Beruflich Dokumente
Kultur Dokumente
Reviewed By
Approved By
Authorized By
1.0 OBJECTIVE
The objective of this document is to define a procedure to access, review, monitoring, and assuring
the Data Integrity of the entire data generated, to apply robust system that inhibit data risk, to
improve the detection of data reliability and to address the root causes when failure observed.
2.0 SCOPE
This SOP is applicable to all type of data generated in the form of paper or electronic data across the
all the functions of (Company Name) throughout the data life cycle.
3.0 RESPONSIBILITY
3.1 All employees to follow the procedure for data security and integrity.
3.2 All HODs to comply with the SOP for data security and integrity.
3.3 QA department shall conduct the periodic review of data handling in accordance to the SOP.
4.2 DEFINITIONS
4.2.1 Data: The information derived or obtained from raw data and generated in form of paper based or
electronic record is called as data.
4.2.2 Raw Data: Original records, documentation and printed data output, retained in the format in
which they were originally generated (i.e. paper or electronic).
4.2.3 Meta Data: Metadata is the contextual information required to understand data. A data value is by
itself meaningless without additional information about the data. Metadata is often described as
data about data.
4.2.4 Data Security and Integrity: Refers to the completeness, consistency, and accuracy of data.
Complete, consistent, and accurate data shall be attributable, legible, contemporaneously recorded,
original or a true copy, and accurate (ALCOA).
4.2.5 Audit Trial: a secure, computer-generated, time-stamped electronic record that allows for
reconstruction of the course of events relating to the creation, modification, or deletion of an
electronic record. An audit trail is a chronology of the “who, what, when, and why” of a record.
4.2.6 Back-up: to refer to a true copy of the original data that is maintained securely throughout the
records retention period for recovery. The backup file shall contain the data (which includes
associated metadata) and shall be in the original format or in a format compatible with the original
format.
4.2.7 Data Life Cycle: All phases in the life of the data (including raw data) from initial generation and
recording through processing (including transformation or migration), use, data retention, archive /
retrieval and destruction.
4.2.8 Attributable: Data record linked to name of person or the source from where data was acquired,
who performed any action on or with the data.
4.2.9 Legible: Paper based data shall be in handwriting that is decipherable or readable.
4.2.10 Contemporaneous: Data shall be recorded at the time of data capture or when work is performed
and date/time shall follow in order. The evidence of actions, events or decisions shall be recorded
as they take place.
4.2.11 Original: Data shall be recorded on the original sheet or the database/table. Also signifies the
importance of maintaining raw data and metadata. The original record can be described as the first
capture of information whether recorded in paper or electronically.
4.2.12 Accurate: The data contains correct value. Accurate data not only adheres to integrity constraints
and measurement rules but is data that reflect actuality.
4.2.13 GxP: GxP stands for Good X Practices (X can mean: Clinical, Laboratory, Manufacturing,
Pharmaceutical, etc.)
4.2.14 Documentation: Documentation provides objective evidence of compliance. It is recorded
information, written or electronic, used to establish specifications, processes, direct work, and
collect records which ensure compliance with Quality systems. A well prepared document must be
permanent, legible, accurate, consistent, clear and truthful.
Electronic Data
Equipment Generated Data
(PLC/HMI)
MASTER / CONTROLLED
Title: Data Security and Integrity (Draft) COPY STAMP HERE
6.0 PROCEDURE
6.1 General Instructions:
6.1.1 The overall goal of any data integrity is to ensure data is recorded exactly as intended and, upon
later retrieval, ensure the data is the same as it was when it was originally recorded.
6.1.2 Data integrity intents to prevent unintentional changes to information. There must be adequate
controls to prevent manipulation of data.
6.1.3 Any unintended changes to data as the result of a storage, retrieval or processing operation,
including malicious intent, unexpected hardware failure, and human error, is failure of data
integrity. If the changes are the result of unauthorized access, it may also be a failure of data
security.
