ come from?
The concept of cloud computing dates to the 1960s.
The phrase originates from the cloud symbol used
by flow charts and diagrams to symbolize the
Internet. The diagram underscores the idea that any
Web-connected computer has access to a pool of
computing power, applications and files.Ref: Mark Koba, CNBC, 2013
www.formpipe.com/lifescience
Scalable, flexible and distributed
e.g. Microsoft’s Chicago DataCenter
The reality for most GxP
applications so far :
1. Co-Location of separate
physical racks
2. Managed Hosting
3. Enterprise Private
Cloud
Future direction??- Azure
and hosted Multi-tenant
model (Risk vs. Cost)
Definition
The cloud is any computer system
hosted off-site and administered by a contracted party.
www.formpipe.com/lifescience
• Cloud computing offers the following characteristics
• On demand usually ‘Self Service’
• Broad Network Access
• Resource Pooling
• Rapid elasticity
• A measured service
Characteristics
www.formpipe.com/lifescience
• Cloud Computing is offered in three basic service
models:
• IaaS: Infrastructure as a Service
• PaaS: Platform as a service
• SaaS: Software as a Service
Service Models
www.formpipe.com/lifescience
Service and Deployment models for ‘On Premise’ vs
‘Cloud’ and who manages them
www.formpipe.com/lifescience
The increased adoption of Cloud in Life science
Copyright © 2016 Deloitte Development LLC. All rights reserved
www.formpipe.com/lifescience
• Data• Data Location
• Co-mingled Data
• Cloud Data Ownership
• Audit Record Protection
• Data Erasure
• CSP Processes
• Security Policy/Procedural Transparency
• CSP Business Viability
• Identity and Access Management
• Due Diligence
• Disaster Recovery
Risk Types - overview
www.formpipe.com/lifescience
Data Integrity
www.formpipe.com/lifescience
Data Integrity
www.formpipe.com/lifescience
• Data corruption is the opposite of data integrity
• Data corruption can occur either accidentally or deliberately
• There are 2 main reasons in computerised systems for ‘failure to maintain
the data integrity’
1. Poor operation of the system
2. Poor design, build and testing of the system
• Data integrity is not new, BUT the level of focus and inspection is high now
• Quality groups are used to reacting to identified, actual problems and putting
preventative measure in place
• Data integrity testing uses threats and vulnerabilities as measures before
anything has happened, so findings are occurring before anything bad has
actually happened
Data integrity- some thoughts…
www.formpipe.com/lifescience
The Bus
www.formpipe.com/lifescience
• Before the invention of
Google and the creation
of the Simpsons
• Back when we used to
worry about whether
anyone had brought
correction fluid into the
QA office…
The Risk of being knocked down by a bus - before
www.formpipe.com/lifescience
• Bigger
• Faster
• Higher volumes / capacity
• Cameras
• Satellite Navigation
• Computerised controls
• Internet of Things
• Driverless in future???
• Does technology increase
or decrease the risk?
The risk of being knocked down by a bus
– present day, and future
www.formpipe.com/lifescience
• The fundamental risk has not changed (i.e. bus vs. pedestrian)
• Although things become bigger, faster, better, with more technology,
third-parties and specialists involved these do not fundamentally
change the risks we are assessing, only how we approach this
• As our knowledge, understanding, availability of information and
consistency of approach improve we are evolving from investigation
of what went wrong to what could go wrong, adopting
methodologies used extensively in Information Security etc.
• All elements of the situation are evolving, so absolute, direct
comparison is often very difficult
• Don’t lose sight of what the real risks are…
What can we learn from the Bus?
www.formpipe.com/lifescience
Data Integrity - Risks
www.formpipe.com/lifescience
What are the outcomes of Data Integrity (Data
corruption) problems?
• May compromise the safety / efficacy / quality of
products
• Increase risk of non-compliance with GxP’s
• Regulatory Authorities to initiate product recalls
or impose import bans
www.formpipe.com/lifescience
What are we actually talking about?
