Data integrity PIC S

Recommendations

Info

Check that the regulated party has a detailed SOP outlining thesteps on how to perform secondary reviews and audit trail reviewsand what steps to take if issues are found during the course of thereview.Where global systems are used, it may be necessary for date andtime records to include a record of the time zone to demonstratecontemporaneous recording.Check that known changes, modifications or deletions of data areactually recorded by the audit trail functionality.2. The company’s quality unit should establish a program and schedule toconduct ongoing reviews of audit trails based upon their criticality and thesystem’s complexity in order to verify the effective implementation of currentcontrols and to detect potential non-compliance issues. These reviewsshould be incorporated into the company’s self-inspection programme.Procedures should be in place to address and investigate any audit traildiscrepancies, including escalation processes for the notification of seniormanagement and national authorities where necessary.Potential risk of not meeting expectations/items to be checked Verify that self-inspection programs incorporate checks of audittrails, with the intent to verify the effectiveness of existing controlsand compliance with internal procedures regarding the review ofdata. Audit trail reviews should be both random (selected based onchance) and targeted (selected based on criticality or risk).9.9 Storage, archival and disposal of electronic dataItem:Storage, archival and disposal of electronica data1. ExpectationStorage of data should include the entire original data and all relevantmetadata, including audit trails, using a secure and validated process.If the data is backed up, or copies of it are made, then the backup andcopies should also have the same appropriate levels of controls so as toprohibit unauthorised access to, changes to and deletion of data or theiralteration. For example, a firm that backs up data onto portable hard drivesshould prohibit the ability to delete data from the hard drive. Someadditional considerations for the storage and backup of data include:- True copies of dynamic electronic records can be made, with theexpectation that the entire content (i.e. all data and all relevantmetadata is included) and meaning of the original records arepreserved.- Stored data should be accessible in a fully readable format.Companies may need to maintain suitable software and hardwarePI 041-1 50 of 63 1 July 2021
to access electronically stored data backups or copies during theretention period- Routine backup copies should be stored in a remote location(physically separated) in the event of disasters.- Back-up data should be readable for all the period of the definedregulatory retention period, even if a new version of the softwarehas been updated or substituted for one with better performance.- Systems should allow backup and restoration of all data, includingmeta-data and audit trails.Potential risk of not meeting expectations/items to be checked Check that data storage, back-up and archival systems aredesigned to capture all data and relevant metadata. There shouldbe documented evidence that these systems have been validatedand verified. The extent of metadata captured should be based on riskmanagement principles, and users should ensure that all metadatacritical in the reconstruction of activities or processes are captured. Check that data associated with superseded or upgraded systemsis managed appropriately and is accessible.2. ExpectationThe record retention procedures should include provisions for retainingthe metadata. This allows for future queries or investigations toreconstruct the activities that occurred related to a batch.3. ExpectationData should be backed-up periodically and archived in accordance withwritten procedures. Archive copies should be physically (or virtually, whererelevant) secured in a separate and remote location from where back upand original data are stored.The data should be accessible and readable and its integrity maintained forall the period of archiving.There should be in place a procedure for restoring archived data in case aninvestigation is needed. The procedure in place for restoring archived datashould be regularly tested.If a facility is needed for the archiving process then specific environmentalcontrols and only authorised personnel access should be implemented inorder to ensure the protection of records from deliberate or inadvertentalteration or loss. When a system in the facility has to be retired becauseproblems with long term access to data are envisaged, procedures shouldassure the continued readability of the data archived. For example, it couldbe established to transfer the data to another system.Potential risk of not meeting expectations/items to be checked There is a risk with archived data that access and readability of thedata may be lost due to software application updates or supersededequipment. Verify that the company has access to archived data,PI 041-1 51 of 63 1 July 2021
Page 1 and 2: PHARMACEUTICAL INSPECTION CONVENTIO
Page 3 and 4: 9.10 Management of Hybrid Systems .
Page 5 and 6: 3.5 The principles of data manageme
Page 7 and 8: o automation; oro the use of techno
Page 9 and 10: process consistency (e.g. biologica
Page 11 and 12: should clearly demonstrate that rep
Page 13 and 14: Staying continuously and actively i
Page 15 and 16: 6.7 Dealing with data integrity iss
Page 17 and 18: Data IntegrityAttributeRequirementt
Page 19 and 20: Specific elements that should be ch
Page 21 and 22: generation of working copies of doc
Page 23 and 24: 4. ExpectationDocuments should be s
Page 25 and 26: 8.5.2 Records should be appropriate
Page 27 and 28: Where appropriate, the reason for t
Page 29 and 30: 8.9 Direct print-outs from electron
Page 31 and 32: 8.11.2 A record/register should be
Page 33 and 34: 9.2.2 Validation alone does not nec
Page 35 and 36: osystems used in the decision proce
Page 37 and 38: Check that end-user testing include
Page 39 and 40: read by the new software. Where nec
Page 41 and 42: - User access controls should ensur
Page 43 and 44: potential security weaknesses) and
Page 45 and 46: 9.6 Audit trails for computerised s
Page 47 and 48: - in the case of changes or modific
Page 49: 9.8 Review of data within computeri
Page 53 and 54: Appropriate quality risk management
Page 55 and 56: Area for reviewComparison of analyt
Page 57 and 58: Accurate [4.1], [6.17] [5.40], [5.4
Page 59 and 60: 12 REMEDIATION OF DATA INTEGRITY FA
Page 61 and 62: 12.2.1.2 Evidence of open communica
Page 63: MetadataIn-file data that describes

Data integrity PIC S

Create successful ePaper yourself

Delete template?

Save as template?