Access to Data Outside of the Application Rather than access a system via the application, a more surreptitious way of accessing data is to use the file manager system of the operating system or a web browser. Therefore, the guidance has the following to say: Procedures and controls should be put in place to prevent the altering, browsing, querying, or reporting of data via external software applications that do not enter through the protective system software (E). This already has been quoted in a 483 observation to the Gaines Chemical Company, when an inspector reviewed a data system that used operating system files rather than a database to manage the data files generated (6). The observation noted that there was no validation data to demonstrate that an authorized user of the corporate wide area network (WAN) did not have access to analytical data on the laboratory's local area network (LAN). Therefore, some controls are required to prevent unauthorized users from accessing the data. These can include having write-protected drives so that modified files can be saved only under a different name or so that laboratory network drives are hidden from the general user community. Training is also a major element here in ensuring that users do not access applications via the operating system.
|