Data Integrity and Your E-records Storage Devices

In a recent ISPEAK blog concerning electronic records (e-records) integrity1 , Mark Newton discussed the e-records integrity concerns associated with in transit between infrastructures. Eventually, e-records in transit are warehoused in a device such as a database server for short term storage or archiving.  It is anticipated that applicable built-in checks are performed before the data reaches the storage device. The fundamental GxP controls/concerns related to e-records retained in computer storage include:

• Controls must be established to maintain information as it was saved, and to verify its reliability throughout the retention period.
• A design specification or similar document should be produced describing the file structure(s) for e-record storage, the capacity requirements for storage, the environmental specifications, and the security scheme.
• Temporary memory is not an acceptable medium for the storage of e-records.
  • Physical protection of the e-records should influence the choice of storage device(s).
  • Logical security must include consideration of the network, server, application and/or database.
  • Procedural controls must be implemented to enforce the segregation of duties associated with any individuals accessing a repository containing e-records.
• The physical location of web and database servers should be separated.  Database servers should be isolated from a website’s demilitarized zone (DMZ2 ).
• Changes to e-records must follow an approved change control process.
• Periodic back-ups must be performed to reduce the risk of losing the e-records and to guarantee accessibility of e-records to users.
• Changes to computer infrastructure, application and/or database, require testing to ensure the ability to retrieve e-records.
• Any e-records that are the subject of a litigation hold must be maintained.  These records often cannot be destroyed even after the retention period has expired.
• Critical metadata associated with e-records should be saved with the e-records to preserve a complete record of activities.
• Explicit accountability and responsibility must be assigned to person(s) for the ownership of the records in storage.
• The time stamping feature pertinent to e-records and electronic signatures must be from a reliable source and, the time server and local system clock must be protected from unauthorized access.

The implementation of the above controls ensures3 :

• Consistency of data by preventing unauthorized creation, alteration, or destruction of data (integrity);
• Availability of data and resources to legitimate users; and
• Use of resources only by authorized persons in authorized ways (legitimate use).

• 1 ISPE, “Data Integrity and Your Interfaces”, M. E. Newton, March 2016, http://blog.ispe.org/data-integrity-interfaces.
• 2The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network.
• 3 López, O., “Trustworthy Computer Systems”, Journal of GxP Compliance, Vol 19 Issue 2, July 2015.