Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
read by the new software. Where necessary this may require conversion of
existing archived data to the new format.
Where conversion to the new data format of the new software is not
possible, the old software should be maintained, e.g. installed in one
computer or other technical solution, and also available as a backup media
in order to have the opportunity to read the archived data in case of an
investigation.
Potential risk of not meeting expectations/items to be checked
It is important that data is readable in its original form throughout the
data lifecycle, and therefore users should maintain the readability of
data, which may require maintaining access to superseded
software.
The migration of data from one system to another should be
performed in a controlled manner, in accordance with documented
protocols, and should include appropriate verification of the
complete migration of data.
3. Expectation
When legacy systems software can no longer be supported, consideration
should be given to maintaining the software for data accessibility purposes
(for as long possible depending upon the specific retention requirements).
This may be achieved by maintaining software in a virtual environment.
Migration to an alternative file format that retains as much as possible of
the ‘true copy’ attributes of the data may be necessary with increasing age
of the legacy data.
Where migration with full original data functionality is not technically
possible, options should be assessed based on risk and the importance of
the data over time. The migration file format should be selected considering
the balance of risk between long-term accessibility versus the possibility of
reduced dynamic data functionality (e.g. data interrogation, trending, reprocessing,
etc.) The risk assessment should also review the vulnerability
of the system to inadvertent or unauthorised changes to critical
configuration settings or manipulation of data. All controls to mitigate risk
should be documented and their effectiveness verified. It is recognised that
the need to maintain accessibility may require migration to a file format that
loses some attributes and/or dynamic data functionality.
Potential risk of not meeting expectations/items to be checked
When the software is maintained in a virtual environment, check that
appropriate measures to control the software (e.g. validation status,
access control by authorised persons, etc.) are in place. All controls
should be documented and their effectiveness verified.
PI 041-1 39 of 63 1 July 2021