Data integrity PIC S

Recommendations

Info

checks (where justified based on risk), and/or a sample of previouslyverified data to ensure the continued effectiveness of the routine process.A risk-based sample of computerised system logs / audit trails to ensurethat information of relevance to GMP/GDP activity is reported accurately.This is relevant to situations where routine computerised system data isreviewed manually or by a validated ‘exception report’4.A review of quality system metrics (i.e. trending) that may also beindicators of data governance effectiveness.5.6.3 An effective review of the data governance system will demonstrateunderstanding regarding importance of interaction of company behaviourswith organisational and technical controls. The outcome of the review shouldbe communicated to senior management, and be used in the assessment ofresidual data integrity risk.6 ORGANISATIONAL INFLUENCES ON SUCCESSFUL DATAINTEGRITY MANAGEMENT6.1 General6.1.1 It may not be appropriate or possible to report an inspection deficiencyrelating to organisational behaviour. An understanding of how behaviourinfluences (i) the incentive to amend, delete or falsify data and (ii) theeffectiveness of procedural controls designed to ensure data integrity, canprovide the inspector with useful indicators of risk which can be investigatedfurther.6.1.2 Inspectors should be sensitive to the influence of culture on organisationalbehaviour, and apply the principles described in this section of the guidancein an appropriate way. An effective ‘quality culture’ and data governance maybe different in its implementation from one location to another. However,where it is apparent that cultural approaches have led to data integrityconcerns; these concerns should be effectively and objectively reported bythe inspector to the organisation for rectification.6.1.3 Depending on culture, an organisation’s control measures may be:‘open’ (where hierarchy can be challenged by subordinates, and fullreporting of a systemic or individual failure is a business expectation)‘closed’ (where reporting failure or challenging a hierarchy is culturallymore difficult)6.1.4 Good data governance in ‘open’ cultures may be facilitated by employeeempowerment to identify and report issues through the PharmaceuticalQuality System. In ‘closed’ cultures, a greater emphasis on oversight andsecondary review may be required to achieve an equivalent level of controldue to the social barrier of communicating undesirable information. Theavailability of a confidential escalation process to senior management mayalso be of greater importance in this situation, and these arrangements4 An ‘exception report’ is a validated search tool that identifies and documents predetermined ‘abnormal’ data oractions, which requires further attention or investigation by the data reviewer.PI 041-1 10 of 63 1 July 2021
should clearly demonstrate that reporting is actively supported andencouraged by senior management.6.1.5 The extent of Management’s knowledge and understanding of data integritycan influence the organisation’s success of data integrity management.Management should know their legal and moral obligation (i.e. duty andpower) to prevent data integrity lapses from occurring and to detect them, ifthey should occur. Management should have sufficient visibility andunderstanding of data integrity risks for paper and computerised (both hybridand electronic) workflows.6.1.6 Lapses in data integrity are not limited to fraud or falsification; they can beunintentional and still pose risk. Any potential for compromising the reliabilityof data is a risk that should be identified and understood in order forappropriate controls to be put in place (refer sections 5.3 - 5.5). Directcontrols usually take the form of written policies and procedures, but indirectinfluences on employee behaviour (such as undue pressure, incentives forproductivity in excess of process capability, opportunities for compromisingdata and employee rationalisation of negative behaviours) should beunderstood and addressed as well.6.1.7 Data integrity breaches can occur at any time, by any employee, somanagement needs to be vigilant in detecting issues and understand reasonsbehind lapses, when found, to enable investigation of the issue andimplementation of corrective and preventive actions.6.1.8 There are consequences of data integrity lapses that affect the variousstakeholders (patients, regulators, customers) including directly impactingpatient safety and undermining confidence in the organisation and itsproducts. Employee awareness and understanding of these consequencescan be helpful in fostering an environment in which quality is a priority.6.1.9 Management should establish controls to prevent, detect, assess and correctdata integrity breaches, as well as verify those controls are performing asintended to assure data integrity. Sections 6.2 to 6.7 outline the key itemsthat Management should address to achieve success with data integrity.6.1.10 Senior Management should have an appropriate level of understanding andcommitment to effective data governance practices including the necessityfor a combination of appropriate organisational culture and behaviours(section 6) and an understanding of data criticality, data risk and datalifecycle. There should also be evidence of communication of expectations topersonnel at all levels within the organisation in a manner which ensuresempowerment to report failures and opportunities for improvement. Thisreduces the incentive to falsify, alter or delete data.6.2 Policies related to organisational values, quality, staff conduct and ethics6.2.1 Appropriate expectations for staff conduct, commitment to quality,organisational values and ethics should clearly communicated throughout theorganisation and policies should be available to support the implementationand maintenance of an appropriate quality culture. Policies should reflectManagement’s philosophy on quality, and should be written with the intent ofdeveloping an environment of trust, where all individuals are responsible andaccountable for ensuring patient safety and product quality.PI 041-1 11 of 63 1 July 2021
Page 1 and 2: PHARMACEUTICAL INSPECTION CONVENTIO
Page 3 and 4: 9.10 Management of Hybrid Systems .
Page 5 and 6: 3.5 The principles of data manageme
Page 7 and 8: o automation; oro the use of techno
Page 9: process consistency (e.g. biologica
Page 13 and 14: Staying continuously and actively i
Page 15 and 16: 6.7 Dealing with data integrity iss
Page 17 and 18: Data IntegrityAttributeRequirementt
Page 19 and 20: Specific elements that should be ch
Page 21 and 22: generation of working copies of doc
Page 23 and 24: 4. ExpectationDocuments should be s
Page 25 and 26: 8.5.2 Records should be appropriate
Page 27 and 28: Where appropriate, the reason for t
Page 29 and 30: 8.9 Direct print-outs from electron
Page 31 and 32: 8.11.2 A record/register should be
Page 33 and 34: 9.2.2 Validation alone does not nec
Page 35 and 36: osystems used in the decision proce
Page 37 and 38: Check that end-user testing include
Page 39 and 40: read by the new software. Where nec
Page 41 and 42: - User access controls should ensur
Page 43 and 44: potential security weaknesses) and
Page 45 and 46: 9.6 Audit trails for computerised s
Page 47 and 48: - in the case of changes or modific
Page 49 and 50: 9.8 Review of data within computeri
Page 51 and 52: to access electronically stored dat
Page 53 and 54: Appropriate quality risk management
Page 55 and 56: Area for reviewComparison of analyt
Page 57 and 58: Accurate [4.1], [6.17] [5.40], [5.4
Page 59 and 60: 12 REMEDIATION OF DATA INTEGRITY FA
Page 61 and 62:
12.2.1.2 Evidence of open communica
Page 63:
MetadataIn-file data that describes
show all

Data integrity PIC S

Create successful ePaper yourself

Delete template?

Save as template?