Data Integrity Cross Walk

MHRA US FDA WHO

Guideline / Regulation MHRA GxP Data Integrity Definitions and US FDA, “Guidance for Industry: Data WHO, Annex 5, Technical Report Series;
Guidance for Industry”, July 2016 (Draft). Integrity and Compliance with CGMP No 996 “Guidance on Good Data and
Guidance for Industry,” April 2016 (Draft) Record Management Practices,” May
2016

Definition - Data Integrity The extent to which all data are complete, The completeness, consistency, and accuracy of Data integrity is the degree to which data are
consistent and accurate throughout the data data. complete, consistent, accurate, trustworthy and
lifecycle. reliable and that these characteristics of the data
are maintained throughout the data lifecycle.

Data integrity criteria
The collected data should be: A - attributable to
the person generating the data; L – legible and
permanent; C – contemporaneous; O – original
record (or ‘true copy’); A - accurate
Attributable, see 211.101(d), 211.122, 211.186, The records should be complete, consistent,
211.188(b)(11), and 212.50(c)(10). enduring and available. Refer to detailed guidelines
Legible see 211.180(e) and 212.110(b). related with ALCOA on Appendix 1.
Contemporaneously recorded (at the time of
performance) see 211.100(b) and 211.160(a).
Original or a true copy see §§ 211.180 and
211.194(a).
Accurate see 211.22(a), 211.68, 211.188, and
212.60(g).
Definition - Metadata Metadata is data that describe the attributes of
other data, and provide context and meaning.
Data Lifecycle All phases in the life of the data (including raw
data) from initial generation and recording through
processing (including transformation or migration),
use, data retention, archive / retrieval and
destruction.
Definition - audit trail Audit trails are metadata that are a record of
critical information (for example the change or
deletion of relevant data), that permit the
reconstruction of activities.
Static record ‘Fixed’ record such as paper or pdf.
Dynamic record An electronic record which the user / reviewer can Dynamic means that the record format allows
interact with.
Backup A copy of current (editable) data, metadata and
system configuration settings (variable settings
which relate to an analytical run) maintained for
the purpose of disaster recovery.
The contextual information required to understand Metadata are data about data that provide the
data. contextual information required to understand
those data.
A secure, computer-generated, time-stamped
electronic record that allows for reconstruction of
the course of events relating to the creation,
modification, or deletion of an electronic record.
Static is used to indicate a fixed-data document
such as a paper record or an electronic image.
interaction between the user and the record
content.
Refers to a true copy of the original data that is
maintained securely throughout the records
retention period.
All phases of the process by which data are
created, recorded, processed, reviewed, analyzed
and reported, transferred, stored and retrieved and
monitored until retirement and disposal. There
should be a planned approach to assessing,
monitoring and managing the data and the risks to
those data in a manner commensurate with
potential impact on patient safety, product quality
and/or the reliability of the decisions made
throughout all phases of the data lifecycle.
The audit trail is a form of metadata that contains
information
associated with actions that relate to the creation,
modification or deletion of
GXP records.
A static record format, such as a paper or pdf
record, is one that is fixed and allows no or very
limited interaction between the user and the
record content.
Records in dynamic format allows for an interactive
relationship between the user and the record
content.
A copy of one or more electronic files created as an
alternative in case the original data or system are
lost or become unusable. Refer also to WHO
Technical Report Series, No. 937, 2006. Appendix
5 Annex 4 Section 5.
Computer system It is a system (consisting of one or more hardware It refers to computer hardware, software, A computer system collectively controls the
components and associated software) that is peripheral devices, networks, cloud infrastructure, performance of one or more automated processes
involved with the direct or indirect capture of data, operators, and associated documents and/or functions It includes computer hardware,
processing or manipulation of data, reporting and software, peripheral devices, networks, personnel
storage of data, and may be an integral part of and documentation, e.g. manuals and standard
automated equipment.[1] operating procedures.

Computer Systems Validation Refer to the section titled “Validation - for intended Q3 (Note: Q3 = ansewere to Q3 in the referenced WHO Technical Report Series, No. 937, 2006.
purpose“/EMA Annex 11 p 4. guidance document) Appendix 5 Annex 4.

