verticale

Data Integrity e Security dei dati, in reti e sistemi nella produzione di farmaci secondo Annex15 e MHRA

I dati costituiscono l’elemento di base di ogni sistema computerizzato, in qualunque ambito applicativo. Un’eventuale alterazione dei dati può causare problematiche e inconvenienti che ne potrebbero comprometterne il funzionamento in modo più o meno grave, a volte irreparabile. L’importanza dei dati, anche nel settore farmaceutico, è andata progressivamente crescendo nel corso degli anni. Lo dimostrano l’evoluzione della normativa del settore e gli argomenti trattati durante le ispezioni degli organismi di controllo, nazionali e internazionali.

Scarica il PDF Scarica il PDF
Aggiungi ai preferiti Aggiungi ai preferiti


Atti di convegni o presentazioni contenenti case history
SAVE ottobre 2015 Data Integrity e Security nei sistemi per la produzione di farmaci

Pubblicato
da Alessia De Giosa
SAVE 2015Segui aziendaSegui




Settori: 


Estratto del testo
Veronafiere 27-28 ottobre 2015 Gli atti dei convegni e più di 6.000 contenuti su www.verticale.net Cogenerazione Termotecnica Industriale Pompe di Calore 27 ottobre Cogenerazione Termotecnica Industriale Pompe di Calore Alimentare Alimentare Petrolchimico Alimentare 28 ottobre Alimentare Petrolchimico Alimentare Alimentare Petrolchimico Visione e Tracciabilità 28 ottobre Luce Energia Domotica LED Luce Energia Domotica LED 1 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 DATA INTEGRITY & SECURITY in reti e sistemi nella produzione di farmaci secondo Annex 11, Annex 15 e MHRA ing. Sandro De Caris Consulenze in Informatica e Qualità Chairman GAMP Italia 2 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Sommario ' Aspetti generali di Data Integrity ' Problematiche legate all''integrità dei dati ' Recenti sviluppi normativi (raccomandazioni MHRA, 2015) 3 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 L''importanza dei dati ' I dati costituiscono l''elemento di base di ogni sistema computerizzato, in qualunque ambito
applicativo. ' Un''eventuale alterazione dei dati può causare problematiche e inconvenienti che ne potrebbero
comprometterne il funzionamento in modo più o
meno grave, a volte irreparabile. ' L''importanza dei dati, anche nel settore farmaceutico, è andata progressivamente
crescendo nel corso degli anni. ' Lo dimostrano l''evoluzione della normativa del settore e gli argomenti trattati durante le
ispezioni degli organismi di controllo, nazionali e
internazionali. 4 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Inspection trends ' General GMP/GLP 1990 ' Equipment hardware 1993- 1995 ' Software / Computer validation 1999
2002
' Computer validation / Excel / Network security / Data Integrity 2003
2006
' GMP basics, OOS, CAPA 2007
2015
' CSV (Device), Data Integrity (Pharma) New Annex 11 (2011) 21 CFR Part 11 (1997) New Part 11 approach
(2003)
Annex 11 (1992) 21 CFR Part 211 FDA blue book (1983) New Annex 15 (2015) 5 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Il valore dell''informazione nel tempo ' Col passare del tempo il valore delle informazioni diminuisce. ' Il rischio associato all''eventuale perdita di dati non è costante nel tempo. ' Dopo un periodo più o meno lungo i dati elettronici possono essere cancellati con
sicurezza. Creazione Uso Conservazione Cancellazione 6 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Generazione / ricezione (Raw data) Registrazione Elaborazione Uso / Review Conservazione Archiviazione / recupero Distruzione Il ciclo di vita dei documenti / dati
e-Data
