About

Forum

Advertise

Affliate

Contact us

Apps

Books

Disclaimer

Privacy

QA018: SOP FOR DISASTER RECOVERY PLAN (DRP) FOR GMP-RELEVANT COMPUTARIZED SYSTEMS

OBJECTIVE:

  • To define the documented and controlled procedure for recovery and restoration of GMP-relevant computerized systems following any disaster or system failure, ensuring data integrity, traceability, business continuity, and compliance with WHO TRS / EU GMP Annex 11 and Annex 15.

SCOPE:

  • It shall be Applied to:
      • All GMP-critical computerized systems and associated databases.
      • Data residing on servers, validated local PCs, network drives, and approved cloud storage.
      • Disasters or incidents including power loss, cyber-attack, fire, flood, hardware/software failure, or any event impacting data availability or integrity.

RESPONSIBILITIES:

Head Information Technology (IT) /Designee Quality Assurance:

  • Shall responsible for maintaining the current version of the Disaster Recovery Plan.
  • Shall ensure that all backups and restoration processes are validated and verified.
  • Shall lead the disaster recovery execution coordinate with system owners and verify that all system access controls and password policies remain intact after restoration.

Head Quality Assurance (QA):

  • Shall responsible for reviewing and approving the Disaster Recovery Plan and all periodic revisions.
  • QA shall verify the integrity and continuity of data and audit trails following system restoration, approve all deviations and CAPA reports raised during or after the recovery process.
  • Shall participate in the periodic risk assessments and mock recovery drills to confirm the system’s continued compliance with regulatory requirements.

System Owners (QC, Production, and Engineering systems):

  • Shall responsible for identifying all critical data within their respective systems,
  • Defining appropriate backup frequency,
  • Verifying the accuracy and functionality of the restored systems.
  • They must ensure that post-restoration verification results are documented and communicated to QA for review and approval.

All Users:

  • Shall responsible for promptly reporting any system malfunction or data-access issue to IT and QA.
  • Users must refrain from performing any unauthorized recovery activity and follow the defined communication and escalation matrix at all times.

 DEFINATIONS:

  • Disaster Recovery Plan (DRP): Planned process to recover systems ensuring data availability and integrity.
  •  Backup: Secure, verified copy of data retained at designated on-site/off-site or cloud location.
  •  Uninterruptible Power Supply / Disel Generator (UPS/DG): Power-backup systems maintaining continuous operation.

 

PROCEDURE:

Incident Identification:

  • Any system alarm, data-loss notification, or user report shall be escalated to IT and QA within 30 minutes.
  • QA raises a Deviation Report and assesses impact on data integrity.

Activation of Power Backup:

  • Disel Generator shall support extended outages of power.
  • Continuous power to servers, stability chambers, and network switches shall be verified.

Data Backup and Restoration:

  • Most recent qualified backup (on-site/off-site/cloud) shall be retrieved.
  • Restoration to validated server/hardware following the Restoration Checklist shall perform.
  • Restoration activities shall be documented in Disaster Recovery Logbook.
  • File integrity via checksum, file-count, and log review shall verify.

Post-Restore Verification:

  • QA and System Owner shall verify and confirm jointly:
      • Successful system login/authentication.
      • Random record comparison between live and backup data.
      • Audit-trail continuity.
      • Instrument/network connectivity.
      • Electronic-signature validity (where applicable). If discrepancies arise, Deviation shall be raised and appropriate Corrective and Preventive Action (CAPA) shall be taken.

Risk Assessment and Preventive Actions:

  • Each GMP system shall have a Risk Assessment Form identifying potential failure modes and mitigation controls.
  • Critical systems shall be prioritized in DRP sequence.

Documentation and Record Retention:

  • DRP Execution Form with screenshots and verification evidence shall be completed.
  • All DRP records, backups, deviation/CAPA logs, and mock-drill reports for minimum 5 years or system lifecycle + 1 year, whichever is longer shall be retained.

Mock Testing and Training:

  • IT shall perform mock disaster recovery drill once in a year.
  • QA shall review and approve the reports of mock disaster recovery drill.
  • Annual DRP training shall be conducted for all users and new joiners.

Business Continuity Linkage:

  • DRP shall interface with Site Business Continuity Plan (BCP) to ensure uninterrupted GMP operations.
  • Critical contact list and communication flow maintained in both DRP and BCP.

REFERENCE:

  • EU GMP Vol. 4 Annex 11 – Computerized Systems:
  • EU GMP Part I – Chapter 4 (Documentation)
  • Annex 15 – Qualification and Validation Principles
  • GMP 5 – Risk-Based Approach to Computerized System Validation

RECORDS:

Sr No. Title Document No.
1 Disaster Recovery Logbook F/QA018/001 – 00
2 Disaster Recovery Plan execution form F/QA018/002 – 00
3 Backup and Restore report F/QA018/003 – 00
4 Mock Disaster Recovery Drill Record F/QA018/004 – 00

 REVISION HISTORY:

Amendment Date: Update Summary Version No.
NA New SOP 01

 

Search by categories

Read more posts

HR013: SOP FOR ENTRY AND EXIT PROCEDURE FOR MANUFACTURING BLOCK

HR012: SOP FOR PREPARATION AND CONTROL OF ORGANIZATIONAL CHART (ORGANOGRAM)

HR011: SOP FOR SPECIMEN SIGNATURE

error: Content is protected !!