Introduction
GXP regulatory requirements and guidelines require Data Integrity to be maintained over the full data lifecycle.
This includes when data is archived, which can extend over decade or longer retention periods for clinical trial records. During this time, data needs to comply with ALCOA+ principles to ensure it remains trustworthy and reliable. We refer to this as long-term Data Integrity.
Digital Preservation is concerned with the long-term accessibility, readability, and usability of digital content and hence is well aligned to the requirements of long-term Data Integrity. Long-term Data Integrity can be achieved by following Good Documentation Practice (GDocP) and good practice for Long-Term Digital Preservation (LTDP).
The digital preservation community has extensive experience of successfully keeping and making available digital content over multiple decades and this is embodied in various digital preservation guidelines and resources. There are several digital preservation self-assessment frameworks and maturity models that embody this LTDP good practice.
The author
Matthew Addis
Co-Founder and CTO, Arkivum
These models include:
Maturity models allow the approach taken by an organisation to be matched to the type of content being preserved, why it needs to be preserved, who will use it and why. This aligns well with the risk-based and proportionate approach that the regulations and guidelines recommend for GXP in the health and life sciences industry. An organisation can determine the risk profile for the data that it needs to retain and then select a matching level of digital preservation maturity that needs to be achieved in order to sustain long-term Data Integrity.
This document analyses the ALCOA requirements for Data Integrity and then maps them to the principles and requirements of the mentioned models.
This allows organisations who need to meet regulatory requirements for Data Integrity to:
- Assess their current capabilities for digital preservation,
- Identify where there are gaps,
- and then either develop appropriate in-house solutions or select matching products and services from vendors.
The mappings focus on requirements on systems that will be used for long-term archiving of data, for example, whether these systems can support data that can be proven to be ALCOA compliant.
A two-stage process has been used:
- Identify a set of requirements for LTDP systems that need to be fulfilled in order to meet each of the ALCOA principles.
- Use the set of digital preservation requirements for long-term Data Integrity to map the ALCOA principles to corresponding areas of the NDSA Levels of Preservation, DPC RAM and CoreTrustSeal.
This approach provides justification and transparency on why each ALCOA principle has been mapped in the way that it has. Organisations can fulfil each ALCOA principle by following established and proven good practice embodied in digital preservation self-assessment frameworks and maturity models.
These self-assessment frameworks and maturity models provide the tools needed to evaluate current capabilities and produce a roadmap of how an organisation needs to improve, including what systems it needs to have in place or services it needs to procure.
In this way, a chain of events can be established:
- Regulatory guidelines for Data Integrity and the ALCOA+ principles
- Identification of LTDP requirements that need to be met in order to achieve long-term Data Integrity
- LTDP good practice that describes how these LTDP requirements can be met in practice
- Specific plan and actions to achieve effective and risk-based long-term Data Integrity.