Summary of PIC/S Guidance Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments

Similar documents
DATA INTEGRITY (EMA AUGUST 2016)

MHRA GMP Data Integrity Definitions and Guidance for Industry March Introduction:

October p. 01. GCP Update Data Integrity

Data Integrity and Worldwide Regulatory Guidance

Data Integrity. Developments, updates, and deficiencies. Paul Moody, GMP Inspector. GMP Conference. 7 February 2017 Dublin

Leveraging ALCOA+ Principles to Establish a Data Lifecycle Approach for the Validation and Remediation of Data Integrity. Bradford Allen Genentech

MHRA GMP Data Integrity Definitions and Guidance for Industry January Initial Review and Critique March 2015

Medicines & Healthcare products Regulatory Agency (MHRA) GXP Data Integrity Guidance and Definitions

Comment sheet for MHRA draft document:

Sparta Systems TrackWise Digital Solution

Data Integrity and the FDA AFDO Education Conference

Sparta Systems Stratas Solution

Industry Guidelines for Computerized Systems Validation (GAMP, PDA Technical Reports)

Information Technology Branch Organization of Cyber Security Technical Standard

Data Integrity: Technical controls that demonstrate trust

21 CFR Part 11 LIMS Requirements Electronic signatures and records

Sparta Systems TrackWise Solution

INFORMATION SECURITY AND RISK POLICY

Recommendations for Implementing an Information Security Framework for Life Science Organizations

CRITERIA FOR CERTIFICATION BODY ACCREDITATION IN THE FIELD OF RISK BASED INSPECTION MANAGEMENT SYSTEMS

By Cornelia Wawretchek. The Drug Manufacturer s Guide to Site Master Files

IQ Level 4 Award in Understanding the External Quality Assurance of Assessment Processes and Practice (QCF) Specification

Data Integrity for the Microbiology Laboratory

NIST Risk Assessment for Part 11 Compliance: Evaluation of a GXP Case Study

Data Integrity session Hosted by DCVMN Day 1 08/06/ Dr. Sandra O. Rumiano June 18th and 19th 2018

Part 11 Compliance SOP

Data Integrity for the Microbiology Laboratory

Information Security Policy

Business Continuity Management Standards A Side-by-Side Comparison

EUROPEAN MEDICINES AGENCY (EMA) CONSULTATION

ABB Limited. Table of Content. Executive Summary

Manchester Metropolitan University Information Security Strategy

Guidance for Centre Internal Verification Procedures

This Document is licensed to

SYSTEMKARAN ADVISER & INFORMATION CENTER. Information technology- security techniques information security management systems-requirement

UNIVERSITY OF LEICESTER, UNIVERSITY OF LOUGHBOROUGH & UNIVERSITY HOSPITALS OF LEICESTER NHS TRUST JOINT RESEARCH & DEVELOPMENT SUPPORT OFFICE

Elements of Data Management

OFFICIAL COMMISSIONING OF SECURITY SYSTEMS AND INFRASTRUCTURE

LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE. Loughborough University (LU) Research Office SOP 1027 LU

Vaccine data collection tool Oct Functions, Indicators & Sub-Indicators

BENEFITS OF EXCIPACT CERTIFICATION TO SUPPLIERS, USERS AND PATIENTS The role in Supplier Qualification. March 2011

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

ISO/IEC INTERNATIONAL STANDARD

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

NEWCASTLE CLINICAL TRIALS UNIT STANDARD OPERATING PROCEDURES

Standard Operating Procedure. Data Management. Adapted with the kind permission of University Hospitals Bristol NHS Foundation Trust

Current Expectations and Guidance, including Data Integrity and Compliance With CGMP

Port Facility Cyber Security

Data Quality and Integrity Investigation in Laboratories (Analytical)

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

AUTHORITY FOR ELECTRICITY REGULATION

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Auditing in an Automated Environment: Appendix E: System Design, Development, and Maintenance

GETTING STARTED WITH THE SIG 2014: A RESPONDENT S GUIDE By Shared Assessments

Good Laboratory Practice GUIDELINES FOR THE ARCHIVING OF ELECTRONIC RAW DATA IN A GLP ENVIRONMENT. Release Date:

Automation Change Management for Regulated Industries

System Assessment Report Relating to Electronic Records and Electronic Signatures; 21 CFR Part 11. System: tiamo (Software Version 2.

