Standard Operating Procedure

Document Title Data Integrity Page 1 of 7

1. Objective
To lay down procedure for data integrity as part of quality management system.
To establish guidelines and procedures to ensure data integrity in regulatory
activities.
To prevent unauthorized access, loss, alteration, or falsification of data
throughout the regulatory processes, including data generation,
collection, analysis, and reporting. Adherence to data integrity principles
is essential to maintain regulatory compliance and ensure the reliability
and trust worthiness of submitted data

2. SCOPE
This procedure is applicable for all the data associated with GxP and quality
management system.
Applied to all personnel involved in regulatory activities, including data generation,
collection, analysis, and reporting.
It covers both electronic and paper-based data and encompasses all regulatory
functions, such as clinical trials, product registration, post-marketing surveillance,
and quality management.

3. DEFINITIONS
GxP: Common terms used for multiple practices defined by regulatory agencies (e.g.
Good Manufacturing Practices, Good Laboratory Practices (GLP), Good Clinical
Practices (GCP) etc.)
Complete: The data must be whole; a complete set
Consistent: The data must be self-consistent
Enduring: Durable; lasting throughout the data lifecycle
Audit Trial: An audit trail is a chronology of the “who, what, when, and why” of a
record and exists in paper and/or electronic formats. The audit trail is a
form of metadata containing information associated with actions that
relate to the creation, modification or deletion of GXP records. An audit
trail provides for secure recording of life-cycle details such as creation,
additions, deletions or alterations of information in a record, either paper
or electronic, without obscuring or overwriting the original record.

Data: The information derived or obtained from raw data and generated as
 Standard Operating Procedure
Document Title Data Integrity Page 2 of 7

paper- based or electronic records is called data.

Data Life Cycle: All phases in the life of the data (including raw data) from initial
generation and recording through processing (including transformation or migration),
use, data retention, archive/retrieval, and destruction.
GxP: GxP stands for Good X Practices (X can mean: Clinical, Laboratory,
Manufacturing, Pharmaceutical, etc.)
True copy: A copy (electronic or paper based) of the original record that has been
verified and approved.
Raw data: Raw data is defined as the original record (data) which can be described as
the first-capture of information, whether recorded on paper or electronically.
Accuracy: All data must be accurate, reflecting the true and actual observations or
measurements without intentional or unintentional errors.
Legibility: All data must be recorded in a clear, legible, and permanent manner to
ensure proper understanding and interpretation.
Contemporaneousness: Data must be recorded at the time of the activity, reflecting
real-time observations and events.
Attributable:Alldatamustbeattributabletothepersonresponsibleforgenerating,
recording, or modifying the data, with clear identification of personnel involved.
Consistency:Datamustbeconsistentthroughoutallrecordsandsystems,andany
inconsistencies or discrepancies must be promptly addressed and documented.
Completeness:Alldatamustbecomplete,includingnecessarymetadata,toprovidea
comprehensive and accurate record of the activity or process.
Security:Electronicdatamustbeprotectedwithappropriateaccesscontrolstoprevent
unauthorized changes, deletions, or alterations.
Documentation:Alldatamustbeproperlydocumented,includingtheuseofapproved forms,
templates, and electronic systems, following Good Documentation Practices (GDP).

Review:Regularreviewsandauditsofdataintegritypracticesmustbeconductedto identify
and address potential vulnerabilities or areas for improvement.
Training:Personnelinvolvedindatagenerationandprocessingmustreceiveadequate
training on data integrity principles and procedures.

4. RESPONSIBILTIES
 Standard Operating Procedure
Document Title Data Integrity Page 3 of 7

All department involved in data generation, usage and

retention. Senior management shall be
accountablefortheimplementationofsystemsandprocedurestominimiz
ethepotentialriskto data integrity.
All HODsaretocomplywiththeSOPfordatasecurity andintegrity.
QAdepartmentshallconducttheperiodicreviewofdatahandlingin accordancewiththe
SOP.
5. Procedure:
Usevalidatedandcalibratedinstrumentsandequipmentfordatageneration.
Documentallrelevantinformation,suchasdate,time,andpersonnelin
volved,foreach data entry or modification.
Storeelectronicdatainsecure,validatedsystemswithappropriateaccesscontrols.
Implementdatabackupandrecoveryprocedurestopreventdatalossorcorruption.
Storepaper-
basedrecordsincontrolledenvironmentswithrestrictedaccessandpro
per labeling.
Implementaccesscontrolstoensureonlyauthorizedpersonnelcanac
cess,modify,or delete data.
Useuniqueuseraccountsandstrongpasswordsforsystemaccess.
Maintainanaudittrailofdatachanges,includingtheidentityofthepers
on makingthe change and the reason for the change.
Performregulardatareviewstoensureaccuracy,completeness,and
compliancewith regulatory requirements.
Documentdatareviewactivities,includinganydiscrepanciesorcorrectiveaction
staken.
Obtainappropriateapprovalsforfinalizeddatabeforesubmis
siontoregulatory authorities.

