Module 7 - Data Integrity and Computer System Validation

1. Untitled Scene

1.1 Module 7 Data integrity and computer system validation

Notes:

Published by Articulate® Storyline www.articulate.com

1.2 About this module

1.3 Objectives

Notes:

Published by Articulate® Storyline www.articulate.com

1.4 What is data integrity?

1.5 What is data integrity (continued)?

Published by Articulate® Storyline www.articulate.com

1.6 Why is data integrity important?

1.7 Quick quiz 1

(True/False, 10 points, 1 attempt permitted)

Published by Articulate® Storyline www.articulate.com

Correct Choice

True

X False

Feedback when correct:

That's right! You selected the correct response.

Feedback when incorrect:

You did not select the correct response.

Notes:

Correct (Slide Layer)

Published by Articulate® Storyline www.articulate.com

Incorrect (Slide Layer)

1.8 Regulatory data integrity definition

Published by Articulate® Storyline www.articulate.com

1.9 Regulatory requirements

1.10 Regulatory requirements (continued)

Published by Articulate® Storyline www.articulate.com

1.11 Regulatory requirements (continued)

1.12 Regulatory requirements and quality risk management

Published by Articulate® Storyline www.articulate.com

1.13 Quick quiz 2

(Multiple Response, 10 points, 1 attempt permitted)

Correct Choice

X A) complete

B) sustainable

C) consistent

X D) accurate

E) achievable

Feedback when correct:

That's right! You selected the correct response.

Feedback when incorrect:

You did not select the correct response.

Published by Articulate® Storyline www.articulate.com

Correct (Slide Layer)

Incorrect (Slide Layer)

Published by Articulate® Storyline www.articulate.com

1.14 Misconception

1.15 Data integrity vs. data quality

Published by Articulate® Storyline www.articulate.com

1.16 ALCOA

1.17 Attributable

Published by Articulate® Storyline www.articulate.com

1.18 Legible

1.19 Contemporaneous

Published by Articulate® Storyline www.articulate.com

1.20 Original

1.21 Accurate

Published by Articulate® Storyline www.articulate.com

1.22 ALCOA+

1.23 Complete

Published by Articulate® Storyline www.articulate.com

1.24 Consistent

1.25 Enduring

Published by Articulate® Storyline www.articulate.com

1.26 Available

1.27 Quick quiz 3

(Multiple Choice, 10 points, 1 attempt permitted)

Published by Articulate® Storyline www.articulate.com

Correct Choice

X A) attributable

B) legible

C) contemporaneous

D) original

E) accurate

Feedback when correct:

That's right! You selected the correct response.

Feedback when incorrect:

You did not select the correct response.

Correct (Slide Layer)

Published by Articulate® Storyline www.articulate.com

Incorrect (Slide Layer)

1.28 US FDA Guidance for industry - constantly evolving

Published by Articulate® Storyline www.articulate.com

1.29 Constantly evolving

1.30 Draft FDA DI guidance

Published by Articulate® Storyline www.articulate.com

1.31 FDA definitions

1.32 FDA definitions (continued)

Published by Articulate® Storyline www.articulate.com

1.33 FDA definitions (continued)

1.34 FDA definitions (continued)

Published by Articulate® Storyline www.articulate.com

1.35 When is it permissible to exclude cGMP data from decision making?

1.36 Does each workflow on our computer system need to be validated?

Published by Articulate® Storyline www.articulate.com

1.37 How should access to cGMP computer systems be restricted?

1.38 Why is FDA concerned with the use of shared login accounts for
computer systems?

Published by Articulate® Storyline www.articulate.com

1.39 How should blank forms be controlled?

1.40 How often should audit trails be reviewed?

Published by Articulate® Storyline www.articulate.com

1.41 Who should review audit trails?

1.42 Electronic copies

Published by Articulate® Storyline www.articulate.com

1.43 Static record vs. standalone computerized lab instruments

1.44 Example static records

Published by Articulate® Storyline www.articulate.com

1.45 Electronic signatures on master documents

1.46 When does electronic data become a cGMP record?

Published by Articulate® Storyline www.articulate.com

1.47 System suitability

1.48 Is it acceptable to only save the final results from reprocessed

laboratory chromatography?