Periodo di conservazione (Retention Period) Migrazione Archiviazione Generazione nuovi dati 7 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 ELECTRONIC RECORDS Sistema 2 Flusso dei dati (esempio) Diversi sistemi possono essere coinvolti durante il ciclo di vita dei dati: Registrazione / Elaborazione Sistema 2 Uso / Review Sistema 1 Generazione / ricezione (Raw data) Sistema 2 Archiviazione / recupero Sistema 3 Sistema 3 Sistema 3 archivio Report (archivi) Elaborazione / generazione nuovi dati Stampa Distruzione 8 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Generazione ' Al momento della generazione l''importanza del dato è massima. ' Punti di attenzione: ' Audit trail (creazione del record) ' E'' richiesto (solo) dalla Part 11 ' Metadati ' Informazioni associate al dato principale
' L''audit trail è un tipo particolare di metadati ' (Raw data) ' I dati relativi alla qualità sono da considerare Raw Data. Tuttavia non sempre devono essere conservati a lungo. ' Laboratorio (es. cromatogrammi HPLC) - SI
' Produzione (es. immagini di un sistema di visione, dati del controllo peso al 100%) - NO. 9 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Uso e gestione ' Le modalità di uso del dato possono essere diverse: ' Elaborazione ' Generazione di nuovi dati ' Possibile cancellazione dei dati grezzi ' Modifica ' Audit trail ' Esportazione / copia ' Conservazione elettronica su altro sistema ' Possibile cancellazione dal sistema (salvo ripristino) ' Stampa ' Conservazione su carta ' Possibile cancellazione ' Migrazione ' Trasformazione e successivo uso / conservazione sul nuovo sistema ' Cancellazione dal vecchio sistema (salvo necessità di consultazione storica) 10 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Conservazione ' Dopo l''uso iniziale il dato può essere conservato per altri scopi, essenzialmente consultazione. ' In questo stato l''impatto sul prodotto / paziente è generalmente molto più basso. ' Modalità di conservazione possibili: ' Formato nativo sul sistema stesso (online) ' Eventuale trasformazione in sola lettura (audit trail non più utile) ' Conversione di formato / supporto ' Cartaceo, formato elettronico alternativo (pdf), ottico, '
' Bisogna preservare il contenuto e il significato completo. Attenzione ai metadati! ' Esportazione / Archiviazione ' Conservazione su altro sistema 11 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Distruzione ' I dati GxP possono essere cancellati: ' allo scadere del periodo di conservazione definito dalle GxP ' più tardi se si desidera estendere la conservazione per ragioni di utilità aziendale. ' I dati non GxP possono essere cancellati in base alle esigenze di business o tecniche ' (salvo non siano richiesti da altre normative)
' Alcune norme stabiliscono obblighi sulla cancellazione dei dati personali dopo un
periodo di tempo stabilito, spesso breve. 12 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Esempi ' LIMS: ' Saggi
' Capitolati di analisi
' Dati analitici
' Risultati analitici
' Certificati di analisi ' ERP: ' Anagrafiche materiali
' Distinte Base
' Ordini di produzione
' Movimenti di magazzino
' Giacenze / stato dei lotti ' Sistema di controllo processo: ' Ricetta di produzione
' Registrazioni attività di produzione 13 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Misure di protezione / Integrità ' Controllo accessi / security ' Profili utenti / autorizzazioni ' Log accessi ' Backup / Restore ' Archiviazione ' Business Continuity / Disaster Recovery ' Audit Trail ' Firma elettronica ' ' 14 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 EU GMP Annex 11 (2011)
Computerised Systems
1. Risk Management
Risk management should be applied throughout the lifecycle of the computerised
system taking into account patient safety, data integrity and product quality. As part of a risk management system, decisions on the extent of validation and data
integrity controls
should be based on a justified and documented risk assessment of
the computerised system . 7. Data Storage
7.1 Data should be secured by both physical and electronic means against damage. Stored data should be checked for accessibility, readability and accuracy.
