WRITTEN BY

Role Name Date Signature

REVIEWED BY
Role Name Date Signature

APPROVED BY
Function Name Date Signature

CHANGE HISTORY
Version Date Change Description (Change control Number, If apply)
1.0

ANNEX LIST
Code Description
N/A N/A
 TABLE OF CONTENTS
1 PURPOSE.........................................................................................................................4
2 SCOPE.............................................................................................................................4
3 REFERENCE DOCUMENTATION..........................................................................................5
4 GLOSSARY AND DEFINITIONS............................................................................................6
5 POLICY............................................................................................................................ 9
5.1 GENERAL TOPICS................................................................................................................9
5.2 DATA MANAGEMENT............................................................................................................9
5.3 COMPUTERIZED SYSTEM DESIGN........................................................................................10
5.4 SYSTEM VALIDATION..........................................................................................................10
5.5 DATA REVIEW AND REPORTING..........................................................................................11
5.6 CONTRACTED ORGANIZATIONS, SUPPLIERS AND SERVICE PROVIDERS................................11
5.7 DATA INTEGRITY REQUIREMENT MATRIX............................................................................12
5.7.1 QUALITY SYSTEM REQUIREMENTS............................................................................................... 13
5.7.2 SECURITY REQUIREMENTS.......................................................................................................... 14
5.7.3 INTEGRITY REQUIREMENTS.......................................................................................................... 16
5.7.4 TRACEABILITY REQUIREMENTS.................................................................................................... 18
5.7.5 ACCOUNTABILITY REQUIREMENTS................................................................................................ 19
6 ROLES AND RESPONSIBILITIES........................................................................................20
1 PURPOSE

2 SCOPE
3 REFERENCE DOCUMENTATION
References to the present document are listed below:

Rules:
[1] US Food & Drug Administration - Code of Federal Regulations, Title 21, part 11 - Electronic
Records; Electronic Signatures - Final Rule
[2] European Commission - The Rules Governing Medicinal Products in the European Union -
Volume 4 – Annex 11: Computerized Systems – June 2011
Guidelines:
[3] MHRA - GMP Data Integrity Definitions and Guidance for Industry - March 2018
[4] MHRA - GxP Data Integrity Definitions and Guidance for Industry - Draft version for
consultation July 2016
[5] WHO - Guidance On Good Data And Record Management Practices
WHO_TRS_996_ANNEX05
[6] World Health Organization (WHO) – Guidelines on Validation – Appendix 5 Validation of
Computer Systems, July 2016 (Draft Guidance)
[7] PDA - Elements of a Code of Conduct for Data Integrity – April 2016
[8] FDA Data Integrity and Compliance With CGMP Questions and Answers Guidance for
Industry, December 2018
[9] Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments –
PI041-1 – December 2018
[10] EMA Questions and Answers: Good Manufacturing Practice Data integrity, August 2016
[11] ISPE - GAMP RDI Good Practice Guide: Data Integrity - Manufacturing Records, June
2019
[12] ISPE - GAMP Guide, A Risk-Based Approach to Compliant GxP Computerized Systems -
Ver. 5.0
[13]
Internal Documents:
4 GLOSSARY AND DEFINITIONS
 ACCURATE Recorded information is a true notation of what happened, free
from error and conforms exactly to a standard
 API Active Pharmaceutical Ingredient
 ATTRIBUTABLE Data must be linked to its source. It shall be attributable to the
individual who observed and recorded the data or information, as
well as traceable to the source of the data itself
 AUDIT TRAIL The audit trail is a form of metadata that contains information
associated with actions that relate to the creation, modification or
deletion of GXP records. An audit trail provides for secure
recording of life-cycle details such as creation, additions, deletions
or alterations of information in a record, either paper or electronic,
without obscuring or overwriting the original record. An audit trail
facilitates the reconstruction of the history of such events relating to
the record regardless of its medium, including the “who, what,
when and why” of the action
 CFR Code of Federal Regulations
 COMPUTERIZED A computerized system collectively controls the performance of
SYSTEM one or more automated processes and/or functions. It includes
computer hardware, software, peripheral devices, networks and
documentation, e.g. manuals and standard operating procedures,
as well as the personnel interfacing with the hardware and
software, e.g. users and information technology support personnel
 CONTEMPORANEOUS Data shall be recorded at the time the observation is made and the
date of data entry
 DATA Information derived or obtained from raw data (e.g. a reported
analytical result). Data must be ALCOA, i.e.:
A = Attributable to the person generating the data
L = Legible and permanent
C = Contemporaneous
O = Original record (or ‘true copy’)
A = Accurate