Security EMA Annex 11 p 12. Q4 WHO Technical Report Series, No. 937, 2006.
Appendix 5 Annex 4 Section 4.
Shared login accounts Shared logins or generic user access should not be Q5
used. Where the computerized system design
supports individual user access, this function must
be used. It is acknowledged that some
computerized systems support only a single user
login or limited numbers of user logins. Where
alternative computerized systems have the ability
to provide the required number of unique logins,
facilities should upgrade to an appropriate system
by the end of 2017. Where no suitable alternative
computerized system is available, a paper based
method of providing traceability will be permitted.
The lack of suitability of alternative systems should
be justified based on a review of system design,
and documented.
The use of shared and generic log-on credentials
should be avoided to ensure that personnel actions
documented in electronic records can be attributed
to a unique individual. This would apply to the
software application level and all applicable
network environments where personnel actions
may occur (e.g. workstation and server operating
systems, etc.). Where adequate technical controls
are not available or feasible in legacy electronic
systems, combinations of paper and electronic
records should be used to meet the requirements
to attribute actions to an individual.
Audit trails review The relevance of data retained in audit trails should Q7
be considered by the company to permit robust
data review / verification. The items included in
audit trail should be those of relevance to permit
reconstruction of the process or activity. It is not
necessary for audit trail review to include every
system activity (e.g. user log on/off, keystrokes
etc.), and may be achieved by review of designed
and validated system reports.
Systems may be designed to facilitate audit trail
review via varied means, for example, the system
design may permit audit trails to be reviewed as a
list of relevant data or by a validated exception
reporting process. It is expected that during
validation of the system the organization will
establish – based upon a documented and justified
risk assessment – the frequency, roles and
responsibilities, and approach to review of the
various types of meaningful metadata, such as
audit trials. When determining a risk-based
approach to reviewing audit trails in GxP
computerized systems, it is important to note that
some software developers may design mechanisms
for tracking user actions related to the most critical
GxP data using metadata features and not named
these audit trails but may have used the naming
convention “audit trail” to track other computer
system and file maintenance activities. Training of
personnel who use computerized systems and
review electronic data in basic understanding of
how computerized systems work and how to
efficiently review the electronic data and metadata.
Quality assurance should also review a sample of
relevant audit trails, raw data and metadata as part
of self-inspection to ensure ongoing compliance
with the data governance policy / procedures. A
procedure should describe the actions to be taken
if data review identifies an error or omission. This
procedure should enable data corrections or
clarifications to be made in a GxP compliant
manner, providing visibility of the original record
and audit trailed traceability of the correction. A
procedure should describe the actions to be taken
if data review identifies an error or omission. This
procedure should enable data corrections or
clarifications to be made in a GxP compliant
manner, providing visibility of the original record
and audit trailed traceability of the correction.
Regular review of audit trails may reveal incorrect
processing of data and help prevent incorrect
results from being reported and identify the need
for additional training of personnel. Data review
should be documented.
Audit trail reviewer(s) There should be a procedure which describes the Q8 The quality unit should conduct and report to
process for the review and approval of data, management formal, documented risk review.
including raw data. Data review must also include a
review of relevant metadata, including audit trail.
Data review must be documented. A procedure
should describe the actions to be taken if data
review identifies an error or omission. This
procedure should enable data corrections or
clarifications to be made in a GMP compliant
manner, providing visibility of the original record,
and audit trailed traceability of the correction,
using ALCOA principles (see ‘data’ definition). QA
should also review a sample of relevant audit trails,
raw data and metadata as part of self-inspection to
ensure on-going compliance with the data
governance policy / procedures.
Retention of paper instead of e-recs It is conceivable for raw data generated by Q10. See also Q3 @ US FDA Questions and Data integrity risks may occur when persons
electronic means to be retained in an acceptable Answers on Current Good Manufacturing Practices, choose to rely solely upon paper printouts or pdf
paper or pdf format, where it can be justified that a Good Guidance Practices, Level 2 Guidance - reports from computerized systems without
static record maintains the integrity of the original Records and Reports meeting applicable regulatory expectations for
data. It would also require a documented means to original records. Original records should be
verify that the printed records were an accurate reviewed – this includes electronic records. If the
representation. reviewer only reviews the subset of data provided
as a printout or pdf, these risks may go undetected
and harm may occur.

The use of e-sign The use of electronic signatures should be
compliant with the requirements of international
standards 445 such as Directive 1999/93/EC
(requirements relevant to ‘advanced electronic
signature’).
Q11 The GxP organization may choose a fully-electronic
approach to allow more efficient, streamlined
record review and record retention. This would
require that authenticated and secure electronic
signatures be implemented for signing records
where required. This would require preservation of
the original electronic records, or verified true
copy, as well as the necessary software and
hardware or other suitable reader equipment to
view the records during the records retention
period. A hybrid approach is discussed in this
technical report.

