Data Integrity & Computer Systems Guidance Validation

Gilda D’Incerti – CEO PQE GroupAugust, 2018

I. GENERAL PROVISIONS1. Introduction.II. FIELD OF APPLICATION 2. Purpose.3. Scope.III. BASIC CONCEPT4. Data integrity Principles 4.1 ALCOA+ Requirements 5. Main definitions.5.1 Acronyms5.2 DefinitionsIV. DATA INTEGRITY ENABLERS 6. Data governance system 6.1 Data governance system 6.2 Risk management approach to data governance6.3 Data Life Cycle6.4 Organizational Requirements 6.4.1 Quality culture6.4.2 Code of ethics and policies 6.4.3 Training Programs6.4.4 Pharmaceutical Quality System Enhancement6.4.5 Quality metrics for Data Integrity7. Requirements for Regulated Paper Records7.1 QMS for Record Management 7.2 Record Creation7.2.1 Records Generation7.2.2 Records Distribution7.2.3 Record Processing & Completion7.3 Records Review7.4 True copies7.4.1 True copies of Paper Records 7.4.2 Paper records generated from Computer Systems

7.5 Records Retention7.6 Records Disposal8. Requirements for Regulated Electronic Records8.1 Computer System Validation8.1.1 Data capture/entry8.2 Security8.2.1 System Access8.2.2 User Authorizations8.2.3 Backup8.2.4 Data Migration Verification8.3 Traceability8.3.1 Audit Trail8.3.2 Audit Trail Review8.4 Inspectability8.4.1 Electronic Copies8.4.2 Archiving8.4.3 Disposal8.5 Accountability8.5.1 Electronic signature9. Risk Based Validation Life Cycle9.1 Computerized System and Categories9.2 System Inventory and GMP Risk Assessment 9.3 Supplier Assessment & Quality Agreement 9.4 Requirements & Planning Phase9.4.1 User Requirements Specification9.4.2 Validation Plan9.5 Specifications & Build Phase9.5.1 Functional Specification9.5.2 Configuration Specifications9.5.3 Design Specifications9.5.4 Detailed Risk AssessmentTA

BLE

OF

CON

TEN

TS

Data Integrity Introduction Data Integrity Guidance Scope Data Integrity Principles Data Governance System Requirements for Paper Records Requirements for Electronic Records Risk based Validation Life Cycle Conclusions

PRESENTATION INDEX

Data Integrity Guidance Scope

DATA INTEGRITY: WHAT IS IT?

The extent to which data is complete, consistent and accurate, throughout thedata life cycle.It is fundamental in a pharmaceutical quality system, ensuring that medicines areof the required quality.

Information submitted in dossiers and used in day-to-day decision-making is basedon data.Poor data integrity practices and vulnerabilities undermine the quality of recordsand may ultimately undermine the quality of medicinal products. [I.1]

PURPOSE AND SCOPE OF THIS GUIDANCEThis guidance aims to promote a risk-basedapproach to data management that includes datarisk, criticality and life cycle.This regulation is intended to define the minimumrequirements that a manufacturer must meet inorder to assure that his products are consistentlyhigh in quality, from batch to batch, with respect totheir intended use.The control measures required to be implementedare based upon the Regulated Data (i.e.information relied upon by the manufacturers toensure Patient Safety and Product Quality) whichshall be created and maintained integer within theentire Product Life Cycle allowing to reconstruct theactivities performed. [I.1]

Data IntegrityPrinciples

ELECTRONIC AND PAPER RECORDSData may be generated:Electronically, using a tool that ranges from simple machines(equipment) to complex highly configurable computerized systems. Theinherent risk to data integrity related to equipment and computerizedsystems may differ depending upon the degree to which the system(generating or using the data) can be configured, and the potential formanipulation of data during transfer between computerized systemsduring data life cycle. [IV.6.3]In case the Regulated Data are created, managed and maintainedthrough Electronic Records, the associated Integrity is ensured by therelevant Computerized System. [II.3]On paper, a paper-based record of a manual observation or of anactivity. Data generated manually on paper may require independentverification if deemed necessary from the data integrity riskassessment or by another requirement. Consideration shall be given torisk-reducing supervisory measures, specifically for data associated tohigh criticality. [IV.6.3]

ALCOA+ REQUIREMENTSThe key principles for both paper-based and electronic-based recordkeeping aresummarized by the acronym ALCOA:• Attributable• Legible• Contemporaneous• Original• Accurate

ALCOA requirements have been extended adding the other attributes, nowtermed ALCOA+ :• Complete• Consistent• Enduring• Available[III.4.1]

DATA LIFE CYCLEData Life Cycle refers to how data is generated,processed, reported, checked, used for decision-making, stored and finally discarded at the end ofthe retention period.It encompass all phases in the life of the data(including raw data) from initial generation andrecording through processing (includingtransformation or migration), use, retention,archive/ retrieval and destruction.The procedures for destruction of data shallconsider data criticality and, where applicable,legislative retention requirements.Archival arrangements shall be in place for longterm retention of relevant data in compliance withlegislation. [III.5.2]

Generation

Recording

Processing

UseRetention

Archive/ Retrieval

Destruction

Data Governance System

DATA GOVERNANCEData governance is the sum of arrangementswhich provides assurance of data integrity,irrespective of the process, format or technologyin which data is generated, recorded, processed,retained, retrieved and used.

