Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
process consistency (e.g. biological production processes or analytical
tests may exhibit a higher degree of variability compared to small
molecule chemistry);
degree of automation / human interaction;
subjectivity of outcome / result (i.e. is the process open-ended vs well
defined);
outcomes of a comparison between electronic system data and manually
recorded events (e.g. apparent discrepancies between analytical reports
and raw-data acquisition times); and
inherent data integrity controls incorporated into the system or software.
5.5.5 For computerised systems, manual interfaces with IT systems should be
considered in the risk assessment process. Computerised system validation
in isolation may not result in low data integrity risk, in particular, if the user is
able to influence the reporting of data from the validated system, and system
validation does not address the basic requirements outlined in section 9 of
this document. A fully automated and validated process together with a
configuration that does not allow human intervention, or reduces human
intervention to a minimum, is preferable as this design lowers the data
integrity risk. Appropriate procedural controls should be installed and verified
where integrated controls are not possible for technical reasons.
5.5.6 Critical thinking skills should be used by inspectors to determine whether
control and review procedures effectively achieve their desired outcomes. An
indicator of data governance maturity is an organisational understanding and
acceptance of residual risk, which prioritises actions. An organisation which
believes that there is ‘no risk’ of data integrity failure is unlikely to have made
an adequate assessment of inherent risks in the data lifecycle. The approach
to assessment of data lifecycle, criticality and risk should therefore be
examined in detail. This may indicate potential failure modes which can be
investigated during an inspection.
5.6 Data governance system review
5.6.1 The effectiveness of data integrity control measures should be assessed
periodically as part of self-inspection (internal audit) or other periodic review
processes. This should ensure that controls over the data lifecycle are
operating as intended.
5.6.2 In addition to routine data verification checks (e.g. daily, batch- or activityrelated),
self-inspection activities should be extended to a wider review of
control measures, including:
A check of continued personnel understanding of good data management
practice in the context of protecting of the patient, and ensuring the
maintenance of a working environment which is focussed on quality and
open reporting of issues (e.g. by review of continued training in good data
management principles and expectations).
A review for consistency of reported data/outcomes against raw entries.
This may review data not included during the routine data verification
PI 041-1 9 of 63 1 July 2021