To this list can be added the following (ALCOA+):

 Complete
 Consistent
 Enduring
 Available
 DATA GOVERNANCE The process and programs established to ensure that recorded,
processed, retained, retrieved and used data, regardless of its
acquiring process, format or technology, is recorded in a complete,
consistent and accurate manner throughout the data lifecycle.
 DATA INTEGRITY Data integrity is the degree to which data is complete, consistent,
accurate, trustworthy and reliable and that its characteristics of the
data are maintained throughout the data life cycle. The data should
be collected and maintained in a secure manner, so they are
attributable, legible, contemporaneously recorded, original or a true
copy and accurate.
 DATA LIFECYCLE All phases of the process in which data is created, recorded,
processed, reviewed, analyzed, reported, transferred, stored,
retrieved, and monitored until decommissioning. There should be a
planned approach to data assessment, data monitoring, data
management, and the risks to those data in a commensurate
manner with the potential impact on patient safety, product quality
and/or the reliability of decisions made throughout all phases of the
data lifecycle
 FDA Food & Drug Administration
 FDF Finished Dosage Form
 GAMP Good Automated Manufacturing Practices
 GxP Good x Practice, where x can be:
M = Manufacturing
L = Laboratory
C = Clinical
D = Distribution
 INTEGRITY Adherence to Moral and Ethical principles; soundness of moral
character; honesty
 LEGIBLE Data and changes to data must be legible and readable if it is to be
considered fit for use. It must be recorded permanently on a
durable medium
 META-DATA Metadata are a set of data that provide the contextual information
required to understand other data. These include structural and
descriptive metadata. Such data describe the structure, data
elements, interrelationships and other characteristics of data. They
also permit data to be attributable to an individual. Metadata
necessary to evaluate the meaning of data should be securely
linked to the data and subject to adequate review. Examples of
metadata are: time/date stamp of an activity, the operator
identification (ID) of the person who performed an activity, the
instrument ID used, processing parameters, sequence files, audit
trails and other data required to understand data and reconstruct
activities
 MHRA Medicines and Healthcare Products Regulatory Agency
 Original Record Data as the file or format in which it was originally generated,
preserving the integrity (accuracy, completeness, content and
meaning) of the record, e.g. original paper record of manual
observation, or electronic raw data file from a computerized system
 PIC/S Pharmaceutical Inspection Convention-Pharmaceutical Inspection
Co-operation Scheme
 PRIMARY RECORD In the event that primary data are recorded simultaneously by
multiple systems, the system that generates and stores the data
has to be defined. A risk assessment respectively a risk
management has to ensure that the so-defined primary records
have the maximum possible accuracy, completeness and
relevance. It is not allowed to define so-called static data (prints or
manual records), if there are dynamic (electronic) data as primary
records. If there are data anomalies (e.g. OOS results), all data
(static and dynamic) will have to be included in a risk-based
investigation.
 RAW DATA Original records and documentation, retained in the format in which
they were originally generated (i.e. paper or electronic), or as a
‘true copy’. Raw data must be contemporaneously and accurately
recorded by permanent means. In the case of basic electronic
equipment which does not store electronic data, or provides only a
printed data output (e.g. balance or pH meter), the printout
constitutes the raw data.
 REGULATED DATA Data used for GxP purposes, required by GxP Regulations
 SDLC Computerized System Development Life Cycle (SDLC). All
activities from initial concept to retirement of a computerized
system. The life cycle of the system includes the defintion and
performance of activities in a systematic way from conception,
requirements, development or configuration, testing, release and
operational use, to system retirement
 SLA Service Level Agreement
 SOP Standard Operating Procedures
 True Copy An exact verified copy of an original record.
 VALIDATION FDA Guidelines on General Principles of Process Validation, Jan
2011 defines validation as:
“The collection and evaluation of data, from the
process design state through commercial
production, which establishes scientific evidence
that a process is capable of consistently
delivering quality product”
 WHO World Health Organization
 LSV LESVI
5 POLICY
5.1 GENERAL TOPICS