Published by Articulate® Storyline www.articulate.com

1.49 Handling potential data falsification

1.50 Is the FDA investigator allowed to look at my electronic records?

Published by Articulate® Storyline www.articulate.com

1.51 How does FDA recommend data integrity problems identified during
inspections, in warning letters, or in other regulatory actions be
addressed?

1.52 Quick quiz 4

(True/False, 10 points, 1 attempt permitted)

Published by Articulate® Storyline www.articulate.com

Correct Choice

X True

False

Feedback when correct:

That's right! You selected the correct response.

Feedback when incorrect:

You did not select the correct response.

Published by Articulate® Storyline www.articulate.com

Correct (Slide Layer)

Incorrect (Slide Layer)

Published by Articulate® Storyline www.articulate.com

1.53 Good documentation practice and DI - What is GDocP?

1.54 Document permanency and integrity

Published by Articulate® Storyline www.articulate.com

1.55 Most common document errors

1.56 General requirements

Published by Articulate® Storyline www.articulate.com

1.57 Back dating

1.58 Blank spaces

Published by Articulate® Storyline www.articulate.com

1.59 Omitted data

1.60 Making a legible correction

Published by Articulate® Storyline www.articulate.com

1.61 Explaining an error

1.62 Changes after verification or checking

Published by Articulate® Storyline www.articulate.com

1.63 What to do when there is insufficient space?

1.64 Dealing with attachments and printouts

Published by Articulate® Storyline www.articulate.com

1.65 Dealing with attachments and printouts (continued)

1.66 Transcribing

Published by Articulate® Storyline www.articulate.com

1.67 When is transcription OK?

1.68 True copies

Published by Articulate® Storyline www.articulate.com

1.69 Indelible

1.70 Quick quiz 5

(True/False, 10 points, 1 attempt permitted)

Published by Articulate® Storyline www.articulate.com

Correct Choice

True

X False

Feedback when correct:

That's right! You selected the correct response.

Feedback when incorrect:

You did not select the correct response.

Correct (Slide Layer)

Published by Articulate® Storyline www.articulate.com

Incorrect (Slide Layer)

1.71 DI in the laboratory - Scientific fraud

Published by Articulate® Storyline www.articulate.com

1.72 Definition of improper practice

1.73 Types of improper practice

Published by Articulate® Storyline www.articulate.com

1.74 Definition of laboratory fraud

1.75 Difference between fraud and improper practice

Published by Articulate® Storyline www.articulate.com

1.76 Data reliability – when it’s not fraud

1.77 Potential areas for data integrity issues

Published by Articulate® Storyline www.articulate.com

1.78 1. Sample preparation

1.79 2. Sample analysis

Published by Articulate® Storyline www.articulate.com

1.80 3. Record keeping

1.81 4. Data reporting

Published by Articulate® Storyline www.articulate.com

1.82 Common examples of laboratory fraud

1.83 Quick quiz 6

(Multiple Response, 10 points, 1 attempt permitted)

Published by Articulate® Storyline www.articulate.com

Correct Choice

X A) Not following the method

B) Rounding into compliance

X C) Using incorrect reagents

X D) Poor sample handling and storage

E) Using unvalidated computer systems

Feedback when correct:

That's right! You selected the correct response.

Feedback when incorrect:

You did not select the correct response.

