top of page

Risks to Data Integrity May Lie in the Journey

Do you know where risk points to data integrity lie when Investigator Sites use electronic platforms to collect data? In talking about risk to data integrity, it is useful to break down common areas where data loses integrity to ensure best Data Governance Practices are being utilized.

From any electronic data platform, data is collated, bundled and delivered to the CRO or Sponsor. However, from both the Site and Sponsor Level, Data governance is rarely described by procedure, or procedures that fall short of functional. This is overwhelmingly evident because of the issues in data integrity that are pervasive findings in GCP audits.

Data Integrity is the single most common finding across all benchmarked Investigator Site Audits that Zigzag has performed. This finding is independent of location, indication, company size, or any other metric. It is a pervasive finding which affects all companies throughout their R&D pipelines. In looking at the various influences on the pervasiveness of this a finding category, it is helpful to understand the journey of any given data point.

What is happening to this data in it’s journey from data entry to final resting destination?

  1. Data Collection & Entry

  2. Storage & Security

  3. Data Transfer(s)

  4. Final Delivery Point

In a validated device, there are still risks to data integrity. Where are some of the risks that any given data point is exposed to in the journey from data entry to clinical reports?

Take an example of an iPad that is part of a clinical study. This hypothetical device is a validated and documented remote device that follows all regulatory and site and sponsor level documented procedures. What about the data that this device facilitates being collected and stored?

After interacting with a subject, a human enters a “6” on this validated, documented iPad. That number 6 is transferred into the cloud, stored, transferred again, downloaded onto one or many desktop devices, then finally rests in a clinical study report. In this commonplace scenario, there are several potential specific points at which this “6” would have the opportunity to lose its integrity. They can be grouped into the following areas of risk:

Entry: (For example, data is potentially queried and accidently changed to a .6, or 600)



The take-home message from this scenario is despite a validated, compliance device, *There is no audit trail for this data point, “6”.

Three questions to ask when you look at your Data Governance Procedures:

  1. Is your entry system validated for the entry point?

  2. Do you have governing, functional procedures in place for transfer processes?

  3. Are there controls on the storage system?

Need More Info? Reach out to our team of experts for guidance in best global practices for data governance. EMA Guidelines on Data Governance:



Recent Posts

See All


bottom of page