Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
There should also be restrictions to prevent users from amending
audit trail functions and from changing any pre-defined directory
paths where data files are to be stored.
4. Expectation
Companies should have a Validation Master Plan in place that includes
specific policies and validation requirements for computerised systems and
the integrity of such systems and associated data.
The extent of validation for computerised systems should be determined
based on risk. Further guidance regarding assessing validation
requirements for computerised systems may be found in PI 011.
Before a system is put into routine use, it should be challenged with defined
tests for conformance with the acceptance criteria.
It would be expected that a prospective validation for computerised
systems is conducted. Appropriate validation data should be available for
systems already in-use.
Computerised system validation should be designed according to GMP
Annex 15 with URS, DQ, FAT, SAT, IQ, OQ and PQ tests as necessary.
The qualification testing approach should be tailored for the specific system
under validation, and should be justified by the regulated user. Qualification
may include Design Qualification (DQ); Installation qualification (IQ);
Operational Qualification (OQ); and Performance Qualification (PQ). In
particular, specific tests should be designed in order to challenge those
areas where data quality or integrity is at risk.
Companies should ensure that computerised systems are qualified for their
intended use. Companies should therefore not place sole reliance on
vendor qualification packages; validation exercises should include specific
tests to ensure data integrity is maintained during operations that reflect
normal and intended use.
The number of tests should be guided by a risk assessment but the critical
functionalities should be at least identified and tested, e.g., certain PLCs
and systems based on basic algorithms or logic sets, the functional testing
may provide adequate assurance of reliability of the computerised system.
For critical and/or more complex systems, detailed verification testing is
required during IQ, OQ & PQ stages.
Potential risk of not meeting expectations/items to be checked
Check that validation documents include specific provisions for
data integrity; validation reports should specifically address data
integrity principles and demonstrate through design and testing that
adequate controls are in place.
Unvalidated systems may present a significant vulnerability
regarding data integrity as user access and system configuration
may allow data amendment.
PI 041-1 36 of 63 1 July 2021