Guest Column | November 15, 2019

People: The Most Persistent Risk To Data Integrity

By Kip Wolf, Tunnell Consulting, @KipWolf

Crowd-People-iStock-1065178846

In modern times, the business operating model is commonly referred to by the three resources of “people, process, and technology.” Business intelligence (BI) activities also frequently refer to the triangulation of “people, process, and technology.” And the triad of “people, process, and technology” is touted by organization change management (CM) pundits and business process management (BPM) experts alike. It is said that these maxims stem from an article by Harold J. Leavitt, Applied organisational change in industry: Structural, technological and humanistic approaches, that first appeared individually and in textbooks in the mid-1960s. And these concepts were clearly incorporated into countless titles over the decades since, including many recent books.1-8

People, Process, And Technology In Data Integrity

When considering the data integrity condition of an organization, we often use this structure to perform our analysis and to inform our presentation of the results. However, by the time the analysis is concluded, the operational conditions within the relationship of these three resources has changed. The results of any evaluation are limited to a snapshot of data — a brief glimpse of the conditions at a particular isolated point in time — as these resources are ever-changing individually and in their relationship to one another. In most cases, the topics are considered in terms of how to integrate these three resources. Let’s consider their individual impacts on data integrity.

Technology

Working backward, we first consider technology. Technology and, in particular, information technology, continues to advance at an exponential rate. Some tech pundits even go so far as to suggest that technology “will evolve to the point where it will know more on an intellectual level than any human”9 within the next 25 years. While these perspectives may be on the fringe, they represent some of the extreme examples of the rapid advancement of technology.

21 CFR Part 11 was written with a heavy focus on information technology and we in the life sciences industry have been keenly focused on information technology for many decades. Computer system validation and change control are our primary tools for limiting information technology variability in our operations. We rely on these controls to manage change and variability in our technology in operations, and we are generally well educated on the requirements and methods to do so.

Process

Next, we consider process management. Process variation is something with which we are also very familiar in life sciences, as there has been much application over the last few decades of Lean Six Sigma to limit process variation. In addition, there has been much application of technology solutions for control and digital optimization using BPM tools such as Promapp, Kissflow, and ProcessMaker. While overhead is required to manage such tools, they provide great benefits in overall process understanding that lends positive results to limiting process variation. 

People

Variation in personnel resources remains the greatest risk to our operations and specifically to data integrity. As cultures change or are blended/mixed over international business operations, we realize ever-changing and evolving behavior in our people. Differences also exist in the expectations from generation to generation. As new generations join the workforce, new cultures emerge that present differing expectations of the workplace.

Gilbert’s Behavior Engineering Model (BEM) presents a concise way to consider both the environmental and the individual influences on a person’s behavior. The model suggests that a person’s environment supports impact to one’s behavior through information, instrumentation, and motivation. Examples include feedback, tools, and financial incentives (respectively), to name a few. The model also suggests that an individual’s behavior is influenced by their knowledge, capacity, and motives. Examples include training/education, physical or emotional limitations, and what drives them (respectively), to name a few. Let’s look at some further examples to better understand the variability of individual behavioral influences to see how they may negatively impact data integrity.

Specific individual behaviors are frequently cited in agency observations. Some examples from recent FDA observations were listed in the article “Cheating In The Lab: 3 Data Integrity Pitfalls To Avoid In Laboratory Operations,” with some excerpts shown below.

•      “Analyst ... explained that he deletes older data to make space for newly acquired data.”

•      “You permanently deleted the first five sample injections. You then renamed the last two injections and reported that they met specifications.”

•      “Analysts manipulated and deleted audit trails.”

Knowledge limitations may present themselves through changing operational needs. When processes or technologies are improved, the individuals likely need to be retrained to keep pace with the improvements. In some cases, we have seen individuals fall short of maintaining the necessary knowledge. In such cases, these knowledge gaps may create risks to data integrity (e.g., failing to understand and execute appropriate audit trail review).

