Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Area for review
Comparison of analytical data reported
by the contractor or supplier vs in-house
data from analysis of the same material
Rationale
To look for discrepant data which may
be an indicator of falsification
10.3.2 Quality agreements (or equivalent) should be in place between
manufacturers and suppliers of materials, service providers, contract
manufacturing organisations (CMOs) and (in the case of distribution)
suppliers of medicinal products, with specific provisions for ensuring data
integrity across the supply chain. This may be achieved by setting out
expectations for data governance, and transparent error/deviation reporting
by the contract acceptor to the contract giver. There should also be a
requirement to notify the contract giver of any data integrity failures identified
at the contract acceptor site.
10.3.3 Audits of suppliers and manufacturers of APIs, critical intermediate suppliers,
primary and printed packaging materials suppliers, contract manufacturers
and service providers conducted by the manufacturer (or by a third party on
their behalf) should include a verification of data integrity measures at the
contract organisation. Contract acceptors are expected to provide reasonable
access to data generated on behalf of the contract giver during audits, so that
compliance with data integrity and management principles can be assessed
and demonstrated.
10.3.4 Audits and routine surveillance should include adequate verification of the
source electronic data and metadata by the Quality Unit of the contract giver
using a quality risk management approach. This may be achieved by
measures such as:
Site audit
Review the contract acceptors organisational behaviour,
and understanding of data governance, data lifecycle, risk
and criticality.
Material testing vs CoA Compare the results of analytical testing vs suppliers
reported CoA. Examine discrepancies in accuracy,
precision or purity results. This may be performed on a
routine basis, periodically, or unannounced, depending on
material and supplier risks. Periodic proficiency testing of
samples may be considered where relevant.
Remote data review
The contract giver may consider offering the Contracted
Facility/Supplier use of their own hardware and software
system (deployed over a Wide Area Network) to use in
batch manufacture and testing. The contract giver may
monitor the quality and integrity of the data generated by
the Contracted Facility personnel in real time.
In this situation, there should be segregation of duties to
ensure that contract giver monitoring of data does not give
provision for amendment of data generated by the contract
acceptor.
PI 041-1 55 of 63 1 July 2021