E-record becoming a CGMP record Q12

Training about data integrity Data Governance systems should include staff Q16 Section 8
training in the importance of data integrity
principles.

Inspections of e-records Q17 All GxP records held by the GxP organization are
subject to inspection by health authorities. This
includes original electronic data and metadata,
such as audit trails maintained in computerized
systems.

Raw data Original records and documentation, retained in Means any laboratory worksheets, records,
the format in which they were originally generated memoranda, notes, or exact copies thereof, that
(i.e. paper or electronic), or as a ‘true copy’. Raw are the result of original observations and activities
data must be contemporaneously and accurately of a nonclinical laboratory study and are necessary
recorded by permanent means. In the case of basic for the reconstruction and evaluation of the report
electronic equipment which does not store of that study. In the event that exact transcripts of
electronic data, or provides only a printed data raw data have been prepared (e.g., tapes which
output (e.g. balance or pH meter), the printout have been transcribed verbatim, dated, and
constitutes the raw data. Source Data - All verified accurate by signature), the exact copy or
information in original records and certified copies exact transcript may be substituted for the original
of original records of clinical findings, observations, source as raw data. Raw data may include
or other activities in a clinical trial necessary for the photographs, microfilm or microfiche copies,
reconstruction and evaluation of the trial. Source computer printouts, magnetic media, including
data are contained in source documents (original dictated observations, and recorded data from
records or certified copies). (2009 MHRA GCP automated instruments. (21 CFR 58.3(k))
Guideline)
Data Facts and statistics collected together for reference Representations of facts, concepts, or instructions All original records and certified true copies of
or analysis. in a manner suitable for communication, original records, including source data and
interpretation, or processing by humans or by metadata and all subsequent transformations and
automated means. (FDA Glossary) reports of this data, which are recorded at the time
of the GxP activity and allow full and complete
reconstruction and evaluation of the GxP activity.
Data should be accurately recorded by permanent
means at the time of the activity. Data may be
contained in paper records (such as worksheets
and logbooks), electronic records and audit trails,
photographs, microfilm or microfiche, audio or
video-files or any other media whereby
information related to GxP activities is recorded.

Primary Record The record which takes primacy in cases where

data that are collected and retained concurrently
by more than one method fail to concur.

Original record Data as the file or format in which it was originally Includes the first or source capture of data or
generated, preserving the integrity (accuracy, information and all subsequent data required to
completeness, content and meaning) of the record, fully reconstruct the conduct of the GxP activity.
e.g. original paper record of manual observation, or
electronic raw data file from a computerized
system.

True Copy A copy of original information that been verified as A true copy is a copy of an original recording of
an exact (accurate and complete) copy having all of data that has been certified to confirm it is an exact
the same attributes and information as the original. and complete copy that preserves the entire
content and meaning of the original record,
including in the case of electronic data, all
metadata and the original record format as
appropriate.
Revision History

1-May-16 New
Added TGA expectations using
Hart, S., "Data Integrity: TGA
13-Jun-16 Expectations," paper presented at
PDA conference July 2015.

Updated based on: MHRA GxP

Data Integrity Definitions and
Guidance for Industry”, July 2016
(Draft).
10-Aug-16 Updated based on: PIC/S PI 041-1
(Draft 2), August 2016.

Updated based on: EMA Q&A:

GMP Data Integrity, August 2016

Improving readability. Add

10Aug16b suggestions sent by Roy Chinmoy.

Added CFDA draft regulation. The

24-Dec-16 cross walk migrated from MS
Word to Excell.
 TGA EMA Annex 11 21 CFR Part 11 PIC/S PI 041-1 (Draft 2)
TGA, Hart, S., "Data Integrity: TGA Additional guidelines - EMA Q&A: GMP US FDA, 21 CFR Part 11, "Electronic PI 041 1 (Draft 2), Guidance on Data
Expectations," paper presented at PDA Data Integrity, August 2016. Records; Electronic Signatures; Final Integrity
conference July 2015, Rule." Federal Register Vol. 62, No. 54,
https://www.tga.gov.au/tga- 13429, March 1997
presentation-given-pda-conference-july-
2015. (Not a TGA guidance document. It
is a presentation by S. Hart covering the
expectations by TGA). TGA’s Basic Data
Integrity expectations: PIC/S Guide
PE009-8 (Annex 11 Rev 1992); Australian
Code GMP human blood, blood
components, human tissues and human
cellular therapy products, Section 400-
415 Documentation; Section 1000-1017
Computers; ISO 12485 Documentation.

