Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
potential security weaknesses) and ensure operating systems are
maintained with current security measures.
Potential risk of not meeting expectations/items to be checked
Check that access to hardware and software is appropriately
secured, and restricted to authorised personnel.
Verify that suitable authentication methods are implemented. These
methods should include user IDs and passwords but other methods
are possible and may be required. However, it is essential that users
are positively identifiable.
For remote authentication to systems containing critical data
available via the internet; verify that additional authentication
techniques are employed such as the use of pass code tokens or
biometrics.
Verify that access to key operational parameters for systems is
appropriately controlled and that, where appropriate, systems
enforce the correct order of events and parameters in critical
sequences of GMP/GDP steps.
3. Expectation
Network protection
Network system security should include appropriate methods to detect and
prevent potential threats to data.
The level of network protection implemented should be based on an
assessment of data risk.
Firewalls should be used to prevent unauthorised access, and their rules
should be subject to periodic reviews against specifications in order to
ensure that they are set as restrictive as necessary, allowing only permitted
traffic. The reviews should be documented.
Firewalls should be supplemented with appropriate virus-protection or
intrusion prevention/detection systems to protect data and computerised
systems from attempted attacks and malware.
Potential risk of not meeting expectations/items to be checked
Inadequate network security presents risks associated with
vulnerability of systems from unauthorised access, misuse or
modification.
Check that appropriate measures to control network access are in
place. Processes should be in place for the authorisation,
monitoring and removal of access.
Systems should be designed to prevent threats and detect
attempted intrusions to the network and these measures should be
installed, monitored and maintained.
Firewall rules are typically subject to changes over time, e.g.
temporary opening of ports due to maintenance on servers etc. If
never reviewed, firewall rules may become obsolete permitting
unwanted traffic or intrusions.
PI 041-1 43 of 63 1 July 2021