Access to data should be ensured throughout the retention period. 7.2 Regular back-ups of all relevant data should be done. Integrity and accuracy of back- up data and the ability to restore the data should
be checked during validation and monitored periodically. 17. Archiving
Data may be archived. This data should be checked for accessibility, readability and
integrity. If relevant changes are to be made to the system (e.g. computer equipment
or programs), then the ability to retrieve the data should be ensured and tested. 15 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 EU GMP Annex 15 (2015)
Qualification & Validation
1. Organising and planning for Qualification and Validation 1.8. Appropriate checks should be incorporated into qualification and validation
work to ensure the integrity of all data obtained. 16 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 GMP Data Integrity MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015 (v.2) MHRA = Medicines & Healthcare products Regulatory Agency (UK) 17 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Definizioni ' Data ' Raw data ' Metadata ' Data Integrity ' Data governance ' Data Lifecycle ' Primary Record ' Original record / True Copy ' Computer system
transactions
' Audit Trail ' Data Review ' Computerised system
user access / system
administrator roles
' Data retention ' Archive ' Backup ' File structure ' Flat files ' Relational database ' Validation - for intended
purpose (See also Annex
15 and GAMP 5) 18 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Data
ALCOA (& ALCOA+) principles
Definition Expectation / guidance Information derived or obtained
from raw data (e.g. a reported
analytical result) Data must be:
A - attributable to the person generating the data L - legible and permanent
C - contemporaneous
O - original record (or 'true copy')
A - accurate EMA definitions include also (ALCOA+):
' Enduring ' Available and accessible ' Complete ' Consistent ' Credible ' Corroborated 19 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 EMA: ALCOA Attributable It should be clear who has documented the data. Legible Readable and signatures identifiable. Contemporaneous The information should be documented in the correct
time frame along with the flow of events. If a clinical
observation cannot be entered when made, chronology
should be recorded. Acceptable amount of delay should
be defined and justified. Original Original, if not original should be exact copy; the first
record made by the appropriate person. The
investigator should have the original source document. Accurate Accurate, consistent and real representation of facts. 20 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 EMA: ALCOA+ Enduring Long-lasting and durable. Available and
accessible
Easily available for review of treating physicians and
during audits/inspections. The documents should be
retrievable in reasonable time. Complete Complete till that point in time. Consistent Demonstrate the required attributes consistently. Credible Based on real and reliable facts. Corroborated The data should be backed up by evidence. 21 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Raw data Definition Expectation / guidance Original records and documentation,
retained in the format in which they were
originally generated (i.e. paper or
electronic), or as a 'true copy'.
Raw data must be contemporaneously
and accurately recorded by permanent
means.
In the case of basic electronic equipment
which does not store electronic data, or
provides only a printed data output (e.g.
balance or pH meter), the printout
constitutes the raw data. Raw data must: ' Be legible and accessible throughout the data lifecycle. ' Permit the full reconstruction of the activities resulting in the
generation of the data. FDA (Part 11): Audit trail
richiesto anche durante la
creazione dei record
elettronici. 22 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Raw data ' Data may be generated by ' a paper-based record of a manual observation, or ' in terms of equipment, a spectrum of simple machines through to complex highly
configurable computerised systems. ' The inherent risks to data integrity may differ depending upon the degree to
which data (or the system generating or
using the data) can be configured, and
therefore potentially manipulated 23 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Dati, stampe e complessità dei sistemi S E M P L I C E C O M P L E S S O pH Meter UV Spec LC-MS FT-IR LIMS system CAPA System HPLC system Filter integrity tester ERP system SEMPLICE Complessità del Software COMPLESSO NO software ALTA Printout relevance BASSA 24 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Metadata Definition Expectation / guidance Metadata is data that describe the
attributes of other data, and provide
context and meaning.
Typically, these are data that describe
the structure, data elements, inter-
relationships and other characteristics
of data.
It also permits data to be attributable
to an individual
. Example:
' data (bold text) 3.5 ' and metadata, giving context and
meaning, (italic text) are: sodium chloride batch 1234, 3.5mg. J
Smith 01/07/14 Metadata forms an integral part of
the original record.
Without metadata, the data has no
meaning.
GMP audit trails are metadata 25 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Data
Contenuto schematico di un data base
Raw Data Metadata Data Metadata 26 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Data Integrity Definition Expectation / guidance The extent to which all data are
complete, consistent and
accurate throughout the data
lifecycle. Data integrity arrangements must
ensure that the
- accuracy,
- completeness,
- content and
- meaning
of data is retained throughout the
data lifecycle. 27 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Data governance Definition Expectation / guidance The sum total of arrangements to
ensure that data, irrespective of the
format in which it is generated, is
recorded, processed, retained and
used to ensure a complete, consistent
and accurate record throughout the
data lifecycle. Data governance should address
data ownership throughout the
lifecycle
, and consider the design,
operation and monitoring of
processes / systems in order to
comply with the principles of data
integrity including control over
intentional and unintentional
changes to information
.
