MHRA Data Integrity Guidance and Expectations Document



Similar documents
MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

Data Governance Planning PDA 12 May 2015

This interpretation of the revised Annex

OECD DRAFT ADVISORY DOCUMENT 16 1 THE APPLICATION OF GLP PRINCIPLES TO COMPUTERISED SYSTEMS FOREWARD

Manual 074 Electronic Records and Electronic Signatures 1. Purpose

GMP Training Course Quality Control October Lesley Graham Senior Inspector (UK)

QUESTIONS FOR YOUR SOFTWARE VENDOR: TO ASK BEFORE YOUR AUDIT

How to implement a Quality Management System

EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

GCP INSPECTORS WORKING GROUP <DRAFT> REFLECTION PAPER ON EXPECTATIONS FOR ELECTRONIC SOURCE DOCUMENTS USED IN CLINICAL TRIALS

Guidance for Industry Computerized Systems Used in Clinical Investigations

OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT

Computerised Systems. Seeing the Wood from the Trees

ASSESSMENT OF QUALITY RISK MANAGEMENT IMPLEMENTATION

FDA 21 CFR Part 11 Electronic records and signatures solutions for the Life Sciences Industry

Clinical Data Management (Process and practical guide) Nguyen Thi My Huong, MD. PhD WHO/RHR/SIS

Testing Automated Manufacturing Processes

21 CFR Part 11 White Paper

Review and Approve Results in Empower Data, Meta Data and Audit Trails

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Risk-Based Approach to 21 CFR Part 11

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

ASTRAZENECA GLOBAL POLICY QUALITY AND REGULATORY COMPLIANCE

Electronic Raw Data and the Use of Electronic Laboratory Notebooks

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures

EMA Clinical Laboratory Guidance - Key points and Clarifications PAUL STEWART

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

Nova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

Dell Statistica Web Data Entry

21 CFR Part 11 Compliance Using STATISTICA

SOLAARsecurity. Administrator Software Manual Issue 2

An Approach to Records Management Audit

From paper to electronic data

Compliance Response SIMATIC SIMATIC PCS 7 V8.1. Electronic Records / Electronic Signatures (ERES) Edition 03/2015. Answers for industry.

SESSION 8 COMPUTER ASSISTED AUDIT TECHNIQUE

Assuring E Data Integrity and Part 11 Compliance for Empower How to Configure an Empower Enterprise

Working Party on Control of Medicines and Inspections. Final Version of Annex 16 to the EU Guide to Good Manufacturing Practice

Reflection paper on the Use of Interactive Response Technologies (Interactive Voice/Web Response Systems) in Clinical Trials

The Impact of 21 CFR Part 11 on Product Development

Good Clinical Laboratory Practice (GCLP) An international quality system for laboratories which undertake the analysis of samples from clinical trials

Medical Cannabis Laboratory Approval Program

White paper: How to implement a Quality Management System

Designing a CDS Landscape that Ensures You Address the Latest Challenges of the Regulatory Bodies with Ease and Confidence

Whitepaper: Enterprise Vault Discovery Accelerator and Clearwell A Comparison August 2012

GCP Inspection of Ti Trial Master Files

I S O G AP A N A L Y I S T O O L

Enhancing Document Review Efficiency with OmniX

Monitoring manufacturing, production and storage environments in the pharmaceutical industry

2.2 INFORMATION SERVICES Documentation of computer services, computer system management, and computer network management.

Reflection paper on expectations for electronic source data and data transcribed to electronic data collection tools in clinical trials

QA Transactions and Reports

The Role of Automation Systems in Management of Change

4Sight Calibration Management Software

9 ways to revolutionize HR with paperless productivity

Schweppes Australia Head Office Level 5, 111 Cecil Street South Melbourne Victoria

Management of Official Records in a Business System

FINANCIAL ADMINISTRATION MANUAL

Data Management PACT Workshop: Design & Operation of GMP Cell Therapy Facilities April 10 th -11 th, 2007

OMCL Network of the Council of Europe QUALITY MANAGEMENT DOCUMENT

Welcome Computer System Validation Training Delivered to FDA. ISPE Boston Area Chapter February 20, 2014

FDQM Financial Data Quality Management Fundamentals - Tips & Tricks Gary Womack, May 8th, 2013

Signature Requirements for the etmf

Product Overview. Dream Report. OCEAN DATA SYSTEMS The Art of Industrial Intelligence. User Friendly & Programming Free Reporting.

