Long-term data integrity and GxP compliance with virtualized software installations

INTACT Software Library platform enables organizations and labs to ensure data integrity for their archived research studies that may be decades old. The platform hosts virtual installations of legacy software that is needed to read and use the archived data. The legacy software is carefully installed and maintained, aiming to retain all relevant settings of the original software used in the lab. Applications of INTACT Software Library demonstrate that software integrity is key to data integrity and essential for mitigating digital obsolescence risks, as highlighted in the SelectScience editorial article “Digital Obsolescence: Is your research data at risk?”

Digital technologies are critical enablers in drug discovery and an integral part of research practices. Scientific tools and instruments are computerized to enable data capture with precision and accuracy and to facilitate analysis and insights that underpin all subsequent phases in the drug development. Laboratory processes are progressively digitalized to increase reliability and meet quality standards. This trend propels the scientific discovery but threatens data integrity over time.

Data integrity is a key GxP regulatory concern

Digital data requires software to be accessed and used. Yet, over time, every software comes to the end-of-support, when the software producer stops updating it, or to the end-of-life, when the whole product is discontinued. Even before that, the organization may replace the technology and switch to a different technology provider. Once lab instruments and software are decommissioned, the integrity of archived data is at risk – there is no software to ensure its long-term readability and, therefore, no means for the organization to stay compliant with regulations on data integrity.

Regulations on the management of computerized systems and electronic data are evolving as new methods are introduced and new research practices are adopted. In March 2015, the MHRA first published the GMP Data Integrity Definitions and Guidance and in March 2018 updated and expanded GXP Data Integrity Guidance and Definitions to be applicable across GLP, GCP and GMP. In the meantime, FDA, PIC/S and OECD (to be finalized), put forward Data Integrity guidance for specific Good Practices. They all focus on a common set of data attributes known as “ALCOA”, requiring data to be Attributable, Legible, Contemporaneous, Original and Accurate. ALCOA+ involves four additional data integrity requirements: Complete, consistent, enduring, and available.

Software integrity is key to data integrity

Meeting ALCOA+ requirements involves both Computer System Validation (CSV) and plans for archiving original raw data for as long as the regulation requires, sometimes over 20 years. Data must be retained in the format in which it was generated. That also means that the corresponding software needs to be maintained for the same period of time in order to secure readability of data and reproducibility of studies. Software integrity, established through the original CSV effort, becomes a key aspect in supporting long-term data integrity.

A common approach is to keep old lab computers with old software. However, they are subject to hardware failures and inevitably become non-secure since the legacy operating system becomes unsupported and presents security risks.

MHRA suggested that once the system can no longer be supported, it could be maintained in a virtual environment – the approach that has been adopted INTACT Software Library services.

Virtualized and validated software installations ensure study reproducibility

INTACT Software Library offers a systematic and principled approach to long-term use of software by removing the hardware failure risks and the operating system security risks. Each organization and each lab can have its own Software Library with virtualized installations of legacy software. Software installations are hosted in a private data centre where security of the non-secure software can be carefully managed. Since installed in virtual machines, the software is also safe from hardware failures.

INTACT Software Library provides a convenient and secure use of software through standard internet browsers. Virtual desktops appear in the browser tabs and allow safe and easy interaction with the software.

Data that needs to be used with the software is carefully transferred into the Software Library environment. A copy of selected archived data is exported for use within the Software Library through a secure transfer desktop. Once transferred, the data is used to complete the task and then deleted. No archived data is altered or affected in any way. Only copies of the data are used and processed for study reconstruction.

INTACT Software Library design and procedures enable organizations to adhere to their internal policies on software and data management. The software installations are carefully created since any changes to the software or the environment within which the software operates may introduce inconsistencies and affect reproducibility of past studies. Even newer, improved and upgraded software versions may not be used if one cannot guarantee that there are no discrepancies in the way data is processed and visualized. Study reproducibility requires software installations that are as close to the original as possible. That can be achieved by incorporating relevant aspects of the original CSV process, as it has been demonstrated through a case study of Analyst 1.4.2 software by SCIEX, originally installed in a bioanalysis lab in 2006.

INTACT Software Library complements archiving solutions by focussing on software integrity that is essential for long-term data readability and compliance with data integrity regulations.

Find out more about Intact Digital Ltd and its INTACT Software Library and INTACT Digital Continuity Services.