Correct (Slide Layer)

Published by Articulate® Storyline www.articulate.com

Incorrect (Slide Layer)

1.84 Examples of data integrity breaches

Published by Articulate® Storyline www.articulate.com

1.85 Examples of data integrity breaches (continued)

1.86 Examples of data integrity breaches (continued)

Notes:

Published by Articulate® Storyline www.articulate.com

1.87 What is computer system validation?

1.88 Goals of computer system validation

Published by Articulate® Storyline www.articulate.com

1.89 WHO Governance

1.90 Responsibilities

Published by Articulate® Storyline www.articulate.com

1.91 Supplier management

1.92 Risk assessment

Published by Articulate® Storyline www.articulate.com

1.93 Traceability matrix

1.94 GAMP 5 requirement for computer system validation

Notes:

Published by Articulate® Storyline www.articulate.com

Category 1 - Infrastructure software :
Including operating systems, Database Managers, etc. Example : Windows XP
Category 2: Firmware
Removed from GAMP 4 has been removed.
Category 3 - Non configurable software :
Including, commercial off the shelf software (COTS), Laboratory Instruments /
Software where we can view, read, recipe can be selected and print
Category 4 - Configured software :
Include view, reading, recipe can be selected , get system generated print
and capable for store and process and configure the data based on
requirement. E.g: LIMS, SCADA, DCS, CDS, etc.
Category 5 - Bespoke software /Customer Application :
Design Electronic batch record.

1.95 Computer system qualification

Notes:

• System requirement specifications (SRS) or user requirement specifications (URS) : The SRS or URS control

Published by Articulate® Storyline www.articulate.com

 documents must state the objective of a proposed computer system , the data entered , stored , the flow of data ,
how it interacts with other systems and procedures , the information to be produced , the limits of any variables
and the operating programme and test programme .User requirements must have a couple of key attributes. The
vendor’s specification sheets can be used as guidelines during SRS or URS.During SRS or URS all user department
must be involved

• Design Qualification and Specifications :Design qualification (DQ) defines the functional and operational
specifications of the instrument and details the conscious decisions in the selection of the supplier

Steps for design specification normally include:

• Description of the task the computer system is expected to perform

• Description of the intended use of the system

• Description of the intended environment

• Includes network environment)

• Preliminary selection of the system requirement specifications, functional specifications and vendor

• Vendor assessment

• Final selection of the system requirement specifications and functional specification

• Development and documentation of final system specifications

• Installation Qualification :Installation qualification establishes that the computer system is received as designed
and specified, that it is properly installed in the selected environment, and that this environment is suitable for
the operation and use of the instrument.

Steps for installation qualification normally include:

• Compare computer hardware and software, as received, with purchase order (including software, accessories,
spare parts)

• Check documentation for completeness)

• Check computer hardware and peripherals for any damage

• Install hardware (computer, peripherals, network devices, cables)

• Install software on computer following the manufacturer’s recommendation

• Verify correct software installation, e.g., are all files accurately copies on the computer hard disk. Utilities to do
this must be included in the software itself.

• Make back-up copy of software

• Operational Qualification :Operational qualification(OQ) is the process of demonstrating that a computer

system will function according to its functional specifications in the selected environment.

Steps for operational qualification normally include:

• During e OQ testing is done , the link between USR and DQ must be check

• System must be tested as per vender manual or operating procedure

• The general aspect must be also check such as power supply , temperature , magnetic disturbance

• Training must be conducted to the user

• Proper functioning of back-up and recovery and security functions like access control to the computer system and
to data must also be tested.

• Full OQ test must be performed before the system is used initially and at regular intervals

Published by Articulate® Storyline www.articulate.com

• Performance Qualification :Performance Qualification (PQ) is the process of demonstrating that a system
consistently performs according to a specification appropriate for its routine use i.e testing of the system with
the entire application.

Steps for performance qualification normally include:

• Complete system test to proof that the application works as intended. For example for a computerized analytical
system this can mean running a well characterized sample through the system and compare the results with a
result previously obtained.

