GLP: New Data Integrity Guideline

Recommendation

7/8 May 2024

Audit Trail Review for Computerised Systems in Analytical Laboratories - Live Online Training

Recently, the so-called "OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING" document No. 22 was added to the series of available Data Integrity Guidelines in the GLP sector. Industry comments on this GLP paper were collected and partially incorporated in the summer of 2020. The draft was still strongly based on the MHRA guideline (2018), the final version hardly at all.

The "OECD 22" can be seen as a specification of the "OECD 17" published a few years ago. Compared to the recently (July 2021) published final PIC/S 041 Guideline, which is the pioneering guideline for the GMDP sector, the scope and level of detail of the "OECD 22" is significantly lower.

The Guideline is logically organized and provides guidance on all the important elements of data integrity to be followed in a test facility.

Chapters 3 and 4

Chapter 3 discusses in detail the various definitions used in the field of data integrity (including raw data) and the data formats "static" and "dynamic", respectively, analogous to the FDA and WHO guidelines. The document specifically and very extensively (Chapters 4 and 5) addresses the various roles important to GLP testing and their responsibilities for data integrity. On the other hand, there is only a very short section on data governance. Only a regular review of the data governance activities is required, without further details. In 3.6, manual data entry into an electronic system is cited as a practical example of a hybrid system.

On the subject of "electronic signatures" (Chapter 3.3), the "OECD 22" refers to the national regulations that apply to electronic signatures. This could - depending on the country - unfortunately lead to considerable additional work (compared to the GMP requirements for electronic signatures). Furthermore, it is clarified that electronically signed documents are to be considered as dynamic data/records.

Chapter 5

OECD 22" devotes a great deal of space to the topic of "risk management". In numerous sections, especially in chapter 5, the expectations of the various risk assessments, the composition of the teams as well as corrective measures and necessary communication are dealt with.

Controlled blank forms (prenumbered sheets), which are to be issued and reviewed by QA in a controlled manner, are required here - just as they are now required by all other Data Integrity Guidelines.

Chapters 6 and 7

Section 6.12 deals with the sequential input of data before it is stored and recommends an automatic mechanism to ensure data integrity. Chapters 6.13 and 7.2 are devoted to the audit trail and its review: as in other guidelines, the audit trail must not be able to be switched off, or it must be possible to determine that it has been switched off in the audit trail itself. For the review, sufficient expertise and access to the system are required; a "review by exception" is permitted.

It should be mentioned that the use of e-mail systems (for example for the verification of GLP activities) is surprisingly also considered (chapter 6.14). However, the lack of possibility to validate such systems or alternatives to e-mail systems are not addressed.

Summary

The "OECD 22" is a comprehensive, well-written, fluidly readable guide to data integrity in the GLP field.

Author: Dr. Wolfgang Schumacher, Chairman ECA Data Integrity & IT Compliance Group