ISPE GAMP<sup>&#xae;</sup> RDI Good Practice Guide: Data Integrity &#x2013; Key Concepts cover image

ISPE GAMP® RDI Good Practice Guide: Data Integrity – Key Concepts

Published:October 2018

Pages:196

The ISPE GAMP® RDI Good Practice Guide: Data Integrity – Key Concepts provides detailed practical guidance to support data integrity within a regulated organization.

In recent years significant problems with data integrity have been found in the pharmaceutical, biotechnology, and medical device industries worldwide. This ultimately affects patients, as patient safety is intrinsically impacted by the integrity and quality of the data on which a regulatory decision is based.

Additionally, the implementation of behavioral, procedural, and technical solutions to meet regulatory requirements throughout the business process proves to be challenging for organizations that do not have expertise in incorporating data integrity into their daily activities.

This Guide integrates tools such as Cultural Excellence and critical thinking skills into data integrity practices to aid companies in meeting regulatory requirements and expectations. Numerous examples of good data integrity practices along with ways to identify risks and detect issues are included to assist organizations in developing or raising their data integrity awareness.

This Guide is positioned under the ISPE GAMP® Guide: Records and Data Integrity and is aligned with ISPE GAMP® 5: A Risk-Based Approach to Compliant GxP Computerized Systems.

