Data integrity PIC S

Recommendations

Info

audit trails related to each operation should be independently reviewed withall other records related to the operation and prior to the review of thecompletion of the operation (e.g. prior to batch release) so as to ensure thatcritical data and changes to it are acceptable. This review should beperformed by the originating department, and where necessary verified bythe quality unit, e.g. during self-inspection or investigative activities.Non-critical audit trails reviews can be conducted during system reviews ata pre-defined frequency. This review should be performed by theoriginating department, and where necessary verified by the quality unit(e.g. during batch release, self-inspection or investigative activities).Potential risk of not meeting expectations/items to be checked Validation documentation should demonstrate that audit trails arefunctional, and that all activities, changes and other transactionswithin the systems are recorded, together with all relevantmetadata. Verify that audit trails are regularly reviewed (in accordance withquality risk management principles) and that discrepancies areinvestigated. If no electronic audit trail system exists a paper based record todemonstrate changes to data may be acceptable until a fully audittrailed (integrated system or independent audit software using avalidated interface) system becomes available. These hybridsystems are permitted, where they achieve equivalence tointegrated audit trail, such as described in Annex 11 of the PIC/SGMP Guide. Failure to adequately review audit trails may allow manipulated orerroneous data to be inadvertently accepted by the Quality Unitand/or Authorised Person. Clear details of which data are critical, and which changes anddeletions should be recorded (audit trail) should be documented.2. ExpectationWhere available, audit trail functionalities for electronic-based systemsshould be assessed and configured properly to capture any critical activitiesrelating to the acquisition, deletion, overwriting of and changes to data foraudit purposes.Audit trails should be configured to record all manually initiated processesrelated to critical data.The system should provide a secure, computer generated, time stampedaudit trail to independently record the date and time of entries and actionsthat create, modify, or delete electronic records.The audit trail should include the following parameters:- details of the user that undertook the action;- what action occurred, was changed, incl. old and new values;- when the action was taken, incl. date and time ;- why the action was taken (reason); andPI 041-1 46 of 63 1 July 2021
- in the case of changes or modifications to data, the name of anyperson authorising the change.The audit trail should allow for reconstruction of the course of eventsrelating to the creation, modification, or deletion of an electronic record.The system should be able to print and provide an electronic copy of theaudit trail, and whether viewing in the system online or in a hardcopy, theaudit trail should be available in a meaningful format.If possible, the audit trail should retain the dynamic functionalities found inthe computerised system, (e.g. search functionality and ability to exportdata such as to a spreadsheet).Note: An audit trail should not be confused with a change control systemwhere changes may needed to appropriately controlled and approvedunder a PQS.Potential risk of not meeting expectations/items to be checked Verify the format of audit trails to ensure that all critical and relevantinformation is captured. The audit trail should include all previous values and recordchanges should not overwrite or obscure previously recordedinformation. Audit trail entries should be recorded in true time and reflect theactual time of activities. Systems recording the same time for anumber of sequential interactions, or which only make an entry inthe audit trail, once all interactions have been completed, may notbe in compliance with expectations to data integrity, particularlywhere each discrete interaction or sequence is critical, e.g. for theelectronic recording of addition of 4 raw materials to a mixing vessel.If the order of addition is a critical process parameter (CPP), theneach addition should be recorded individually, with time stamps. Ifthe order of addition is not a CPP then the addition of all 4 materialscould be recorded as a single timestamped activity.9.7 Data capture/entry for computerised systemsItem:Data capture/entry1. ExpectationSystems should be designed for the correct capture of data whetheracquired through manual or automated means.For manual entry:- The entry of critical data should only be made by authorisedindividuals and the system should record details of the entry, theindividual making the entry and when the entry was made.PI 041-1 47 of 63 1 July 2021
Page 1 and 2: PHARMACEUTICAL INSPECTION CONVENTIO
Page 3 and 4: 9.10 Management of Hybrid Systems .
Page 5 and 6: 3.5 The principles of data manageme
Page 7 and 8: o automation; oro the use of techno
Page 9 and 10: process consistency (e.g. biologica
Page 11 and 12: should clearly demonstrate that rep
Page 13 and 14: Staying continuously and actively i
Page 15 and 16: 6.7 Dealing with data integrity iss
Page 17 and 18: Data IntegrityAttributeRequirementt
Page 19 and 20: Specific elements that should be ch
Page 21 and 22: generation of working copies of doc
Page 23 and 24: 4. ExpectationDocuments should be s
Page 25 and 26: 8.5.2 Records should be appropriate
Page 27 and 28: Where appropriate, the reason for t
Page 29 and 30: 8.9 Direct print-outs from electron
Page 31 and 32: 8.11.2 A record/register should be
Page 33 and 34: 9.2.2 Validation alone does not nec
Page 35 and 36: osystems used in the decision proce
Page 37 and 38: Check that end-user testing include
Page 39 and 40: read by the new software. Where nec
Page 41 and 42: - User access controls should ensur
Page 43 and 44: potential security weaknesses) and
Page 45: 9.6 Audit trails for computerised s
Page 49 and 50: 9.8 Review of data within computeri
Page 51 and 52: to access electronically stored dat
Page 53 and 54: Appropriate quality risk management
Page 55 and 56: Area for reviewComparison of analyt
Page 57 and 58: Accurate [4.1], [6.17] [5.40], [5.4
Page 59 and 60: 12 REMEDIATION OF DATA INTEGRITY FA
Page 61 and 62: 12.2.1.2 Evidence of open communica
Page 63: MetadataIn-file data that describes

Data integrity PIC S

Create successful ePaper yourself

Delete template?

Save as template?