DATA PROTECTION POLICY THE HOLST GROUP

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

ISO/IEC Information technology Security techniques Code of practice for information security controls

Management s Response to the Auditor General s Review of Management and Oversight of the Integrated Business Management System (IBMS)

PROCEDURE POLICY DEFINITIONS AD DATA GOVERNANCE PROCEDURE. Administration (AD) APPROVED: President and CEO

Good Computer Validation Practices

1. STRATEGIC PLANNING

Comply with Data Integrity Regulations with Chromeleon CDS Software

Wye Valley NHS Trust. Data protection audit report. Executive summary June 2017

Development of Requirement Specifications for Computer Systems

GUIDANCE ON THE SECURITY ASSESSMENT OF GENERIC NEW NUCLEAR REACTOR DESIGNS

Integration of Agilent UV-Visible ChemStation with OpenLAB ECM

Summary of Changes in ISO 9001:2008

Part 11 is Dead Long Live Part CFR 11, the Electronic Records and Electronic Signatures 21 CFR PART 11. Introduction

DIRECTIVE ON RECORDS AND INFORMATION MANAGEMENT (RIM) January 12, 2018

Technical Security Standard

Standard Development Timeline

Practitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0

IMPLEMENTATION COURSE (MODULE 1) (ISO 9001:2008 AVAILABLE ON REQUEST)

Integration of Agilent OpenLAB CDS EZChrom Edition with OpenLAB ECM Compliance with 21 CFR Part 11

QAM-Q-104 Laboratory Data Entry and Review

Gatekeeper Public Key Infrastructure Framework. Information Security Registered Assessors Program Guide

RPR CRITERIA AND FORMATS

Standard Operating Procedure. Preparation, Review and Approval of Clinical Research Standard Operating Procedures and Work Instructions

ADIENT VENDOR SECURITY STANDARD

SECURITY & PRIVACY DOCUMENTATION

FDA 21 CFR Part 11 Compliance by Metrohm Raman

SDA COMPLIANCE SOFTWARE For Agilent ICP-MS MassHunter Software

IMI Level 3 Award in Automotive Refrigerant Handling (EC ) I.D NO: 500/6771/0

The ProcessGene GRC Suite. Solution Presentation

RI AND RF CRITERIA AND FORMATS

ISPE Annual Meeting 8 11 November 2015 Philadelphia, PA. Forensic Auditing for Data Integrity. Rebecca A. Brewer Quality Executive Partners

Touchstone Technologies, Inc. Course Catalog February 2017

Security Policies and Procedures Principles and Practices

Data Integrity in Clinical Trials

GAMP Good Practice Guide: The Validation of Legacy Systems

Common approaches to management. Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C.

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

IAF Guidance on the Application of ISO / IEC Guide 65:1996

PROTERRA CERTIFICATION PROTOCOL V2.2

QP Current Practices, Challenges and Mysteries. Caitriona Lenagh 16 March 2012

Standard CIP Cyber Security Systems Security Management

Transcription:

www.rx-360.org Summary of PIC/S Guidance Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments Draft Published August 2016 This summary was prepared by the Rx-360 Monitoring and Reporting Working Group which tracks regulatory, legislative and policy developments relevant to pharmaceutical/medical device supply chain integrity. The summary is not intended to serve as comprehensive and formal interpretation or guidance (and should not replace your own review and analysis of any referenced source documents). If you have questions, please contact Brittany Tobery, Rx-360 Secretariat, at 301-710-9399 or btobery@rx-360.org. 1

Introduction Good data management practices influence the integrity of all data generated and recorded by a manufacturer and these practices should ensure that data is accurate, complete and reliable. www.rx-360.org While the main focus of this document is in relation to data integrity expectations, the principles within should also be considered in the wider context of good data management. Data Integrity is defined as the extent to which all data are complete, consistent and accurate, throughout the data lifecycle. 2

Purpose and Scope Provides guidance for inspectorates in the interpretation of GMP/GDP requirements in relation to data integrity and the conduct of inspections. Intended to provide a basic overview of key principles regarding data management and integrity. Applies to both on-site and remote (desktop) inspections of those sites performing manufacturing (GMP) and distribution (GDP) activities. 3

