Data integrity PIC S

Recommendations

Info

Remote access to unsupported systems should be carefully evaluated dueto inherent vulnerability risks.Potential risk of not meeting expectations/items to be checked Verify that system updates are performed in a controlled and timelymanner. Older systems should be reviewed critically to determinewhether appropriate data integrity controls are integrated, or,(where integrated controls are not possible) that appropriateadministrative controls have been implemented and are effective.9.4 Data TransferItem: Data transfer and migration1. ExpectationInterfaces should be assessed and addressed during validation to ensurethe correct and complete transfer of data.Interfaces should include appropriate built-in checks for the correct andsecure entry and processing of data, in order to minimise data integrityrisks. Verification methods may include the use of:o Secure transfero Encryptiono ChecksumsWhere applicable, interfaces between systems should be designed andqualified to include an automated transfer of GMP/GDP data.Potential risk of not meeting expectations/items to be checked Interfaces between computerised systems present a risk wherebydata may be inadvertently lost, amended or transcribed incorrectlyduring the transfer process. Ensure data is transferred directly to the secure location/databaseand not simply copied from the local drive (where it may have thepotential to be altered). Temporary data storage on local computerised systems (e.g.instrument computer) before transfer to final storage or dataprocessing location creates an opportunity for data to be deleted ormanipulated. This is a particular risk in the case of ‘standalone’(non-networked) systems. Ensure the environment that initiallystores the data has appropriate DI controls in place. Well designed and qualified automated data transfer is much morereliable than any manual data transfer conducted by humans.2. ExpectationWhere system software (including operating system) is installed orupdated, the user should ensure that existing and archived data can bePI 041-1 38 of 63 1 July 2021
read by the new software. Where necessary this may require conversion ofexisting archived data to the new format.Where conversion to the new data format of the new software is notpossible, the old software should be maintained, e.g. installed in onecomputer or other technical solution, and also available as a backup mediain order to have the opportunity to read the archived data in case of aninvestigation.Potential risk of not meeting expectations/items to be checked It is important that data is readable in its original form throughout thedata lifecycle, and therefore users should maintain the readability ofdata, which may require maintaining access to supersededsoftware. The migration of data from one system to another should beperformed in a controlled manner, in accordance with documentedprotocols, and should include appropriate verification of thecomplete migration of data.3. ExpectationWhen legacy systems software can no longer be supported, considerationshould be given to maintaining the software for data accessibility purposes(for as long possible depending upon the specific retention requirements).This may be achieved by maintaining software in a virtual environment.Migration to an alternative file format that retains as much as possible ofthe ‘true copy’ attributes of the data may be necessary with increasing ageof the legacy data.Where migration with full original data functionality is not technicallypossible, options should be assessed based on risk and the importance ofthe data over time. The migration file format should be selected consideringthe balance of risk between long-term accessibility versus the possibility ofreduced dynamic data functionality (e.g. data interrogation, trending, reprocessing,etc.) The risk assessment should also review the vulnerabilityof the system to inadvertent or unauthorised changes to criticalconfiguration settings or manipulation of data. All controls to mitigate riskshould be documented and their effectiveness verified. It is recognised thatthe need to maintain accessibility may require migration to a file format thatloses some attributes and/or dynamic data functionality.Potential risk of not meeting expectations/items to be checked When the software is maintained in a virtual environment, check thatappropriate measures to control the software (e.g. validation status,access control by authorised persons, etc.) are in place. All controlsshould be documented and their effectiveness verified.PI 041-1 39 of 63 1 July 2021
Page 1 and 2: PHARMACEUTICAL INSPECTION CONVENTIO
Page 3 and 4: 9.10 Management of Hybrid Systems .
Page 5 and 6: 3.5 The principles of data manageme
Page 7 and 8: o automation; oro the use of techno
Page 9 and 10: process consistency (e.g. biologica
Page 11 and 12: should clearly demonstrate that rep
Page 13 and 14: Staying continuously and actively i
Page 15 and 16: 6.7 Dealing with data integrity iss
Page 17 and 18: Data IntegrityAttributeRequirementt
Page 19 and 20: Specific elements that should be ch
Page 21 and 22: generation of working copies of doc
Page 23 and 24: 4. ExpectationDocuments should be s
Page 25 and 26: 8.5.2 Records should be appropriate
Page 27 and 28: Where appropriate, the reason for t
Page 29 and 30: 8.9 Direct print-outs from electron
Page 31 and 32: 8.11.2 A record/register should be
Page 33 and 34: 9.2.2 Validation alone does not nec
Page 35 and 36: osystems used in the decision proce
Page 37: Check that end-user testing include
Page 41 and 42: - User access controls should ensur
Page 43 and 44: potential security weaknesses) and
Page 45 and 46: 9.6 Audit trails for computerised s
Page 47 and 48: - in the case of changes or modific
Page 49 and 50: 9.8 Review of data within computeri
Page 51 and 52: to access electronically stored dat
Page 53 and 54: Appropriate quality risk management
Page 55 and 56: Area for reviewComparison of analyt
Page 57 and 58: Accurate [4.1], [6.17] [5.40], [5.4
Page 59 and 60: 12 REMEDIATION OF DATA INTEGRITY FA
Page 61 and 62: 12.2.1.2 Evidence of open communica
Page 63: MetadataIn-file data that describes

Data integrity PIC S

Create successful ePaper yourself

Delete template?

Save as template?