Final GCP Guideline on Computerized Systems and Data Integrity

Recommendation

5-7 November 2024
Hamburg, Germany

GMP meets Development
GMP and FDA Compliance in Pharmaceutical Development and IMP Manufacturing

Following the draft guideline published in June 2021 the final EMA Guideline on computerised systems and data integrity in clinical trials has now been published. The document will bcome effective 6 months after publication (10 September 2023). The guideline aims in understanding of regulatory expectations to validation, operation and safe use of IT systems in clinical trials. It replaces the "Reflection paper on expectations for electronic source data and data transcribed to electronic data collection tools in clinical trials". In addition, a new expression is defined: ALCOA++. In addition to the ALCOA + principles it includes Traceability. This means that data should be traceable throughout the data life cycle. Any changes to the data should be documented as part of the metadata (e.g. audit trail).

Responsibilities

Roles and responsibilities in clinical trials should be clearly defined. The responsibility for the conduct of clinical trials is assigned to the following two parties, which may each have implemented computerized systems for holding / managing data:

• Investigators and their institutions, laboratories and other technical departments or clinics,
• Sponsors that supply, store and/or, manage and operate computerized systems and the records generated by them. Sponsors may do this directly, or via service providers that collect and store data on behalf of them.

Audit Trail and Audit Trail Review

An audit trail should be enabled for the original creation and subsequent modification of all electronic data. The audit trail should be secure, computer generated and timestamped. The audit trail should record all changes made as a result of data queries or a clarification process. However, care should be taken to ensure that information jeopardising the blinding does not appear in the audit trail accessible to blinded users.

Procedures for risk-based trial specific audit trail reviews should be in place and data review should be generally documented. Data review should focus on critical data and should be proactive and ongoing. Manual review as well as review by the use of technologies to facilitate the review of larger datasets is possible. The investigator should receive an introduction on how to navigate the audit trail of their own data in order to be able to review changes. 

Annexes

The new guideline includes the following 6 Annexes on:

• Agreements
• Computerized Systems Validation (e.g. User Requirements, Validation and Test Plans, Periodic Review, Change Control)
• User Management (e.g. Segregation of Duties)
• Security (e.g. Ongoing Security Measures, Penetration Testing, Protection Against Unauthorized Back-End Changes)
• Additional Consideration to Specific Systems (e.g. IRT System, Electronic Informed Consent)
• Clinical Systems (e.g. User Management, Trial Specific Data Acquisition Tools, Archiving)

More information is available in the EMA Guideline on computerised systems and electronic data in clinical trials published on the GCP Inspectors Working Group website.