Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments good practices for data management and integrity in regulatory GMP/GDP environments
and that they maintain access to the necessary software to enablereview of the archived data.Where external or third party facilities are utilised for the archivingof data, these service providers should be subject to assessment,and all responsibilities recorded in a quality technical agreement.Check agreements and assessment records to verify that dueconsideration has been given to ensuring the integrity of archivedrecords.4. ExpectationIt should be possible to print out a legible and meaningful record of all thedata generated by a computerised system (including metadata).If a change is performed to records, it should be possible to also print outthe change of the record, indicating when and how the original data waschanged.Potential risk of not meeting expectations/items to be checked Check validation documentation for systems to ensure that systemshave been validated for the generation of legible and completerecords. Samples of print-outs may be verified.5. ExpectationProcedures should be in place that describe the process for the disposal ofelectronically stored data. These procedures should provide guidance forthe assessment of data and allocation of retention periods, and describethe disposal of data that is no longer required.Potential risk of not meeting expectations/items to be checked Check that the procedures clearly stipulate the conditions for thedisposal of data, and that care is taken to avoid the inadvertentdisposal of required data during its lifecycle.9.10 Management of Hybrid SystemsItem:Management of Hybrid Systems1. Hybrid systems require specific and additional controls in reflection of theircomplexity and potential increased vulnerability to manipulation of data. Forthis reason, the use of hybrid systems is discouraged and such systemsshould be replaced whenever possible.Each element of the hybrid system should be qualified and controlled inaccordance with the guidance relating to manual and computerisedsystems as specified above.PI 041-1 52 of 63 1 July 2021
Appropriate quality risk management principles should be followed whenassessing, defining, and demonstrating the effectiveness of controlmeasures applied to the system.A detailed system description of the entire system should be available thatoutlines all major components of the system, the function of eachcomponent, controls for data management and integrity, and the manner inwhich system components interact.Procedures and records should be available to manage and appropriatelycontrol the interface between manual and automated systems, particularlysteps associated with:- manual input of manually generated data into computerisedsystems;- transcription (including manual) of data generated by automatedsystems onto paper records; and- automated detection and transcription of printed data intocomputerised systems.Potential risk of not meeting expectations/items to be checked Check that hybrid systems are clearly defined and identified, andthat each contributing element of the system is validated. Attention should be paid to the interface between the manual andcomputerised system. Inspectors should verify that adequatecontrols and secondary checks are in place where manualtranscription between systems takes place. Original data should be retained following transcription andprocessing. Hybrid systems commonly consist of a combination of computerisedand manual systems. Particular attention should be paid toverifying:o The extent of qualification and/or validation of thecomputerised system; and,o The robustness of controls applied to the management ofthe manual element of the hybrid system due to thedifficulties in consistent application of a manual process.2. Procedures should be in place to manage the review of data generated byhybrid systems which clearly outline the process for the evaluation andapproval of electronic and paper-based data. Procedures should outline:- Instructions for how electronic data and paper-based data iscorrelated to form a complete record.- Expectations for approval of data outputs for each system.- Risks identified with hybrid systems, with a focus on verification ofthe effective application of controlsPotential risk of not meeting expectations/items to be checked Verify that instructions for the review of hybrid system data is inplace.PI 041-1 53 of 63 1 July 2021
- Page 1 and 2: PHARMACEUTICAL INSPECTION CONVENTIO
- Page 3 and 4: 9.10 Management of Hybrid Systems .
- Page 5 and 6: 3.5 The principles of data manageme
- Page 7 and 8: o automation; oro the use of techno
- Page 9 and 10: process consistency (e.g. biologica
- Page 11 and 12: should clearly demonstrate that rep
- Page 13 and 14: Staying continuously and actively i
- Page 15 and 16: 6.7 Dealing with data integrity iss
- Page 17 and 18: Data IntegrityAttributeRequirementt
- Page 19 and 20: Specific elements that should be ch
- Page 21 and 22: generation of working copies of doc
- Page 23 and 24: 4. ExpectationDocuments should be s
- Page 25 and 26: 8.5.2 Records should be appropriate
- Page 27 and 28: Where appropriate, the reason for t
- Page 29 and 30: 8.9 Direct print-outs from electron
- Page 31 and 32: 8.11.2 A record/register should be
- Page 33 and 34: 9.2.2 Validation alone does not nec
- Page 35 and 36: osystems used in the decision proce
- Page 37 and 38: Check that end-user testing include
- Page 39 and 40: read by the new software. Where nec
- Page 41 and 42: - User access controls should ensur
- Page 43 and 44: potential security weaknesses) and
- Page 45 and 46: 9.6 Audit trails for computerised s
- Page 47 and 48: - in the case of changes or modific
- Page 49 and 50: 9.8 Review of data within computeri
- Page 51: to access electronically stored dat
- Page 55 and 56: Area for reviewComparison of analyt
- Page 57 and 58: Accurate [4.1], [6.17] [5.40], [5.4
- Page 59 and 60: 12 REMEDIATION OF DATA INTEGRITY FA
- Page 61 and 62: 12.2.1.2 Evidence of open communica
- Page 63: MetadataIn-file data that describes
Appropriate quality risk management principles should be followed when
assessing, defining, and demonstrating the effectiveness of control
measures applied to the system.
A detailed system description of the entire system should be available that
outlines all major components of the system, the function of each
component, controls for data management and integrity, and the manner in
which system components interact.
Procedures and records should be available to manage and appropriately
control the interface between manual and automated systems, particularly
steps associated with:
- manual input of manually generated data into computerised
systems;
- transcription (including manual) of data generated by automated
systems onto paper records; and
- automated detection and transcription of printed data into
computerised systems.
Potential risk of not meeting expectations/items to be checked
Check that hybrid systems are clearly defined and identified, and
that each contributing element of the system is validated.
Attention should be paid to the interface between the manual and
computerised system. Inspectors should verify that adequate
controls and secondary checks are in place where manual
transcription between systems takes place.
Original data should be retained following transcription and
processing.
Hybrid systems commonly consist of a combination of computerised
and manual systems. Particular attention should be paid to
verifying:
o The extent of qualification and/or validation of the
computerised system; and,
o The robustness of controls applied to the management of
the manual element of the hybrid system due to the
difficulties in consistent application of a manual process.
2. Procedures should be in place to manage the review of data generated by
hybrid systems which clearly outline the process for the evaluation and
approval of electronic and paper-based data. Procedures should outline:
- Instructions for how electronic data and paper-based data is
correlated to form a complete record.
- Expectations for approval of data outputs for each system.
- Risks identified with hybrid systems, with a focus on verification of
the effective application of controls
Potential risk of not meeting expectations/items to be checked
Verify that instructions for the review of hybrid system data is in
place.
PI 041-1 53 of 63 1 July 2021