Data Governance Data governance is the sum total of arrangements (irrespective of the process, format or technology) which provide assurance of data integrity. Data governance systems Should address data ownership throughout the lifecycle, and consider the design, operation and monitoring of processes / systems in order to comply with the principles of data integrity, including control over intentional and unintentional changes to, and deletion of information. Should ensure controls over data lifecycle which are commensurate with the principles of quality risk management. 4

Risk management approach to data governance Manufacturers and analytical laboratories should design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale. Where long term measures are identified in order to achieve the desired state of control, interim measures should be implemented to mitigate risk, and should be monitored for effectiveness. Where interim measures or risk prioritization are required, residual data integrity risk should be communicated to senior management, and kept under review. Reverting from automated / computerized to paper-based systems will not remove the need for data governance. 5

Risk management approach to data governance Not all data or processing steps have the same importance to product quality and patient safety. Risk management should be utilized to determine the importance of each data/processing step. An effective risk management approach to data governance will consider: Data criticality (impact to decision making and product quality) and Data risk (opportunity for data alteration and deletion, and likelihood of detection / visibility of changes by the manufacturer s routine review processes). Examples of factors which can increase risk of data integrity failure include complex, inconsistent processes with open ended and subjective outcomes. Simple tasks which are consistent, well defined and objective lead to reduced risk. From this information, risk proportionate control measures can be implemented. 6

Data Governance System Review The effectiveness of data integrity control measures should be assessed periodically as part of self-inspection (internal audit) or other periodic review processes. This should ensure that controls over the data lifecycle are operating as intended. In addition to routine data verification checks, self-inspection activities should be extended to a wider review of control measures, including: A check of continued personnel understanding of data integrity in the context of protecting of the patient, and ensuring the maintenance of a working environment which is focussed on quality and open reporting of issues, e.g. by review of continued training in data integrity principles and expectations. A review for consistency of reported data/outcomes against raw data entries. 7

General Data Integrity Principles and Enablers Good Documentation Practices (GDocPs) are key to ensuring data integrity, and a fundamental part of a well designed Pharmaceutical Quality Management System. Some key concepts of GDocPs are summarized by the acronym ALCOA: Attributable, Legible, Contemporaneous, Original, Accurate. To this list can be added the following: Complete, Consistent, Enduring and Available (ALCOA+5). Together, these expectations ensure that events are properly documented and the data can be used to support informed decisions. 8

Specific DI Considerations for Paper- Based Systems Procedures outlining good documentation practices and arrangements for document control should be available within the QMS. These procedures should specify: How master documents and procedures are created, reviewed and approved for use; Generation, distribution and control of templates used to record data (master, logs, etc.); Retrieval and disaster recovery processes regarding records. The process for generation of working copies of documents for routine use, with specific emphasis on ensuring copies of documents, e.g. SOPs and blank forms are issued and reconciled for use in a controlled and traceable manner. Guidance for the completion of paper based documents, specifying how individual operators are identified, data entry formats and amendments to documents are recorded. How completed documents are routinely reviewed for accuracy, authenticity and completeness; Processes for the filing, retrieval, retention, archival and disposal of records. 9

Specific DI Considerations for Paper- Based Systems Other Topics Covered Direct print-outs from electronic systems True Copies Limitations of remove review of summary reports Document retention Disposal of original records 10

Specific Data Integrity Considerations for Computerized Systems All computerized systems with potential for impact on product quality should be effectively managed under a mature quality management system which is designed to ensure that systems are protected from acts of accidental or deliberate manipulation, modification or any other activity that may impact on data integrity. 11

Specific Data Integrity Considerations for Computerized Systems Topics of Interest Qualification and validation of computerized systems System security Audit trails Data capture / entry Review of electronic data Storage, archival, and disposal of electronic data 12

Data Integrity Considerations for Outsourced Activities It is important for an organization to understand the data integrity limitations of information obtained from the supply chain (e.g. summary records and copies / printouts), and the challenges of remote supervision. Companies should conduct regular risk reviews of supply chains and outsourced activity that evaluate the extent of data integrity controls required. Care should be taken to ensure the authenticity and accuracy of supplied documentation. The difference in data integrity and traceability risks between true copy and summary report data should be considered when making contractor and supply chain qualification decisions. 13

Thank you www.rx-360.org For More Information info@rx-360.org 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback