Data security

An example in the medical field is use as a patient card. Basic data (name, address, date of birth, etc) are written as ROM, but the results of ongoing examinations are written as WORM by the doctor in attendance. For data security, code- and passwords can be used. 

The hardware and software used to implement LIMS systems must be vahdated. Computers and networks need to be examined for potential impact of component failure on LIMS data. Security concerns regarding control of access to LIMS information must be addressed. Software, operating systems, and database management systems used in the implementation of LIMS systems must be vahdated to protect against data cormption and loss. Mechanisms for fault-tolerant operation and LIMS data backup and restoration should be documented and tested. One approach to vahdation of LIMS hardware and software is to choose vendors whose products are precertified however, the ultimate responsibihty for vahdation remains with the user. Vahdating the LIMS system s operation involves a substantial amount of work, and an adequate vahdation infrastmcture is a prerequisite for the constmction of a dependable and flexible LIMS system. 

Helvey T, Mack R, Avula S, Flook P. Data security in Life Sciences research. Biosilico 2004 2 97-103. 

A complete record of all data secured in the course of each test, including all graphs, charts, and spectra from laboratory instrumentation, properly identified to show the specific component, dmg product container, closure, in-process material, or drug product, and lot tested. 

Migrating only the raw data - the characters, numbers, bits, and bytes - forward is not enough to ensure usability. The meta data and the context for the application or database must also be migrated forward. Meta data are the code to the machine-stored bits and bytes. Meta data are the data about the data. They describe the data in the database. The meta data documentation describes the method of data capture, the application used to access the data, security rules for the tables and columns, and other descriptive and procedural information. For derived or calculated data, the algorithm or protocol that was used must be known. The documentation then becomes something else that must be preserved. Without the meta data, the reader will only see a series of alphabetic characters. Without the entire described context associated with the data, the data have no meaning. 

Once you have your SAS data ready for transport, you need to determine a means to deliver it. There are many ways to send data, but you should strive for process simplicity and data security. To keep your data secure and to comply with 21 CFR-Part 11, you need to encrypt your data files for transport. The best encryption you can use is key exchange high-bit encryption software such as PGP, which creates essentially unbreakable files when used properly. Once your data files are encrypted, you can either send them on physical media such as CD-ROM or send them electronically with secure transmission software such as Secure File Transport Protocol (SFTP). If you need to send data to someone once, a CD-ROM is simple enough to produce. However, if you need to send the data repeatedly, then you should use a more automated electronic method of data exchange. Shell scripts and batch files can be written to automate the electronic data transfer process. 

Begun in 1944 with DDT and in 1947 with parathion, the present report includes analytical data secured from certain chemical, mechanical, and solvent actions on apples, pears, lemons, and oranges. In the absence of established tolerances for these two insecticidal materials, it is hardly possible to interpret the significance of many of these data with respect to consumer hazard. 

Partial correctness is analogous to weak equivalence in that it is a sort of fail-safe condition. If A(a) = FALSE the input criterion is invalid and a presumably never occurs as input and so we make no claims as to the behavior of program (P,I) with "bad" input. If (P,I,a) does not halt there is no output and this is also regarded as a don t-care situation. There are fairly realistic situations where we would be perfectly satisfied with this sort of "correctness" -for example, in data security or protection systems. We presume - or have enpirical evidence - that the system does not fail often or catastrophically and wish to know that when it is working and output is given (of whatever kind, for the output could be just internal transfer of data) then the result is "good" or, more likely, nothing "bad" happens. 

Automated dissolution equipment in most cases must be compliant with the FDA electronic records and electronic signatures regulation (21 CFR Part 11). The requirements of the regulation include use of validated systems, secure storage of records, computer generated audit trails, system and data security via limited access privileges, and the use of electronic signatures. 

The analytical protocols and the handling and data security protocols are extremely important. I recently was reminded that if you have to ship samples to another country for analysis, that may require additional time, additional expense, and the customs, agriculture, and drug enforcement officials may want to thoroughly inspect your shipment thoroughly. Your laboratory may also require a special license to handle soil and water samples from out of the country. The logistics cannot be ignored, except at your peril. 

Raw data and specimens need not be transferred to the archives until the completion of the study. Many lahoratories elect to transfer material to the archives as it is completed, however, to provide greater data security. The FDA has stated that all materials must he transferred to the archives within a reasonable period of time after the study director signs the final report. 

With automated databases it is possible to replace a data point with an alternate value without leaving any apparent record of the change. To avoid possible fraud or error and restore the same level of data security, Part 11 requires the inclusion of an audit trail. An automated audit trail will record any change in data values and provide a field for recording the reason, date, and authorization for the change. 

System and data security, data integrity, and confidentiality through limited authorized system access. 

W. Winter and L. Huber, Implementing 21CFR Part 11 Electronic Signatures and Records in Analytical Laboratories, part 3, Data Security and Data Integrity, Bio-Pharm, 13(3), 45-49, 2000. 

Specifically, on data acquisition systems, the requirements specification deliverable must include definitions of (i) the data to be collected, (ii) how the data will be used, (iii) how it will be stored and retention requirements, (iv) data security requirements, and (v) where each operation will be completed. The requirements specification deliverable addresses the following ... 

You have decided to establish a Web site that can be used by your patients to order both over-the-counter medications and prescription refills. You also would like to incorporate inventory management What are the specific patient security risks What are the pharmacy data security risks Are other strategic, operational, performance, and psychosocial risks involved ... 

Authenticity of data, especially impurity profiles Data handling (e.g., rounding, averaging, data security, reporting, review, and approval)... 

FD-483 Observation 2 The Z workstation is considered GMP equipment and as such generates electronic records that are not backed up or stored for retrieval. The OQ document states that since reports are printed after each run and attached to the original laboratory data document, no data is stored long term and data security is not... 

---