OBJECTIVE:

• To define a robust system to ensure that all data generated, recorded, processed, and reported across manufacturing, laboratory, and computerized systems are complete, consistent, accurate, and reliable throughout their entire lifecycle, in compliance with EU GMP, and WHO guidelines on Data Integrity.

 SCOPE:

• This SOP applies to all departments involved in the generation, review, approval, storage, and archiving of data at Caisa Pharma International and all associated manufacturing sites. It covers:
  • • Data generated in GMP-related activities, both paper and electronic.
    • Computerized systems used for manufacturing, testing, warehousing, and quality operations.
    • Supporting systems like environmental monitoring, calibration, and equipment qualification.

RESPONSIBILITIES:

Quality Assurance (QA):

• • • To establish and maintain the data integrity framework.
    • To conduct reviews of data integrity performance at all sites during self-inspection program.
    • To ensure training and awareness programs are conducted annually.

Quality Control (QC) Heads:

• • To ensure laboratory and production data meet integrity requirements.
  • To review audit trails of critical systems monthly.
  • To verify completeness and traceability of all GMP records.

Information Technology (IT) Department:

• • To maintain validated and access-controlled computerized systems.
  • To implement data backup and restoration procedures.
  • To control user access levels and maintain logs of security changes.

Production / Warehouse / Engineering:

• • To record data contemporaneously and legibly.
  • To ensure instruments and utilities are calibrated, validated, and qualified.

All Employees Handling GMP Data:

• • To enter, review, and approve data accurately and truthfully.
  • To avoid any practice of backdating, overwriting, or falsifying data.

DEFINATIONS:

• Data Integrity: The extent to which all data are complete, consistent, and accurate throughout the data lifecycle, as per ALCOA+ principles (Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, Available, and Trustworthy).

• Raw Data: Original record or true copy that allows complete reconstruction of the activity.

• Metadata: Data describing contextual information such as user ID, date, time, and instrument settings that make raw data meaningful.

• Audit Trail: Secure, computer-generated record showing creation, modification, or deletion of GMP-relevant data.

• Backup: Copy of current, editable data for recovery in case of system failure.
• Archive: Long-term, secure storage of completed data in final format for traceability and regulatory review

PROCEDURE:

General Principles:

• Data shall be recorded at the time of activity using permanent ink (for paper) or secure entry (for electronic).
• Any correction shall be signed, dated, and justified without obscuring the original entry.
• All GMP data must be traceable to the individual who performed and reviewed it.

System Design and Validation:

• Computerized systems shall be validated for intended use and qualified.
• Systems shall be designed to prevent unauthorized access and data manipulation
• Audit trails must be enabled, reviewed, and backed up periodically.
• Only validated and approved software versions shall be used.

User Access Management:

• Each user shall have a unique login ID and password.
• User rights shall be defined as Analyst, Reviewer, Approver, or Administrator.
• Shared logins and use of administrator accounts for analysis are strictly prohibited.

Audit Trail and Record Review:

• Audit trail review shall be conducted for all critical systems.
• Reviewers shall check for modifications, deletions, or unauthorized reprocessing.
• Summary of findings shall be submitted to QA for trending and CAPA.

Backup and Archival:

• Backups shall be performed daily and stored securely with access control.
•  Backup copies shall be tested periodically for data restoration capability.
• Archived data shall be stored in validated media for the entire retention period.
• All GMP-relevant electronic data shall be backed up at a frequency commensurate with data criticality and usage.
• For critical analytical and manufacturing systems, daily incremental and weekly full backups shall be performed.
• Backup and restoration procedures shall be validated and verified periodically.

Handling of Paper Records:

• Use only controlled templates and logbooks with serial numbering.
• Ensure legibility, traceability, and timely review of all records.
• No correction fluid or overwriting shall be used.

Breaches and Deviations:

• Examples include:
• • • Backdating or rewriting records.
    • Performing unofficial “trial” runs without documentation.
    • Deleting or renaming data files.
    • All suspected breaches shall be investigated under Deviation and CAPA system.

Training Awareness:

• All GMP staff shall undergo initial and annual Data Integrity training.
• Training records shall be maintained and verified during internal audits.

Review Frequency:

• Corporate QA shall review Data Integrity performance quarterly.
• Annual consolidated report shall be presented to Quality Management Review (QMR).

REFERENCE:

• EudraLex Volume 4, Part I, Chapter 4 – Documentation
• EudraLex Volume 4, Annex 11 – Computerized Systems
• EudraLex Volume 4, Annex 15 – Qualification and Validation
• WHO Technical Report Series 996, Annex 5 – Data Integrity

 RECORDS:

 REVISION HISTORY: