GXP - The Data Integrity Issue

Technologies Supporting Electronic Records Integrity

Introduction

An expectation pertinent to the computer systems performing production related regulated functions is the integrity(1) in the electronic records(2) (e-records). This expectation takes the highest priority in any Worldwide Health Agency Good Manufacturing Practices (GMPs) and the foundation of the GMPs.The electronic information properly recorded and managed is the basis for manufacturers to assure to the competent authority about the product identity, strengths, purity and safety(3). The e-records also demonstrate that the regulated entity production computer systems adhere to the GMPs, including instructions.

All operations with e-records should be performed in a secure environment. This requirement applies to e-records at rest, in transit and during processing(4).

Any unintended changes to the e-records as the result of a storage, retrieval or processing operation, including malicious intent, unexpected hardware failure, and human error, is considered a failure of e-records integrity.

To assure the integrity of e-records, the computer systems managing such e-records must be, essentially, trustworthy(5). The computer system must execute the intended function free from unauthorized e-record manipulations.

E-records integrity is a critical aspect to be well-thought-out during the design, implementation and usage of any system which stores, processes, or retrieves e-records. It should be adopted a quality-by-design approach. The system design must make provisions such that original e-records cannot be deleted and for the retention of audit trails reflecting changes to original e-records.  Security must be built into the infrastructure and the applications(6) managing the creation, storage, archiving, modifying, and/or transmit e-records. Another example is the communication security through an open link can be reinforced by using controls such as encryption processes.

The quality-by-design approach supports the e-records integrity. The idea of ‘data integrity/quality by design’ (DIQbD) is something that aligns with the computer related quality processes such as the EMA Annex 11, ICH Q7, US FDA 21 CFR 211.68 and many more. In order to apply the applicable regulations appropriately, the regulated user must understand the:

  • required e-records;
  • criticality of the e-records to the patient;
  • collection method and processing;
  • risk of the e-record integrity;
  • technical and procedural controls required,

Based on the intended use of the system, each of the requirements establishing e-records integrity must be documented and the associated risks assessed before implementing the e-records integrity technical and procedural controls. The validation process provides an ideal framework for documenting the e-records integrity lifecycle(7).

Centered on information security(8), this article provides a broad overview of the cryptographic(9) technologies that can keep e-records integrity for any GMP regulated activity(10). Part I of this article describes each individual technology such as: E-records encryption, digital signatures(11) and services family (e.g., Virtual Private Network(12)). These are the set of tools and techniques ensuring the integrity and validity of the information throughout the e-records lifecycle(13)

. Part II describes how the combination of these tools, described in Part I, can mitigating threats to and vul­nerabilities related with e-records integrity.

By implementing the applicable cryptographic tools, access control and authority checks to computer resources; audit trails controls; authentication; security of the electronic signatures; signature-e-records linkage; time controls; uniqueness of the electronic signatures; and integrity and privacy of e-records in transit are some of the technical controls in which the e-records can be protected. The applicable level of control may be as the result of the criticality of the e-records and associated risks.  Only within the control of business needs and risks can management define security(14). Risks to be considered are, for example, the degree to which e-records or the system generating or using the e-records can be configured, and therefore potentially manipulated(15).

Cryptographic Technologies

The following paragraphs contain a simplified depiction of cryptographic technologies(16) supporting e-records integrity.

Hashing refers to the process of computing a condensed message or record of any length to a string of a fixed length with the use of a one-way mathematical function so that one cannot retrieve the message from the hash. The out­put of a hashing or hash value is called a message digest. The probability that two different e-records will generate the same message digest is 1 in 1087. Consequently, a message digest is unique and has a low probability of collisions providing a digital identifier for each e-record. A minor change in a message will result in a change to the message digest.

Hashing as a Cryptographic Technology

Because hashing is a one-way function and the output of the function has a low probability of collisions, hashing can be used with a cryptographic product or services family for authentica­tion, nonrepudiation, and e-records integrity. Hashing also is a key element in the Digital Signature Algorithm (DSA).

Encryption refers to the process of scrambling input clear text or records, called the plaintext,with a user-specified password (password-based encryption algorithm) or key (secret-key algorithm) to generate an encrypted text or output called a ciphertext.No one can recover the original plaintext from a ciphertext in a reasonable amount of time without the user-specified password or key. The algorithms that com­bine the user-specified password or key and plaintext are called ciphers. Encryption most often is used to protect the privacy of messages or e-records.

How Encryption Works

The Data Encryption Standard (DES) was once a predominant symmetric-key algorithm(17) or the encryption of e-records. It was highly influential in the advancement of modern cryptography in the academic world.

DES is now considered to be uncertain for many applications primarily due to the 56-bit key size being too small. In January 1999, the DES key was broken 22 hours. There are also results which demonstrate speculative weaknesses in the ciphertext, although they are undetectable to mount in practice. The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks. In recent years, the ciphertext has been superseded by the Advanced Encryption Standard (AES).

