Guest Column | October 12, 2020

Does Your Pre-COVID Data Governance Pose A Threat To Data Integrity?

By Kip Wolf, X-Vax Technology, @KipWolf

Data Electronics

While many firms are familiar with working remotely under normal operations, the pandemic has forced us into a virtual working environment for which many firms were wholly unprepared. The result has been very disruptive to say the least. We have seen companies scramble to adopt new collaboration technologies while moving staff to working from home only to learn that not all staff had sufficient internet connections or personal computing technology to support it. Others were familiar with and already employing a virtual and distributed operating model only to be surprised when their connection services were overwhelmed or their collaboration tool licensing model was insufficient to support sustained online operations. No matter how great or small, all of us have realized an impact and some level of disruption in our operational lives as a result of the recent global pandemic.

This disruption presents a clear and present danger to data integrity. Assessment of agreed data standards, confirmation of conformance to filed information, and general attention to details may be compromised in the rush to gather, analyze, and understand pandemic-related information.

The Data Governance Relationship To Data Integrity

Data governance is primarily about defining roles, responsibilities, and processes to ensure specific accountability for and clear ownership of data assets within an organization. Gartner defines data governance as “the specification of decision rights and an accountability framework to ensure the appropriate behavior in the valuation, creation, consumption and control of data and analytics.”1 Data governance includes understanding and defining the people, processes, and technology related to data structures, assigned roles and responsibilities, and management of key data assets.

For our purposes in life sciences, key data assets include data that is created or managed by a firm or its designees that may be submitted to applicable regulatory agencies or used in good manufacturing practices/good laboratory practices/good clinical practices (GMP/GLP/GCP)-related activities. This includes all GMP/GLP/GCP-related data and support functions, as appropriate, in light of applicable requirements for the manufacture of products for human use.

Figure 1: Recommended evolution of data governance as a result of pandemic impact to business operations over a function of time (shading added to imply level or risk from red/high to green/low).

To consider the specific risks to data integrity from data governance we must first consider the condition of data governance before the pandemic (see Figure 1). In what condition was your data governance pre-pandemic? Was there some definition of data governance at your firm or was data governance not defined at all? Did you define or redefine/change data governance as a result of the disruption in the early days of the pandemic?  

With no defined data governance pre-pandemic, data integrity risks because of the pandemic’s impact on business operations may include:

  • Loss of data due to lack of storage standards (e.g., data on personal laptops, home desktop computers, or portable storage media)
  • Corruption/compromise of data due to lack of controls (e.g., storage of data on public clouds, sending data by personal email)
  • Manipulation of data due to lack of accountability (e.g., no clear data “owners” or controls over editing/calculations)

While these data integrity risks generally exist to a lesser extent for those firms with some defined data governance pre-pandemic, the risks are directly proportional the degree of change from the defined standards. Consideration must be given to the degree of change both qualitatively and quantitatively. For example, increasing the number of data storage locations alone may not present a significantly increased risk, provided that all data storage is performed in the context of any defined data storage requirements and conditions. Conversely, decreasing the number of data storage locations (e.g., from multiple office file servers to a single cloud solution for all staff to access from home) may actually increase data integrity risk if the staff are not adequately trained in file collaboration and security. We cannot assume that simply providing staff with cloud access to data will be enough to ensure data integrity. Personnel training and periodic data review are necessary to ensure sufficient use of such data management solutions.

What To Do Next

The virtual working environment required during the pandemic (the “new normal”) will have a lasting effect on data integrity (both good and bad). To ensure maximum value and reduce data integrity risk, assess what has changed since before the pandemic, determine what should be instantiated as sustainable processes (i.e., define use cases), and make corrections to data governance practices accordingly (e.g., a risk based approach).

Define individual business activities and consider what has changed since pre-pandemic or that will change as we move to long-term operations under the new conditions. Think about each business activity in terms of what has affected the people, process, and technology conditions. Include consideration of roles/responsibilities and identify the accountable party for data related to each activity (e.g., the accountable data steward). Define the authoritative source of the data related to each activity (i.e., the location of the data asset). Create a matrix of business activities to map out the conclusions before considering risks to prioritize areas for improvement.

Table 1: Sample Data Governance Assessment Matrix Considering Transformational Changes Made From Pre-Pandemic To Long-Term Operations Using A Business Process Management Approach

Use this assessment approach to focus on establishing effective data governance to meet quality, privacy, and security expectations. Prepare for future data and information needs (e.g., data transfer and the like) to build and execute an effective operational data and information strategy. Correct your data governance weaknesses to improve data integrity for a competitive advantage. Make the most of these challenging times to come out the other side better than you started.

Offer your feedback or opinions in the comments below or engage directly in more robust conversation by emailing the author at kwolf@x-vax.com.

References:

  1. “Definition of Data Governance - Gartner Information Technology Glossary.” n.d. Gartner. Accessed September 21, 2020.

Related Reading:

About The Author:

Kip WolfKip Wolf is head of technical operations and portfolio management at X-Vax Technology, Inc. His technical experience includes the fields of quality assurance and regulatory affairs, GMP and IT compliance, technical operations and product supply. His areas of leadership expertise include business transformation, new business development, organizational change leadership and program / project management. He has led business process management groups at Wyeth Manufacturing and Merck Research & Development. Prior to joining X-VAX, he supported the company as a principal consultant at Tunnell Life Sciences Consulting, where he also led the data integrity practice. Wolf can be reached at kwolf@x-vax.com.