The extent to which all data are complete, The degree to which a collection of data is The extent to which all data are complete,
consistent and accurate throughout the data complete, consistent and accurate7. consistent and accurate throughout the data
lifecycle. (Same as MHRA) lifecycle.

The collected data should be: p 2, p 4.8, p 5, p 6, p 7, p 8, p 9, p 12, p 13, p 16, p Data must be authentic, has integrity, and Refer to Section 7.0.
17 confidential. (Part 11 Pre-amble)
A - attributable to the person generating the data
L – legible and permanent Contemporaneous – EUDRALEX Vol 4 Chapter 4
C – contemporaneous (Documentation) Section 4.8.
O – original record (or ‘true copy’)
A – accurate

P 1, P6, P 8, P9, P 10, P 12, P 13, P14, P15, P 16, P

17 (Annex 11 rev 1992)
All phases in the life of the data (including raw Creation – p 4.8, p 5 and p 6 11.1(b) - creation, modification, maintain, archive, The data lifecycle refers to how data is generated,
data) from initial generation and recording through Store – p 7 retrieve, and transmit processed, reported, checked,
processing (including transformation or migration), Archive – p 17 used for decision-making, stored and finally
use, data retention, archive / retrieval and Modification – p 10 discarded at the end of the retention
destruction. Transmit – p 5 period.

What does “Data Lifecycle” refer to? Refer to Q3 in

EMA Q&A: GMP Data Integrity, August 2016.

Other related info about Data Lifecycle, refer to

EMA Q&A: GMP Data Integrity, August 2016.

A record of all GMP-relevant changes and A record of all GMP-relevant changes and (1) (ISO) Data in the form of a logical path linking a GMP/GDP audit trails are metadata that are a
deletions. deletions. sequence of events, used to trace the transactions record of GMP/GDP critical information (for
that have affected the contents of a record. (2) A example the change or deletion of GMP/GDP
chronological record of system activities that is relevant data), which permit the reconstruction of
sufficient to enable the reconstruction, reviews, GMP/GDP activities.
and examination of the sequence of environments
and activities surrounding or leading to each event
in the path of a transaction from its inception to
output of final results.

Record recorded on paper.

Record recorded electronically.

P 14 (Annex 11 rev 1992) Australia TGA p 7.2 A copy of current (editable) data, metadata and
CGMP Human Blood Tissues, April 2013 system configuration settings (e.g. variable settings
which relate to an analytical run) maintained for
(Computers), 1008 the purpose of disaster recovery.
 A set of software and hardware components which A functional unit, consisting of one or more computers and associated peripheral input and output devices, and associated so
together fulfill certain functionalities. (EMA Annex
11)

P 2 (Annex 11 rev 1992). Australia TGA CGMP p4 11.10(a)

Human Blood Tissues, April 2013 (Computers)
1003

P 4 (Annex 11 rev 1992). Australia TGA CGMP p 12 11.10(d); 11.10(g)

Human Blood Tissues, April 2013 (Computers)
1014
11.300(a); 11.100(a); Comment 114 -- Part 11 does Shared login credentials do not allow for
not prohibit the establishment of a common group traceability to the individual who performed the
identification code/password for read only access activity. For this reason, shared passwords, even for
purposes. However, such commonly shared codes reasons of financial savings, must be prohibited.
and passwords would not be regarded, and must
not be used, as electronic signatures. Shared
access to a common database may nonetheless be
implemented by granting appropriate common
record access privileges to groups of people, each
of whom has a unique electronic signature.
P 10 (Annex 11 rev 1992) p9 Verify that audit trails are regularly reviewed (in
accordance with quality risk
management principles) and that discrepancies are
investigated.
P 10 p9
P 12 (Annex 11 rev 1992) P 8.1. The concept of “Clear printed” is introduced 11.10(b)
in Annex 11 p 8.1. “Clear printed” means printouts
that apart from the values themselves, the units
and the respective context can also be seen in the
printout[3]. Units and the respective context are
also known as metadata.

p 14 Electronic signatures which meet the requirements

of the rule will be considered to be equivalent to
full handwritten signatures, initials, and other
general signings required by agency regulations.
(Part 11 Pre-amble)

