Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
o
modification/deletion of data files cannot be controlled by
system software; or
Implementation of hybrid or manual systems to provide
control of data generated.
2. Expectation
Regulated users should have an inventory of all computerised systems in
use. The list should include reference to:
- The name, location and primary function of each computerised
system;
- Assessments of the function and criticality of the system and
associated data; (e.g. direct GMP/GDP impact, indirect impact, none)
- The current validation status of each system and reference to existing
validation documents.
Risk assessments should be in place for each system, specifically
assessing the necessary controls to ensure data integrity. The level and
extent of validation of controls for data integrity should be determined
based on the criticality of the system and process and potential risk to
product quality, e.g. processes or systems that generate or control batch
release data would generally require greater control than those systems
managing less critical data or processes.
Consideration should also be given to those systems with higher potential
for disaster, malfunction or situations in which the system becomes
inoperative.
Assessments should also review the vulnerability of the system to
inadvertent or unauthorised changes to critical configuration settings or
manipulation of data. All controls should be documented and their
effectiveness verified.
Potential risk of not meeting expectations/items to be checked
Companies that do not have adequate visibility of all computerised
systems in place may overlook the criticality of systems and may
thus create vulnerabilities within the data lifecycle.
An inventory list serves to clearly communicate all systems in place
and their criticality, ensuring that any changes or modifications to
these systems are controlled.
Verify that risk assessments are in place for critical processing
equipment and data acquisition systems. A lack of thorough
assessment of system impact may lead to a lack of appropriate
validation and system control. Examples of critical systems to
review include:
o systems used to control the purchasing and status of
products and materials;
o systems for the control and data acquisition for critical
manufacturing processes;
o systems that generate, store or process data that is used to
determine batch quality;
o systems that generate data that is included in the batch
processing or packaging records; and
PI 041-1 34 of 63 1 July 2021