New approaches and technical possibilities are constantly being developed to enable systems to communicate with each other and exchange data. However, Interfaces do not receive as much attention as the connected systems. Interfaces tend to be overlooked or subordinated to the main systems. In addition, interfaces are technically sandwiched between two systems with independent release cycles.
For data integrity, this situation poses serious risks because interfaces are vital links and play a key role in maintaining data integrity throughout the business processes and across systems.
- defining ownership of data
- shared responsibility among involved parties
- exchange of data between different companies
- interfaces are often new parts of established systems
- different standards or formats are used to exchange data
Therefore, good design and validation of interfaces is a prerequisite for ensuring data integrity and data quality across systems.
Consequently, this has moved ISPE to address the topics in a Special Interest Group (SIG) within GAMP D-A-CH. In order to strengthen the focus on interfaces, a GAMP®5 compatible validation approach was compiled and published as rule VDI 3516 Part 6. This approach also addresses the latest regulatory expectations set by regulatory bodies, such as described in the recent PIC/S PI-041-1 which calls for validated automated data exchange between systems. The approach adopts a holistic view on interfaces from different perspectives encompassing all dimensions affecting the interface activities.
The VDI standard also provides a checklist to facilitate the integration of interface validation. Adoption of the rule translates into benefits manifesting in reduced time and costs, and an increased level of compliance.
While the ISPE RDI Good Practice Guides – especially ‘Data Integrity by Design’ – provide a perfect entry point to the mindset needed for Data Integrity, the VDI 3516 Part 6 gives practical advice how to specify and verify an interface.
This standard for validation of interfaces is a hands-on guide written by experts for experts, incorporating checklists for the analysis of data and process requirements, and for the assessment of interface functions and capabilities.
Examples for using the VDI standard and the included checklists:
Production Systems: Elicitation of data ownership in integrated systems, e.g., ERP, MES, shop floor like filling line. Checklist 1 offers detailed guidance by allocating and documenting the responsibilities in the affected processes and overall system context.
Lab Environment: Establishing a harmonised concept between devices, LIMS, Raw Data management systems, the provided interfaces and decentralised data storage. Checklist 2 provides a standardised view on all interfaces involved. It helps to analyse and specify all dataflows.
Distributed Supply Chain: Incoming and outgoing batch genealogy and distribution between several organisations. Checklist 3 supports alignment of all activities for GO-LIVE operating cross-enterprise interfaces.
Implementation and Quality Gates
This new standard provides the tools to ensure data quality in DI critical areas over the entire life cycle of the interface. It aims to identify DI-relevant issues and risks to data quality right from the start, at the planning phase.
The validation of interfaces is structured into four phases, separated by gates. This allows for better traceability and control of the coordination processes between all parties involved:
The Specification and Verification phase corresponds to the validation procedure for computerized systems as recommended in GAMP®5. The corresponding Checklist 2 supports the specification task, i.e., obtaining an adequate interface description in regard of its criticality. In addition, the VDI standard provides a separate section for cross-system "Analysis of Data Integrity Risks". It focusses on data integrity and data quality as part of the interface design rather than checking it in retrospect only.
A preceding Planning & Scaling phase enables a standardized and verifiable validation procedure for the variety of interfaces. Rather than applying GAMP categories, the criticality of an interface is determined by using six dimensions that assess the interface in the context of its respective system and process context:
- Organisation: allocation of responsibilities, availability of knowledge about processes/systems
- Location: geographical spread, distribution on site (buildings, rooms), infrastructure, security
- Business Process: GxP-impact (product quality, patient safety, data integrity), scope of tasks, novelty/maturity, complexity/complicity, performance (scalability, time)
- Application: amount and criticality of the tasks the interface is to take over (according to GAMP® cat. 3/4/5), processing or filtering of data, processing rules/logic, error tolerance
- Technology: technological infrastructure, system architecture (HW/SW), degree of standardization/maturity, processing speed, central/decentralized provision, reliability
- Data: Criticality of the data/GxP relevance, quantity/volume, encryption, change/conversion of data, data backup, status/actuality, access control/security, change history/audit trail
This risk-based scaling allows the validation effort to be reduced to the essential aspects of the interface. Checklist 1 aids in collecting characteristics of the interface in the context of its systems, processes, and data context in cooperation with all stakeholders.
Once the interface has been verified, the challenge in phase Preparation for Operation is to coordinate activities among various stakeholders. Checklist 3 is used to plan and track implementation and go-live activities across all supported business processes and functions.
For the Operation phase, suitable control measures are described that ensure the validated operation of the interface in the intended system environment.
Validated interfaces are a necessity for Data Integrity and Data Quality across systems. Following a risk-based approach, interfaces need to be assessed in the context of data flows and the supported processes.
The VDI standard facilitates this holistic view and derives measures for implementation and testing of interfaces in order to achieve compliance with data integrity requirements.
By the SIG Interfaces Team: Volker Hattwig, Elmar Harringer, Andreas Hengstberger, Till Jostes, Katharina B. Neuland, Elisabeth Schauer de Castro, Markus M. Schröder, Reiner Strauß, Kai Winnig