Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
4. Electronic signatures used in the place of handwritten signatures should
have appropriate controls to ensure their authenticity and traceability to the
specific person who electronically signed the record(s).
Electronic signatures should be permanently linked to their respective
record, i.e. if a later change is made to a signed record; the record should
indicate the amendment and appear as unsigned.
Where used, electronic signature functionality should automatically log the
date and time when a signature was applied.
The use of advanced forms of electronic signatures is becoming more
common (e.g. the use of biometrics is becoming more prevalent by firms).
The use of advanced forms of electronic signatures should be encouraged.
Potential risk of not meeting expectations/items to be checked
Check that electronic signatures are appropriately validated, their
issue to staff is controlled and that at all times, electronic signatures
are readily attributable to an individual.
Any changes to data after an electronic signature has been
assigned should invalidate the signature until the data has been
reviewed again and re-signed.
5. Restrictions on use of USB devices
For reasons of system security, computerised systems should be
configured to prevent vulnerabilities from the use of USB memory sticks
and storage devices on computer clients and servers hosting GMP/GDP
critical data. If necessary, ports should only be opened for approved
purposes and all USB devices should be properly scanned before use.
The use of private USB devices (flash drives, cameras, smartphones,
keyboards, etc.) on company computer clients and servers hosting
GMP/GDP data, or the use of company USB devices on private computers,
should be controlled in order to prevent security breaches.
Potential risk of not meeting expectations/items to be checked
This is especially important where operating system vulnerabilities
are known that allow USB devices to trick the computer, by
pretending to be another external device, e.g. keyboard, and can
contain and start executable code.
Controls should be in place to restrict the use of such devices to
authorised users and measures to screen USB devices before use
should be in place.
PI 041-1 44 of 63 1 July 2021