• Protect original data from
– Accidental / malicious modification
– Falsification
– Deletion
• Data needs to be Attributable, Legible,
Contemporaneous, Original, and Accurate
(ALCOA)
– Following Good Documentation Practices
www.formpipe.com/lifescience
Common Data Integrity Issues - 1
Common
passwords
Analysts share passwords, unable to identify
who created or changed a record
User privileges System configuration does not adequately define
or segregate user levels
Users have access to unauthorised functions
Computer System
Operational
Controls
Inadequate controls over data
Unauthorised access to modify or delete files
No automatic saving of files, records not
accurate or complete
Processing
methods
Integration parameters not controlled,
chromatograms may be re-integrated without
correct change process
Audit trails Functionality turned off, no complete record of
the data life cycle – who modified a file and why
www.formpipe.com/lifescience
Common Data Integrity Issues - 2
Conflict of interest Business process owners granted enhanced
security access e.g. system administrator
“Unofficial”
documentation
Recording data first on a scrap of paper then
transferring to the official document (e.g. the
laboratory notebook)
Failure to review
“original data”
Data and metadata not reviewed together to
ensure context is maintained
Errors or omissions may be undetected
Inadequate data
retention
arrangements
Failure to avoid inadvertent or deliberate
alteration or loss throughout the retention period
www.formpipe.com/lifescience
Data Integrity in the Cloud -
example
www.formpipe.com/lifescience
• Chromatographic data from QC analytical laboratory for GMP product release (multi-region)
• Major issues raised in respect to data integrity by multiple Regulatory Authorities (2013-2015)
• Manual alteration of chromatographic data performed during and after the runs without adequate explanation and investigation
• Instances where ‘invalidated’ results were not adequately investigated
• Potential re-naming of datasets after completion of the runs
• Would the use of cloud computing services have improved compliance risks to data integrity?...
Example 1 – QC Analytical Lab
www.formpipe.com/lifescience
• Let’s take a look at the root causes of the data integrity issues…
• Ability for QC analysts to make adjustments to settings, and to “raw
data”, that they should not have had access to
• Poor processes for investigation and Quality oversight of these
changes
• Poor processes for investigation of ‘invalidation’ events, combined
with difficulties in performing consistent and meaningful assessment
of data audits
• Access controls
• Audit trails
Example 1 - background
www.formpipe.com/lifescience
Worse Better
Poorly defined and managed procedures Improved processes and demonstrate
effectiveness of change
Poor system administration with large number of
users assigned inappropriate level of admin rights
Re-establish correct admin rights for each type
of system user. Review existing user base. Apply
changes. Demonstrate effectiveness of ongoing
controls of system administration
Unclear roles and responsibilities for how and
when alterations to data were to be reviewed and
approved by a supervisor
Improved processes and demonstrate
effectiveness of review and approval
Lack of consistency in audit trail details (reason
for change)
Improved processes and demonstrate
effectiveness of change
Example 1 – System administration
www.formpipe.com/lifescience
Worse Cloud? Better
Poorly defined and managed
procedures
Service Provider may define
and manage some parts of
procedures or processes
Improved processes and demonstrate
effectiveness of change
Poor system administration
with large number of users
assigned inappropriate level
of admin rights
System Administration may
be managed remotely and
independently from users
Re-establish correct admin rights for
each type of system user. Review
existing user base. Apply changes.
Demonstrate effectiveness of ongoing
controls of system administration
Unclear roles and
responsibilities for how and
when alterations to data were
to be reviewed and approved
by a supervisor
Mostly a user activity.
Responsibilities for data
storage and backup
covered by service
provider(s) and defined in
SLA(s)
Improved processes and demonstrate
effectiveness of review and approval
Lack of consistency in audit
trail details (reason for
change)
No change – user
responsibility
Improved processes and demonstrate
effectiveness of change
Example 1 – System administration
www.formpipe.com/lifescience
Worse Better
Poor clarity on the data being collected within
each audit trail
Clearly established and controlled audit reports
with confidence of relationship to source data
Poor controls or understanding of what
information is being shown in the audit history
Clarity on the process by which the defined view
has been created and how this provides a full,
true and consistent representation of the event
history file
Poor controls or understanding of what
information is NOT being shown in the audit
history
As above…
Poor naming conventions or classification of
events leading to delays or confusion in
understanding the significance of a non-standard
event
Clearly established and controlled audit reports
with confidence of relationship to source data
Lack of immediate clarity on what constitutes an
acceptable change and a deviation that requires
review and approval
Established quality processes by which all change
events can be identified and appropriate linkage
to deviation management controls. Demonstrable
evidence that there has been a thorough Quality
check of the full audit history as part of the routine
review process
Example 1 – Effectiveness of audit trail
www.formpipe.com/lifescience
Worse Cloud? Better
Poor clarity on the data being
collected within each audit trail
No change – user
responsibility
Clearly established and controlled audit
reports with confidence of relationship to
source data
Poor controls or understanding
of what information is being
shown in the audit history
Partly user
responsibility?
