Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Check that the regulated party has a detailed SOP outlining the
steps on how to perform secondary reviews and audit trail reviews
and what steps to take if issues are found during the course of the
review.
Where global systems are used, it may be necessary for date and
time records to include a record of the time zone to demonstrate
contemporaneous recording.
Check that known changes, modifications or deletions of data are
actually recorded by the audit trail functionality.
2. The company’s quality unit should establish a program and schedule to
conduct ongoing reviews of audit trails based upon their criticality and the
system’s complexity in order to verify the effective implementation of current
controls and to detect potential non-compliance issues. These reviews
should be incorporated into the company’s self-inspection programme.
Procedures should be in place to address and investigate any audit trail
discrepancies, including escalation processes for the notification of senior
management and national authorities where necessary.
Potential risk of not meeting expectations/items to be checked
Verify that self-inspection programs incorporate checks of audit
trails, with the intent to verify the effectiveness of existing controls
and compliance with internal procedures regarding the review of
data.
Audit trail reviews should be both random (selected based on
chance) and targeted (selected based on criticality or risk).
9.9 Storage, archival and disposal of electronic data
Item:
Storage, archival and disposal of electronica data
1. Expectation
Storage of data should include the entire original data and all relevant
metadata, including audit trails, using a secure and validated process.
If the data is backed up, or copies of it are made, then the backup and
copies should also have the same appropriate levels of controls so as to
prohibit unauthorised access to, changes to and deletion of data or their
alteration. For example, a firm that backs up data onto portable hard drives
should prohibit the ability to delete data from the hard drive. Some
additional considerations for the storage and backup of data include:
- True copies of dynamic electronic records can be made, with the
expectation that the entire content (i.e. all data and all relevant
metadata is included) and meaning of the original records are
preserved.
- Stored data should be accessible in a fully readable format.
Companies may need to maintain suitable software and hardware
PI 041-1 50 of 63 1 July 2021