Advances in technology have changed how we record information and use technology for trending and tracking of food safety data. But with these advances come questions about the authenticity of the data. This is especially true when electronic data and signatures are being used to prove that your food safety plan’s preventive controls are being monitored and verified.

Electronic data monitoring can provide advantages over paper-based programs and make it easier to meet food safety program requirements. Some of the advantages include:

• Software-based programs are present 24 hours a day and 7 days a week. Vacation, illness and holidays do not impact availability of the program.
• The right program will record data at the actual time of entry, providing objective evidence of when the check was completed.
• Software can be configured to call out values that are outside of required ranges or limits.
• Software can be configured to automatically alert key personnel when checks are missed, or when values are outside of a defined range.
• If connected to production equipment, the software can shut things down until checks are completed and require authorized personnel with the appropriate entry codes to intervene.
• Data entered is typed and verified with electronic signatures, which ensures legibility and accuracy.
• Data can be exported and filtered based on the machine or specific check being recorded. This allows for better data analysis without the need to review paper records or manually manipulate the data.
• When presenting records requested by a regulator, personnel can present exactly the data requested to demonstrate implementation of the HACCP or food safety plan requirements. Paper records often contain additional information that is not related to food safety plan requirements. This could potentially open additional audit trails for a regulator to follow.

The FDA has set forth requirements that allow sites to collect data electronically and defines how electronic entry of data and signatures should work as part of the rule. The full text of the requirements is defined in the regulation cited in 21 CFR 11 for electronic records and electronic signatures (see https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11&showFR=1). The requirements can be boiled down to the following essential elements to ensure records will hold up to the scrutiny of regulatory review. Records must comply with the following:

1. Electronic records and signatures are acceptable.
2. Signatures may be any type of code that is unique to an individual, such as an employee ID. It doesn’t have to be a name, but there does need to be a way to tie it to a specific person.
3. The computer system must require two codes, such as a user ID and password, to enter the system, but not for each entry.
4. The computer must keep a date/time-stamped audit log of data entry and changes.
5. Records must be retrievable in accordance with record retention policy.
6. Codes (such as username and password) cannot be shared among multiple people. For example, there can’t be one code for all second shift quality control technicians.

What are some of the potential pitfalls when collecting data electronically? Ask yourself the following questions when evaluating the use of electronic data entry for the monitoring and verification of results.

• What is the cost of implementing of a system? Is there an “off the shelf” solution that can be configured for the site’s needs, or will custom programming be required?
• Is it practical to capture data electronically? What systems are needed on the manufacturing floor to capture the data, and can the lines, machines and operators be identified within the system?
• How are we backing up data to ensure that it is not lost in the case of failure? How frequently does data backup occur?
• What is our backup plan if the software crashes and we still need to maintain these records?
• If I have multiple sites in different time zones, will the system allow us to do the date and time stamps in the time zone of each location?
• If I have multiple locations using the same database, how do we assign a unique identifier to the data so that we know that it is associated with that specific plant, production line or machine as defined by the program?
• How do we ensure that entry codes are not shared? How do we ensure that codes are deactivated when people leave the company?
• Is it easy to add users to the system? How do we change names within the system due to events such as marriage or divorce?
• What safeguards are in place to prevent data from being “hacked” or otherwise compromised?
• Who is the gatekeeper of the system? If monitoring, testing limits or verification frequencies are changed, who oversees updating the system and communicating the changes to appropriate parties?
• When there are entries that do not meet our limits or ranges, how does the system flag these, and how will corrective actions be documented?
• When limits are recorded outside of our defined ranges, how will this tie back to product hold or dispositions of the lot number, quantities and the timeframe of when the product was produced?
• How will the system alert the appropriate personnel when there are issues with the recorded data or if checks or verifications are missed?
• Where will investigation, root cause analysis and corrective actions be documented? Within the system or outside of the system? How will these be linked?

This is by no means an exhaustive list of considerations, but it’s a good place to start when looking to implement a system for the electronic collection of food safety data to meet HACCP or food safety plan requirements.

If the cost of implementing a system is not an issue, electronic collection of data provides the advantage of real-time data collection. It can be used to identify issues down to the machine, operator or time of day, which can help site personnel quickly address issues.

Typically, there are not legibility or other issues related to document control with an electronic system. If a value must be overwritten, measures can be put into place where only authorized personnel can override the data. Reasons for the data change can be recorded, as well as the time/date of an override, which creates an audit trail.

Like all systems, it is only as good as the programming of the system provided and the knowledge of the people entering data into the system. Electronic systems can also fail, so there needs to be a backup plan in place to meet food safety program requirements. System security issues will also need to be considered to ensure the integrity of the data recorded within the system.

It may not be practical to record all checks within an electronic system. Based on the type of process, electronic recording and verification may not be a practical for recording and tracking of data. This could be related to the cost of implementing a system or the manufacturing environment not being conducive to making electronic data entry a practical solution.