  • 1 Introduction
  • 1.1 Background
  • 1.2 Purpose
  • 1.3 Scope
  • 1.4 Structure of This Guide
  • 2 Data Governance
  • 2.1 Data Integrity Culture
  • 2.2 Roles and Responsibilities
  • 2.3 Good Documentation Management Practices
  • 2.4 Data Classification
  • 2.5 Gap Assessments as Part of a Corporate Data Integrity Program
  • 3 Data Life Cycle
  • 3.1 Data Definitions and Requirements
  • 3.2 Data and System Life Cycle Interrelationships
  • 4 Risk Management Approaches
  • 4.1 Focus of Risk Management
  • 4.2 Supplier and Third-Party Management
  • 4.3 GxP Computerized Systems
  • 4.4 System Interfaces
  • 4.5 Access Controls
  • 5 Critical Thinking
  • 5.1 Auditing
  • 5.2 Use of Analytics to Detect Data Integrity Issues
  • 6 Appendix 1 – Data Integrity Gemba Checklist in the Laboratory
  • 7 Appendix 2 – IMPACT Tool Applied to Data Integrity
  • 8 Appendix 3 – Corporate Data Integrity Program Case Study
  • 8.1 Background
  • 8.2 Program Objectives
  • 8.3 Governance
  • 8.4 Program Action Plan
  • 8.5 Conclusion
  • 9 Appendix 4 – Culture and Continuous Improvement Capability Road Map
  • 10 Appendix 5 – Regulatory Definitions of Data Terminology
  • 11 Appendix 6 – Requirements Planning
  • 11.1 Introduction
  • 11.2 Requirements
  • 11.3 Requirements Analysis
  • 12 Appendix 7 – Requirements Specification and Data Integrity Risks for Interfaces
  • 12.1 Interface Requirements Specification
  • 12.2 Typical Data Integrity Issues Related to Data Interfaces
  • 13 Appendix 8 – Example of a Four-Tier Classification System of a Life Science Company
  • 14 Appendix 9 – Security Controls
  • 14.1 Security Controls
  • 14.2 Review of Controls
  • 15 Appendix 10 – Case Study: DBA and Security Controls for an RTSM System in a GCP Environment
  • 15.1 Background
  • 15.2 Infrastructure Controls
  • 15.3 Account Controls
  • 15.4 Segregation of Duties
  • 15.5 Periodic Reviews
  • 15.6 Internal Audit
  • 16 Appendix 11 – Case Study: DBA and Security Controls for an ERP System in a Medical Device Manufacturing Environment
  • 17 Appendix 12 – Case Study: Laboratory Computerized System
  • 17.1 Typical Use Scenario
  • 17.2 Records Risk Assessment and Controls Considerations
  • 17.3 CDS Example
  • 17.4 Remediation Plan
  • 18 Appendix 13 – Case Study: Uncontrolled Spreadsheet
  • 18.1 Scenario
  • 18.2 Records Risk Assessment and Controls Considerations
  • 18.3 Spreadsheet Example
  • 18.4 Remediation Plan
  • 19 Appendix 14 – Case Study: Process Control System
  • 19.1 Scenario
  • 19.2 Records Risk Assessment and Controls Considerations
  • 19.3 PCS Example
  • 19.4 Remediation Plan
  • 20 Appendix 15 – Case Study: Business Application System
  • 20.1 Scenario
  • 20.2 Records Risk Assessment and Controls Considerations
  • 20.3 IT Systems Example
  • 20.4 Remediation Plan
  • 21 Appendix 16 – Reviewing Laboratory Systems
  • 21.1 General Requirements
  • 21.2 Access Roster Review
  • 21.3 Data and Transfers
  • 21.4 Data Processing
  • 21.5 Laboratory System Audit Trails
  • 22 Appendix 17 – Reviewing IT Systems
  • 22.1 IT System Overview
  • 22.2 User Access
  • 22.3 IT Audit Trails
  • 22.4 IT System Validation
  • 22.5 IT System Data Flow
  • 22.6 IT System Data Storage
  • 23 Appendix 18 – Reviewing Supporting Data
  • 23.1 Time card or Badge-in vs. Data or Batch Approval
  • 23.2 Maintenance Records vs. Data in Historian
  • 23.3 Batch Records vs. Component or Material Records
  • 23.4 Concealing Things in a Parallel System: The Numbers Game
  • 23.5 Timing: Determining the Real Sequence of Events
  • 24 Appendix 19 – Auditing Access Controls
  • 25 Appendix 20 – Regulatory Guidance Regarding Classificationof Deficiencies
  • 26 Appendix 21 – Detecting Aberrant Results
  • 26.1 Detection Methods
  • 26.2 Assumptions
  • 26.3 Grouping, Normalizing, and Profiling Data
  • 27 Appendix 22 – References
  • 28 Appendix 23 – Glossary
  • 28.1 Abbreviations and Acronyms
  • 28.2 Definitions
  • Sam Andrews, Integrity Solutions Ltd., United Kingdom
  • Erika Ballman, Albemarle Corporation, USA
  • George Bass, GGB Services, USA
  • Ivan Diamond, Bio Products Laboratory Ltd., United Kingdom
  • Robert Dillman, Eli Lilly & Co., USA
  • Sophie Zhiyao Ding, Ernst & Young LLP, USA
  • George Evgrafov, PAREXEL International, Germany
  • Kira Ford, Eli Lilly & Co., USA
  • Tami Frederick, Perrigo Company, USA
  • Elmar Harringer, CoProCo Ing.-Büro Harringer, Germany
  • Volker Hattwig, Coconeo Ltd., Germany
  • Oliver Herrmann, Q-FINITY Quality Management, Germany
  • Paul Labas, USA
  • Heather Longden, Waters Corporation, USA
  • Anthony Margetts, Factorytalk Co., Ltd., Thailand
  • Barry McManus, Empowerment Quality Engineering, United Kingdom
  • Leslie A. Paul, MS, Perrigo Company, USA
  • Siegfried Schmitt PAREXEL International, United Kingdom
  • Markus M. Schröder, Coconeo Ltd., Germany
  • Doug Shaw, Azzur Group, USA
  • Rob Stephenson, Rob Stephenson Consultancy, United Kingdom
  • Michelle Vuolo, Sanofi, USA
  • Lorrie Vuolo-Schuessler (Co-Lead), GlaxoSmithKline, USA
  • Charlie Wakeham (Co-Lead), Waters Corporation, Australia

ISPE GAMP® RDI Good Practice Guide: Data Integrity – Key Concepts explores areas presented in ISPE GAMP® Guide: Records and Data Integrity in further depth. This key concepts Guide incorporates tools such as Cultural Excellence and critical thinking skills into data integrity practices to aid companies in meeting regulatory requirements and expectations.

Numerous examples of good data integrity practices along with ways to identify risks and detect issues are included to assist organizations in developing or raising their data integrity awareness.

This Guide is positioned under the ISPE GAMP® Guide: Records and Data Integrity, and is aligned with ISPE GAMP® 5: A Risk-Based Approach to Compliant GxP Computerized Systems.