REF.

SOP: GEN-044(1)

KAMPALA PHARMACEUTICAL INDUSTRIES (1996) LTD

CODE OF CONDUCT FOR DATA INTEGRITY
The Company maintains a strict code of conduct with regard to records, data and other
forms of GMP-relevant documentation. It is company policy to enforce data integrity as
individual and collective responsibility of all employees in order to ensure that all data,
irrespective of the format (paper or electronic) are accurate, truthful and complete.
This requirement is critical to the overall company objective to manufacture medicinal
products of assured safety, efficacy and quality, and ultimately to protect the patient.
Company’s management has put in place an operational and documentation system to
demonstrate that each product has been developed, manufactured or tested under
conditions that are designed to assure the reliability and integrity of information and data
used to support its quality and fitness for use.
Every employee has a duty to engage in conduct which ensures that stakeholders can
trust all company decisions (development, manufacture, testing and release) based on
data and information that is accurate and reliable.
The Code of Conduct for Data Integrity as summarized below is intended to state the
basic and minimum requirements, obligations and expectations for all employees, with
regard to GMP data and records management.
Elements of a Code of Conduct for Data integrity:
1.0 Responsibility:
1.1 All company employees must understand that existence of data integrity issues
are considered critical indicators of a deficient quality culture within the
organization. The elements of the Code of Conduct for Data Integrity herein
described in this document must therefore be appreciated as of fundamental
ethical value, and a pillar working philosophy of the company, and must always be
adhered to by all employees and officers performing GMP functions.
1.2 Employees are encouraged to adopt and practice values, beliefs, thinking and
conduct that is transparent and open. Such work environment permits free
communication of failures and mistakes including data integrity issues, so that
appropriate corrective and preventive actions may be taken.
REF. SOP: GEN-044(1)

1.3 Every company employee involved in the development manufacture, testing,

release and submission of marketing authorizations is responsible for his/her own
conduct to maintain a bond of trust between the company and its stakeholders,
namely the patients, health-care providers and regulators, to prevent a broken
bond due to data integrity issues.
1.4 Employee shall not engage in any conduct that calls into question the integrity of
data (such as falsifying data, making unauthorized changes, or destroying,
deleting or over-writing data).
1.5 Employee shall not delay, deny or limit access to records or refuse to permit
inspection by duly authorized officials of regulatory authorities (except as may be
specified in a written procedure e.g. to immediately notify executive management
when an inspector arrives).
1.6 Employees who conduct data integrity audits will maintain a current awareness of
required laws, regulations and requirement that pertain to good documentation
and record-keeping practices.
1.7 Employees who review the BMR/BPR records as a condition of batch release
shall adhere to established procedures and shall confirm that the records
supporting batch release have been verified by a second person for accuracy,
truthfulness and completeness.
2.0 ALCOA principles: -
2.1 Every employee is required to collect, analyze, report, document and retain
information and data in accordance with the ALCOA+ principles.
2.2 All data should be:
 Attributable to the person generating the data.
 Legible and permanent.
 Contemporaneous.
 Original record (or true copy).
 Accurate.
 Complete
 Consistent,
 Enduring and
REF. SOP: GEN-044(1)

 Available throughout the data life cycle for the defined

retention period
2.3 Employees must sign or initial original records in a contemporaneous manner,
and must enter the date (and time if required by procedure) to accurately
reflect who performed or witnessed/verified the accuracy of entries. Employee
shall never record the signature or initials of another person or pre-date or
back-date entries on any record (either paper or electronic).
2.4 Employees will adhere to the requirements of established documentation
procedures. Raw data shall be recorded in official bound notebooks and
controlled worksheets or pre-numbered approved forms for paper records, or
in computer systems with appropriate security, access controls, audit trail,
validation for intended use and back-up.
2.5 Paper and electronic records shall be retained either as original or as true
copies (such as photocopies) or other accurate reproductions of the original
record (such as electronic scanning).
2.6 Employees will adhere to established company procedures that describe the
documentation control and retention requirements.
2.7 Employees shall not discard, destroy or modify in any way raw data or original
records, except at the end of prescribed retention period as per relevant SOP.
2.8 Employees shall not delete raw data or alter original records in a manner that
obscures or obliterates the original entries.
2.9 To correct errors, the original entries shall be retained along with entries that
identify the person making the correction, the date and reason for the
correction.
3.0 Training/Ethical Conduct: -
3.1 Employees shall receive regular training on the fundamental principles of
Data.
3.2 Integrity, including employee conduct as a pre-condition of performing GMP
functions.
3.3 Each employee shall receive annual refresher training on the Code of
Conduct for Data Integrity.
REF. SOP: GEN-044(1)

