Data integrity PIC S

Recommendations

Info

4. Electronic signatures used in the place of handwritten signatures shouldhave appropriate controls to ensure their authenticity and traceability to thespecific person who electronically signed the record(s).Electronic signatures should be permanently linked to their respectiverecord, i.e. if a later change is made to a signed record; the record shouldindicate the amendment and appear as unsigned.Where used, electronic signature functionality should automatically log thedate and time when a signature was applied.The use of advanced forms of electronic signatures is becoming morecommon (e.g. the use of biometrics is becoming more prevalent by firms).The use of advanced forms of electronic signatures should be encouraged.Potential risk of not meeting expectations/items to be checked Check that electronic signatures are appropriately validated, theirissue to staff is controlled and that at all times, electronic signaturesare readily attributable to an individual. Any changes to data after an electronic signature has beenassigned should invalidate the signature until the data has beenreviewed again and re-signed.5. Restrictions on use of USB devicesFor reasons of system security, computerised systems should beconfigured to prevent vulnerabilities from the use of USB memory sticksand storage devices on computer clients and servers hosting GMP/GDPcritical data. If necessary, ports should only be opened for approvedpurposes and all USB devices should be properly scanned before use.The use of private USB devices (flash drives, cameras, smartphones,keyboards, etc.) on company computer clients and servers hostingGMP/GDP data, or the use of company USB devices on private computers,should be controlled in order to prevent security breaches.Potential risk of not meeting expectations/items to be checked This is especially important where operating system vulnerabilitiesare known that allow USB devices to trick the computer, bypretending to be another external device, e.g. keyboard, and cancontain and start executable code. Controls should be in place to restrict the use of such devices toauthorised users and measures to screen USB devices before useshould be in place.PI 041-1 44 of 63 1 July 2021
9.6 Audit trails for computerised systemsItem: Audit Trails1. ExpectationConsideration should be given to data management and integrityrequirements when purchasing and implementing computerised systems.Companies should select software that includes appropriate electronicaudit trail functionality.Companies should endeavour to purchase and upgrade older systems toimplement software that includes electronic audit trail functionality.It is acknowledged that some very simple systems lack appropriate audittrails; however, alternative arrangements to verify the veracity of datashould be implemented, e.g. administrative procedures, secondary checksand controls. Additional guidance may be found under section 9.10regarding hybrid systems.Audit trail functionality should be verified during validation of the system toensure that all changes and deletions of critical data associated with eachmanual activity are recorded and meet ALCOA+ principles.Regulated users should understand the nature and function of audit trailswithin systems, and should perform an assessment of the different audittrails during qualification to determine the GMP/GDP relevance of eachaudit trail, and to ensure the correct management and configuration of audittrails for critical and GMP/GDP relevant data. This exercise is important indetermining which specific trails and which entries within trails are ofsignificance for review with a defined frequency established. For example,following such an assessment audit trail reviews may focus on:- Identifying and reviewing entries/data that relate to changes ormodification of data.- Review by exception – focusing on anomalous or unauthoriedactivities.- Systems with limitations that allow change of parameters/data orwhere activities are left open to modification- Note: Well-designed systems with permission settings that preventchange of parameters/data or have access restrictions that preventchanges to configuration settings may negate the need to examinerelated audit trails in detailAudit trail functionalities should be enabled and locked at all times and itshould not be possible to deactivate, delete or modify the functionality. If itis possible for administrative users to deactivate, delete or modify the audittrail functionality, an automatic entry should be made in the audit trailindicating that this has occurred.Companies should implement procedures that outline their policy andprocesses to determine the data that is required in audit trails, and thereview of audit trails in accordance with risk management principles. CriticalPI 041-1 45 of 63 1 July 2021
Page 1 and 2: PHARMACEUTICAL INSPECTION CONVENTIO
Page 3 and 4: 9.10 Management of Hybrid Systems .
Page 5 and 6: 3.5 The principles of data manageme
Page 7 and 8: o automation; oro the use of techno
Page 9 and 10: process consistency (e.g. biologica
Page 11 and 12: should clearly demonstrate that rep
Page 13 and 14: Staying continuously and actively i
Page 15 and 16: 6.7 Dealing with data integrity iss
Page 17 and 18: Data IntegrityAttributeRequirementt
Page 19 and 20: Specific elements that should be ch
Page 21 and 22: generation of working copies of doc
Page 23 and 24: 4. ExpectationDocuments should be s
Page 25 and 26: 8.5.2 Records should be appropriate
Page 27 and 28: Where appropriate, the reason for t
Page 29 and 30: 8.9 Direct print-outs from electron
Page 31 and 32: 8.11.2 A record/register should be
Page 33 and 34: 9.2.2 Validation alone does not nec
Page 35 and 36: osystems used in the decision proce
Page 37 and 38: Check that end-user testing include
Page 39 and 40: read by the new software. Where nec
Page 41 and 42: - User access controls should ensur
Page 43: potential security weaknesses) and
Page 47 and 48: - in the case of changes or modific
Page 49 and 50: 9.8 Review of data within computeri
Page 51 and 52: to access electronically stored dat
Page 53 and 54: Appropriate quality risk management
Page 55 and 56: Area for reviewComparison of analyt
Page 57 and 58: Accurate [4.1], [6.17] [5.40], [5.4
Page 59 and 60: 12 REMEDIATION OF DATA INTEGRITY FA
Page 61 and 62: 12.2.1.2 Evidence of open communica
Page 63: MetadataIn-file data that describes

Data integrity PIC S

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?