Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments good practices for data management and integrity in regulatory GMP/GDP environments
TABLE OF CONTENTSPage1 DOCUMENT HISTORY .................................................................................................... 32 INTRODUCTION .............................................................................................................. 33 PURPOSE ........................................................................................................................ 44 SCOPE ............................................................................................................................. 55 DATA GOVERNANCE SYSTEM ..................................................................................... 55.1 What is data governance? ................................................................................................ 55.2 Data governance systems ................................................................................................ 65.3 Risk management approach to data governance ............................................................ 75.4 Data criticality ................................................................................................................... 85.5 Data risk ........................................................................................................................... 85.6 Data governance system review ...................................................................................... 96 ORGANISATIONAL INFLUENCES ON SUCCESSFUL DATA INTEGRITYMANAGEMENT .............................................................................................................. 106.1 General ........................................................................................................................... 106.2 Policies related to organisational values, quality, staff conduct and ethics ................... 116.3 Quality culture................................................................................................................. 126.4 Modernising the Pharmaceutical Quality System ........................................................... 136.5 Regular management review of performance indicators (including quality metrics) ...... 146.6 Resource allocation ........................................................................................................ 146.7 Dealing with data integrity issues found internally ......................................................... 157 GENERAL DATA INTEGRITY PRINCIPLES AND ENABLERS .................................... 158 SPECIFIC DATA INTEGRITY CONSIDERATIONS FOR PAPER-BASED SYSTEMS . 208.1 Structure of Pharmaceutical Quality System and control of blankforms/templates/records ................................................................................................. 208.2 Importance of controlling records ................................................................................... 218.3 Generation, distribution and control of template records ............................................... 218.4 Expectations for the generation, distribution and control of records .............................. 218.5 Use and control of records located at the point-of-use .................................................. 248.6 Filling out records ........................................................................................................... 258.7 Making corrections on records ....................................................................................... 268.8 Verification of records (secondary checks) .................................................................... 278.9 Direct print-outs from electronic systems ....................................................................... 298.10 Document retention (Identifying record retention requirements and archiving records) 298.11 Disposal of original records or true copies ..................................................................... 309 SPECIFIC DATA INTEGRITY CONSIDERATIONS FOR COMPUTERISEDSYSTEMS ...................................................................................................................... 319.1 Structure of the Pharmaceutical Quality System and control of computerised systems 319.2 Qualification and validation of computerised systems ................................................... 329.3 Validation and Maintenance ........................................................................................... 339.4 Data Transfer .................................................................................................................. 389.5 System security for computerised systems .................................................................... 409.6 Audit trails for computerised systems ............................................................................ 459.7 Data capture/entry for computerised systems ................................................................ 479.8 Review of data within computerised systems ................................................................ 499.9 Storage, archival and disposal of electronic data ........................................................... 50PI 041-1 2 of 63 1 July 2021
9.10 Management of Hybrid Systems .................................................................................... 5210 DATA INTEGRITY CONSIDERATIONS FOR OUTSOURCED ACTIVITIES ................ 5410.1 General supply chain considerations ............................................................................. 5410.2 Routine document verification ........................................................................................ 5410.3 Strategies for assessing data integrity in the supply chain ............................................ 5411 REGULATORY ACTIONS IN RESPONSE TO DATA INTEGRITY FINDINGS ............ 5611.1 Deficiency references ..................................................................................................... 5611.2 Classification of deficiencies .......................................................................................... 5712 REMEDIATION OF DATA INTEGRITY FAILURES ....................................................... 5912.1 Responding to Significant Data Integrity issues ............................................................. 5912.2 Indicators of improvement .............................................................................................. 