Data integrity PIC S

Recommendations

Info

There should also be restrictions to prevent users from amendingaudit trail functions and from changing any pre-defined directorypaths where data files are to be stored.4. ExpectationCompanies should have a Validation Master Plan in place that includesspecific policies and validation requirements for computerised systems andthe integrity of such systems and associated data.The extent of validation for computerised systems should be determinedbased on risk. Further guidance regarding assessing validationrequirements for computerised systems may be found in PI 011.Before a system is put into routine use, it should be challenged with definedtests for conformance with the acceptance criteria.It would be expected that a prospective validation for computerisedsystems is conducted. Appropriate validation data should be available forsystems already in-use.Computerised system validation should be designed according to GMPAnnex 15 with URS, DQ, FAT, SAT, IQ, OQ and PQ tests as necessary.The qualification testing approach should be tailored for the specific systemunder validation, and should be justified by the regulated user. Qualificationmay include Design Qualification (DQ); Installation qualification (IQ);Operational Qualification (OQ); and Performance Qualification (PQ). Inparticular, specific tests should be designed in order to challenge thoseareas where data quality or integrity is at risk.Companies should ensure that computerised systems are qualified for theirintended use. Companies should therefore not place sole reliance onvendor qualification packages; validation exercises should include specifictests to ensure data integrity is maintained during operations that reflectnormal and intended use.The number of tests should be guided by a risk assessment but the criticalfunctionalities should be at least identified and tested, e.g., certain PLCsand systems based on basic algorithms or logic sets, the functional testingmay provide adequate assurance of reliability of the computerised system.For critical and/or more complex systems, detailed verification testing isrequired during IQ, OQ & PQ stages.Potential risk of not meeting expectations/items to be checked Check that validation documents include specific provisions fordata integrity; validation reports should specifically address dataintegrity principles and demonstrate through design and testing thatadequate controls are in place. Unvalidated systems may present a significant vulnerabilityregarding data integrity as user access and system configurationmay allow data amendment.PI 041-1 36 of 63 1 July 2021
Check that end-user testing includes test-scripts designed todemonstrate that software not only meets the requirements of thevendor, but is fit for its intended use.5. ExpectationPeriodic System EvaluationComputerised systems should be evaluated periodically in order to ensurecontinued compliance with respect to data integrity controls. The evaluationshould include deviations, changes (including any cumulative effect ofchanges), upgrade history, performance and maintenance, and assesswhether these changes have had any detrimental effect on datamanagement and integrity controls.The frequency of the re-evaluation should be based on a risk assessmentdepending on the criticality of the computerised systems considering thecumulative effect of changes to the system since last review. Theassessment performed should be documented.Potential risk of not meeting expectations/items to be checked Check that re-validation reviews for computerised systems areoutlined within validation schedules. Verify that systems have been subject to periodic review,particularly with respect to any potential vulnerabilities regardingdata integrity. Any issues identified, such as limitations of currentsoftware/hardware should be addressed in a timely manner andcorrective and preventive actions, and interim controls should beavailable and implemented to manage any identified risks.6. ExpectationOperating systems and network components (including hardware) shouldbe updated in a timely manner according to vendor recommendations andmigration of applications from older to newer platforms should be plannedand conducted in advance of the time before the platforms reach anunsupported state which may affect the management and integrity of datagenerated by the system.Security patches for operating systems and network components shouldbe applied in a controlled and timely manner according to vendorrecommendations in order to maintain data security. The application ofsecurity patches should be performed in accordance with changemanagement principles.Where unsupported operating systems are maintained, i.e. old operatingsystems are used even after they run out of support by the vendor orsupported versions are not security patched, the systems (servers) shouldbe isolated as much as possible from the rest of the network. Remaininginterfaces and data transfer to/from other equipment should be carefullydesigned, configured and qualified to prevent exploitation of thevulnerabilities caused by the unsupported operating system.PI 041-1 37 of 63 1 July 2021
Page 1 and 2: PHARMACEUTICAL INSPECTION CONVENTIO
Page 3 and 4: 9.10 Management of Hybrid Systems .
Page 5 and 6: 3.5 The principles of data manageme
Page 7 and 8: o automation; oro the use of techno
Page 9 and 10: process consistency (e.g. biologica
Page 11 and 12: should clearly demonstrate that rep
Page 13 and 14: Staying continuously and actively i
Page 15 and 16: 6.7 Dealing with data integrity iss
Page 17 and 18: Data IntegrityAttributeRequirementt
Page 19 and 20: Specific elements that should be ch
Page 21 and 22: generation of working copies of doc
Page 23 and 24: 4. ExpectationDocuments should be s
Page 25 and 26: 8.5.2 Records should be appropriate
Page 27 and 28: Where appropriate, the reason for t
Page 29 and 30: 8.9 Direct print-outs from electron
Page 31 and 32: 8.11.2 A record/register should be
Page 33 and 34: 9.2.2 Validation alone does not nec
Page 35: osystems used in the decision proce
Page 39 and 40: read by the new software. Where nec
Page 41 and 42: - User access controls should ensur
Page 43 and 44: potential security weaknesses) and
Page 45 and 46: 9.6 Audit trails for computerised s
Page 47 and 48: - in the case of changes or modific
Page 49 and 50: 9.8 Review of data within computeri
Page 51 and 52: to access electronically stored dat
Page 53 and 54: Appropriate quality risk management
Page 55 and 56: Area for reviewComparison of analyt
Page 57 and 58: Accurate [4.1], [6.17] [5.40], [5.4
Page 59 and 60: 12 REMEDIATION OF DATA INTEGRITY FA
Page 61 and 62: 12.2.1.2 Evidence of open communica
Page 63: MetadataIn-file data that describes

Data integrity PIC S

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?