3.4 Employees are required to thoroughly familiarize themselves with all elements
of the Code of Conduct for Data Integrity.
3.5 Employees shall sign a commitment to adhere to this Code of conduct for
Data Integrity.
4.0 Data Integrity Failure: -
4.1 Employees shall voluntarily notify responsible management of the company if
they become aware of any potential issue that impact data integrity such as
those attributable to errors, omissions or wrongful acts regardless of the
cause. The person reporting any data integrity issues may opt to do so
anonymously. All such disclosures or notifications shall be treated in strict
confidence.
4.2 Employees will immediately notify company management if they become
aware that a pending or approved marketing authorization or other
submission to a regulatory authority contains an untrue statement of material
fact or omits material facts (e.g. information is false, misleading, inaccurate or
incomplete).
4.3 Employees shall cooperate with the company during an investigation of data
integrity failure. Employees are required to provide factual information about
any incident/event for which he/she may have firsthand knowledge. Such
information provided during investigation shall be accurate, truthful and
complete to the best of their knowledge.
5.0 Breach of Code of Conduct for Data Integrity: -
5.1 Any deliberate data falsification, unauthorized changes, destruction or other
conduct which calls into question the integrity of data shall be reviewed by
responsible management and Human Resources (HR).
5.2 Appropriate disciplinary action will be imposed on the culpable employee, for
conduct that is confirmed as not conforming to this Code of Conduct for Data
Integrity.
5.3 Failure by employee to notify management of known or suspected data
integrity breaches is actionable, and appropriate disciplinary action shall be
taken.
REF. SOP: GEN-044(1)

6.0 Records and data security: -

6.1 Employees shall adhere to established procedures that describe
requirements of security controls for accessing electronic data.
6.2 Employees must not disclose and/or share the user name and/or passwords
with others, or use the username or password of another person to access
computer files.
6.3 Employees responsible for the storage of master Batch files and their true
copies, shall ensure appropriate and secure storage locations in order to
prevent unauthorized access, interference or damage.
 REF. SOP: GEN-044(1)

KPI (1996) LTD Page 1 of 1

DATA INTEGRITY CODE OF CONDUCT TRAINING AND ADHERENCE DECLARATION
Employee Name
Designation
Department
Name of Facilitator
Date of Training
TRAINING AND ETHICAL CONDUCT (Tick in the applicable box) YES NO
I have been trained on the Code of conduct for Data Integrity.
My Training Questionnaire has been checked and filed.
During the Previous year, I voluntarily reported an event of known or suspected breach of
Code of Conduct for Data Integrity.
During the Previous year, I was found culpable in a case(s) of data integrity failure / breach
of the Code of Conduct for Data Integrity.
DECLARATION OF ADHERENCE (Tick in the applicable box)
I have read and understood the current Code of Conduct for Data Integrity.
I have Understood all the implications and consequences of breach of the Code of conduct
for Data Integrity.
I accept to comply by all the elements of the Code of Conduct for Data Integrity.
I have understood that disciplinary action and possible penalties can result from unethical
behaviour.
I have understood that all work performed and information gathered by KPI (1996) Ltd will
be kept confidential.
Employee Sign / Date:
Checked by HOD: Sign / Date:
Reviewed by QA Manager (Sign & Date):