Professional Documents
Culture Documents
Definition - Data Integrity The extent to which all data are complete, The completeness, consistency, and accuracy of Data integrity is the degree to which data are
consistent and accurate throughout the data data. complete, consistent, accurate, trustworthy and
lifecycle. reliable and that these characteristics of the data
are maintained throughout the data lifecycle.
Data integrity criteria The collected data should be: A - attributable to Attributable, see 211.101(d), 211.122, 211.186, The records should be complete, consistent,
the person generating the data; L – legible and 211.188(b)(11), and 212.50(c)(10). enduring and available. Refer to detailed guidelines
permanent; C – contemporaneous; O – original Legible see 211.180(e) and 212.110(b). related with ALCOA on Appendix 1.
record (or ‘true copy’); A - accurate Contemporaneously recorded (at the time of
performance) see 211.100(b) and 211.160(a).
Original or a true copy see §§ 211.180 and
211.194(a).
Accurate see 211.22(a), 211.68, 211.188, and
212.60(g).
Definition - Metadata Metadata is data that describe the attributes of The contextual information required to understand Metadata are data about data that provide the
other data, and provide context and meaning. data. contextual information required to understand
those data.
Data Lifecycle All phases in the life of the data (including raw All phases of the process by which data are
data) from initial generation and recording through created, recorded, processed, reviewed, analyzed
processing (including transformation or migration), and reported, transferred, stored and retrieved and
use, data retention, archive / retrieval and monitored until retirement and disposal. There
destruction. should be a planned approach to assessing,
monitoring and managing the data and the risks to
those data in a manner commensurate with
potential impact on patient safety, product quality
and/or the reliability of the decisions made
throughout all phases of the data lifecycle.
Definition - audit trail Audit trails are metadata that are a record of A secure, computer-generated, time-stamped The audit trail is a form of metadata that contains
critical information (for example the change or electronic record that allows for reconstruction of information
deletion of relevant data), that permit the the course of events relating to the creation, associated with actions that relate to the creation,
reconstruction of activities. modification, or deletion of an electronic record. modification or deletion of
GXP records.
Static record ‘Fixed’ record such as paper or pdf. Static is used to indicate a fixed-data document A static record format, such as a paper or pdf
such as a paper record or an electronic image. record, is one that is fixed and allows no or very
limited interaction between the user and the
record content.
Dynamic record An electronic record which the user / reviewer can Dynamic means that the record format allows Records in dynamic format allows for an interactive
interact with. interaction between the user and the record relationship between the user and the record
content. content.
Backup A copy of current (editable) data, metadata and Refers to a true copy of the original data that is A copy of one or more electronic files created as an
system configuration settings (variable settings maintained securely throughout the records alternative in case the original data or system are
which relate to an analytical run) maintained for retention period. lost or become unusable. Refer also to WHO
the purpose of disaster recovery. Technical Report Series, No. 937, 2006. Appendix
5 Annex 4 Section 5.
Computer system It is a system (consisting of one or more hardware It refers to computer hardware, software, A computer system collectively controls the
components and associated software) that is peripheral devices, networks, cloud infrastructure, performance of one or more automated processes
involved with the direct or indirect capture of data, operators, and associated documents and/or functions It includes computer hardware,
processing or manipulation of data, reporting and software, peripheral devices, networks, personnel
storage of data, and may be an integral part of and documentation, e.g. manuals and standard
automated equipment.[1] operating procedures.
Computer Systems Validation Refer to the section titled “Validation - for intended Q3 (Note: Q3 = ansewere to Q3 in the referenced WHO Technical Report Series, No. 937, 2006.
purpose“/EMA Annex 11 p 4. guidance document) Appendix 5 Annex 4.
Security EMA Annex 11 p 12. Q4 WHO Technical Report Series, No. 937, 2006.
Appendix 5 Annex 4 Section 4.
Shared login accounts Shared logins or generic user access should not be Q5 The use of shared and generic log-on credentials
used. Where the computerized system design should be avoided to ensure that personnel actions
supports individual user access, this function must documented in electronic records can be attributed
be used. It is acknowledged that some to a unique individual. This would apply to the
computerized systems support only a single user software application level and all applicable
login or limited numbers of user logins. Where network environments where personnel actions
alternative computerized systems have the ability may occur (e.g. workstation and server operating
to provide the required number of unique logins, systems, etc.). Where adequate technical controls
facilities should upgrade to an appropriate system are not available or feasible in legacy electronic
by the end of 2017. Where no suitable alternative systems, combinations of paper and electronic
computerized system is available, a paper based records should be used to meet the requirements
method of providing traceability will be permitted. to attribute actions to an individual.