5.2 DATA MANAGEMENT

5.3 COMPUTERIZED SYSTEM DESIGN

5.4 SYSTEM VALIDATION

5.5 DATA REVIEW AND REPORTING

5.6 CONTRACTED ORGANIZATIONS, SUPPLIERS AND SERVICE PROVIDERS

5.7 DATA INTEGRITY REQUIREMENT MATRIX
5.7.1 Quality System Requirements

21 CFR EU cGMP
Name Description
Part 11 Annex 11
INFRASTRUCTURE IT infrastructure used by the
NA Principle
QUALIFICATION Computerized System shall be qualified
Extent of Validation and Data Integrity
assurance should be based on a 1
RISK MANAGEMENT NA
justified and documented Risk 4.1
Assessment of the System
The Validation process for the
Computerized System should be
defined according to pre-defined
VALIDATION STANDARDS standards (e.g. Policy, Procedures) NA 4.1
based on a justified Risk Assessment
and should cover all the relevant steps
of the System life-cycle
The Computerized System shall be
included in an up to date inventory
SYSTEM INVENTORY NA 4.3
listing all relevant systems and their
GMP functionality
Suppliers should be assessed to ensure
3.2
that the system has been developed in
SUPPLIER QUALIFICATION NA 3.4
accordance with an appropriate quality
4.5
management system
For the validation of bespoke or
customized computerized systems there
SUPPLIER DOCUMENTATION should be a process in place that
FOR CUSTOMIZED ensures the formal assessment and NA 4.6
COMPUTERIZED SYSTEMS reporting of quality and performance
measures for all the life-cycle stages of
the system
Automated testing tools used for
AUTOMATIC TESTING
Validation shall have documented NA 4.7
TOOLS
assessments for their adequacy
Test environments should have
TEST ENVIRONMENTS documented assessments for their NA 4.7
adequacy
 21 CFR EU cGMP
Name Description
Part 11 Annex 11
All incidents, not only system failures
and data errors, should be reported and
assessed. The root cause of a critical
INCIDENT LOG NA 13
incident should be identified and should
form the basis of corrective and
preventive actions
All relevant Personnel (i.e. Process
Owner, System Owner, Qualified
Person, System Developers and
PERSONNEL TRAINING 11.10 (i) 2
System Administrators) should have
appropriate documented qualifications
in order to perform their assigned tasks
When third parties (e.g. suppliers,
system integrators, service providers)
provide, install, configure, integrate,
validate, maintain, modify, retain a
computerized system or manage
services related to the system such as
QUALITY AGREEMENTS
data processing, formal agreements NA 3.1
FOR THIRD PARTIES
must exist between the manufacturer
and the third part.
These agreements should include clear
statements of the responsibilities of the
third party. IT-departments should be
considered analogous to third party
A procedure shall be defined where
distribution, access and use of the
DOCUMENT CONTROL 11.10 (k)(1) NA
system documentation is clearly
described
Change Control procedure shall be
defined to maintain an audit trail that
DOCUMENTS CHANGE
documents the time-sequenced 11.10 (k)(2) Vol.4: §4.29
CONTROL
development and modification of the
System documentation
Any changes to a computerized system
including system configurations should
only be made in a controlled manner
and in accordance with a defined
SYSTEM CHANGE procedure. 10
NA
CONTROL Validation documentation should 4.2
include change control records (if
applicable) and reports on any
deviations observed during the
validation process

