Validating Software: Do You Need Data Transfer Verification?
During one of our recent webinars, we received a question on whether or not there is a regulatory expectation to validate data transfers.Without getting too technical, verifying the transfer of data isn't really software validation.
However, data transfers do concern electronic records and could justify some attention, especially if the data being transferred contains information you may need someday to prove GxP compliance. Moving this information would technically be a change control process, but for our purpose, we'll stick to the validation side of things, and skip the distraction of too many definitions.
Basically, we need proof that our data transfers are successful, without omissions or errors. We can do this by verifying the data set (perhaps validating the verification tool), or by validating the data transfer process (and that is software validation, but usually using existing tools). In our experience, there are a few ways to go about this.
- Here are some verification strategies:
- a.) Transfer your data and do a 100% verification. (This actually doesn't validate anything, but it does verify your transfer was successful and free of corruption).
b.) If you are using a standard tool, such as "Copy and Paste" within a standard well-tested application such as a Microsoft Operating System, then you can probably get away with just verifying the number and size of the files to show that nothing has changed. (Again, this isn't really validation; it is a lighter version of verification).
c.) Some applications have "comparison tools" that will look the two data sets – original and transferred – and verify that they are identical. Again, this isn't validation, but rather automated verification.
- So moving from verification to validation, the first task is to validate our verification tools. First, choose you data transfer tool, then transfer a placebo or fake data set (this could be a copy of the actual GMP data). Then make some specific changes to the data set – omissions, duplications, wrong data, missing entries, extra entries, etc. Run the verification tool to see if it identifies all the changes.
If we do this within the documented environment of a validation protocol, with acceptance criteria, and repeat it enough times, this functions to validate the verification tool. The quality of this validation is dependent on your ability to be creative on what kinds of data errors we should be testing for. (We recommend getting help from an IT expert for this part (if needed).
Please leave your questions/comments below, or contact me directly. I am happy to offer any clarification or guidance I can!
Senior Regulatory Expert
Watch a 2-minute Video about Vaisala's Service Center Calibration