Partly configuration by
SaaS provider?
Clarity on the process by which the defined
view has been created and how this
provides a full, true and consistent
representation of the event history file
Poor controls or understanding
of what information is NOT
being shown in the audit
history
Partly user
responsibility?
Partly configuration by
SaaS provider?
As above…
Poor naming conventions or
classification of events leading
to delays or confusion in
understanding the significance
of a non-standard event
No change – user
responsibility to carry
out audit trail reviews
Clearly established and controlled audit
reports with confidence of relationship to
source data
Lack of immediate clarity on
what constitutes an acceptable
change and a deviation that
requires review and approval
No change – user
responsibility
Established quality processes by which all
change events can be identified and
appropriate linkage to deviation
management controls. Demonstrable
evidence that there has been a thorough
Quality check of the full audit history as part
of the routine review process
Example 1 – Effectiveness of audit trail
www.formpipe.com/lifescience
• System Administration by a third party service provider (could be internal or
external)
• Electronic records held on a centralised database, hosted by a third party
service provider
• SLAs defining responsibilities
• Security risks
• Better or worse?...
• Probability?
• Impact?
• Detectability?
So what changes if we switched to a cloud service?...
The most significant impact to data integrity remains with
the quality and accuracy of processes and the controls
associated with manual input interfaces
www.formpipe.com/lifescience
Data Integrity in the Cloud –
Managing risks and
compliance requirements
www.formpipe.com/lifescience
Regulatory Viewpoint
• As with all “Outsourced IT Services”, the regulators
will want to ensure:• Risks are clearly identified and mitigated
• Data integrity is assured
• Data Backup/Recovery is in place and tested
• Cyber security exists for Networked Systems
• Contracts exist between Sponsor and Providers
• The Provider/s has a Quality System
• The Provider/s and Sponsor have SOP’s Validation, Change
Control, Training etc
• Suitable Audit/s of the provider/s has/have been carried out
www.formpipe.com/lifescience
Risks- overview
As the cloud service and deployment models become more complex, so
the risks increase
Infrastructure-as-a-Service
(Iaas)
Platform-as-a-Service (PaaS)
Software –as-a-Service
(SaaS)
Com
plia
nce R
isk
Private
Clo
ud
Hybrid C
loud
Public
Clo
ud
Business Requirements
www.formpipe.com/lifescience
• Selection, control and management of GxP cloud provider, can be brought into a compliant state if:
• You follow a pre-defined framework that suits your regulated business
• Step 1 - Perform Due Diligence and Audit
• Step 2 - Perform a Risk Assessment of the potential impact of using the service (in terms of Regulatory, Security and Business Risk),
• Step 3 - Set up a mutually managed agreement and metrics with the supplier, that can be used to ensure Service Performance and Compliance with your pre-defined regulatory requirements.
Managing Risk and GxP Compliance requirements
www.formpipe.com/lifescience
• How long has the provider been supplying IT outsourcing?
• Has the provider worked in the Life Sciences industry previously?
• Is the provider aware of the Cloud Security Alliance?
• Has the provider taken the time to ensure that their security
initiatives and processes are of a recognised standard?
• Has the provider taken the time to ensure that their processes follow
a tried and tested methodology- evidence of defined KPI’s and
performance achieved?
• Audit the provider but with realistic expectations and treat them as an
outsourced resource
Step 1 Due Diligence and Audit
www.formpipe.com/lifescience
• Using a method compliant with GAMP 5
Step 2- Risk Assessment
Stage 1
• Perform an Initial Risk Assessment and determine the system impact
Stage 2
• Identify the functions which may impact on Patient Safety, Product Quality and Data Integrity
Stage 3
• Perform a functional risk assessment and identify controls
Stage 4• Implement and verify appropriate controls
Stage 5• Review risks and monitor controls
www.formpipe.com/lifescience
• Imperative to have a coherent and robust framework in place that provides processes within the regulated business aligned to that of the service provider’s
• Business As Usual processes are robust and reporting is adequate
• Regular monitoring of the service should be set up
• This should be backed up by a set of robust Operational and/or Service Level Agreements
• Must also be prepared to rescind our agreement, if the cloud service does not meet Levels, or it proves to be too costly
• Contractual penalties
• Management of the Cloud provider during the withdrawal period
• Return of data to regulated business and deletion removal of all trace from the cloud
• How the service required will be managed in house, or once again outsourced to another provider.
