27 October 2020
In the PIC/S draft guideline "Good Practices for Data Management and the Integrity in Regulated GMP/GDP Environments", section 5 describes the "Data Governance System" as well as authorities' requirements regarding this system in pharmaceutical companies.
"Data Governance" describes the entirety of all measures taken in order to ensure data integrity. It's supposed to make sure that all data is complete, consistent and handled properly throughout the lifetime of the data, from their creation to their deletion.
But how can such a system be implemented?
Data governance systems must be implemented into a company's present quality management system. The accountability and responsibility of GMP relevant data (data ownership) over its entire lifecycle must be specified in the Data Governance System.
The senior management is responsible for the implementation of a Data Governance System and must provide the necessary resources. With an effective Data Governance System, management can show that data governance requirements were implemented successfully. This includes appropriate organisational culture, understanding for the criticality of data as well as the risk of data and the data lifecycle. It also includes communication with the personnel on all levels and how an organisation enables and encourages individuals to report their own errors. This reduces the intention to falsify, change or delete data.
Manufacturers and analytical laboratories must develop and employ a system which allows an acceptable state of control based on the data integrity risk. This data integrity/data governance system is to be fully documented and justified.
If long-term measures are identified that have to be taken to reach the desired level of control, provisional measures must be implemented in the meanwhile so as to mitigate risk. The efficiency of these provisional measures is also to be verified. Also, if provisional measures are taken, senior management must be informed accordingly. Additionally, these measures must be included into the regular reviews.
You will find the complete requirements and specifications for the data governance system in the "PIC/S Document "Good Practices for Data Management and the Integrity in Regulated GMP/GDP Environments".