AES is used by the United States (U.S.) government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive e-records.  It was published by NIST as the U.S. FIPS PUB 197. The AES became effective as a federal government standard in 2002. It is also part of the ISO/IEC 18033-3 standard which specifies block ciphers for the purpose of e-records confidentiality.

The following table compares the encryption strength as determined by key length in bits(18) of the above referenced encryption algorithms.

Factor

AES

Triple DES

DES

Key Length

128, 192, or 256 bits

(k1, k2 and k3) 168 bits

(k1 and k2 is same) 112 bits

56 bits

Time required checking all possible keys at 50 billion keys per second.

For a 128-bite key: 5 x 1021 years.

For a 112-bit key: 800 days.

22 hours

Public-key infrastructure (PKI) is the combination of software, en­cryption technologies, server platforms, workstations, policies, and services used to administer public-key certificates(19)- creden­tials issued by a trusted authority - and public- or private-key sets.

PKI enables regulated entities to protect the security of their communications and business transactions on networks. PKI is used to secure e-mails, Web browsers, virtual private networks (VPNs), and end applications.

In a traditional PKI design, a certification authority (CA) is a trusted party that guarantees for the authenticity of the entity in question by confirming the integrity of the public-key value in a certificate. The CA issues and manages, from a certificate server, security credentials and public-keys for message encryption and de­cryption. The CA notarizes public-keys by digitally signing public-key certificates using the CA's private key and links to entities. An entity, which is a person, server, organization, account, or site, can present a public-key certificate to prove its identity or its right to access information. It links a public-key value to a set of information that identifies the entity associated with the use of the corresponding private key. This entity is known as the subject of the certificate. Certificates are authenticated, issued, managed, and digitally signed by a trusted third party, the CA.

A certificate server is the repository for public-key certificates. End applications that are PKI-enabled verify the validity and access privileges of a certificate by checking the certificate's profile status protected in the repository. The certificate server pro­vides services for managing users, security policies, and trust relationships in a PKI-enabled environment.

Certificate servers must possess controls that provide tamper evidence such as logging, alerting and tamper resistance such as deleting keys upon tamper detection.Each server may contain one or more secure cryptoprocessor chips to prevent tampering and bus probing. These may come in the form of a plug-in card or an external device that attaches directly to a computer or networked server.

The next critical concept in a PKI is the root certificate. It is an unsigned or a self-signed public-key certificate that identifies the root CA. A root certificate contains the private key of which is used to "sign" other certificates. The most common commercial variety is based on the X.509 standard which normally includes a digital signature from a CA. The ISO/IEC 9594-8 defines frameworks for public-key certificates.

An X.509 certificate(20) binds a name to a public-key value. The role of the certificate is to associate a public-key with the identity contained in the X.509 certificate.

Authentication of a secure application depends on the integrity of the public-key value in the application's certificate. If an impostor replaces the public-key with its own public-key, it can impersonate the true application and gain access to secure e-records. To prevent this type of attack, all certificates must be signed by a CA.

A CA signs a certificate by adding its digital signature to the certificate. A digital signature is a message encoded with the CA’s private key. The CA’s public-key is made available to applications by distributing a certificate for the CA. Applications verify that certificates are validly signed by decoding the CA’s digital signature with the CA’s public-key.

An X.509 certificate contains information about the certificate subject and the certificate issuer (the CA that issued the certificate). A certificate is encoded in Abstract Syntax Notation One (ASN.1), a standard syntax for describing messages that can be sent or received on a network.

The role of a certificate is to associate an identity with a public-key value. In more detail, a certificate includes:

  • A subject distinguished name (DN) that identifies the certificate owner.
  • The public-key associated with the subject.
  • X.509 version information.
  • A serial number that uniquely identifies the certificate.
  • An issuer DN that identifies the CA that issued the certificate.
  • The digital signature of the issuer.
  • Information about the algorithm used to sign the certificate.
  • Some optional X.509 v.3 extensions; for example, an extension exists that distinguishes between CA certificates and end-entity certificates.

Digital signature is becoming more common. It is an advanced form of electronic signature that encrypts documents with digital codes that is particularly difficult to duplicate. The use of digital signatures provides the mechanism to verify the in­tegrity of a signature or e-record linkage and the identity of the signatory. Digital signatures can be im­plemented in software, firmware, hardware, or any combination.

Digital Signature

The Public-Key Cryptography Standards (PKCS) describes how to sign a message or e-record in such way that the recipient can verify who signed it and that the message or e-record hasn't been modified since it was signed. The figure in the right shows a typical digital signature process.

Summary:

  • The sender's digital signature is associated with a pair of keys: private key and public-key.
  • To sign an e-record, the e-record and the private key are the inputs to a hashing process.
  • The output of the hashing process is a bit of strings (message digests) appended to the e-record. The plaintext, the digital sig­nature, and the sender's digital signing certificates are sent to the recipient. A signing certificate contains the public sign­ing key assigned to an individual.
  • At the recipient site, after the sender's certificate is received, the CA digital signature is checked to ensure that someone the recipient trusts issued it.
  • The recipient of the transmitted e-record decrypts the message digest with the originator's public-key, applies the same mes­sage hash function to the e-record, and then compares the re­sulting message digest with the transmitted version. Any modification to the e-record after it was signed will cause the signature verification to fail (integrity).
  • If the signature was computed with a private key other than the one corresponding to the public-key used for verification, then the verification will fail (authentication).
  • In digital signatures, the private key signs and the public-key verify the authenticity of signatures. For confidentiality, the pub­lic-key encrypts messages, and the private key decrypts messages.

