Period of Creation.
“4.8. If data are transferred to another data format or system, validation should include checks that data are not altered
in value and/or meaning during this migration process."
The migration of e-records must be verified; there must be an additional check on the accuracy of the entry.
“6. Accuracy Checks - For critical data entered manually, there should be an additional check on the accuracy of the data.
This check may be done by a second operator or by validated electronic means. The criticality and the potential consequences
of erroneous or incorrectly entered data to a system should be covered by risk management.”
For electronic records regulated users should define which data are to be used as raw data (17). Where applicable, there should
be special procedures for critical data entry requiring a second check, for example the data entry and check for a manufacturing
formula or the keying in of laboratory data and results from paper records. A second authorized person with logged name and
identification may verify data entry via the keyboard with time and date. The inclusion and use of an audit trail (refer to
Annex 11-9) to capture the diversity of changes possibly impacting the data may facilitate this check.
When automated equipment is used as described under US FDA 21 CFR 211.68(c), featuring direct data capture linked to other
databases and intelligent peripherals, the verification by a second individual is not necessary. For example, firms may omit
the second person component in weight check operations if scales are connected to a computer system performing checks on component
quality control release status and proper identification of containers. The computer system must be validated, registering
the raw materials identification, lot number and expiry date, and integrated with the recorded accurate weight data.
Period of Access and Use.
“5. Data - Computerised systems exchanging data electronically with other systems should include appropriate built-in checks
for the correct and secure entry and processing of data, in order to minimize the risks.”
Based on the complexity and reliability of computer systems, there must be procedural controls and technologies to ensure
the accuracy and security of computer system I/Os and electronic records. The US FDA Compliance Policy Guide (CPG) 425.400
(formerly 7132a.07), “I/O Checking,” establishes that computer I/Os are to be tested for data accuracy as part of the computer
system qualification and, after the qualification, as part of the computer system’s on-going performance evaluation procedure.
The use of input edits may mitigate the need for extensive I/O checks (18).
The objective of the I/O checks is to develop a method to prevent inaccurate data inputs and outputs. I/Os should be monitored
to ensure the process remains within the established parameters. When monitoring data on quality characteristics demonstrates
negative tendencies, the cause should be investigated, corrective action taken and revalidation considered.
Edits can also be used to make up information and give the erroneous impression that a process is under control. These error
overrides must be documented during design.
“7.1. Data Storage - Data should be secured by both physical and electronic means against damage. Stored data should be checked
for accessibility, readability and accuracy. Access to data should be ensured throughout the retention period.”
“7.2. Data Storage - Regular back-ups of all relevant data should be done. Integrity and accuracy of backup data and the ability
to restore the data should be checked during validation and monitored periodically.
Computer system electronic records must be controlled and include record retention, backup and security. Computer systems
must also have adequate controls to prevent unauthorized access or changes to e-records, inadvertent erasures, or loss. The
validated back-up procedure including storage facilities and media, should assure integrity and availability of e-records
and audit trail records. The frequency of back up is dependent on the computer system functions and the risk assessment of
a loss of e-records.
Procedures for regular testing, including a test plan, for back-up and disaster recovery should be in place. A log of back
up testing including date of testing and results should be maintained and a record of rectification of any errors should be
kept. The physical security of the system should also be adequate to minimize the possibility of unauthorized access, willful
or accidental damage by personnel or loss of e-records.
Regular training in all security/backup relevant procedures to the personnel providing security and performing backups is
crucial. Before hardware and/or software is exchanged, a change control mechanism should be used to check that the e-records
concerned can also be managed in the new configuration. Should an inevitable change in the hardware and/or software mean that
the stored e-records cannot be managed in the new configuration, then one of the following procedures should be applied:
- the e-records in the format concerned should be converted into a format that can be printed in the new configuration
- the components of the old hardware and/or software configuration required for printing should be retained. In this case it
should be guaranteed that a suitable alternative system is available in case the retained system fails.
- the e-record is transferred to another medium.
The electronically stored e-records should be checked regularly for availability and integrity.
Appropriate controls for electronic documents such as templates, forms and master documents should be implemented. Appropriate
controls should be in place to ensure the integrity of the record throughout the retention period.
Additional references associated with this principle can be found at: Article 9 Section 2, Commission Directives 2003/94/EC;
PIC/S PI 011-3; EudraLex - Volume 4 Good manufacturing practice (GMP) Guidelines, Part I - Basic Requirements for Medicinal
Products, Chapter 4 – Documentation; and US FDA 21 CFR 211.68 and 21 CFR Part 11.10(c); 11.10(d); 11.10(e); 11.10(g); 11.10(h);
“ 9. Audit Trails - Consideration should be given, based on a risk assessment, to building into the system the creation of
a record of all GMP-relevant changes and deletions (a system generated "audit trail"). For change or deletion of GMP-relevant
data the reason should be documented. Audit trails need to be available and convertible to a generally intelligible form and
Audit trails are control mechanisms generated by the computer systems that allow all data entered and further processed by
the system to be traced back to the original e-record. If the e-record needs to be changed, a second person should approve
these changes along with the reasons. The audit trail records should be reviewed regularly. And the date and time of the audit
trail must be synchronized to a trusted date and time service.