Digital Continuity in ICT Services Procurement and Contract Management

Data Management Implementation Plan

How To Manage An Electronic Standard Operating Procedure

Veritas ediscovery Platform

Conducting a Gap Analysis on your Change Control System. Presented By Miguel Montalvo, President, Expert Validation Consulting, Inc.

Oracle WebCenter Content

InstaFile. Complete Document management System

Recent Updates on European Requirements and what QPs are expected to do

Information Security Policies. Version 6.1

SOP Number: SOP-QA-20 Version No: 1. Author: Date: (Patricia Burns, Research Governance Manager, University of Aberdeen)

Symantec ediscovery Platform, powered by Clearwell

Solution Brief. Archiving from Office 365 for Compliance and ediscovery. 1) Capture Everything

Full Compliance Contents

CROSS PLATFORM AUTOMATIC FILE REPLICATION AND SERVER TO SERVER FILE SYNCHRONIZATION

The FDA recently announced a significant

Guideline on Auditing and Log Management

Auditing Chromatographic Electronic Data. Jennifer Bravo, M.S. QA Manager Agilux Laboratories

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

ANSYS EKM Overview. What is EKM?

Laboratory Information Management System

2009 LAP Audioconference Series. Laboratory Computer Systems

PKI Adoption Case Study (for the OASIS PKIA TC) ClinPhone Complies with FDA Regulations Using PKIbased Digital Signatures

Spillemyndigheden s Certification Programme Change Management Programme

Scanning and Tossing. Requirements for Scanning and the Destruction of Paper Based Records

PHARMACEUTICAL QUALITY SYSTEM Q10

Union County. Electronic Records and Document Imaging Policy

Creating the ultimate digital insurance

How To Write A Request For Information (Rfi)

Transcription:

MHRA Data Integrity Guidance and Expectations Document Nichola Stevens Alere International John Andrews Integrity Solutions April 23 rd 2015, Astellas, Chertsey 1

About this Session This is an interactive session! We want you all to participate and share your thoughts on this guidance: Are there areas where it will be difficult to comply? Are there areas where more information is needed? Are there areas where the guidance doesn t go far enough? April 23 rd 2015, Astellas, Chertsey 2

Overview MHRA GMP Data Integrity Definitions and Guidance for Industry Published March 2015 Data integrity is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality. This document provides MHRA guidance on GMP data integrity expectations for the pharmaceutical industry. The effort and resource assigned to data governance should be commensurate with the risk to product quality, and should also be balanced with other quality assurance resource demands. As such, manufacturers and analytical laboratories are not expected to implement a forensic approach to data checking on a routine basis, but instead design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale. April 23 rd 2015, Astellas, Chertsey 3

How relevant is this diagram? Would it be better to have a diagram which shows an ascending scale of risk to patient safety (e.g. QC systems more risk than those controlling manufacturing, etc)? April 23 rd 2015, Astellas, Chertsey 4

The guidance says: The inherent risks to data integrity may differ depending upon the degree to which data (or the system generating or using the data) can be configured, and therefore potentially manipulated (see figure 1). Does more configuration mean greater risk of falsification or can it reduce the risk? It is common for companies to overlook systems of apparent lower complexity. Within these systems it may be possible to manipulate data or repeat testing to achieve a desired outcome with limited opportunity of detection. Is this always true? Often the simple systems (e.g. balance or ph meter) are at the start of the process; is it may be easier/less time consuming to manipulate data further downstream in the process? April 23 rd 2015, Astellas, Chertsey 5