Step 3 Ongoing Cloud Compliance Framework
www.formpipe.com/lifescience
• Selection, control and management of GxP cloud provider, can be brought into a compliant state if you follow a pre-defined framework that suits your regulated business
• Using real examples and applying a risk-based approach (probability, impact, detectability), the biggest impact still remains driven by the quality of work processes, definition of roles & responsibilities and the actions of people
• The way in which we assess risk and audit systems and their associated data is evolving, with more emphasis now on identification and action upon risks of what could happen, as well as issues of what has happened
• Cloud computing does introduce compliance and data integrity risks that maybe did not exist before, however, we are also evolving the way in which we assess data integrity risks to a more preventative approach
• Whichever way we choose to manage our computing requirements and data storage the fact remains they are significantly increasing year on year
Conclusions
www.formpipe.com/lifescience
Thank you for listening
Contact details:
Web: www.formpipe.com/lifescience
Tel: +44(0)115 924 8475
LinkedIn: linkedin.com/in/mrmarkstevens
www.formpipe.com/lifescience
Supporting information
• References to current regulatory guidance
• Data Integrity overview and example cases
• Cloud vendor Risk Assessment process
• Formpipe – overview
www.formpipe.com/lifescience
Current Regulatory Position and guidance
MHRA GxP Data Integrity Definitions and
Guidance for Industry Draft version for consultation July 2016
FDA Data Integrity and Compliance with GMP –Guidance for Industry, April 2016
WHO Guidance on Good Data and Record Management Practices, Sept 2015
PIC/S Guidance Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments, Draft Aug 2016
www.formpipe.com/lifescience
Data Integrity
www.formpipe.com/lifescience
What is data Integrity?
• The assurance that data records are accurate, complete,
intact and maintained within their original context,
including their relationship to other records
• This applies to data recorded in electronic and paper
formats or a hybrid of both
• “The extent to which all data are complete, consistent
and accurate throughout the data life cycle” MHRA Data
Integrity Definitions and Guidance, Revision 1.1 March 2015
www.formpipe.com/lifescience
Why is Data Integrity Important?
• Regulatory agencies, as well as industry, rely on
accurate information to ensure drug quality
• Data integrity problems break trust between
industry and regulatory agencies
• Regulatory agencies rely largely on trusting the
firm to do the right thing when they are not there
Reference: Karen Takahashi,
ISPE/ FDA/ PQRI Quality Manufacturing Conference,
1-3 June 2015, Washington, D.C.
www.formpipe.com/lifescience
Data Integrity – Example
regulatory audit findings
www.formpipe.com/lifescience
• Recent Data Integrity Findings - 1
Recent Data Integrity Findings - 1
Wockhardt
Limited
July 2013 MHRA 2003/94/EC (EU
GMPs)
Issues were identified which compromised the integrity of
analytical data produced by the QC department. Evidence
was seen of data falsification. A significant number of
product stability data results reported in the Product Quality
Reviews had been fabricated. Neither hard copy nor
electronic records were available. In addition issues were
seen with HPLC electronic data indicating unauthorized
manipulation of data and incidents of unreported trial
runs prior to reported analytical runs.
www.formpipe.com/lifescience
Recent Data Integrity Findings - 2
Seikagaku
Corporation
December 2013 Competent
Authority of
Sweden
2003/94/EC (EU
GMPs)
The critical deficiency concerns systematic
rewriting/manipulation of documents, including QC raw
data. The company has not been able to provide acceptable
investigations and explanations to the differences seen in
official and non-official versions of the same documents.
www.formpipe.com/lifescience
Recent Data Integrity Findings - 3
Sun
Pharmaceutical
Industries
Limited
May 2014 FDA Warning
Letter
211.68(b)
Delete raw data files on computers used for your GC
instruments in your quality control laboratory.