For electronic records regulated users should

define which data are to be used as raw data. At
least, all data on which quality decisions are based
should be defined as raw data. (EUDRALEX Vol 4
Chapter 4)
Section 4.29, EUDRALEX Vol 4 Chapter 4
p 3.4
All data on which quality decisions are based
should be defined as raw data. (EUDRALEX Vol 4
Chapter 4)
11.10(i) Personnel must be qualified and trained for their
specific duties, with appropriate segregation of
duties, including the importance of good
documentation practices.
There should be evidence of the effectiveness of
training on critical procedures, such as electronic
data review. The concept of data integrity applies
to all functional departments that play a role in
GMP, including areas such as IT and engineering.
PIC/S Participating Authorities regularly undertake
inspections of manufacturers and distributors of
API and medicinal products in order to determine
the level of compliance with GMP/GDP principles.
Records include the raw data which is used to Facts and statistics collected together for reference
generate other records. (EUDRALEX Vol 4 Chapter or analysis.
4)

The first-capture of information, whether recorded

on paper (static) or electronically (usually dynamic,
depending on the complexity of the system).
Information that is originally captured in a dynamic
state should remain available in that state.

True copy = accurate and complete copy. Refer to Section 8.11.

(Comment 69 in Part 11 pre-amble). “The agency
agrees that providing exact copies of electronic
records in the strictest meaning of the word ``true''
may not always be feasible. The agency
nonetheless believes it is vital that copies of
electronic records provided to FDA be accurate and
complete. Accordingly, in Sec. 11.10(b), ``true'' has
been replaced with ``accurate and complete.''”
“Preserve the content and meaning of the record”
(2003 Part 11 Guidance).
 CFDA
CFDA-Drug-Data-Management-
Standard (Draft)

Degree by which the data collection is complete,

conformable, and accurate during the full data life
cycle.

The data collected shall be assignable, legible, and

recorded synchronously, and shall be the original
data or true copy, and are accurate.
Metadata are the data about data, and they
provide the contextual information required for
understanding these data. Usually, these data
describe the structure, data element, correlation
and other data characteristics.

It refers to a planning method used for the

evaluation and management of data risk, so as to
ensure the data conformity with the decisions that
can potentially affect the patient's safety, product
quality and/or that are made in all stages of data
creation, processing, review, analysis, report,
transfer, storage, and retrieval, persistent
monitoring, and retirement.

Audit trail is a process to catch detailed

information, such as addition, deletion, or revision
of information in the record.

An original or true copy record in a paper form.

It means the record made in a dynamic format,

such as the electronic record that allows
interactions between the user and the contents
recorded.

A backup refers to the duplicate established for one

or more electronic documents when the original
data or system are lost or become unavailable.
It refers to a computerized system that can control
one or more automated operation flows in a
centralized way. It includes the computer
hardware, software, peripherals, network,
personnel and documentations, such as the
manual and standard operating procedures.
Different users of the computerized system shall
not share the account No. for login, or use the
same account No.
Audit trail shall be considered as a part of GXP to
be reviewed; the audit trail of alterations of the key
GXP data that can directly affect patient's safety or
product quality shall be accompanied by relevant
data, and be reviewed before the data are finally
approved. The audit trail needing periodic review
includes, but not limited to:
(I) Alteration of the final product inspection result;
(II) Alteration of sample operation sequence;
(III) Alteration of sample identifier;
(IV) Alteration of key process parameters.
Data integrity implementation shall be taken as a
part of self-inspection and periodic review, and be
reviewed by top managerial staff.
Safe control and filing regulations shall be
established to ensure that the original data or the
true copy are protected from intentional or
unintentional alterations or loss during the
retention period, and ensure that they meet the
requirement of data integrity. The mixed mode (e-
records and paper records) requires a safe
connection between all types of records during the
full record retention period.

An electronic signature shall be equivalent to a

written form signature, and shall be verified.
All employees whose job involves GXP data shall
finish the training on data integrity.

Written procedural control(s) for data review shall

be established, and control measures such as
training and self-inspection shall be taken to ensure
the appropriate review and approval of the original
record. Data review includes the review of data in
both paper and electronic form. Review of
electronic data shall not be restricted to the review
of paper form record printed in the computerized
system; it shall also include the review of meta
data.
Data refer to all original records and the certified
true copy of original records that are made during
GXP activity and are allowed to sufficiently and
completely reproduce and evaluate GXP activity,
including source data and meta data, and all
subsequent conversions and reports of the data.
Data shall be accurately recorded in a fixed way
during the activity. (Note: There is no referenc of
raw data in the CFDA draft.)
See raw data above.

The primary record shall be the primary basis for

judgment.

Original data include the data and information

collected for the first time or at the source, and
other data required for the purpose of reproducing
GXP activities completely.

Original electronic data set translated into a copy in

which the dynamic record of the original electronic
data set is reserved.