Every industry must guard its data from corruption, but this counts doubly so for heavily regulated industries. In industries like pharma, medical devices, and food production, heavy regulatory burdens reflect the fact that individual lives and public safety are at stake.
These industries, among others, must maintain their data integrity, or regulatory bodies that audit that data may lose confidence in the operations of the enterprise and impose hefty fines or even shut them down.
So how do industries ensure the integrity of their data? One of the most widely-accepted best practices is to implement controls that ensure data is handled according to the ALCOA rule. ALCOA is an acronym for five key standards of data integrity:
- Attributable
- Legible
- Contemporaneous
- Original
- Accurate
Understanding how each sub-rule of the ALCOA rule applies to data integrity will help you understand how industries prevent data corruption, and in doing so help maintain compliance when audited by the regulators who certify their products as safe for public use.
Attributable
Data is considered “attributable” when you can identify the person responsible for its recording. Attribution creates a chain of accountability that can be used to trace and correct errors.
Attribution doesn’t stop at identifying the responsible party, however. Attribution should also include the “where” and the “when” of the action. Noting the time of recording along with the attribution will be important later when we consider the third ALCOA rule.
To attribute data to its responsible party, an attribution log must be maintained. This could take the form of a paper record or signature log, or it could take the form of an audit trail in an electronic data aggregator.
The rise of Internet of Things (IoT) automated data recorders has made it possible that an individual data entry might not be attributable to a person or department, but rather to a data collection device with a recorder. In this case, attribution may be assigned to the person in charge of the installation, testing, and maintenance of the data recorder.
Legible
Data is considered “legible” if it can be read and interpreted properly. This might mean that it was recorded by pen or pencil in handwriting that can be read. It might also mean the data can be interpreted in digital form by a computer program designed to read it. The software must then render the data in a format that is comprehensible by humans—sometimes referred to as human-readable metadata. Either way, legibility allows the data to be understood by humans in a meaningful way.
Digital data recorders have done much to eliminate the kind of data corruption attributable to illegible handwriting. However, flawed or corrupted software could lead to corrupted metadata, compromising the legibility of the metadata. Remember, data integrity depends on the ability of the data to be interpreted and understood. Illegible data is worthless data.
Contemporaneous
Data is considered “contemporaneous” if the data is logged at the time the measurement is taken or the relevant work is performed. Data may be ruled corrupted, for example, if a temperature reading was taken, and the data for that temperature was recorded two hours later. Delays in data recording make the data less reliable, as it is more likely to be recorded incorrectly.
Remember when we said that for data to be “attributable” the responsible party must be noted alongside the data, along with the time and place of recording? The time notation becomes critical in establishing data as contemporaneous. If the log indicates that Tuesday’s data was recorded on Wednesday, the data’s integrity may come into question.
Digital data loggers are a boon to data integrity for their ability to maintain contemporaneous data. The conditions recorded by the logger can be recorded automatically, as soon as the condition is noted, and the log entry can be time-stamped to verify it as contemporaneous.
Original
Data is considered “original” if it can be supplied in the format in which it was first recorded. For this reason, a hand-copied duplicate of a data log is considered to be less indicative of data integrity than two copies of a data log printed from the same file. The first is not an original copy and is therefore suspect.
Thanks to digital data recording, it is much easier to maintain data in its original form. Even if data is copied from one storage device to the other, the original digital data may be considered to be preserved if it can be traced back to its source. This may be considered “source data” or “primary data.”
Evolving technologies like blockchain may play a role in the evolution of data logging, due to their decentralized and timestamped data ledgers that are nearly impossible to hack or falsify.
Accurate
Finally, data is considered “accurate” if it is complete, truthful, and free of errors. In a way, this is the rule that makes all the other rules work. What does it matter if data is attributable, legible, contemporaneous, and original if it is also inaccurate?
For this reason, industries must maintain rigorous controls to ensure that their data logging is accurate at all stages. For example, Dickson notes that complete and accurate record keeping is an essential part of the industrial quality assurance process known as IQ OQ PQ (installation qualification, operational qualification, performance qualification).
Data must also be sufficiently precise to be considered accurate. For example, if temperature must be calculated to the nearest tenth of a degree to be compliant, a reading only accurate to the degree is insufficient. Industries must therefore pay careful attention to the resolution of their digital data loggers.
A temperature logger that monitors a vast variance of temperatures, from hottest to coldest, must have a higher resolution so it can subdivide that temperature range into small-enough increments to be meaningful.
——————————————————————————
In many ways, maintaining data integrity can be thought of as the opposite of scribbling data on sticky notes. By maintaining data that follows the ALCOA rule—Attributable, Legible, Contemporaneous, Original, and Accurate—that data is more likely to be accepted by regulators as proof of compliant conditions.
Digital data loggers make the task much easier, but it’s still critical to understand why. The ALCOA rule is why.
