The BPIT Compliance workstream has published an industry response to the IT Data Integrity guidelines provided by regulators. An area that has been a major focus for inspectors in recent times.
The guidance and supporting template provides clarity and agreement of the regulatory requirements, a shared view of which controls to implement within a company, and offers best practices. This results in a common response to regulators and achieves increased confidence in companies’ approach to compliance.
The guidance outlines the controls required generally and those required specifically for three categories of IT systems – enterprise applications, local systems and equipment.
In conjunction with the guidance the workstream developed a universal system assessment checklist, based on existing member company best practice. This can be used to evaluate potential data integrity risks to a computerized system and electronic records throughout the system lifecycle. For each risk area a series of questions were identified and where a risk was identified, controls and actions specified.