• Regression testing: reprocessing of data files and compare the result with previous result

• Regular removal of temporary files

• Regular virus scan

• Auditing computer systems and Audit trails

• Security ,Back up

• Accuracy checks ,Data storage, Printout

1.96 Computer and software validation

Notes:

• Validation Master Plan :

Published by Articulate® Storyline www.articulate.com

• All validation activities must be described in a validation master
plan which must provide a framework for thorough and
consistent validation of product. Key element of validation are:
Requirements, Design Control ,Testing, Change Control,
Traceability and Monitoring.
• Process Validation master plans must include:
A.Introduction with a scope of the plan, e.g., sites, systems,
processes ,,Responsibilities by function.

B.Related documents, e.g., risk management plans ,

Products/processes to be validated and/or qualified.

• Validation Protocol and Report :

• The validation protocol must be numbered, signed and dated , and must
contain as a minimum the following information’s:
• Objectives , Scope of coverage of the validation study ,
• Validation team , their qualifications and responsibilities
• Justification for validation’
• Risk Assessment ,
• Type of validation: Prospective , concurrent , Retrospective , revalidation,
• A list of all equipment to be used with calibration, qualification,
requalification and preventive maintenance details.
• Outcome of IQ , OQ for critical parameter,
• Critical parameters and their respective tolerance;
• Description of the processing steps : Challenges
• of sampling and sampling plans;
• Statistical tools to be used in the analysis of data ,
• Forms and chart to be used for documenting results ,
• Non-conference ( Out of Specification /Out of Trend/Deviation )
• Change control

Published by Articulate® Storyline www.articulate.com

• Conclusion
• Summary
• Approval of study

1.97 Heart of Computer Validation System

Notes:

• Security management is the process that ensure the confidentiality,

integrity and availability of an organizations regulated systems, records and
process.
• Physical and logical security control - To control unauthorized
use
• Controls : use of key locks, pass card, biometric and
username-password combinations
• Define roles and responsibilities
• Changes records
• Changes should be done only by authorized person

Published by Articulate® Storyline www.articulate.com

 • Incident/ Deviation formally login, document, investigate ,
CAPA and closure
• Security policies and SOPs
• Electronic Records and Electronic signature
• Electronic records and signature are regards as equivalent to paper records
and hand-written signature
• System that generate, store or process electronic records or use electronic
signature must be validated.
• Electronic Records :
• To be printed in a readable format.
• For release records, it should be possible to generate and print
out the changes made to the original data.
• Electronic Signatures:
• Electronic signatures must be unique to one individual and there must
be procedure to ensure the owners of the electronic signatures are
aware of their responsibilities for their actions, i.e. users must be
aware that electronic signatures have the same impact as hand-written
signatures.
• Electronic signature must be permanently linked to their respective
electronic record to ensure that the signatures cannot be edited,
duplicated or removed in anyway.
• Electronic signature must clearly indicates
• The displayed/printed name of the signer
• The date and time when the signature was executed
• The reason for signing(such as review, approval, responsibility or
authorship) associated

• An audit trail
• It is a log generated by the computerised system that allows operator
entries and actions that create, modify or delete GMP relevant electronic
records to traced back to the original electronic records.

Published by Articulate® Storyline www.articulate.com

An audit trail is expected to have the following features:
• Access to audit trail data should be limited to print and /or read only.
• It must be protected against modification or deletion
• It should have the ability to capture a full history of all GMP related
transitions, including the identity of the person making the change, the date
and time of change and the reason for change.
• The data and time of the audit trial must be synchronised with a trusted
date and time service e.g. main server
• It should be readable and readily available
• Confirmed during testing ,Reportable ,Permanently linked to record -
confirmed during testing.
• Audit trail configuration logs must be reviewed regularly based on the
criticality of the system

• Periodic System Review:

• Periodically reviewed and maintained records.

• Ensure and evaluate the system remain in a validated

• Compliance with current standards

• Industry trends

• Assurance the testing and associated documentation still supports the

systems current use

• review of changes; deviations and incidents;

• Review of systems documentation; procedures and training;

• Effectiveness of corrective and preventive action (CAPA).