5.7.2 Security Requirements

 21 CFR EU cGMP
Name Description
Part 11 Annex 11
Backup and recovery procedure shall be
defined with their schedule. Regular
backups of all relevant data should be
done. Backup data should be stored in a
separate and secure location.
Integrity and accuracy of backup data
BACKUP should be checked during or on 11.10 (c) 7.2
completion of the backup process.
Backup, archiving, retrieval and
restoration (recovery) practices shall be
defined, tested and established in
accordance with the risk associated to the
data managed through the System
The availability to restore the data should
RESTORE be checked during the validation and 11.10 (c) 7.2
monitored periodically
In case the data are archived offline (i.e.
not immediately available to users), data
shall be periodically checked for
accessibility, readability and integrity.
ARCHIVING 11.10 (c) 17
If relevant changes are to be made to the
system (e.g. computer equipment or
programs), then the ability to retrieve the
data should be ensured and tested
The System allows to generate accurate
and complete copies of electronic record
in both human readable printouts and
RECORD INSPECTABILITY standard electronic format (e.g. PDF, MS 11.10 (b) 8.1
Word, MS Excel, etc.) suitable for
inspection, review and copying by the
Regulatory agency
The System shall restrict logical access to
pre-authorized users. Multiple user
access levels should be specified for the
system-operating platform (system users
shall not be administrators of the
operating platform and hence not be
allowed to modify content of the
files/folders/databases storing data). 11.10 (d) 12.1
RESTRICTED ACCESS
Users that have gained access to the 11.200 (a)(2) 12.2
operating platform should not
automatically gain access to the System.
Password shall be known only by the
user. When a new password is assigned
by the system administrator, the System
shall force user to change his password
after the first login
 21 CFR EU cGMP
Name Description
Part 11 Annex 11
The System shall maintain the
uniqueness of each combined
identification code and password, such
that no two individuals have the same
combination of identification code and
password (the system must prevent a
UNIQUENESS OF CODES 11.300 (a) 12.1
given user ID from being reused).
Each user must be the only one who
knows the combination of ID code and
Password.
Moreover any account, not used for a
defined period, must be de-activated
The System must restrict use of the
function according to pre-configured user
AUTHORITY CHECK profiles that are maintained. Any changes 11.10 (g) 12.1
to the roles should be authorized and
tracked
The System shall include a log off
mechanism after a pre-defined period of
user inactivity, or a mechanism where
AUTOMATIC LOG OFF user ID entry is required after inactivity 11.10 (g) 12.1
period.
This feature must not be modifiable by
users
A security procedure shall be
implemented where user profiles are
defined specifying the functions users are
able to use. Any changes to the user
12.1
USER PROFILES profiles shall be authorized and traced.
11.10 (d) 12.2
SECURITY The procedure shall enable tracking and
12.3
where possible audit trailing for the
issue/alteration, and cancellation of
authorization to system/application/data
access
Data should be secured by both physical
and electronic means against damage.
The System shall allow to store electronic
DATA RETENTION 11.10 (c) 7.1
records to enable their accurate and
ready retrieval throughout the records
retention period