6013 Glossary ......................................................................................................................... 6114 REVISION HISTORY ..................................................................................................... 631 DOCUMENT HISTORYAdoption by Committee of PI 041-1 1 June 2021Entry into force of PI 041-1 1 July 20212 INTRODUCTION2.1 PIC/S Participating Authorities regularly undertake inspections ofmanufacturers and distributors of Active Pharmaceutical Ingredient (API) andmedicinal products in order to determine the level of compliance with GoodManufacturing Practice (GMP) and Good Distribution Practice (GDP)principles. These inspections are commonly performed on-site however maybe performed through the remote or off-site evaluation of documentaryevidence, in which case the limitations of remote review of data should beconsidered.2.2 The effectiveness of these inspection processes is determined by thereliability of the evidence provided to the inspector and ultimately the integrityof the underlying data. It is critical to the inspection process that inspectorscan determine and fully rely on the accuracy and completeness of evidenceand records presented to them.2.3 Data management refers to all those activities performed during the handlingof data including but not limited to data policy, documentation, quality andsecurity. Good data management practices influence the quality of all datagenerated and recorded by a manufacturer. These practices should ensurethat data is attributable, legible, contemporaneous, original, accurate,complete, consistent, enduring, and available. While the main focus of thisdocument is in relation to GMP/GDP expectations, the principles hereinshould also be considered in the wider context of good data managementsuch as data included in the registration dossier based on which API anddrug product control strategies and specifications are set.PI 041-1 3 of 63 1 July 2021
- Page 1: PHARMACEUTICAL INSPECTION CONVENTIO
- Page 5 and 6: 3.5 The principles of data manageme
- Page 7 and 8: o automation; oro the use of techno
- Page 9 and 10: process consistency (e.g. biologica
- Page 11 and 12: should clearly demonstrate that rep
- Page 13 and 14: Staying continuously and actively i
- Page 15 and 16: 6.7 Dealing with data integrity iss
- Page 17 and 18: Data IntegrityAttributeRequirementt
- Page 19 and 20: Specific elements that should be ch
- Page 21 and 22: generation of working copies of doc
- Page 23 and 24: 4. ExpectationDocuments should be s
- Page 25 and 26: 8.5.2 Records should be appropriate
- Page 27 and 28: Where appropriate, the reason for t
- Page 29 and 30: 8.9 Direct print-outs from electron
- Page 31 and 32: 8.11.2 A record/register should be
- Page 33 and 34: 9.2.2 Validation alone does not nec
- Page 35 and 36: osystems used in the decision proce
- Page 37 and 38: Check that end-user testing include
- Page 39 and 40: read by the new software. Where nec
- Page 41 and 42: - User access controls should ensur
- Page 43 and 44: potential security weaknesses) and
- Page 45 and 46: 9.6 Audit trails for computerised s
- Page 47 and 48: - in the case of changes or modific
- Page 49 and 50: 9.8 Review of data within computeri
- Page 51 and 52: to access electronically stored dat
9.10 Management of Hybrid Systems .................................................................................... 52
10 DATA INTEGRITY CONSIDERATIONS FOR OUTSOURCED ACTIVITIES ................ 54
10.1 General supply chain considerations ............................................................................. 54
10.2 Routine document verification ........................................................................................ 54
10.3 Strategies for assessing data integrity in the supply chain ............................................ 54
11 REGULATORY ACTIONS IN RESPONSE TO DATA INTEGRITY FINDINGS ............ 56
11.1 Deficiency references ..................................................................................................... 56
11.2 Classification of deficiencies .......................................................................................... 57
12 REMEDIATION OF DATA INTEGRITY FAILURES ....................................................... 59
12.1 Responding to Significant Data Integrity issues ............................................................. 59
12.2 Indicators of improvement .............................................................................................. 60
13 Glossary ......................................................................................................................... 61
14 REVISION HISTORY ..................................................................................................... 63
1 DOCUMENT HISTORY
Adoption by Committee of PI 041-1 1 June 2021
Entry into force of PI 041-1 1 July 2021
2 INTRODUCTION
2.1 PIC/S Participating Authorities regularly undertake inspections of
manufacturers and distributors of Active Pharmaceutical Ingredient (API) and
medicinal products in order to determine the level of compliance with Good
Manufacturing Practice (GMP) and Good Distribution Practice (GDP)
principles. These inspections are commonly performed on-site however may
be performed through the remote or off-site evaluation of documentary
evidence, in which case the limitations of remote review of data should be
considered.
2.2 The effectiveness of these inspection processes is determined by the
reliability of the evidence provided to the inspector and ultimately the integrity
of the underlying data. It is critical to the inspection process that inspectors
can determine and fully rely on the accuracy and completeness of evidence
and records presented to them.
2.3 Data management refers to all those activities performed during the handling
of data including but not limited to data policy, documentation, quality and
security. Good data management practices influence the quality of all data
generated and recorded by a manufacturer. These practices should ensure
that data is attributable, legible, contemporaneous, original, accurate,
complete, consistent, enduring, and available. While the main focus of this
document is in relation to GMP/GDP expectations, the principles herein
should also be considered in the wider context of good data management
such as data included in the registration dossier based on which API and
drug product control strategies and specifications are set.
PI 041-1 3 of 63 1 July 2021
Change language