Understanding Data: QA vs QC

By Sandra Gonzalez 06 March 2025

Data is facts and statistics collected for reference or analysis. Some companies use the term QA and QC interchangeably and should not be.  QA and QC serve different purposes in maintaining data integrity.  Understanding the different will help to define the goals to implement an effective data management system and a better data integrity program.

Quality Assurance (QA) is defined as the maintenance of a desired level of quality in a service or product, especially by means of attention to every stage of the process of delivery or production.  QA is process oriented.  It aims to prevent defects by ensuring that the processes used to manage and create data are well-defined and consistently followed.  Encompasses a set of processes, procedures or tests covering planning, implementation, documentation and assessment to ensure the process generating the data meet a set of defined quality objectives. QA activities are performed before and during data acquisition like set up of procedures for data collection to ensure consistency and accuracy.  Another important point of QA is to assign the responsibility for data quality to a person or persons who has some experience with QA & QC procedures.

Quality Control (QC) is defined as the process that ensures a product or service follows a predefined set of quality requirements or standards or meets the needs of the customers or clients.  QC is product oriented.  It aims to identify and correct defects in the data itself.  Consists of technical activities to measure the attributes and performance of a variable to assess whether it passes some pre-defined criteria of quality.  QC activities are performed after data has been collected like verification check to identify and correct errors or inconsistencies.  Raw or primary data should not be removed or changed unless there is solid evidence that it is erroneous.  If primary data are altered, it must be saved and a motivation for the action added in the same post. It is essential that the raw, unmanipulated form of the data is saved so that any subsequent procedures performed on the data can be repeated. Instead of removing or deleting data it is preferable to use a system of flags, via a range of QA processes and steps, thereafter QC can be carried out by filtering the data based on the flags and further analysis carried out.

Simplified, QA is about preventing data issues through proper process management, while QC is about detecting and fixing issues in the data after it has been collected.

Based on the level of quality assurance and control steps the raw data has undergone, there are four data levels:

level 0 - raw data – data obtained directly from the source after calibration, verification or confirmation process that indicates it remains on its validated state.

level 1 - automated QC - large obvious errors removed after data is checked for spikes, gaps, range, monitoring attenuation, multivariate behavior or syntax.  Data is plotted against historical and statistical envelopes.

level 2 - manual QC – Sample checks for processing issues.  evaluate data points that did not pass the QC check. Compare with other variables, check calibration curves and other types of sampling and instrument performance. Check logbooks for comments by the responsible person. Only when evidence for sampling error, contamination or instrument failure is shown should data point be removed or replaced with a, for example interpolated value. The decision and its motivation must be documented, and the data point flagged accordingly.

level 3 - Gap filled or Interpolated data – Data adjustments or corrections.

level 4 - aggregated and summarized data – Add final QC code, flag and level of assessment.  Audit databases and transfer to data storage and generate data performance measures.  Aggregation is preferably done in a database environment with the integrating function located at one instance. This function should be validated by manual calculation with selected data from the same set.  The start and end values for the range of integration should be clearly defined, as is true for methods for inter- and extrapolation where applicable.

There must be procedures to address the raw data levels to prevent data manipulation without any justification.  Procedures for access control, and administration of software activities once validated and control of changes in the software are imperative to be implemented to preserve data integrity.  Finally, back up of data in different instrument should be placed in a main server that is accessible to be retrieve as necessary.

Common data integrity procedures are:

1. Data Validation:

• Purpose: To ensure that data entered a system meets predefined criteria.

• Example: Implementing checks to verify that data fields are not left empty and that numerical values fall within acceptable ranges.

2. Data Auditing:

• Purpose: To track changes and access to data over time.

• Example: Maintaining audit logs that record who accessed or modified data, and when these actions occurred.

3. Access Controls:

• Purpose: To restrict data access to authorized personnel only.

• Example: Using role-based access controls (RBAC) to ensure that only individuals with the necessary permissions can view or edit sensitive data.

4. Data Encryption:

• Purpose: To protect data from unauthorized access during transmission and storage.

• Example: Encrypting data both in transit (e.g., using SSL/TLS) and at rest (e.g., using AES encryption).

5. Regular Backups:

• Purpose: To ensure data can be restored in case of loss or corruption.

• Example: Scheduling automated backups to secure locations and regularly testing the restoration process.

6. Data Cleansing:

• Purpose: To identify and correct inaccuracies or inconsistencies in data.

• Example: Using software tools to detect and rectify duplicate records, missing values, or incorrect entries.

7. Standard Operating Procedures (SOPs):

• Purpose: To provide clear guidelines for data handling and management.

• Example: Documenting procedures for data entry, storage, and retrieval to ensure consistency and accuracy.

8. Data Integrity Monitoring:

• Purpose: To continuously monitor data for signs of corruption or unauthorized changes.

• Example: Implementing tools that alert administrators to potential data integrity issues in real-time.

Clear procedures ensure that data is collected, processed, and maintained consistently across different teams and projects. This consistency is vital for reliable data analysis and decision-making.  Well-defined procedures help minimize errors and inaccuracies in data. By following standardized methods, the chances of data being incorrect, or misleading are significantly reduced.  Reliable data builds trust among stakeholders, including customers, partners, and regulatory bodies. When data integrity is maintained, stakeholders can have confidence in the information provided.  Standardized procedures streamline data management processes, making them more efficient. This can save time and resources, allowing teams to focus on more strategic tasks.  Proper data integrity procedures help identify and mitigate risks associated with data breaches, loss, or corruption. This proactive approach can prevent significant issues and ensure business continuity.

SbyS group can help you strategize/train/assess your data integrity needs.  With over 25 years of experience managing successful Inspection/Audits to a variety of customers with different challenges and no observation on data integrity systems, SbyS has helped clients to reach goals improving the regulatory status.  We also provide detailed assessments of your quality systems, identify current problems, risks and trends to recommend actions, and work with the Staff in continuous improvement of the processes