Computer systems without security controls. As an example
there are equipment with PLC controls and/or MMI. Each of
the equipment access is via use of a password for each of
the three levels of access i.e. operator, supervisor and
administrator. There is a common password used by
several individuals.
www.formpipe.com/lifescience
Recent Data Integrity Findings - 4
Micro Labs Ltd May 2014 WHO Notice of
Concern
WHO ref. 15.9,
17.3d, 15.1
HPLCs did not have audit trails enabled, some audit trails
missing when peaks were manually integrated, no SOP
to describe when manual integration is acceptable. Some
instruments had date and time functions unlocked and
were not linked to a server, so timestamps could be
manipulated. One HPLC had a shared password so
actions were not attributable to an individual. In some cases,
trial injections were made but were not part of the test
record.
www.formpipe.com/lifescience
Recent Data Integrity Findings - 5
Cadila
Healthcare Ltd
December 2015 FDA Warning
Letter
211.68(b)
Your firm failed to exercise sufficient controls over computerized
systems to prevent unauthorized access or changes to data.
....laboratory manager had the ability to delete data from the
Karl Fischer Tiamo software….found that one file had been
deleted. However, because the audit trail function was not
activated, and because eight different analysts share a single
username and password, you were unable to demonstrate
who performed each operation on this instrument system.
www.formpipe.com/lifescience
GxP Cloud vendor Risk
Assessment
www.formpipe.com/lifescience
• Using a method compliant with GAMP 5
GxP Cloud Vendor Risk Assessment
Stage 1
• Perform an Initial Risk Assessment and determine the system impact
Stage 2
• Identify the functions which may impact on Patient Safety, Product Quality and Data Integrity
Stage 3
• Perform a functional risk assessment and identify controls
Stage 4• Implement and verify appropriate controls
Stage 5• Review risks and monitor controls
www.formpipe.com/lifescience
Note- How Risk Management ICH maps to GAMP® 5
www.formpipe.com/lifescience
• Stage 1 Initial Risk Assessment and System Impact
• What are the regulatory/business/security risks if data security or
data retrieval is compromised?
• Stage 2 Identification Of The Functions Which May
Impact On Patient Safety, Product Quality And Data
Integrity
• What could go wrong (Who controls what, is our data safe)?
• Where is our data?
• Who controls the data?
• Who can access our data?
• Can we retrieve our data?
Risk Assessment Stages
www.formpipe.com/lifescience
• Stage 3 Perform A Functional Risk Assessment And
Identify Controls
• What controls does the provider have in place?
• Are they adequate?
• Will they put extra in place?
• What controls do we put in place?
• Stage 4 Implement And Verify Appropriate Controls
• Implement the control measures from the previous step
• Are they adequate?
• Are they acceptable to the business?
Risk Assessment Stages (2)
www.formpipe.com/lifescience
• Stage 5 Review Risks And Monitor Controls
• Carry out a periodic assessment to ensure controls are still valid
and appropriate
Risk Assessment Stages (3)
www.formpipe.com/lifescience
Who we are
• Formpipe founded in Sweden, 2004 now with 250+ employees globally
• Global organization; offices in UK, USA, Netherlands, Sweden, Denmark and Ukraine
• Listed on Nasdaq Stockholm with $40m dollar in revenue in 2014
www.formpipe.com/lifescience
Formpipe Offerings
Formpipe Life Science
ProductsX-Products
(X-Docs, X-Forms, X-Train, X-Reports?)
Platina LS
Long Term Archive
Lasernet
Consultancy
(formerly GXPI)
Quality & Compliance Consultancy
Computer Systems Validation
Compliance Remediation
www.formpipe.com/lifescience
Introduction to Formpipe Life Science
The Formpipe Life Science
simplifies complex quality
process and technology
environments to deliver its
customers’ quality and
compliance goals within their
regulatory framework.
This is achieved through a
combination of Consultancy to
‘Get Compliant’ and Products
and Consultancy to ‘Stay
Compliant’, both delivered by
experts from the sector.
The Life Science division of
Formpipe offers a suite of
different products to address the
compliance and quality needs of
the life science sector, all
designed to be easy to use,
increase efficiency and reduce
costs across organisations from
50-25,000 users. All of the Life
Science products are developed
and managed using an internal
Quality Management System
(managed on Formpipe’s own
Products) and are supported
and maintained by a dedicated
global team.