The lack of suitability of alternative systems should
be justified based on a review of system design,
and documented.
Audit trails review The relevance of data retained in audit trails should Q7 Systems may be designed to facilitate audit trail
be considered by the company to permit robust review via varied means, for example, the system
data review / verification. The items included in design may permit audit trails to be reviewed as a
audit trail should be those of relevance to permit list of relevant data or by a validated exception
reconstruction of the process or activity. It is not reporting process. It is expected that during
necessary for audit trail review to include every validation of the system the organization will
system activity (e.g. user log on/off, keystrokes establish – based upon a documented and justified
etc.), and may be achieved by review of designed risk assessment – the frequency, roles and
and validated system reports. responsibilities, and approach to review of the
various types of meaningful metadata, such as
audit trials. When determining a risk-based
approach to reviewing audit trails in GxP
computerized systems, it is important to note that
some software developers may design mechanisms
for tracking user actions related to the most critical
GxP data using metadata features and not named
these audit trails but may have used the naming
convention “audit trail” to track other computer
system and file maintenance activities. Training of
personnel who use computerized systems and
review electronic data in basic understanding of
how computerized systems work and how to
efficiently review the electronic data and metadata.
Quality assurance should also review a sample of
relevant audit trails, raw data and metadata as part
of self-inspection to ensure ongoing compliance
with the data governance policy / procedures. A
procedure should describe the actions to be taken
if data review identifies an error or omission. This
procedure should enable data corrections or
clarifications to be made in a GxP compliant
manner, providing visibility of the original record
and audit trailed traceability of the correction. A
procedure should describe the actions to be taken
if data review identifies an error or omission. This
procedure should enable data corrections or
clarifications to be made in a GxP compliant
manner, providing visibility of the original record
and audit trailed traceability of the correction.
Regular review of audit trails may reveal incorrect
processing of data and help prevent incorrect
results from being reported and identify the need
for additional training of personnel. Data review
should be documented.
Audit trail reviewer(s) There should be a procedure which describes the Q8 The quality unit should conduct and report to
process for the review and approval of data, management formal, documented risk review.
including raw data. Data review must also include a
review of relevant metadata, including audit trail.
Data review must be documented. A procedure
should describe the actions to be taken if data
review identifies an error or omission. This
procedure should enable data corrections or
clarifications to be made in a GMP compliant
manner, providing visibility of the original record,
and audit trailed traceability of the correction,
using ALCOA principles (see ‘data’ definition). QA
should also review a sample of relevant audit trails,
raw data and metadata as part of self-inspection to
ensure on-going compliance with the data
governance policy / procedures.
Retention of paper instead of e-recs It is conceivable for raw data generated by Q10. See also Q3 @ US FDA Questions and Data integrity risks may occur when persons
electronic means to be retained in an acceptable Answers on Current Good Manufacturing Practices, choose to rely solely upon paper printouts or pdf
paper or pdf format, where it can be justified that a Good Guidance Practices, Level 2 Guidance - reports from computerized systems without
static record maintains the integrity of the original Records and Reports meeting applicable regulatory expectations for
data. It would also require a documented means to original records. Original records should be
verify that the printed records were an accurate reviewed – this includes electronic records. If the
representation. reviewer only reviews the subset of data provided
as a printout or pdf, these risks may go undetected
and harm may occur.
The use of e-sign The use of electronic signatures should be Q11 The GxP organization may choose a fully-electronic
compliant with the requirements of international approach to allow more efficient, streamlined
standards 445 such as Directive 1999/93/EC record review and record retention. This would
(requirements relevant to ‘advanced electronic require that authenticated and secure electronic
signature’). signatures be implemented for signing records
where required. This would require preservation of
the original electronic records, or verified true
copy, as well as the necessary software and
hardware or other suitable reader equipment to
view the records during the records retention
period. A hybrid approach is discussed in this
technical report.
Inspections of e-records Q17 All GxP records held by the GxP organization are
subject to inspection by health authorities. This
includes original electronic data and metadata,
such as audit trails maintained in computerized
systems.