(') 28 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Data governance (2) Definition Expectation / guidance
Data Governance systems should
include staff training
in the importance of
data integrity principles and the creation of
a working environment that encourages
an open reporting culture for errors,
omissions and aberrant results
.
Senior management is responsible for the
implementation of systems and procedures
to minimise the potential risk to data
integrity, and for identifying the residual
risk, using the principles of ICH Q9.
Contract Givers should perform a
similar review as part of their vendor
assurance programme
. 29 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Data lifecycle Definition Expectation / guidance All phases in the life of the data
(including raw data) from initial
generation and recording through
processing (including
transformation or migration), use,
data retention, archive / retrieval
and destruction. The procedures for destruction of data
should consider data criticality and
legislative retention requirements
.
Archival arrangements should be in
place for long term retention
(in some
cases, periods up to 30 years) for
records such as batch documents,
marketing authorisation application data,
traceability data for human-derived
starting materials (not an exhaustive list).
Additionally, at least 2 years of data
must be retrievable in a timely manner
for the purposes of regulatory
inspection
. Informazioni e prescrizioni sulla
conservazione dei dati sono presenti nel
capitolo 4 delle EU GMP
(documentazione).
Es: la documentazione dei lotti dev''essere
conservata per almeno 5 anni, o 1 anno dopo la
scadenza del lotto, se maggiore di 5 anni. 30 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Primary record Definition Expectation / guidance The record which takes primacy in
cases where data that are collected
and retained concurrently by more
than one method fail to concur. In situations where the same
information is recorded concurrently by
more than one system, the data owner
should define which system generates
and retains the primary record, in case
of discrepancy.
The 'primary record' attribute should be
defined in the quality system, and
should not be changed on a case by
case basis. 31 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Primary record (2) Definition Expectation / guidance
Risk management
principles should be
used to ensure that the assigned 'primary
record' provides the greatest accuracy,
completeness, content and meaning.
For instance, it is not appropriate for low-
resolution or static (printed / manual) data
to be designated as a primary record in
preference to high resolution or dynamic
(electronic) data.
All data should be considered when
performing a risk based investigation into
data anomalies (e.g. out of specification
results) 32 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Original record / True Copy Definition Expectation / guidance Original record: Data as the file or
format in which it was originally
generated, preserving the integrity
(accuracy, completeness, content and
meaning) of the record, e.g. original
paper record of manual observation, or
electronic raw data file from a
computerised system True Copy: An exact verified copy of
an original record. Original records and true copies
must preserve the integrity
(accuracy, completeness, content
and meaning
) of the record. Exact (true) copies of original records
may be retained in place of the
original record (e.g. scan of a paper
record), provided that a documented
system is in place to verify and
record the integrity of the copy. 33 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Original record / True Copy (2) Definition Expectation / guidance Data may be static (e.g. a 'fixed'
record such as paper or pdf) or
dynamic (e.g. an electronic record
which the user / reviewer can
interact with). It is conceivable for raw data generated
by electronic means to be retained in
an acceptable paper or pdf format,
where it can be justified that a static
record
maintains the integrity of the
original data.
However, the data retention process
must be shown to include verified
copies of all raw data, metadata,
relevant audit trail and result files,
software / system configuration
settings
specific to each analytical run*,
and all data processing runs
(including methods and audit trails)
necessary for reconstruction of a given
raw data set. * computerised system configuration
settings
should be defined, tested,
'locked' and protected from unauthorised
access as part of computer system
validation.
Only those variable settings which
relate to an analytical run would be
considered as electronic raw data
. 34 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Original record / True Copy (3) Definition Expectation / guidance
It would also require a documented means
to verify that the printed records were an
accurate representation.
This approach is likely to be onerous in its
administration to enable a GMP compliant
record. Many electronic records are important to
retain in their dynamic (electronic)
format
, to enable interaction with the data.
Data must be retained in a dynamic form
where this is critical to its integrity or later
verification.
