Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
o
systems used in the decision process for the release of
products.
3. Expectation
For new systems, a Validation Summary Report for each computerised
system (written and approved in accordance with Annex 15 requirements)
should be in place and state (or provide reference to) at least the following
items:
- Critical system configuration details and controls for restricting access
to configuration and any changes (change management).
- A list of all currently approved normal and administrative users
specifying the username and the role of the user.
- Frequency of review of audit trails and system logs.
- Procedures for:
o creating new system user;
o modifying or changing privileges for an existing user;
o defining the combination or format of passwords for each system
o reviewing and deleting users;
o back-up processes and frequency;
o disaster recovery;
o data archiving (processes and responsibilities), including
procedures for accessing and reading archived data;
o approving locations for data storage.
- The report should explain how the original data are retained with
relevant metadata in a form that permits the reconstruction of the
manufacturing process or the analytical activity.
For existing systems, documents specifying the above requirements
should be available; however, need not be compiled into the Validation
Summary report. These documents should be maintained and updated as
necessary by the regulated user.
Potential risk of not meeting expectations/items to be checked
Check that validation systems and reports specifically address data
integrity requirements following GMP/GDP requirements and
considering ALCOA principles.
System configuration and segregation of duties (e.g. authorisation
to generate data should be separate to authorisation to verify data)
should be defined prior to validation, and verified as effective during
testing.
Check the procedures for system access to ensure modifications or
changes to systems are restricted and subject to change control
management.
Ensure that system administrator access is restricted to authorised
persons and is not used for routine operations.
Check the procedures for granting, modifying and removing access
to computerised systems to ensure these activities are controlled.
Check the currency of user access logs and privilege levels, there
should be no unauthorised users to the system and access
accounts should be kept up to date.
PI 041-1 35 of 63 1 July 2021