Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
8.11.2 A record/register should be available to demonstrate appropriate and timely
archiving or destruction of retired records in accordance with local policies.
8.11.3 Measures should be in place to reduce the risk of deleting the wrong
documents. The access rights allowing disposal of records should be
controlled and limited to few persons.
9 SPECIFIC DATA INTEGRITY CONSIDERATIONS FOR
COMPUTERISED SYSTEMS
9.1 Structure of the Pharmaceutical Quality System and control of computerised
systems
9.1.1 A large variety of computerised systems are used by companies to assist in
a significant number of operational activities. These range from the simple
standalone to large integrated and complex systems, many of which have an
impact on the quality of products manufactured. It is the responsibility of each
regulated entity to fully evaluate and control all computerised systems and
manage them in accordance with GMP 10 and GDP 11 requirements.
9.1.2 Organisations should be fully aware of the nature and extent of computerised
systems utilised, and assessments should be in place that describe each
system, its intended use and function, and any data integrity risks or
vulnerabilities that may be susceptible to manipulation. Particular emphasis
should be placed on determining the criticality of computerised systems and
any associated data, in respect of product quality.
9.1.3 All computerised systems with potential for impact on product quality should
be effectively managed under a Pharmaceutical Quality System which is
designed to ensure that systems are protected from acts of accidental or
deliberate manipulation, modification or any other activity that may impact on
data quality and integrity.
9.1.4 The processes for the design, evaluation, and selection of computerised
systems should include appropriate consideration of the data management
and integrity aspects of the system. Regulated users should ensure that
vendors of systems have an adequate understanding of GMP/GDP and data
integrity requirements, and that new systems include appropriate controls to
ensure effective data management. Legacy systems are expected to meet
the same basic requirements; however, full compliance may necessitate the
use of additional controls, e.g. supporting administrative procedures or
supplementary security hardware/software.
9.1.5 Regulated users should fully understand the extent and nature of data
generated by computerised systems, and a risk based approach should be
taken to determining the data risk and criticality of data (including metadata)
and the subsequent controls required to manage the data generated. For
example:
10 PIC/S PE 009 Guide to Good Manufacturing Practice for Medicinal Products, specifically Part I chapters 4, Part II
chapters 5, & Annex 11
11 PIC/S PE 011 GDP Guide to Good Distribution Practice for Medicinal Products, specifically section 3.5
PI 041-1 31 of 63 1 July 2021