5.7.3 Integrity Requirements

21 CFR EU cGMP
Name Description
Part 11 Annex 11
The System shall be validated to ensure
Principle
VALIDATION accuracy, reliability and consistent 11.10 (a)
4.1
intended performance
 21 CFR EU cGMP
Name Description
Part 11 Annex 11
Computerized systems should be
periodically evaluated to confirm that
they remain in a valid state and are
compliant with GMP. Such evaluations
PERIODIC REVIEW should include, where appropriate, the 11.10 (a) 11
current range of functionality, deviation
records, incidents, problems, upgrade
history, performance, reliability, security
and validation status reports
User Requirements Specifications
describing the required functions of the
computerized system and based on
USER REQUIREMENTS 11.10 (a) 4.4
documented risk assessment and GMP
impact should be present and traceable
throughout the life-cycle
An up to date system description
detailing the physical and logical
arrangements, data flows and interfaces
SYSTEM SPECIFICATIONS with other systems or processes, any 11.10 (a) 4.3
hardware and software pre-requisites,
and security measures should be
available
Evidence of appropriate test methods
and test scenarios should be
demonstrated. Particularly, system
VALIDATION TESTING NA 4.7
(process) parameter limits, data limits
and error handling should be
considered
If data are transferred to another data
format or system, validation should
DATA MIGRATION
include that data are not altered in value 11.10 (a) 4.8
VERIFICATION
and/or meaning during this migration
process
The system must be able to detect
invalid entries (such as invalid fields left
blank that should contain data, values
INVALID ENTRY DETECTION 11.10 (a) 6
outside of limits, ASCII characters in
numeric-only fields, and incorrect file
formats, etc.)
System GMP records must be protected
from alteration/deletion. If records can
be altered by tools outside the System,
the System shall detect and trace all the
DATA INTEGRITY / actions performed on records by pre-
ALTERED RECORD authorized operators (even at the 11.10 (a) 1
DETECTION highest level of access, such as System
Administrator).
Auto-save function must be active or
Audit trail records each measurement
run
 21 CFR EU cGMP
Name Description
Part 11 Annex 11
For the availability of computerized
systems supporting critical processes,
provisions should be made to ensure
continuity of support for those
processes in the event of a system
breakdown (e.g. a manual or alternative
BUSINESS CONTINUITY system). The time required to bring the NA 16
alternative arrangements into use
should be based on risk and appropriate
for a particular system and the business
process it supports.
These arrangements should be
adequately documented and tested
The system shall use device (e.g.,
terminal) checks to determine, as
DEVICE CHECK 11.10 (h) NA
appropriate, the validity of the source of
data input or operational instruction
The System must have operational
checks in order to enforce permitted
OPERATIONAL CHECK sequencing of steps and events, by 11.10 (f) NA
allowing the execution of one step only
after the execution of the previous one
In case the Computerized System
exchanged data electronically with other
INTERFACE BUILT-IN systems, it should include appropriate
NA 5
CHECKS built-in checks for the correct and
secure entry and processing of data, in
order to minimize the risks
In case of critical data manually
entered, an additional check done by a
second operator or by validated
electronic means on the Accuracy of
ACCURACY CHECKS data should be done. The criticality and NA 6
the potential consequences of
erroneous or incorrectly entered data to
a system should be covered by risk
management

5.7.4 Traceability Requirements

 21 CFR EU cGMP
Name Description
Part 11 Annex 11
The system shall ensure the irrefutable
recording of the identity of operators
entering or confirming data through the
Audit trail, which shall record all actions
that create, change or delete electronic
records with relative metadata.
Audit trail shall be created automatically
by the System without any user action.
Audit trail shall include time and date
relative to the action performed on the
record.
The alteration to data shall permit the
reading of the original information, i.e.
audit trail shall not overwrite record
changes on previously stored
9
AUDIT TRAIL information. 11.10 (e)
12.4
In case the reason of change or deletion
of GMP-relevant data is required to be
documented, the System shall force
user to enter reason.
The System shall allow to create
accurate and complete copies of audit
trail in a standard form (ASCII, PDF).
Audit trail have to be kept together with
relative records all over the retention
time.
The System shall prevent all user
profiles at any level (including System
Administrator) from altering data or it
shall trace any change with immutable
Electronic Logs
Audit trails need to be available and
9
AUDIT TRAIL REVIEW convertible to a generally intelligible NA
12.4
form and regularly reviewed
For records supporting batch release,
the System shall allow to generate
CHANGES IN PRINTOUTS printouts indicating if any of the data NA 8.2
has been changed since the original
entry
Temporal reference shall be equal for
all users, otherwise the System shall
synchronize automatically all work
TEMPORAL REFERENCE 11.10 (e) 12.4
stations. Temporal reference (including
time zone) cannot be changed by the
user

5.7.5 Accountability Requirements

 21 CFR EU cGMP
Name Description
Part 11 Annex 11
11.50
11.70
ELECTRONIC SIGNATURE Requirements for Electronic Signature 11.100 14
11.200
11.300
The paper Records created through the
System and signed manually shall 4.1 (EU GMP
HYBRID MANAGEMENT 11.70
include an univocal link to the relevant Chapter 4)
Electronic Record
Systems used for recording certification
and batch release should allow only
Qualified Person to certify the release of
BATCH RELEASE the batches and it should clearly identify NA 15
and record the person releasing or
certifying the batches. This should be
performed using an electronic signature
6 ROLES AND RESPONSIBILITIES