Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
o automation; or
o the use of technologies that provide greater controls for data
management and integrity.
5.2.4 An effective data governance system will demonstrate Senior management’s
understanding and commitment to effective data governance practices
including the necessity for a combination of appropriate organisational culture
and behaviours (section 6) and an understanding of data criticality, data risk
and data lifecycle. There should also be evidence of communication of
expectations to personnel at all levels within the organisation in a manner
which ensures empowerment to report failures and opportunities for
improvement. This reduces the incentive to falsify, alter or delete data.
5.2.5 The organisation’s arrangements for data governance should be
documented within their Pharmaceutical Quality System and regularly
reviewed.
5.3 Risk management approach to data governance
5.3.1 Senior management is responsible for the implementation of systems and
procedures to minimise the potential risk to data integrity, and for identifying
the residual risk, using the principles of ICH Q9. Contract Givers should
perform a review of the contract acceptor’s data management policies and
control strategies as part of their vendor assurance programme. The
frequency of such reviews should be based on the criticality of the services
provided by the contract acceptor, using risk management principles (refer to
section 10).
5.3.2 The effort and resource assigned to data governance should be
commensurate with the risk to product quality, and should also be balanced
with other quality resource demands. All entities regulated in accordance with
GMP/GDP principles (including manufacturers, analytical laboratories,
importers and wholesale distributors) should design and operate a system
which provides an acceptable state of control based on the data quality risk,
and which is documented with supporting rationale.
5.3.3 Where long term measures are identified in order to achieve the desired state
of control, interim measures should be implemented to mitigate risk, and
should be monitored for effectiveness. Where interim measures or risk
prioritisation are required, residual data integrity risk should be
communicated to senior management, and kept under review. Reverting from
automated and computerised systems to paper-based systems will not
remove the need for data governance. Such retrograde approaches are likely
to increase administrative burden and data risk, and prevent the continuous
improvement initiatives referred to in paragraph 3.5.
5.3.4 Not all data or processing steps have the same importance to product quality
and patient safety. Risk management should be utilised to determine the
importance of each data/processing step. An effective risk management
approach to data governance will consider:
Data criticality (impact to decision making and product quality) and
Data risk (opportunity for data alteration and deletion, and likelihood of
detection / visibility of changes by the manufacturer’s routine review
processes).
PI 041-1 7 of 63 1 July 2021