Vulnerabilities' Resolution of Audit Trail in the Integrated Management System of NUPLAM
Keywords: Pharmaceutical Systems. Auditing. Audit Trail. Blockchain. Immutability
Pharmaceutical manufacturing in Brazil requires that its processes are carried out by
following rules defined by a supervisory body: the National Health Surveillance
Agency (ANVISA, in portuguese). These rules ensure that the manufactured
products do not pose a risk to their consumers. One of the difficulties for
pharmaceutical industries is to provide evidence that production procedures were
carried out under internal regulations based on these rules. The Nucleus for
Research in Food and Medicines (NUPLAM, in portuguese), annexed to UFRN,
researches, develops, and produces medicines to meet the needs of the Ministry of
Health. In this way, NUPLAM also needs all pharmaceutical production information to
be recorded in a secure and auditable manner. One of the ways to store this
information is using an automated audit trail. This trail uses a computer system to
record all actions taken while manufacturing medicines, helping to provide evidence.
In this dissertation, the implementation of this track in the NUPLAM Integrated
Management System (SIGNUPLAM, in portuguese) is studied, identifying its main
problems and improving its implementation, aiming at solving the flaws of its initial
version. With this improvement, SIGNUPLAM could meet the implementation
requirements established according to ANVISA rules. However, it was noticed that
there were still vulnerabilities in the data security part. This way, a blockchain-based
solution was proposed, in which interdependent and encrypted blocks are used to
avoid illegal modifications. It guarantees the immutability of the data.