Verifying a Digital Signature

The DSA, in which Hashing is a key element, is a Federal Information Processing Standard (FIPS) for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS).  The most recent DSA revision is the FIPS 186-4 in 2013.

Digital signature is a technology that fully supports the trust­worthiness of signed e-records.

Citations and Author Notes:
  1. Integrity - the degree to which a system or component prevents unauthorized access to, or modified of, computer programs or data. (IEEE)
  2. Electronic record - information recorded in electronic form that requires a computer system to access or process. (SAG, “A Guide to Archiving of Electronic Records”, February 2014).
  3. Wechsler, J., “Data Integrity Key to GMP Compliance, Pharmaceutical Technology”, September 2014.
  4. NIST SP 800-33
  5. López, O., "Trustworthy Computer Systems,” Journal of GxP, Vol 19 Issue 2, Jul 2015.
  6. Vibbert, J.M., “The Internet of Things: Data Protection and Data Security,” Global Environment Information Law Journal, Volume 7 Issue 3, Spring 2016.
  7. Davis, L., “MHRA: Data Integrity defined?”, PharmOut,  https://www.pharmout.net/mhra-data-integrity-defined/
  8. Information security - is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Infosec responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted or whether it is in transit, is being processed or is at rest in storage. (http://searchsecurity.techtarget.com/definition/information-security-inf...)
  9. Cryptographic - It is the practice and study of techniques for secure communication in the presence of third parties. (http://searchsoftwarequality.techtarget.com/definition/cryptography)
  10. In this article “GMP regulated activities” is defined as the manufacturing related activities established in the basic legislation  compiled in Volume 1 and Volume 5 of the publication The rules governing medicinal products in the European Union" http://ec.europa.eu/health/documents/eudralex/index_en.htm, US FDA 21 CFR Part 211, “Current Good Manufacturing Practice In Manufacturing, Processing, Packing or Holding of Drugs; General and Current Good Manufacturing Practice For Finished Pharmaceuticals” or any predicate rule applicable to medicinal products for the referenced country.
  11. Digital signature - Digital signature means an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified. (US FDA 21 CFR Part 11.3(5)).
  12. Virtual Private Network - Describes the use of encryption to provide a secure telecommunications route between parties over an insecure or public network, such as the Internet.
  13. López, O., “Electronic Records Lifecycle”, Journal of GxP Compliance, Volume 19 Number 4, November 2015.
  14. ITIL, “The Official Introduction to the ITIL Service Lifecycle,” 2007.
  15. MHRA, “MHRA GxP Data Integrity Definitions and Guidance for Industry,” July 2016 (Draft).
  16. López, O., "Technologies Supporting Part 11," in 21 CFR Part 11: Complete Guide to International Computer Validation Compliance for the Pharmaceutical Industry, (CRC Press, Boca Raton, FL, 1st ed.), 2004, pp. 141-146.
  17. Symmetric-key Algorithm - It is a cryptographic algorithm that uses the same key to encrypt and decrypt data. 
  18. Alanazi, H., Zaidan, B., Zaidan, A., Jalab, H., Shabbir, M. Al-Nabhani, Y. , “New Comparative Study Between DES, 3DES and AES within Nine Factors,” Journal of Computing, Vol 2, Issue 3, March 2010, ISSN 2151-9617 (152-157)
  19. A public-key certificate (also known as a digital certificate or identity certificate) is an electronic representation of an identification or passport, issued by a certification authority (CA) to a PKI user, stating identification information, validity period, the holder’s public-key, the identity and digital signature of the issuer, and the purpose for which it is issued.
  20. https://access.redhat.com/documentation/en-US/Fuse_ESB_Enterprise/7.1/html/ActiveMQ_Security_Guide/files/X509CertsWhat.html



Product Added Successfully

This product has been added to your account and you can access it from your dashboard. As a member, you are entitled to a total of 0 products.

Do you want access to more of our products? Upgrade your membership now!

Your Product count is over the limit

Do you want access to more of our products? Upgrade your membership now!

Product added to cart successfully.

You can continue shopping or proceed to checkout.

Comments (1)

Electronically stored information is in many cases is a better decision than the traditional way of storaging, as thanks to technologies, data can be arranged faster and more easy. But, of course, the trustworthy of these systems should be guaranteed. In fact, in our article about the entering of technologies in clinical trials , we have paid attention also to mobile devices and their benefits when used in the Pharma and clinical trials industry. For example, mobile apps can be used by trial sponsors for indicating a problem or possible side effect and to act more adequately when necessary.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Use to create page breaks.
Image CAPTCHA
Enter the characters shown in the image.
Validated Cloud logo