Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
legislative requirement to implement a ‘data governance system’, its
establishment enables the manufacturer to define, prioritise and
communicate their data integrity risk management activities in a coherent
manner. Absence of a data governance system may indicate uncoordinated
data integrity systems, with potential for gaps in control measures.
5.1.2 The data lifecycle refers to how data is generated, processed, reported,
checked, used for decision-making, stored and finally discarded at the end of
the retention period. Data relating to a product or process may cross various
boundaries within the lifecycle. This may include data transfer between
paper-based and computerised systems, or between different organisational
boundaries; both internal (e.g. between production, QC and QA) and external
(e.g. between service providers or contract givers and acceptors).
5.2 Data governance systems
5.2.1 Data governance systems should be integral to the Pharmaceutical Quality
System described in PIC/S GMP/GDP. It should address data ownership
throughout the lifecycle, and consider the design, operation and monitoring
of processes and systems in order to comply with the principles of data
integrity, including control over intentional and unintentional changes to, and
deletion of information.
5.2.2 Data governance systems rely on the incorporation of suitably designed
systems, the use of technologies and data security measures, combined with
specific expertise to ensure that data management and integrity is effectively
controlled. Regulated entities should take steps to ensure appropriate
resources are available and applied in the design, development, operation
and monitoring of the data governance systems, commensurate with the
complexity of systems, operations, and data criticality and risk.
5.2.3 The data governance system should ensure controls over the data lifecycle
which are commensurate with the principles of quality risk management.
These controls may be:
Organisational
o procedures, e.g. instructions for completion of records and retention
of completed records;
o training of staff and documented authorisation for data generation
and approval;
o data governance system design, considering how data is generated,
recorded, processed, retained and used, and risks or vulnerabilities
are controlled effectively;
o routine (e.g. daily, batch- or activity-related) data verification;
o periodic surveillance, e.g. self-inspection processes seek to verify
the effectiveness of the data governance system; or
o the use of personnel with expertise in data management and
integrity, including expertise in data security measures.
Technical
o
computerised system validation, qualification and control;
PI 041-1 6 of 63 1 July 2021