Annex 11: Progress in EU Computer Systems Guidelines - Pharmaceutical Technology

Latest Issue

Latest Issue
PharmTech Europe

Annex 11: Progress in EU Computer Systems Guidelines

Pharmaceutical Technology Europe
Volume 23, Issue 6

Period of Creation.

“4.8. If data are transferred to another data format or system, validation should include checks that data are not altered in value and/or meaning during this migration process."

The migration of e-records must be verified; there must be an additional check on the accuracy of the entry.

“6. Accuracy Checks - For critical data entered manually, there should be an additional check on the accuracy of the data. This check may be done by a second operator or by validated electronic means. The criticality and the potential consequences of erroneous or incorrectly entered data to a system should be covered by risk management.”

For electronic records regulated users should define which data are to be used as raw data (17). Where applicable, there should be special procedures for critical data entry requiring a second check, for example the data entry and check for a manufacturing formula or the keying in of laboratory data and results from paper records. A second authorized person with logged name and identification may verify data entry via the keyboard with time and date. The inclusion and use of an audit trail (refer to Annex 11-9) to capture the diversity of changes possibly impacting the data may facilitate this check.

When automated equipment is used as described under US FDA 21 CFR 211.68(c), featuring direct data capture linked to other databases and intelligent peripherals, the verification by a second individual is not necessary. For example, firms may omit the second person component in weight check operations if scales are connected to a computer system performing checks on component quality control release status and proper identification of containers. The computer system must be validated, registering the raw materials identification, lot number and expiry date, and integrated with the recorded accurate weight data.

Period of Access and Use.

“5. Data - Computerised systems exchanging data electronically with other systems should include appropriate built-in checks for the correct and secure entry and processing of data, in order to minimize the risks.”

Based on the complexity and reliability of computer systems, there must be procedural controls and technologies to ensure the accuracy and security of computer system I/Os and electronic records. The US FDA Compliance Policy Guide (CPG) 425.400 (formerly 7132a.07), “I/O Checking,” establishes that computer I/Os are to be tested for data accuracy as part of the computer system qualification and, after the qualification, as part of the computer system’s on-going performance evaluation procedure. The use of input edits may mitigate the need for extensive I/O checks (18).

The objective of the I/O checks is to develop a method to prevent inaccurate data inputs and outputs. I/Os should be monitored to ensure the process remains within the established parameters. When monitoring data on quality characteristics demonstrates negative tendencies, the cause should be investigated, corrective action taken and revalidation considered.

Edits can also be used to make up information and give the erroneous impression that a process is under control. These error overrides must be documented during design.

“7.1. Data Storage - Data should be secured by both physical and electronic means against damage. Stored data should be checked for accessibility, readability and accuracy. Access to data should be ensured throughout the retention period.”

“7.2. Data Storage - Regular back-ups of all relevant data should be done. Integrity and accuracy of backup data and the ability to restore the data should be checked during validation and monitored periodically.

Computer system electronic records must be controlled and include record retention, backup and security. Computer systems must also have adequate controls to prevent unauthorized access or changes to e-records, inadvertent erasures, or loss. The validated back-up procedure including storage facilities and media, should assure integrity and availability of e-records and audit trail records. The frequency of back up is dependent on the computer system functions and the risk assessment of a loss of e-records.

Procedures for regular testing, including a test plan, for back-up and disaster recovery should be in place. A log of back up testing including date of testing and results should be maintained and a record of rectification of any errors should be kept. The physical security of the system should also be adequate to minimize the possibility of unauthorized access, willful or accidental damage by personnel or loss of e-records.

Regular training in all security/backup relevant procedures to the personnel providing security and performing backups is crucial. Before hardware and/or software is exchanged, a change control mechanism should be used to check that the e-records concerned can also be managed in the new configuration. Should an inevitable change in the hardware and/or software mean that the stored e-records cannot be managed in the new configuration, then one of the following procedures should be applied:

  • the e-records in the format concerned should be converted into a format that can be printed in the new configuration
  • the components of the old hardware and/or software configuration required for printing should be retained. In this case it should be guaranteed that a suitable alternative system is available in case the retained system fails.
  • the e-record is transferred to another medium.

The electronically stored e-records should be checked regularly for availability and integrity.

Appropriate controls for electronic documents such as templates, forms and master documents should be implemented. Appropriate controls should be in place to ensure the integrity of the record throughout the retention period.

Additional references associated with this principle can be found at: Article 9 Section 2, Commission Directives 2003/94/EC; PIC/S PI 011-3; EudraLex - Volume 4 Good manufacturing practice (GMP) Guidelines, Part I - Basic Requirements for Medicinal Products, Chapter 4 – Documentation; and US FDA 21 CFR 211.68 and 21 CFR Part 11.10(c); 11.10(d); 11.10(e); 11.10(g); 11.10(h); 11.30.

“ 9. Audit Trails - Consideration should be given, based on a risk assessment, to building into the system the creation of a record of all GMP-relevant changes and deletions (a system generated "audit trail"). For change or deletion of GMP-relevant data the reason should be documented. Audit trails need to be available and convertible to a generally intelligible form and regularly reviewed.”

Audit trails are control mechanisms generated by the computer systems that allow all data entered and further processed by the system to be traced back to the original e-record. If the e-record needs to be changed, a second person should approve these changes along with the reasons. The audit trail records should be reviewed regularly. And the date and time of the audit trail must be synchronized to a trusted date and time service.


blog comments powered by Disqus
LCGC E-mail Newsletters

Subscribe: Click to learn more about the newsletter
| Weekly
| Monthly
| Weekly

What role should the US government play in the current Ebola outbreak?
Finance development of drugs to treat/prevent disease.
Oversee medical treatment of patients in the US.
Provide treatment for patients globally.
All of the above.
No government involvement in patient treatment or drug development.
Finance development of drugs to treat/prevent disease.
Oversee medical treatment of patients in the US.
Provide treatment for patients globally.
All of the above.
No government involvement in patient treatment or drug development.
Jim Miller Outsourcing Outlook Jim MillerOutside Looking In
Cynthia Challener, PhD Ingredients Insider Cynthia ChallenerAdvances in Large-Scale Heterocyclic Synthesis
Jill Wechsler Regulatory Watch Jill Wechsler New Era for Generic Drugs
Sean Milmo European Regulatory WatchSean MilmoTackling Drug Shortages
New Congress to Tackle Health Reform, Biomedical Innovation, Tax Policy
Combination Products Challenge Biopharma Manufacturers
Seven Steps to Solving Tabletting and Tooling ProblemsStep 1: Clean
Legislators Urge Added Incentives for Ebola Drug Development
FDA Reorganization to Promote Drug Quality
Source: Pharmaceutical Technology Europe,
Click here