Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
checks (where justified based on risk), and/or a sample of previously
verified data to ensure the continued effectiveness of the routine process.
A risk-based sample of computerised system logs / audit trails to ensure
that information of relevance to GMP/GDP activity is reported accurately.
This is relevant to situations where routine computerised system data is
reviewed manually or by a validated ‘exception report’4.
A review of quality system metrics (i.e. trending) that may also be
indicators of data governance effectiveness.
5.6.3 An effective review of the data governance system will demonstrate
understanding regarding importance of interaction of company behaviours
with organisational and technical controls. The outcome of the review should
be communicated to senior management, and be used in the assessment of
residual data integrity risk.
6 ORGANISATIONAL INFLUENCES ON SUCCESSFUL DATA
INTEGRITY MANAGEMENT
6.1 General
6.1.1 It may not be appropriate or possible to report an inspection deficiency
relating to organisational behaviour. An understanding of how behaviour
influences (i) the incentive to amend, delete or falsify data and (ii) the
effectiveness of procedural controls designed to ensure data integrity, can
provide the inspector with useful indicators of risk which can be investigated
further.
6.1.2 Inspectors should be sensitive to the influence of culture on organisational
behaviour, and apply the principles described in this section of the guidance
in an appropriate way. An effective ‘quality culture’ and data governance may
be different in its implementation from one location to another. However,
where it is apparent that cultural approaches have led to data integrity
concerns; these concerns should be effectively and objectively reported by
the inspector to the organisation for rectification.
6.1.3 Depending on culture, an organisation’s control measures may be:
‘open’ (where hierarchy can be challenged by subordinates, and full
reporting of a systemic or individual failure is a business expectation)
‘closed’ (where reporting failure or challenging a hierarchy is culturally
more difficult)
6.1.4 Good data governance in ‘open’ cultures may be facilitated by employee
empowerment to identify and report issues through the Pharmaceutical
Quality System. In ‘closed’ cultures, a greater emphasis on oversight and
secondary review may be required to achieve an equivalent level of control
due to the social barrier of communicating undesirable information. The
availability of a confidential escalation process to senior management may
also be of greater importance in this situation, and these arrangements
4 An ‘exception report’ is a validated search tool that identifies and documents predetermined ‘abnormal’ data or
actions, which requires further attention or investigation by the data reviewer.
PI 041-1 10 of 63 1 July 2021