• Data Back-up, Recovery, and Archiving :

Published by Articulate® Storyline www.articulate.com

• A backup means a copy of one or more electronic files created as an
alternative in case the original data or system are lost or become unusable
(for example, in the event of a system crash or corruption of a disk).
• Steps involved in Data Back-up, Recovery, and Archiving
• Back-up copies should not be relied upon as an archival mechanism.
• Backup of electronic records is to ensure disaster recovery.
• Formal procedure in place : to ensure that routine back-ups of all GMP
related data are made and stored in secure location at a frequency based
on a risk analysis to prevent intentional or accident damage .
• Periodic : To ensure backups are recoverable and data integrity and
accuracy is maintained during the recovery process

• Electronic Data integrity :

• Electronic media degrades overtime, and reuse of backup media should in

accordance with manufacturer recommendations for the practical lifetime

of the media.

• The backup and restore procedure should be verified periodically.

• The frequency should be based on risk.

• Backup and restore procedure and documentation should be check during

periodic review.

• The conclusion should be documented

• Electronic Data Management

• The data to be entered, processed, reported, stored and retrieved by the
system, including any master data and other data considered to be the
most critical to system control and data output;
• Data :Data means all original records and true copies of original records
• data governance.
• Data Integrity

Published by Articulate® Storyline www.articulate.com

• Data life cycle
• Dynamic Record format
• Business Continuity Plan (BCP)
• Plans, measures and arrangements to ensure the continuous delivery of
critical services and products, which permits the organization to recover its
facility, data and assets is call ed BCP
• Creating and maintaining a BCP helps ensure that an institution has the
resources and information needed to deal with these emergencies
Steps involved in Business continuity plan:
a.BCP Governance.
b.Business Impact Analysis (BIA).
c.Plans, measures, and arrangements for business continuity
d.Readiness procedures
e.Quality assurance techniques

• Disaster Recovery (DR)

• Disaster Recovery (DR) is the process used to recover the access
to software, data, and/or hardware that are needed to resume
the performance of normal, critical business functions after the
event of either natural disaster or a disaster caused by humans.
• Steps involved in Disaster Recovery Plan:
• Risk Assessment :
• Data Back-Up and recovery Procedures
• Implementation Procedures
• Plan Maintenance
• Disaster management plan
• Post Test Review

Published by Articulate® Storyline www.articulate.com

1.98 System Retirements Management

Notes:

A.System Retirement plan

• Identification of system with its asset number, serial number, software name ,

location of the system, hardware and software components to be retired.

• Raised the change control and defined the method for deactivation, removal, or

re-assignment of the system, preservation of data, records, etc.

• Approved the retirement plan

B. Data Archival and Disposal

• Data must be either archived or migrated to another system for future

regulatory requirement.

• Procedure must be in place and periodic checks must be performed to

Published by Articulate® Storyline www.articulate.com

 assure that data integrity and accuracy is maintain and recoverable

throughout the retention period.

• Access to data should be ensured throughout the retention time.

• Once the archived data reaches the end of the retention period, the data

may be destroyed or the retention period may be extended

C. Data Migration

• Data migration -Performed in case replacing of software or an application,

upgrading of the system or retirement of system.
• Data migration must include :
a.test to assure acceptable accuracy and completeness of
data migration.
b.Approved plan by system owner and Site Master
expert(SME)
c.Approved procedure : for data migration, storage and
retrieval.
d.Final report is recommended to summarize the status.
D.Decommissioning
• Formal decommissioning of the computerised system typically occur when

the system is retired from use.

• In some circumstance, a computerised system may remain in a read-only

state from a period of time to permit data accessing this, case

decommissioning will occur when the requirement to access the data has

expired.

E. Retirement Summary
• Software retirement summary shall be prepared on completion and

acceptance of retirement activity.

Published by Articulate® Storyline www.articulate.com

• Summary shall include

a.change control details,

b.steps followed during the retirement

c.Any non-conformance against plan

d. Retirement summary shall be approved

1.99 Final assessment

Notes:

Published by Articulate® Storyline www.articulate.com