Capacity limitations may present themselves by straining the existing workforce. When overtime is required and approved, individuals may work beyond their physical and emotional limits. We have seen this lead to data entry errors, information review mistakes, and operational failures. We have people with good intentions cause catastrophic failures by pushing themselves beyond their physical and emotional capacity.

Motive limitations may present themselves as failures due to malice or plain ignorance. We have seen negative impacts on corporate brands by disgruntled employees motivated by anger who publicly share sensitive information in negative ways. We have also seen people make mistakes simply by not considering the consequences of their well-intentioned actions. For example, an operator driven by a motive to please their superiors, when questioned about the incorrect label on a piece of equipment in the manufacturing suite, quickly overwrote the batch number on the vessel to make the correction (promptly causing an investigation).

Making Good Progress, Only To Start All Over Again

Regardless of the maturity of an organization’s data integrity practices, the people component remains the greatest risk. Consider an organization that has evolved to a high degree of data integrity and quality culture maturity, but then it changes and realizes basic risks all over again. When brand-new junior staff are hired or organizations are merged as a result of acquisition, the organization frequently has to start all over again or at least consider readdressing some basic data integrity needs with its new and combined staff.

The important thing for individual contributors, operational managers, and executive leaders to remember is that data integrity evolves. What works today may not work tomorrow. We must constantly evaluate and consider adjusting our strategies for data integrity. One of the most overlooked areas is our human resources – our people. We must consider how our changes in human resources impact our overall data integrity, from an individual change with a single new hire to a departmental or corporate level change with a merger or acquisition (see “What Your Organizational Design Says About Your Commitment To Data Integrity”). Change impact analysis is a valuable activity, not just during formal change request processes. We find that the most effective managers of data integrity consider change impact analysis as part of their critical thinking skills. Whether informally thinking about “best-case/worst-case” or more formally discussing scenarios in a process failure mode and effects analysis (FMEA), embedding continuous critical thinking of and by the people resources in your organization may greatly improve the conditions of this most persistent risk to data integrity.

References:

  1. Jack S. Goulding and Farzad Pour Rahimian, Offsite Production and Manufacturing for Innovative Construction: People, Process and Technology, Routledge, Jun. 25, 2019.
  2. Diane Updyke, Building Your Sales Team: Beyond People, Process, and Technology, THiNKaha, Mar. 11, 2019.
  3. Jason Sachowski, Digital Forensics and Investigations: People, Process, and Technologies to Defend the Enterprise, CRC Press, May 23, 2018.
  4. Judah Phillips, Building a Digital Analytics Organization: Create Value by Integrating Analytical Processes, Technology, and People into Business Operations (Paperback), Pearson FT Press, Nov. 25, 2017.
  5. David J. Piasecki, Inventory Accuracy: People, Processes, & Technology, OPS Publishing, Mar. 15, 2003.
  6. Kan Wang, People, Process, and Technology Management Framework: A Manager's Practical Guide to Establishing a Structure for Growth, CreateSpace Independent Publishing Platform, Jul. 23, 2011.
  7. Dean Lane, The Chief Information Officer's Body of Knowledge: People, Process, and Technology, Wiley, Sep. 13, 2011.
  8. The Toyota Product Development System: Integrating People, Process And Technology, by James M. Morgan and Jeffrey K. Liker | Mar 25, 2006
  9. John Brandon, “An AI god will emerge by 2042 and write its own bible. Will you worship it?”, VentureBeat, Oct. 2, 2017.

About The Author:

Kip Wolf is a principal at Tunnell Consulting, where he leads the data integrity practice. Wolf has more than 25 years of experience as a management consultant, during which he has also temporarily held various leadership positions at some of the world’s top life sciences companies. Wolf temporarily worked inside Wyeth pre-Pfizer merger and inside Merck post-Schering merger. In both cases he led business process management (BPM) groups — in Wyeth’s manufacturing division and in Merck’s R&D division. At Tunnell, he uses his product development program management experience to improve the probability of successful regulatory filing and product launch. He also consults, teaches, speaks, and publishes on topics of data integrity and quality systems. Wolf can be reached at Kip.Wolf@tunnellconsulting.com.