This should be justified based on risk. 35 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Original record / True Copy (4) Definition Expectation / guidance Example 1: a group of still images
(photographs - the static 'paper copy'
example) may not provide the full
content and meaning of the same
event as a recorded moving image
(video - the dynamic 'electronic
record' example). 36 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Original record / True Copy (5) Definition Expectation / guidance Example 2: once printed or converted to
static .pdfs, chromatography records lose
the capability of being reprocessed and do
not enable more detailed viewing of
baselines or any hidden fields. By comparison, the same dynamic
electronic records in database format
provides the ability to track, trend, and
query data, allowing the reviewer (with
proper access permissions) to reprocess,
view hidden fields, and expand the
baseline to view the integration more
clearly. 37 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Tipi di dati ' Programmi ' Codice eseguibile dell''applicazione,
' sistema operativo
' motore di data base
' piattaforme operative / middleware, ' ' Dati di configurazione delle applicazioni ' Parametri dell''applicazione che definiscono la logica di funzionamento ' Dati gestiti o generati dall''utente ' Impostazioni e parametri «run-time» che non alterano la logica ' Dati anagrafici
' Ricette, ecc.
' Configurazione degli utenti (permessi di accesso) ' Dati (transazionali) generati dall''applicazione ' Dati acquisiti, generati o elaborati 38 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 I dati in un computer
(vista semplificata)
Computer System Application User Data Configuration Data Application(s) Master Data Tansactional Data Operational Data Data Integrity Computer Validation Configuration Management Data Base Engine Operating System Platform / MIddleware Infrastructure Metadata Metadata Dati (es. DB) 39 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Computer system transactions Definition Expectation / guidance A computer system transaction is a
single operation or sequence of
operations performed as a single
logical 'unit of work'.
The operation(s) that make up a
transaction may not be saved as a
permanent record on durable
storage until the user commits the
transaction through a deliberate act
(e.g. pressing a save button), or
until the system forces the saving of
data. Computer systems should be designed
to ensure that the execution of critical
operations are recorded
contemporaneously
by the user and
are not combined into a single
computer system transaction
with
other operations.
A critical processing step is a parameter
that must be within an appropriate limit,
range, or distribution to ensure the
desired product quality.
These should be reflected in the
process control strategy. 40 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Computer system transactions (2) Definition Expectation / guidance The metadata (i.e., user name, date,
and time) is not captured in the
system audit trail until the user
commits the transaction. In Manufacturing Execution Systems
(MES), an electronic signature is often
required by the system in order for the
record to be saved and become
permanent. 41 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Computer system transactions
Examples of 'units of work'
Expectation / guidance ' Weighing of individual materials ' Entry of process critical manufacturing / analytical parameters ' Verification of the identity of each component or material that will be used
in a batch ' Verification of the addition of each individual raw material to a batch (e.g.
when the sequence of addition is considered critical to process control -
see figure 2) Material Additions Step Instructions Data 1. Scan barcode of material ABC123. ABC123 <Barcods> 2. Add material ABC123 to the blender. Operator Signature Verifier
Signature Figure 2: Logical design permitting
contemporaneous recording of addition
of a single material in a manufacturing
'unit of work'. This record is
permanently recorded (step 2), with
audit trail, before progressing to next
'unit of work'. Allows for contemporaneous recording
of the material addition by the operator
and verifier. 42 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Computer system transactions
Examples of 'units of work'' (2)
Figure 3: Logical design permitting
the addition of multiple materials in a
manufacturing 'unit of work' before
committing the record to durable
media. Steps 1, 3 and 5 are
contemporaneous entries (bar code),
but are not permanently recorded
with audit trail until step 6. Does not allow for contemporaneous
recording of the material addition by
the operator and verifier. Material Additions Step Instructions Data 1. Scan barcode of material ABC123, ABC123 < Barcodes 2. Add material ABC123 to the blender 3. Scan barcode of material DEP456. DEF4-S6 <Barcode> 4. Add material DEF456 to the blender. 5. Scan barcode of material GHI7S9. GHI789 <Barcode> 6. Add material GHI789 to the blender. Expectation / guidance Addition of multiple pre-weighed raw materials to bulk vessel when required as a
single manufacturing step (e.g. when the sequence of addition is not considered
critical to process control - see figure 3) 43 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Audit Trail Definition Expectation / guidance GMP audit trails are metadata
that are a record of GMP critical
information (for example the
change or deletion of GMP
relevant data), which permit the
reconstruction of GMP activities. Where computerised systems are used to
capture, process, report or store raw data
electronically, system design should
always provide for the retention of full
audit trails
to show all changes to the data
while retaining previous and original data.
