Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
audit trails related to each operation should be independently reviewed with
all other records related to the operation and prior to the review of the
completion of the operation (e.g. prior to batch release) so as to ensure that
critical data and changes to it are acceptable. This review should be
performed by the originating department, and where necessary verified by
the quality unit, e.g. during self-inspection or investigative activities.
Non-critical audit trails reviews can be conducted during system reviews at
a pre-defined frequency. This review should be performed by the
originating department, and where necessary verified by the quality unit
(e.g. during batch release, self-inspection or investigative activities).
Potential risk of not meeting expectations/items to be checked
Validation documentation should demonstrate that audit trails are
functional, and that all activities, changes and other transactions
within the systems are recorded, together with all relevant
metadata.
Verify that audit trails are regularly reviewed (in accordance with
quality risk management principles) and that discrepancies are
investigated.
If no electronic audit trail system exists a paper based record to
demonstrate changes to data may be acceptable until a fully audit
trailed (integrated system or independent audit software using a
validated interface) system becomes available. These hybrid
systems are permitted, where they achieve equivalence to
integrated audit trail, such as described in Annex 11 of the PIC/S
GMP Guide.
Failure to adequately review audit trails may allow manipulated or
erroneous data to be inadvertently accepted by the Quality Unit
and/or Authorised Person.
Clear details of which data are critical, and which changes and
deletions should be recorded (audit trail) should be documented.
2. Expectation
Where available, audit trail functionalities for electronic-based systems
should be assessed and configured properly to capture any critical activities
relating to the acquisition, deletion, overwriting of and changes to data for
audit purposes.
Audit trails should be configured to record all manually initiated processes
related to critical data.
The system should provide a secure, computer generated, time stamped
audit trail to independently record the date and time of entries and actions
that create, modify, or delete electronic records.
The audit trail should include the following parameters:
- details of the user that undertook the action;
- what action occurred, was changed, incl. old and new values;
- when the action was taken, incl. date and time ;
- why the action was taken (reason); and
PI 041-1 46 of 63 1 July 2021