Data governance ensures a complete,consistent and accurate record throughout thedata life cycle, including control over intentionaland unintentional changes to data.

[IV.6.1]

RISK BASED APPROACHAs not all data or processing steps have the same importance to productquality and patient safety, risk management shall be utilized to determinethe importance of each data/processing step.An effective risk management approach to data governance shall be basedupon Risk to Data Integrity determined by the following factors:Data criticality (impact to decision making and product quality)Exposure to violation (opportunity for data alteration and deletion, andlikelihood of detection/ visibility of changes by the manufacturer’s routinereview processes).The exposure is determined by the potential to be deleted, amended orexcluded without authorization and the opportunity for detection of thoseactivities and events. [IV.6.2

PERSONNELThe company’s general ethics and integrity standards need to be established and known to each employee and theseexpectations shall be communicated frequently and consistently.Personnel shall be trained in data integrity policies.Management shall ensure that personnel are trained to understand and distinguish between proper and improper conduct(including deliberate falsification), and shall be made aware of the potential consequences. [IV.6.4.3]

PHARMACEUTICAL QUALITY SYSTEM ENHANCEMENTThe company shall know their data life cycle and integrate the appropriate controlsand procedures so that the generated data will be valid, complete and reliable.Specifically, such control and procedural updating may be in the following areas:• Risk assessment and management• Investigation programs• Data review practices• Computer software validation• Vendor/contractor management• Training program to include company’s data integrity policy and data integrity SOPs• Self-inspection program to include data integrity• Quality metrics and reporting to senior management. [IV.6.4.4]

Requirements for paper records

GOOD DOCUMENTATION PRACTICES• Handwritten entries must be made by the person who executed the task.• Unused, blank fields within documents shall be crossed-out, dated and signed.• Handwritten entries shall be made in clear and legible writing• The completion of date fields shall be done in the format defined for the site (E.g.

dd/mm/yyyy or mm/dd/yyyy)• Filling out operations shall be contemporaneous• Records shall be indelible. The use of pencils is not allowed• Records shall be signed and dated using a unique identifier that is attributable to the author.• Corrections to the records must be made in such way that full traceability is maintained,

including:• Cross out what is to be changed in a way keeping the initial data readable (e.g. with a

single line)• Where appropriate, the reason for the correction must be clearly recorded and verified if

critical.• Who and when the change has been made (Initials and date) . [IV.7.2.3]

Requirements for electronic records

SECURITYUser access controls, both physical andelectronic, shall be configured and enforced toprohibit unauthorized access to, changes toand deletion of data.Individual Login IDs and passwords shall beset up and assigned. [IV.8.2.1]Full use shall be made of access controls toensure that people have access only tofunctionality that is appropriate for their jobrole, and that actions are attributable to aspecific individual. [IV.8.2.2]The Backup and Recovery processes shall bedocumented through a procedure defining thebackup operations and the restore steps to beexecuted in case of need. The Backup andRecovery processes shall be tested to ensurethe capability to fully recover data andmetadata in case of system failure. [IV.8.2.3]

TRACEABILITY AUDIT TRAILAn audit trail is a form of metadata that contains information associated with actionsrelated to the creation, modification or deletion of regulated Electronic records, withoutobscuring or overwriting the original record.Audit trails records shall be in an intelligible form and have at least the followinginformation:• Name of the person who made the change to the data• Description of the change• Time and date of the change• Reason for the change[IV.8.3.1]

INSPECTABILITYSystem shall allow to generate accurate and complete copies of records inboth human readable and electronic form suitable for inspection, review, andcopying by the Inspectors. [IV.8.4.1]

Data shall be archived periodically in accordance with written procedures.Archived copies shall be physically secured in a separate and remote locationfrom where back up data is stored.Data shall be accessible and readable and its integrity maintained for all theperiod of archiving. [IV.8.4.2]

Procedures shall be in place that describe the process for the disposal ofelectronically stored data. These procedures shall provide guidance for theassessment of data and allocation during retention period, and describe themanner in which data that is no longer required is disposed of. [IV.8.4.3]

ACCOUNTABILITY ELECTRONIC SIGNATURESElectronic signatures used in place of handwritten signatures must haveappropriate controls to ensure their authenticity and traceability to the specificperson who electronically signed the record(s).The use of electronic signatures shall be appropriately controlled withconsideration given to:• How the signature is attributable to an individual• How the act of ‘signing’ is recorded within the system so that it cannot be

altered or manipulated without invalidating the signature or status of theentry

• How the record of the signature will be associated with the entry made andhow this can be verified

• The security of the electronic signature (so that it can only be applied by the‘owner’ of that signature)

[IV.8.5.1]

Risk basedValidation Life Cycle

COMPUTER SYSTEM VALIDATIONThe Computer Validation process is the ultimate step to ensure the Integrity of the electronic data createdand maintained for regulated purposes.Computerized systems that may have an impact on product or service quality and data integrity aresubject to GMP regulations and need to be validated.