6.1.4 Controls and systems must be in place to ensure that data is secure and not fraudulent, that it cannot
be manipulated, and that changes that occur are easy to detect.
6.1.5 The requirements with respect to data integrity include among others the following:
The backup data shall be exact and complete. In addition, the backup data shall be secured from
alteration, inadvertent erasures, or loss.
The data shall be stored to prevent deterioration or loss.
Activities shall be documented at the time of performance (contemporaneously recorded).
Records shall be retained as original records, true copies or other accurate reproduction of the
original records.
Complete information, complete data obtained from all tests, complete record of all data, and
complete records of all tests performed including the audit trail.
6.1.6 All data created as part of a cGMP record must be evaluated by Quality Assurance as part of the
release criteria. To exclude data from the release criteria a scientific justification must be valid and
documented.
6.1.7 Electronic systems administrator rights shall be with independent authority preferably IT
department.
6.1.8 Throughout the data life cycle, the custodian of each document shall be determined and assessed.
6.1.9 Appropriate and approved review procedure shall be in place to ensure accuracy and integrity of
data.
6.1.10 All electronic systems administrators must have appropriate access responsibilities towards data
review and release
6.1.11 Appropriate and controlled storage and retrieval procedure shall be available for both paper and
electronic records.
6.1.12 All records shall be in durable format which can be made readily available whenever required.
6.1.13 There shall be adequate controls to prevent manipulation of data.
6.1.14 Computerized systems exchanging data electronically with other systems shall include appropriate
built-in checks for the correct and secure entry, processing, and storage of data, in order to
minimize the risks.
6.1.15 Any unintended changes to data as the result of a storage, retrieval, or processing operation,
including malicious intent, unexpected hardware failure, unauthorized access, and human error, is a
failure of data assurance and reliability and must be investigated.
6.1.16 Electronic system controls shall include the use of secure, computer-generated, time- stamped audit
trails to independently record the date and time of operator entries and actions that create, modify,
MASTER / CONTROLLED
Title: Data Security and Integrity (Draft) COPY STAMP HERE
or delete electronic records (with all permissible actions by users controlled by system access
controls).
6.1.17 Audit trail documentation shall be retained along with the appropriate data throughout its life cycle.
6.1.18 Controls/ procedure shall be in place, defined and protected from unauthorized access and also been
tested as part of computer system validation.
6.1.19 Linkage/cross-reference between two hard copies and/or electronic data and hard copies shall be
made available recorded on documents.
6.1.20 Traceability of metadata, equipments used, material used shall be made available on records.
6.1.21 A second individual to ensure accuracy, completeness, and confirmation with procedures must
check data and the reportable values.
Available Records must be available for review at any time during the defined
retention period, accessible in a readable format to all applicable
personnel who are responsible for their review whether for routine
release decisions, investigations, trending, annual reports, audits or
inspections.
Example: Available / accessible for review / audit for the life time of
the record.
6.3.2 Legible: The terms legible, traceable and permanent refer to the requirements that data are
readable, understandable and allow a clear picture of the sequencing of steps or events in the record
s o that all GXP activities conducted can be fully reconstructed by people reviewing these records at
any point during the defined record retention period.
6.3.2.1 For paper record,
Good documentation practices for recording of data and results shall be followed as per SOP
No. SP-QA-027.
Controlled issuance and archival shall be established for logbooks/bound books, formats,
procedures. All logbooks must be in place, controlled, numbered pages, and provide adequate
traceability
6.3.2.2 For electronic records,
When archival of electronic records is used, the archiving process shall be done in a controlled
manner to preserve the integrity of the records.
The system access (admin) permissions shall only be granted to personnel with system
maintenance roles i.e. IT, engineering that are fully independent of the content of the records
(e.g. laboratory and production analysts/ management).
Electronic data shall be saved at the time of recorded activity and before proceeding to the next
step of the sequence of events.
MASTER / CONTROLLED
Title: Data Security and Integrity (Draft) COPY STAMP HERE
Audit trials shall be secured, time-stamped, and attributable for individual activities. Data
overwriting shall not be allowed.
