First of all, what is an open system?
An open system is where data could reside for some period of time on a system that it outside the control of the organization that owns the data i.e A computer system whose user access is NOT controlled by the same people responsible for its contents.
A simple example of this would be a web application used by the company that is owned by an outside vendor who manages GxP data for that company.
For organizations using open systems, everything for closed system (Section 11.10) still applies.
Data Integrity
In addition, they must take more steps (whatever makes the most sense, given the risks and available options) to ensure the same record qualities described in Section 11.10 including:
- Authenticity
- Integrity
- Confidentiality (when appropriate)
- Irrefutability (i.e., no way to deny that a record is genuine)
Security and Integrity
The security and integrity of regulated records may be more at risk with open systems, specifically with risk associated with public networks or similar.
Here are four important questions to ask yourself when working with open system:
- Are records transmitted by the system sent in a secure manner, such that their authenticity, integrity and confidentiality are ensured?
- Is access to the system appropriately managed to prevent unauthorized external access?
- Has the system been evaluated for susceptibility to intrusion?
- And, is there a system in place to evaluate current IT security threats that have been identified