Raw data Original records and documentation, retained in Means any laboratory worksheets, records,
the format in which they were originally generated memoranda, notes, or exact copies thereof, that
(i.e. paper or electronic), or as a ‘true copy’. Raw are the result of original observations and activities
data must be contemporaneously and accurately of a nonclinical laboratory study and are necessary
recorded by permanent means. In the case of basic for the reconstruction and evaluation of the report
electronic equipment which does not store of that study. In the event that exact transcripts of
electronic data, or provides only a printed data raw data have been prepared (e.g., tapes which
output (e.g. balance or pH meter), the printout have been transcribed verbatim, dated, and
constitutes the raw data. Source Data - All verified accurate by signature), the exact copy or
information in original records and certified copies exact transcript may be substituted for the original
of original records of clinical findings, observations, source as raw data. Raw data may include
or other activities in a clinical trial necessary for the photographs, microfilm or microfiche copies,
reconstruction and evaluation of the trial. Source computer printouts, magnetic media, including
data are contained in source documents (original dictated observations, and recorded data from
records or certified copies). (2009 MHRA GCP automated instruments. (21 CFR 58.3(k))
Guideline)
Data Facts and statistics collected together for reference Representations of facts, concepts, or instructions All original records and certified true copies of
or analysis. in a manner suitable for communication, original records, including source data and
interpretation, or processing by humans or by metadata and all subsequent transformations and
automated means. (FDA Glossary) reports of this data, which are recorded at the time
of the GxP activity and allow full and complete
reconstruction and evaluation of the GxP activity.
Data should be accurately recorded by permanent
means at the time of the activity. Data may be
contained in paper records (such as worksheets
and logbooks), electronic records and audit trails,
photographs, microfilm or microfiche, audio or
video-files or any other media whereby
information related to GxP activities is recorded.
Original record Data as the file or format in which it was originally Includes the first or source capture of data or
generated, preserving the integrity (accuracy, information and all subsequent data required to
completeness, content and meaning) of the record, fully reconstruct the conduct of the GxP activity.
e.g. original paper record of manual observation, or
electronic raw data file from a computerized
system.
True Copy A copy of original information that been verified as A true copy is a copy of an original recording of
an exact (accurate and complete) copy having all of data that has been certified to confirm it is an exact
the same attributes and information as the original. and complete copy that preserves the entire
content and meaning of the original record,
including in the case of electronic data, all
metadata and the original record format as
appropriate.
Revision History
1-May-16 New
Added TGA expectations using
Hart, S., "Data Integrity: TGA
13-Jun-16 Expectations," paper presented at
PDA conference July 2015.
The extent to which all data are complete, The degree to which a collection of data is The extent to which all data are complete,
consistent and accurate throughout the data complete, consistent and accurate7. consistent and accurate throughout the data
lifecycle. (Same as MHRA) lifecycle.
The collected data should be: p 2, p 4.8, p 5, p 6, p 7, p 8, p 9, p 12, p 13, p 16, p Data must be authentic, has integrity, and Refer to Section 7.0.
17 confidential. (Part 11 Pre-amble)
A - attributable to the person generating the data
L – legible and permanent Contemporaneous – EUDRALEX Vol 4 Chapter 4
C – contemporaneous (Documentation) Section 4.8.
O – original record (or ‘true copy’)
A – accurate
A record of all GMP-relevant changes and A record of all GMP-relevant changes and (1) (ISO) Data in the form of a logical path linking a GMP/GDP audit trails are metadata that are a
deletions. deletions. sequence of events, used to trace the transactions record of GMP/GDP critical information (for
that have affected the contents of a record. (2) A example the change or deletion of GMP/GDP
chronological record of system activities that is relevant data), which permit the reconstruction of
sufficient to enable the reconstruction, reviews, GMP/GDP activities.
and examination of the sequence of environments
and activities surrounding or leading to each event
in the path of a transaction from its inception to
output of final results.
P 14 (Annex 11 rev 1992) Australia TGA p 7.2 A copy of current (editable) data, metadata and
CGMP Human Blood Tissues, April 2013 system configuration settings (e.g. variable settings
which relate to an analytical run) maintained for
(Computers), 1008 the purpose of disaster recovery.
A set of software and hardware components which A functional unit, consisting of one or more computers and associated peripheral input and output devices, and associated so
together fulfill certain functionalities. (EMA Annex
11)