Designing systems to assure data quality and integrity Systems should be designed in a way that encourages compliance with the principles of data integrity. Examples include: Access to clocks for recording timed events Accessibility of batch records at locations where activities take place so that ad hoc data recording and later transcription to official records is not necessary Control over blank paper templates for data recording User access rights which prevent (or audit trail) data amendments Automated data capture or printers attached to equipment such as balances Proximity of printers to relevant activities Access to sampling points (e.g. for water systems) Access to raw data for staff performing data checking activities. Anything else from an IT perspective? April 23 rd 2015, Astellas, Chertsey 6

Data Governance MHRA Definition: The sum total of arrangements to ensure that data, irrespective of the format in which it is generated, is recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle MHRA Expectation: Data governance should address data ownership throughout the lifecycle, and consider the design, operation and monitoring of processes / systems in order to comply with the principles of data integrity including control over intentional and unintentional changes to information. Questions: Do we know who owns the all the data within a computerised system? Could there be multiple owners? Where we are required to retain data for many years how good are we at maintaining ownership, especially as so many organisations are in a constant state of change? Suggestions for fully meeting this expectation? April 23 rd 2015, Astellas, Chertsey 7

Original record / true copy MHRA Definition: Original record: Data as the file or format in which it was originally generated, preserving the integrity (accuracy, completeness, content and meaning) of the record, e.g. original paper record of manual observation, or electronic raw data file from a computerised system True Copy: An exact verified copy of an original record. Data may be static (e.g. a fixed record such as paper or pdf) or dynamic (e.g. an electronic record which the user / reviewer can interact with). MHRA Expectation: Many electronic records are important to retain in their dynamic (electronic) format, to enable interaction with the data. Data must be retained in a dynamic form where this is critical to its integrity or later verification. This should be justified based on risk. Questions: Is it possible to keep records in a dynamic form for their entire lifecycle this could be 30 + years? If not, at what point should we be thinking of moving from dynamic to something more static? April 23 rd 2015, Astellas, Chertsey 8

Audit Trail MHRA Definition: GMP audit trails are metadata that are a record of GMP critical information (for example the change or deletion of GMP relevant data), which permit the reconstruction of GMP activities. MHRA Expectation: The relevance of data retained in audit trails should be considered by the company to permit robust data review / verification. The items included in audit trail should be those of relevance to permit reconstruction of the process or activity. It is not necessary for audit trail review to include every system activity (e.g. user log on/off, keystrokes etc.), and may be achieved by review of designed and validated system reports. Questions: If only selected items in the audit trail need to be reviewed should this be included into the URS so that specific audit trail reports can be generated to facilitate review? April 23 rd 2015, Astellas, Chertsey 9

User Access / System Administrator Roles MHRA Expectation: Full use should be made of access controls to ensure that people have access only to functionality that is appropriate for their job role, and that actions are attributable to a specific individual. Companies must be able to demonstrate the access levels granted to individual staff members and ensure that historical information regarding user access level is available. Questions: What about access at the O/S or database level how many of us are adequately controlling or recording this access? Are the risks at the O/S or database level less because those with access have no/less investment in the data? System Administrator activities should be audit trailed but how often / when should these activities be reviewed? April 23 rd 2015, Astellas, Chertsey 10

File Structure MHRA Definition: Flat files: A 'flat file' is an individual record which may not carry with it all relevant metadata (e.g. pdf, dat, doc ). Relational database: A relational database stores different components of associated data and metadata in different places. Each individual record is created and retrieved by compiling the data and metadata for review. MHRA Comment: There is an inherently greater data integrity risk with flat files (e.g. when compared to data contained within a relational database), in that these are easier to manipulate and delete as a single file. A relational database file structure is inherently more secure, as the data is held in a large file format which preserves the relationship between data and metadata. This is more resilient to attempts to selectively delete, amend or recreate data and the metadata trail of actions, compared to a flat file system. Questions: Is it really the case that a relational database is more secure if I make a change within it will it be detected? If I make a change and it is detected does it automatically corrupt the data so that I can t use it? If so, is this any worse than deleting a flat file I m still without usable data? April 23 rd 2015, Astellas, Chertsey 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information