Backup of electronic data shall be validated for disaster recovery.
6.3.3 Contemporaneous: Contemporaneous data are data recorded at the time they are generated or
observed. This documentation shall serve as an accurate attestation of what was done, or what was
decided and why, i.e. what influenced the decision at that time.
6.3.3.1 For paper record,
Contemporaneous recording of actions in paper records shall occur, ensure data entries and
information at the time of the activity directly in official controlled documents (e.g, log
books, batch records, analytical work sheets)
Documents shall be appropriately designed to ensure recording of manual activities as
occurred.
Date and time of activities shall be recorded using synchronized time sources (facility and
computerized system clocks)
6.3.4 Original: Original data include the first or source capture of data or information and all subsequent
data required to fully reconstruct the conduct of the GxP activity. The GxP requirements for
original data include the following:
Original data shall be reviewed. Verification checks must be established to ensure that the
people performing/checking the action were present at that time
Original data and/or true and verified copies that preserve the content and meaning of the
original data shall be retained.
6.3.4.1 For paper record,
Ensure controls that ensure that personnel conduct an adequate review and approval of original
paper records, including those used to record the contemporaneous capture of information.
Data review procedures describing review of relevant metadata and justified with evidence and
made available when required.
Data corrections or clarifications shall be done as per SOP No. SP-QA-027, providing visibility
of the original record and traceability of the corrections made.
Original paper record shall always be reviewed by second competent person.
Controlled and secure storage areas including archives shall be provided for storage of paper
data.
Handling and retention of paper records shall be done as per SOP No. SP-QA-040.
MASTER / CONTROLLED
Title: Data Security and Integrity (Draft) COPY STAMP HERE
Records shall be retained as original records, true copies or other accurate reproductions of the
original records.
Records shall be indexed to permit ready retrieval.
6.3.4.2 For Electronic records,
Ensure controls that ensure that personnel conduct an adequate review of original electronic
records electronic records, including source data.
Any changes in electronic data or metadata shall be documented in audit trials or history fields,
justified and available.
Audit trail review shall be part of the routine data review/ approval process.
Data corrections or clarifications shall provide visibility of the original record and traceability
of the corrections made through audit trials or history fields.
Controls/ procedure shall be in place, defined and protected from unauthorized access and also
been tested as part of computer system validation.
Original electronic record shall always be reviewed by second competent person
Data shall be retained in a non-editable format or PDF format to maintain the integrity of
original data.
Archived record shall be locked, cannot be altered or deleted without detection and audit trail.
Electronic data shall be automatically saved permanently after each separate entry.
Back-up copies of original electronic records shall be stored in another location as a safeguard
in case of disaster.
Archival and back-up process shall be validated.
6.3.5 Accurate: means data are correct, truthful, complete, valid and reliable. For paper and electronic
records, adequate procedures, processes, systems and controls shall be in place to ensure accuracy
of data.
When the activity is time critical, printed records shall display the time/date stamp.
Activity based, doer & checker concept shall be in place to ensure that activities are done
accurately.
Only qualified/ calibrated/ validated equipment/ instruments/ system shall be used.
Appropriate data review procedures shall be available to verify adherence to procedural
requirements.
Activities shall be performed only by qualified and well trained personnel.
6.4.6 Identified source for breach of data integrity shall be eliminated with appropriate procedure.
Immediate rectification of breach of data integrity shall be done immediately followed by
assessment of risk related to the identified issue.
6.4.7 The investigation of deviation for the inaccuracies in data records and reporting should include, but
not limited to,
a. Interviews of current and former employees to identify the nature, scope, and root cause of data
inaccuracies
b. Determination of the scope and extent and timeframe for the incident
c. A comprehensive retrospective evaluation of the nature of the testing and manufacturing data
integrity deficiencies, and the potential root cause(s).
d. A risk assessment of the potential effects of the observed failures on the quality of the batches
involved.
8.0 REFERENCES
Reference Guidelines to be added.