Data integrity PIC S

Recommendations

Info

10 DATA INTEGRITY CONSIDERATIONS FOR OUTSOURCEDACTIVITIES10.1 General supply chain considerations10.1.1 Modern supply chains often consist of multiple partner companies workingtogether to ensure safe and continued supply of medicinal products. Typicalsupply chains require the involvement of API producers, dosage formmanufacturers, analytical laboratories, wholesale and distributionorganisations, often from differing organisations and locations. These supplychains are often supported by additional organisations, providing outsourcedservices, IT services and infrastructure, expertise or consulting services.10.1.2 Data integrity plays a key part in ensuring the security and integrity of supplychains. Data governance measures by a contract giver may be significantlyweakened by unreliable or falsified data or materials provided by supply chainpartners. This principle applies to all outsourced activities, including suppliersof raw materials, contract manufacturers, analytical services, wholesalers,contracted service providers and consultants.10.1.3 Initial and periodic re-qualification of supply chain partners and outsourcedactivities should include consideration of data integrity risks and appropriatecontrol measures.10.1.4 It is important for an organisation to understand the data integrity limitationsof information obtained from the supply chain (e.g. summary records andcopies / printouts) and the challenges of remote supervision. Theselimitations are similar to those discussed in section 8.11 of this guidance. Thiswill help to focus resources towards data integrity verification and supervisionusing a quality risk management approach.10.2 Routine document verification10.2.1 The supply chain relies upon the use of documentation and data passed fromone organisation to another. It is often not practical for the contract giver toreview all raw data relating to reported results. Emphasis should be placedupon a robust qualification process for outsourced supplier and contractor,using quality risk management principles.10.3 Strategies for assessing data integrity in the supply chain10.3.1 Companies should conduct regular risk reviews of supply chains andoutsourced activity that evaluate the extent of data integrity controls required.The frequency of such reviews should be based on the criticality of theservices provided by the contract acceptor, using risk managementprinciples, Information considered during risk reviews may include:The outcome of site audits, with focus on data governance measuresDemonstrated compliance with international standards or guidelinesrelated to data integrity and securityReview of data submitted in routine reports, for example:PI 041-1 54 of 63 1 July 2021
Area for reviewComparison of analytical data reportedby the contractor or supplier vs in-housedata from analysis of the same materialRationaleTo look for discrepant data which maybe an indicator of falsification10.3.2 Quality agreements (or equivalent) should be in place betweenmanufacturers and suppliers of materials, service providers, contractmanufacturing organisations (CMOs) and (in the case of distribution)suppliers of medicinal products, with specific provisions for ensuring dataintegrity across the supply chain. This may be achieved by setting outexpectations for data governance, and transparent error/deviation reportingby the contract acceptor to the contract giver. There should also be arequirement to notify the contract giver of any data integrity failures identifiedat the contract acceptor site.10.3.3 Audits of suppliers and manufacturers of APIs, critical intermediate suppliers,primary and printed packaging materials suppliers, contract manufacturersand service providers conducted by the manufacturer (or by a third party ontheir behalf) should include a verification of data integrity measures at thecontract organisation. Contract acceptors are expected to provide reasonableaccess to data generated on behalf of the contract giver during audits, so thatcompliance with data integrity and management principles can be assessedand demonstrated.10.3.4 Audits and routine surveillance should include adequate verification of thesource electronic data and metadata by the Quality Unit of the contract giverusing a quality risk management approach. This may be achieved bymeasures such as:Site auditReview the contract acceptors organisational behaviour,and understanding of data governance, data lifecycle, riskand criticality.Material testing vs CoA Compare the results of analytical testing vs suppliersreported CoA. Examine discrepancies in accuracy,precision or purity results. This may be performed on aroutine basis, periodically, or unannounced, depending onmaterial and supplier risks. Periodic proficiency testing ofsamples may be considered where relevant.Remote data reviewThe contract giver may consider offering the ContractedFacility/Supplier use of their own hardware and softwaresystem (deployed over a Wide Area Network) to use inbatch manufacture and testing. The contract giver maymonitor the quality and integrity of the data generated bythe Contracted Facility personnel in real time.In this situation, there should be segregation of duties toensure that contract giver monitoring of data does not giveprovision for amendment of data generated by the contractacceptor.PI 041-1 55 of 63 1 July 2021
Page 1 and 2:
PHARMACEUTICAL INSPECTION CONVENTIO
Page 3 and 4: 9.10 Management of Hybrid Systems .
Page 5 and 6: 3.5 The principles of data manageme
Page 7 and 8: o automation; oro the use of techno
Page 9 and 10: process consistency (e.g. biologica
Page 11 and 12: should clearly demonstrate that rep
Page 13 and 14: Staying continuously and actively i
Page 15 and 16: 6.7 Dealing with data integrity iss
Page 17 and 18: Data IntegrityAttributeRequirementt
Page 19 and 20: Specific elements that should be ch
Page 21 and 22: generation of working copies of doc
Page 23 and 24: 4. ExpectationDocuments should be s
Page 25 and 26: 8.5.2 Records should be appropriate
Page 27 and 28: Where appropriate, the reason for t
Page 29 and 30: 8.9 Direct print-outs from electron
Page 31 and 32: 8.11.2 A record/register should be
Page 33 and 34: 9.2.2 Validation alone does not nec
Page 35 and 36: osystems used in the decision proce
Page 37 and 38: Check that end-user testing include
Page 39 and 40: read by the new software. Where nec
Page 41 and 42: - User access controls should ensur
Page 43 and 44: potential security weaknesses) and
Page 45 and 46: 9.6 Audit trails for computerised s
Page 47 and 48: - in the case of changes or modific
Page 49 and 50: 9.8 Review of data within computeri
Page 51 and 52: to access electronically stored dat
Page 53: Appropriate quality risk management
Page 57 and 58: Accurate [4.1], [6.17] [5.40], [5.4
Page 59 and 60: 12 REMEDIATION OF DATA INTEGRITY FA
Page 61 and 62: 12.2.1.2 Evidence of open communica
Page 63: MetadataIn-file data that describes
show all

Data integrity PIC S

Create successful ePaper yourself

Delete template?

Save as template?