It should be possible to associate all
changes to data with the persons
making those changes, and changes
should be time stamped and a reason
given.
Users should not have the ability to
amend or switch off the audit trail
. 44 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Audit Trail (2) Definition Expectation / guidance
The relevance of data retained in
audit trails
should be considered by the
company to permit robust data review /
verification
.
The items included in audit trail should
be those of relevance to permit
reconstruction of the process or activity.
It is not necessary for audit trail
review to include every system
activity
(e.g. user log on/off, keystrokes
etc.), and may be achieved by review of
designed and validated system reports. 45 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Audit Trail (3)
Review
Definition Expectation / guidance
Audit trail review
should be part of the routine data review
/ approval process, usually performed by the operational
area which has generated the data
(e.g. laboratory).
There should be evidence available to confirm that review
of the relevant audit trails have taken place.
When designing a system for review of audit trails, this
may be limited to those with GMP relevance (e.g.
relating to data creation, processing, modification and
deletion etc.).
Audit trails may be reviewed as a list of relevant data, or by
a validated 'exception reporting' process.
QA should also review a sample of relevant audit trails,
raw data and metadata as part of self inspection
to
ensure ongoing compliance with the data governance
policy / procedures. 46 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Audit Trail (4)
Paper based audit trail
Definition Expectation / guidance
If no audit trailed system exists a paper
based audit trail
to demonstrate changes to
data will be permitted until a fully audit
trailed (integrated system or independent
audit software using a validated interface)
system becomes available.
These hybrid systems are currently permitted,
where they achieve equivalence to
integrated audit trail
described in Annex 11
of the GMP Guide.
If such equivalence cannot be demonstrated,
it is expected that facilities should upgrade to
an audit trailed system by the end of 2017.
47 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Data Review Definition Expectation / guidance
There should be a procedure which
describes the process for the review and
approval of data
, including raw data. Data
review must also include a review of relevant
metadata, including audit trail.
Data review must be documented.
A procedure should describe the actions to be
taken if data review identifies an error or
omission.
This procedure should enable data corrections
or clarifications to be made in a GMP compliant
manner, providing visibility of the original record,
and audit trailed traceability of the correction,
using ALCOA principles (see 'data' definition). 48 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Computerised system user access /
system administrator roles
Definition Expectation / guidance
Full use should be made of access controls to
ensure that people have access only to
functionality that is appropriate for their job role,
and that actions are attributable to a specific
individual .
Companies must be able to demonstrate the
access levels granted to individual staff members
and ensure that historical information regarding
user access level is available.
Shared logins or generic user access should
not be used
. Where the computerised system
design supports individual user access, this
function must be used. This may require the
purchase of additional licences. 49 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Computerised system user access /
system administrator roles (2)
Def. Expectation / guidance
It is acknowledged that some computerised
systems support only a single user login or
limited numbers of user logins.
Where alternative computerised systems
have the ability to provide the required
number of unique logins, facilities should
upgrade to an appropriate system by the
end of 2017
.
Where no suitable alternative computerised
system is available, a paper based method
of providing traceability will be permitted.
The lack of suitability of alternative systems
should be justified based on a review of
system design, and documented. 50 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Computerised system user access /
system administrator roles (3)
Definition Expectation / guidance
System administrator access
should be restricted to the minimum
number of people possible
taking
account of the size and nature of the
organisation.
The generic system administrator
account should not be available for
use
.
Personnel with system administrator
access should log in under unique log-
ins that allow actions in the audit
trail(s) to be attributed to a specific
individual
. 51 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Computerised system user access /
system administrator roles (4)
Def. Expectation / guidance
System Administrator rights
(permitting activities such as data
deletion, database amendment or
system configuration changes) should
not be assigned to individuals with
a direct interest in the data
(data
generation, data review or approval).
Where this is unavoidable in the
organisational structure, a similar level
of control may be achieved by the use
of dual user accounts with different
privileges. 52 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Computerised system user access /
system administrator roles (5)
Definition Expectation / guidance
All changes performed under system
administrator access
must be visible
to, and approved within, the quality
system. The individual should log in using the
account with the appropriate access
rights for the given task
e.g. a
laboratory manager performing data
checking should not log in as system
administrator where a more appropriate
level of access exists for that task. 53 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Data Retention Definition Expectation / guidance
Raw data
(or a true copy thereof) generated in
paper format may be retained for example
by scanning
, provided that there is a process
in place to ensure that the copy is verified to
ensure its completeness.