Providetrainingtopersonnelondataintegrityprinciples,includin
gdataentry,handling, and storage practices.
Conductperiodicawarenessprogramstoreinforcetheimportanc
eofdataintegrityand regulatory compliance.
 Standard Operating Procedure
Document Title Data Integrity Page 4 of 7

Dataintegrityisapplicableforbothmanualrecording(paper)a
ndautomatedsystem (electronic).
Sufficienttrainingshallbeimpartedtoallconcernpers
onnelondataintegrity. Completeness, consistency and
accuracy of data should be ensured.
Anydataintegrityidentifiedshallbehandledasperqualityma
nagementsystemand risk assessment shall be performed
wherever applicable. Appropriate corrective
andpreventiveaction shallbetaken.
FalsificationofGxPrecordsordatashallresultindisciplinary actions.
Thegenerationorprocessingofdatashallfollowalogicalandseq
uentialapplicationof date and time.
Datashallbeattributable
(persongeneratedormodifiedthedata),legible(readableand
permanent), contemporaneous (data recording at the time of
activity), original (true copy) and accurate (error free).
Additionally, data should be complete, consistent, enduring and
should be readily available and accessible throughout the life-
cycle of data.
Dataverificationandapprovalshallbedocumentedandshal
lincludethereviewof raw data and metadata (metadata- data
generated about data, e.g. audit trail).
Audittrailshallbereviewedaspartofroutinedatareview/
approvalprocess.Any abnormalities identified during
review shall be handled appropriately.
Data recording on behalf of others should be avoided
and if unavoidable, appropriate justification (e.g.
language/literacy limitations, documenting line
interventionsbysterileoperators)shallbegivenwithtraceabilit
yofbothpersons performing the task and person completing
the record.All recording shall be contemporaneous.
 Standard Operating Procedure
Document Title Data Integrity Page 5 of 7

Clocksfortimerecordingshouldbecontrolledandsynchroni
zed.Timezonesshould be specified where data is used.
Datageneratedduringmaintenanceorsuitabilit
ytestingactivityshallbe documented and retained.
Thereshouldbetraceabilityofdatareprocessingormodif
icationi.e.traceability from final result to original raw data
is required.
Equipment(e.g.pHmeter,balances)thatprovidesonlyprinteddataoutput, then
printoutshallconstitutetherawdata.Equipment
thatstoresthedatapermanentlyand only holds certain volume, the data
should be extracted as electronic data.

Errorsorinconsistencyidentifiedduringthedatareview,t
hereviewermust obtain clarification from the recorder
and correction shall be made after appropriate
justification.
Anymodification inelectronicorpaper-baseddatashallbeattributable.
Datashouldbeexcludedbasedonvalidscientificjustificat
iononly.Alldata(even if excluded) shall be retained with
original data set.
Thereshallbereconciliationofissuedpages,worksheet
s,logbooks,notebooks and printouts wherever
applicable.
Originaldatashallbemaintainedasperdocumentret
entionpolicyandshall be destroyed as per policy.
Computersystemandsoftwarefordataprocessingshall
bevalidatedbasedon usage wherever applicable.
Electronicsignatureshouldbesecuredanditcanbeappliedbythe‘owner’ of
thesignatureonly.Electronicsignaturemustprovidetraceabilityofsig
natoryanddate of signature along with meaning of signature (e.g.
reviewed or approved).
 Standard Operating Procedure
Document Title Data Integrity Page 6 of 7

Systemusersshallbegivenaccessaspertheirrolesand
responsibilities.User access rights shall prevent
unauthorized data amendments.
Datamigration/
transfershallbevalidatedwhereverapplicabletoensuredataintegrity
is maintained throughout the data life-cycle.

Anyrightstoalterthefilesandsettingshallbegiventopersonnelfrom

independentdepartmentordifferentfromuserdepartment.
Loginshouldnotbesharedamongindividuals.Ifunavoidable,appro
priatejustificationand documentation should be in place
Databackupshouldbeperformed routinely.

Databackupandrecoveryprocessmustbeappropriatelyvalidatedtoavoi
danyalteration during backup and recovery process.
Recordsshallberetained inamannerthattheycannotbemodifiedordeleted
without traceability.
6. ProcessFlow chart

7. SafetyRequirements:
 Standard Operating Procedure
Document Title Data Integrity Page 7 of 7

N/A
8. REFERENCES
MHRAGXPDataIntegrityGuidanceandDefinitions;Revision1:March2018
GoodPracticesforDataManagementandIntegrity
inRegulatedGMP/GDP Environments – PIC/S;
PI041-1(draft 2); August 2016