Cargando…

.seo-fallback{padding:2rem 1rem;max-width:800px;margin:0 auto;font-family:sans-serif} .seo-fallback h1{font-size:1.5rem;font-weight:700;margin-bottom:.5rem;color:#1757c2} .seo-fallback h2{font-size:1.25rem;margin-top:1.5rem} .seo-fallback h3{font-size:1rem;margin-top:1rem} .seo-fallback p{color:#4b5563;line-height:1.6} .seo-fallback a{color:#1757c2} .seo-fallback ul{padding-left:1.5rem} .seo-fallback nav ol{list-style:none;display:flex;gap:.5rem;padding:0;flex-wrap:wrap} .seo-fallback nav ol li+li::before{content:"›";margin-right:.5rem}

Data integrity audit

Data integrity checklist.

What does this form include?

This form contains 19 sections:

1. Access Limitations – Assess Current Procedures and IT systems to ensure the following requirements

1. Access Limitations – Assess Current Procedures and IT systems to ensure the following requirements are adhered to:

1.1 Individual accounts are password-protected. These passwords comply with J&J ITS standards.
1.2 Computer systems are configured to require manual login and logout.
1.3 System automatically limits number of failed login attempts as per J&J IAPP requirements.
1.4 System automatically records unauthorized login attempts as per J&J IAPP requirements.
1.5 Procedures and training are in place to ensure individual account access is not shared with other users. Verify training files and access request forms.
1.6 Procedures and training are in place to ensure one user does not log on to system to provide access to another user.
1.7 Users are electronically required to change their passwords at regular intervals as per J&J IAPP requirements.
1.8 Computer systems automatically password protect when idle for short periods.
1.9 Systems automatically log users off when idle for long periods.
1.10 Appropriate levels of access based on job requirements are in place and proceduralized with documented evidence of access approval ensuring appropriate segregation of duties.
1.11 System Administrator rights (permitting activities such as data deletion, database amendment or system configuration changes) should not be assigned to individuals with a direct interest in the data (data generation, data review or approval). All changes performed under system administrator access must be visible to, and approved within, the quality system.
1.12 The system provides security access control which is enabled and appropriately implemented.
1.13 Adequate procedures are in place defining administration of the system by the system administrator.

2. Audit Trail - Assess Current Procedures and IT systems to ensure the following can be verified:

2.1 Creations, modifications, and deletions are tracked and retrievable electronically.
2.2 All originally entered data is maintained and not obscured when changes are made.
2.3 Changes are time stamped automatically.
2.4 Computer system is configured to require user to record reason for change.
2.5 Identity of individual who made a change is recorded automatically.
2.6 Users are prevented from being able to modify or delete audit trail.
2.7 A procedure is established and followed to periodically review audit trails of the system as well as part of batch release process. All applicable audit trails should be routinely reviewed for electronic data capture and data management systems, and reviews must capture system-related audit trails as well as batch/ run-specific audit trails.
2.8 The frequency of audit trail review should be well-supported (dependent on the type of audit trail and process in place for management of changes) and applied through risk management.
2.9 Archive records are locked such that they cannot be altered or deleted without detection and audit trail.
2.10 Users are prevented from deleting electronic records.

3. Date and Time Controls: Assess IT systems for Adherence to the following requirements:

3.1 Computer systems synchronize date and time provided by international standards setting.
3.2 Users are prevented from altering the time stamp for the system.
3.3 All date and time changes are documented (except daylight savings time).
3.4 Year, month, day, hour, minute, and time zone are captured in time stamp.
3.5 Any time zone references and naming conventions are defined in documentation.

4. Assess Current Procedures regarding External Security to ensure the following requirements are met

4. Assess Current Procedures regarding External Security to ensure the following requirements are met:

4.1 Access to computer system and data are restricted via external software applications by encrypting data as it is transferred and/or using a firewall.
4.2 A cumulative record is maintained that indicates names of authorized personnel, their titles, and a description of their access privileges.
4.3 Controls of external personnel access is managed by Janssen and review period defined procedurally.
4.4 A list of historical users, roles, and uses is maintained.
4.5 Accounts are properly disabled and time frame for disabling is defined procedurally.
4.6 The effect of viruses and other harmful software code is prevented, detected and mitigated.

5. Direct Entry

6. Data Retrieval – Ensure Processes for retrieval of Data capture the following requirements:

7. Data Review – Ensure Review processes meet the requirements outlined:

8. System Controls

9. Change Management – Assess Current Operational Change Control and IT and Automation change Control

9. Change Management – Assess Current Operational Change Control and IT and Automation change Control Processes ensure the following:

9.1 Data integrity is maintained when making changes to the computer system, such as software upgrades, security and performance patches, equipment repairs, etc.
9.2 The Process evaluates the effects of any changes before and after making them and validates changes that exceed previous operational limits.
9.3 All computer system changes are documented and require the appropriate level of Quality oversight.
9.4 Changes are made by authorized individuals only and the changes made can be identified to an individual level.

10. Validation – Assess the Validation of each system to ensure it is validated for its intended use

10. Validation – Assess the Validation of each system to ensure it is validated for its intended use in accordance with the following requirements:

10.1 A validation summary report is present and all significant test failure are documented and resolved prior to release for use in accordance with defined procedures.
10.2 Validation of computerized system audit trail should ensure SOPs/ procedures are drafted during OQ to define the use and control of the system in a regulated business environment as well as describe the process for audit trail verification.
10.3 ‘Validation for intended use' should include testing during PQ to confirm that the required data is correctly extracted by the custom report, and presented in a manner which is aligned with the data review process described in the data review procedures.
10.4 The acceptance of vendor-supplied validation data in isolation of system configuration and intended use is not acceptable. In isolation from the intended process or end user IT infrastructure, vendor testing is likely to be limited to functional verification only, and may not fulfill the requirements for performance qualification.
10.5 Procedures define the requirements that Computerized systems are reviewed periodically to confirm that they remain in a validated state.

11. Documentation Management

12. Training

System Complies with Requirements?

Access Limitations
Audit Trail
Date & Time Controls
External Security Procedures
Data Management - Data Retrieval
Data Management- Data Entry
Data Management - Data Review
System Controls
Change Management
Validation
Document Management
Training

Use this template