Data retention may be classified as archive or
backup.
Data and document retention arrangements
should ensure the protection of records from
deliberate or inadvertent alteration or loss
.
Secure controls must be in place to ensure the
data Integrity of the record throughout the
retention period, and validated where
appropriate. 54 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Data Retention (2) Definition Expectation / guidance
Where data and document retention is
contracted to a third party, particular
attention should be paid to understanding
the ownership and retrieval of data held
under this arrangement.
The physical location in which the data
is held, including impact of any laws
applicable to that geographic location
should also be considered.
The responsibilities of the contract giver
and acceptor must be defined in a
contract as described in Chapter 7 of the
GMP Guide. 55 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Data Retention (3)
' Archive
Definition Expectation / guidance Long term, permanent retention of
completed data and relevant
metadata in its final form for the
purposes of reconstruction of the
process or activity. Archive records should be
locked
such that they cannot be
altered or deleted without detection
and audit trail.
The archive arrangements must be
designed to permit recovery and
readability of the data and
metadata
throughout the required
retention period. 56 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Data Retention (4)
' Backup
Definition Expectation / guidance A copy of current (editable) data,
metadata and system configuration
settings (variable settings which
relate to an analytical run)
maintained for the purpose of
disaster recovery. Backup and recovery processes
must be validated. 57 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 File Structure Definition Expectation / guidance
File structure has a significant
impact on the inherent data integrity
risks
.
The ability to manipulate or delete flat
files requires a higher level of logical
and procedural control over data
generation, review and storage. 58 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 File Structure (2)
' Flat files
Definition Expectation / guidance A 'flat file' is an
individual record which
may not carry with it all
relevant metadata (e.g.
pdf, dat, doc ). Flat files may carry basic metadata relating to file
creation and date of last amendment, but may not
audit trail
the type and sequence of amendments.
When creating flat file reports from electronic data,
the metadata and audit trails relating to the
generation of the raw data may be lost, unless these
are retained as a 'true copy'.
Consideration also needs to be given to the 'dynamic'
nature of the data, where appropriate (see 'true copy'
definition).
There is an inherently greater data integrity risk
with flat files
(e.g. when compared to data
contained within a relational database), in that these
are easier to manipulate and delete as a single file. 59 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 File Structure (3)
' Relational database
Definition Expectation / guidance A relational database stores different
components of associated data and
metadata in different places.
Each individual record is created and
retrieved by compiling the data and
metadata for review. This file structure is inherently more
secure
, as the data is held in a large
file format which preserves the
relationship between data and
metadata.
This is more resilient to attempts to
selectively delete, amend or recreate
data and the metadata trail of actions,
compared to a flat file system.
Retrieval of information from a
relational database requires a
database search tool
, or the original
application
which created the record. 60 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Validation - for intended purpose
(See also Annex 15 and GAMP 5)
Definition Expectation / guidance
Computerised systems should
comply with
the requirements of EU GMP Annex 11 and be
validated
for their intended purpose.
This requires an understanding of the
computerised system's function within a
process.
For this reason, the acceptance of vendor-
supplied validation data in isolation of
system configuration and intended use is
not acceptable
.
In isolation from the intended process or end
user IT infrastructure, vendor testing is likely to
be limited to functional verification only, and
may not fulfil the requirements for performance
qualification. 61 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Validation - for intended purpose (2)
Validation of computerised system audit trail
Definition Expectation / guidance
For example - validation of computerised
system audit trail:
' A custom report generated from a relational
database may be used as a GMP system
audit trail. ' SOPs should be drafted during OQ to
describe the process for audit trail verification,
including definition of the data to be
reviewed
. ' 'Validation for intended use' would include
testing during PQ to confirm that the
required data is correctly extracted by the
custom report
, and presented in a manner
which is aligned with the data review process
described in the SOP. 62 GAMP Italia '' Data Integrity - SAVE, Verona, 28 Ottobre 2015 Grazie per l''attenzione! Per ulteriori informazioni: sandro@decaris.it


© Eiom - All rights Reserved     P.IVA 00850640186