Blog

The purpose of this article is to review the solution to four (4) common challenges when using spreadsheets to meet GxP quality requirements. These challenges are:

1) The effort required to print, sign, securely store and retrieve completed worksheets.
2) Compromised file security through password sharing
3) Tracking changes made to worksheets
4) Maintaining workbook integrity, post spreadsheet validation

Today, spreadsheets are commonly used throughout the biopharmaceutical, pharmaceutical and other FDA-regulated industries. Spreadsheets are considered systems and when they impact data that affects product identity, strength, purity and safety, they must be validated and controlled.

Problem # 1. Effort required to print, sign, securely store and retrieve completed worksheets

A common spreadsheet business process is the review and approval of data entry for records that are governed under GMP, GCP or GLP quality standards, and documentation of this sign-off. This process typically requires the Excel sheet where the data was entered printed out, reviewed by a supervisor and then signed by each party/witness to the event. Once signed, each individual printed sheet must be stored and secured. To review a sheet, it must be located, signed out and then returned. All of these repeatable steps pose a significant obstacle to efficient business processes, as well as data integrity issues complicated by lost and misplaced sheets that are required for internal or external audit review.

Problem # 2. Compromised file security through password sharing

In Excel, passwords are often used to restrict access to the workbook, a worksheet within it or individual elements in the worksheet. Typically, the security of cell data, the structure and the code within the workbook is not compromised by the failure of the password itself, but by the tendency of users to share passwords. Because these passwords are not user specific, once shared or discovered, there is no way to ensure that only the personnel authorized to access a spreadsheet are the ones doing so. At a minimum, this can raise concerns regarding the security of the data and the data output. Once passwords are shared, file security and data integrity can no longer be counted on.

Problem # 3. Tracking changes made to worksheets

When a change is made to an entry in a paper-based record, the changes are visible to the eye and can be seen when reviewing the record. Even if an attempt was made to remove the original entry, it would still leave a mark on the paper making it very difficult to hide any such attempt. However, when changes are made to an electronic worksheet, the only entries that a reviewer can see are the latest one. There is no mechanism to know if one or more entries have been modified and if so, who made the changes and the reasons behind such change.

Problem # 4. Maintaining workbook integrity, post spreadsheet validation

Validation of a spreadsheet is a lengthy process involving analysis of the workbook structure, logic and code, verification of formulae and accuracy of calculations, to name just a few areas. Once validation is complete and the workbook is approved for production use, a major challenge to maintaining all of the work that has gone into the design and validation is the inability to control role-based access and security – for example, who can change formulas, edit macros, print or save as the workbook? This makes it difficult to maintain the validated state. The inability to control Excel menus, similar to an enterprise application that provides role-based access, creates areas of ongoing concern for data integrity even with continued checking and review of workbook settings. Lacking such controls, it is a big challenge for the business to verify, count on and maintain control over the output of validated files.

The Solution:

For the business and data integrity concerns outlined above, a proven solution is available that is in use by hundreds of FDA-regulated firms, called eInfotree Excel Desktop. This software application addresses all the data integrity concerns outlined above by providing the following benefits.

1. No More Password Sharing: eInfotree improves information security and access with regard to password controls in two ways. One, by allowing users to have their access rights to the workbook automatically authenticated against the company’s centralized Active Directory. Second, by replacing file/sheet/cell level passwords with file/user/group-specific rights that are maintained by the application. These application capabilities eliminate the huge headache of remembering passwords or the potential data integrity issues that arise from sharing passwords.

2. Cell-level Audit Trail: The application provides a cell-level audit trail of all changes. Hence a reviewer can see all changes made to a cell, not just the latest one. This includes the date and
time when entries were made, who made them, worksheet name, cell address, old value, new
value, type of action (e.g. value change vs. calculation change) and reason fields.

3. Maintaining Post-validation Data Integrity: The structure and design of the workbook once validated and ready for production should be secured and maintained so that formatting, logic and code perform as intended. eInfotree Excel Desktop solves the problem of structural control and user specific access to Excel menus by offering controls for all Excel menus. You decide who is allowed to Modify Formulas, Edit Macros, Print or Save As the workbook. Menu controls can be applied per file, per user or group. This application ability helps alleviate concerns over data integrity in these areas.

4. Electronic Signatures: We discussed earlier the time-consuming business process and challenge of printing, signing, transporting, securing and retrieving hard copies of worksheets to satisfy GXP requirements. Through the use of eInfotree’s electronic signature capability, this tedious process can be eliminated by requiring users to sign off on their actions directly into the worksheet with an eye readable electronic signature that offers up to 7 field values such as time stamp, user name, role and reason. The locked and secure eye-readable e-signature removes the need to print and store any sheet. The use of electronic signatures allows for a streamlined process for managing all reviews and approvals without the overhead of a hybrid system.

Conclusion

The ease of use, familiarity and availability of spreadsheets make them one of the most popular application ever developed. However, these very characteristics of spreadsheets also raise data integrity, compliance and regulatory concerns. The answer lies not in replacing spreadsheets with expensive and inflexible enterprise systems, but in filling the compliance gaps with additional technical controls. Cost effective technology solutions are now available where you don’t have to choose compliance vs. ease of use. You can supplement your use of spreadsheets with enabling compliance technology that gives your users the best of both worlds.
For more information, or to arrange a demonstration of the product, please email us at [email protected], or visit www.part11solutions.com.

About CIMCON Software

Established in 1996 and with 700 customers in 30 countries, CIMCON is a pioneering Market Leader in providing a wide range of solutions for Compliant Digital Transformation™. We provide comprehensive solutions for spreadsheets that automate the validation of your spreadsheets with XLValidator, and make them Part 11 compliant with eInfotree. The LabMonitor software provides a centralized lab management system for continuous monitoring of your data files, and to make legacy lab software Part 11 compliant. Transform provides automated solutions to move your paper forms to electronic without redesigning them. The eInfotree QMS provides a Quality Management System with functionality for e-signatures, workflows, PDF rendition, training and forms. CIMCON products are ranked highly for ease of use, customer satisfaction and post-sale customer support. All products are provided with a validation package, and a suite of optional validation services for a total turnkey solution.