The validation process provides documented proof enabling to conclude with a high degree of assurancethat a computerized system operates as defined in its specifications, as well as according to quality andregulatory requirements, in a constant and reproducible manner.In addition, the Validation process shall provide documented evidence that the system includes theautomated functionalities oriented to ensure that the GMP critical Electronic Records meet the ALCOA+requirements.[IV.9]

COMPUTERIZED SYSTEM: DEFINITIONThe computerized system shall be considered as composed of all computerhardware, firmware, installed devices, and software controlling the operationof the computer.[IV.9.1]

COMPUTERIZED SYSTEM: CATEGORIESThere is generally increasing risk of failure or defects with the progression from standard software andhardware to custom software and hardware. The increased risk derives from a combination of greatercomplexity and less user experience.In order to facilitate the determination of the appropriate validation strategy and depth, the followingcategories have been defined [IV.9.1]:

Category Type Description3 Not Configured

ProductsRun-time parameters may be entered andstored, but the software cannot beconfigured to suit the business process

4 Configured Products

Software, often very complex, that can beconfigured by the user to meet the specificneeds of the user’s business process.Software code is not altered.

5 Custom Applications

Software custom designed and coded tosuit the business process

SYSTEM INVENTORY

Regulated companies shall have an inventory of allcomputerized systems in use.This list shall include reference to:• Name, location and primary function (i.e. Intended

Use) of each computerized system• Evaluation of the Risk associated to the System and

to the relevant Record(s) maintained by the System(e.g. direct GMP impact, indirect impact, no impact)

• Current validation status of each system andreference to existing validation documents.

• [IV.9.2]

VALIDATION LIFE CYCLE: REQUIREMENTS & PLANNING• A User Requirements Specification (URS) shall be created for all

computerized systems.The purpose of the URS document is to define the “intended use” andfunctions of the system, including all essential requirements. [IV.9.4.1]

• Validation Plan is a strategic document providing evidence that all thevalidation activities are adequately addressed, under management control,using a risk based approach.The Validation Plan shall identify the validation documentation to be createdwith the relevant responsibilities and the general acceptance criteria for thevalidation process. [IV.9.4.2]

VALIDATION LIFE CYCLE: SPECIFICATION & BUILD• The functional specifications shall provide a precise and detailed description of how

the system covers the essential requirements for the computer system and externalinterfaces. The Specifications shall be prepared and organized in a way that permitsto trace each User Requirements against the corresponding functionalities andassociated testing documentation. [IV.9.5.1]

• The Configuration Specification document is defined in order to describe:• the list of HW/SW components included in the Computerized System• the system parameters (e.g. password length) which may impact one or more

GMP functionality [IV.9.5.2]• The SW design specifications are required for the customized components in order to

provide a detailed, technical explanation of the Functional Specification in order toexplain (how the system does what is defined in the higher level specifications.[IV.9.5.3]

• Detailed Risk Assessment activities are required during the Specification and Buildphases [IV.9.5.4]

VALIDATION LIFE CYCLE: TESTING & ACCEPTANCEThe system testing is performed to ensure that computerizedsystems meet their predefined requirements, prior to systemrelease.The testing includes:• Vendor Testing (e.g. Commissioning Testing, Unit and

Integration testing), executed by the SW Supplier according toits Quality System or to a predefined Quality & Project Plan

• Validation Testing, executed in the qualification and/orproduction environment according to pre-defined protocols forthe following Validation Testing phases:

• Installation Qualification• Operational Qualification• Performance Qualification[IV.9.6]

Tests shall be performed in an appropriately qualifiedenvironment according to a predetermined Test Plan and TestSpecifications including predefined expected results. [IV.9.6.1]

VALIDATION LIFE CYCLE: RELEASE

The validation report summarizesthe activities and associateddocumentation issued todemonstrate correct andcomplete execution of theValidation process, according tothe validation plan.It provides an analysis of datacollected during the Validationprocess and documents thevalidation activity results includingany non-conformity or follow-up.[IV.9.7.1]

VALIDATION LIFE CYCLE: OPERATION THROUGH SUPPORTING PROCESSES

After release, the system will be managed through the supporting processes oriented to maintainthe Validated status [IV.9.8]:• Security to provide a high level of protection of data from loss of confidentiality, integrity and

availability [IV.9.8.1]• Incident Management: an incident is any unplanned occurrence which prevents (or may prevent)

or delays users, the system, an operation, or a service from proceeding with an assigned task[IV.9.8.2]

• Change Management [IV.9.8.3]• Backup and Restore [IV.9.8.4]• Service Level Agreement [IV.9.8.5]• Business Continuity [IV.9.8.6]• Archiving [IV.9.8.7]• Periodic Review [IV.9.8.8]• Training & system usage procedures [IV.9.8.9]

VALIDATION LIFE CYCLE: RETIREMENT

When the system is retired, thedata maintained by the systemshall be made available withinthe Retention period. [IV.9]

Conclusions

CONCLUSIONSData

IntegrityProduct Quality

PatientSafety

ACKNOWLEDGEMENTS• info@pqegroup.com