Data Integrity - with full-day pre-course session Audit Trail Review
13-16 May 2025, Copenhagen, Denmark
Course No. 21556
Speakers
Dr. Bob McDowall
R.D. McDowall Ltd.
Yves Samson
Kereon
Dr. Franz Schönfeld
Regierung von Oberfranken
Note: All times mentioned are CEST.
Objectives
Pre-course session Audit Trail Review
You will learn the current regulatory requirements and regulatory expectations for an audit trail (review)
All GMP-relevant data (changes and deletions) should be audit trailed – you will learn how to identify GMP-relevant data
Event and audit logs: you will understand the differences between and what the regulators expect
How should an audit trail review be performed? You will get familiar with the content and the frequency of an audit trail review
Data Integrity
Understand the current FDA and EU GMP regulations and guidance impacting data integrity from paper records to hybrid and electronic systems.
Understand the FDA requirements for data integrity, MHRA Data Integrity guidance and WHO guidance.
Learn what is required for a data governance system from senior management through to staff in laboratories, manufacturing and quality assurance.
Understand the data life cycle and how it is linked with the business process and where problems can occur for both paper records, hybrid systems and electronic Systems.
Background
Pre-course session Audit Trail Review
Audit Trail Reviews are required by international regulations like US 21 CFR Part 11 and EU GMP Guide Annex 11. Clause 9 requests:
“Consideration should be given, based on a risk assessment, to building into the system the creation of a record of all GMP-relevant changes and deletions (a system generated “audit trail”). For change or deletion of GMP-relevant data the reason should be documented. Audit trails need to be available and convertible to a generally intelligible form and regularly reviewed”.
Regulators focus on the (creation), modification and deletion of (GMP-relevant) data while many IT systems are not able to generate audit trails at all or they are not able to generate audit trails for GMP-relevant data.
Therefore, this course is designed to support you to identify GMP-relevant data and how to perform and document an Audit Trail review as part of a second person Review.
Data Integrity
Data Integrity is a global problem and currently still a major concern with FDA and European Regulatory Agencies. Multiple FDA warning letters and EU GMP non-compliance reports have highlighted major data integrity failures and falsification in companies globally. The regulatory concern has been responded by the FDA issuing Compliance Program Guide that covers Pre-Approval Inspections. This document became effective in May 2012. The CPG objective 3 covers the laboratory data integrity audit. Furthermore in August 2014, the FDA issued Level 2 guidance on their web site about the sharing of login credentials for computerized systems and the use of test injections for testing into compliance.
In Europe, the UK’s MHRA issued a new version of a Guidance for Industry on Data Integrity in March 2018. This document outlines a data integrity governance system and principles for defining quality and data integrity into processes and systems. The WHO guidance is complimentary to the MHRA guidance in that it provides guidance for data governance and also expectations for records in both paper and electronic form..
As the regulators are tightening their inspection approaches it is important that managers, supervisors and users in regulated GMP laboratories understand the issues around data integrity and begin programs to ensure that their processes and systems ensure data integrity.
Target Group
The courses are designed for managers and staff from health care industries as well for auditors who are responsible for the organisation and execution of audit trail (reviews) in their companies.
Part 11 and Annex 11 / Chapter 4 requirements for audit trail
Regulatory requirements for audit trail review
Guidance documents for audit trail review
Do I really need an audit trail?
Audit Trail vs. System Log
Audit trail content
Log files
What and when should I review?
Meaningful audit trails for a meaningful review
Workshop 1: Which Audit Trail to Review? Attendees will be presented with an overview of the audit trails within an application and the content of each one. Which audit trails should be reviewed and when?
What are GMP-relevant Data? Annex 11 requires that audit trails monitor GMP-relevant data – what are GMP-relevant data?
Workshop 2: Identifying GMP Relevant Data Attendees will be presented with a list of records to identify if they are GMP records and how critical they are to help focus the second person review of audit trail data.Examples from production, laboratory and QA examples of GMP relevant data will be provided.
Review of Audit Trail Entries
Guidance for frequent is “frequent review” of audit trails
Process versus system: avoiding missing data integrity issues when only focussing on a per system review
What are we looking for in an audit review?
Suspected data integrity violation - What do we need to do?
Workshop 3: Reviewing Audit Trail Entries Attendees will be provided with the output of an audit trail to review and see if any potential issues are identified for further investigation.
Technical Controls to Aid Second Person Review of Audit Trails
Technical considerations for audit trail review e.g.
Identifying data that has been changed or modified – how the system can help
Documenting the audit trail review has occurred
Review by exception – how technical controls can help
Have you specified and validated these functions?
Why is Data Integrity Important? – Setting the Scene
Summary of falsification observed by FDA and EU inspectors 2005 – to date
FDAISA act 2012 and October 2014 Guidance for Industry and the impact on inspections
Inspection of computerised systems is changing: from paper to on-line
MHRA expectation for data governance; data Integrity guidance documents 2016
FDA Level 2 guidance on data integrity: 2010 and 2014 postings
Impact of WHO guidance for data integrity
Principles of Data Integrity
The ALCOA+ criteria for data Integrity
Data life cycle in the process workflow – Managing controls
Paper versus hybrid versus electronic Systems
Validation of computerised systems for data Integrity controls
Scope: production information versus laboratory data: why are laboratory data higher risk?
Facilitated Discussion / Workshop on Key Data Integrity Topics
Recording results on paper
Configuration of software applications
Unique user identities for all users
Unauthorised Access
Appropriate access privileges for each user role
Is my chromatographic system ready? Role of “test” injections
Audit trails – options for older Systems
Manual chromatographic Integration
Standalone versus network Systems
Protecting electronic records of standalone systems
Data Integrity – EU GMP Requirements
EU GMP Chapter 4 – documentation
EU GMP Annex 11 computerised Systems
Data integrity definitions
Difference between paper and electronic systems
WHO, MHRA and GAMP Data Integrity Guidances - Key Points
Data Governance System within the Pharmaceutical Quality System
Data Life Cycle
Spectrum of Systems: Paper to Electronic Systems with data integrity audit
The GAMP Records and Data Integrity Guide
FDA Draft Guidance for Industry ‘Data Integrity and Compliance with cGMP’
Background
Questions and Answers regarding Data Integrity
Workshop: Analysis of an FDA Warning Letter
Working in teams, attendees will analyse one of several FDA warning letters to identify key areas of regulatory concern
Group discussion of regulatory concerns identified
Case Study: Data Integrity Questions as Part of an Inspection
Lab System
QA System
Manufacturing System
US 21 CFR 211 and EU GMP Chapter 4: Complete Data vs Raw Data vs Primary Record
Why complete data and raw data are important for understanding data Integrity
EU GMP Chapter 4 requirements for raw data
21 CFR 211 requirements for laboratory records: complete data
FDA Level 2 guidance: paper versus e-records
Complete data / raw data / primary record example
Development and Scope of a Data Governance System
Within a PQS, what is the scope of a data governance system?
Who are involved?
What are their roles?
Implementing Data Integrity Training
Scope of data integrity Training
What cover in the training?
Checking training effectiveness
Integrating data integrity training with GMP training
Role of Management in Data Integrity
Role of Senior, Production and Department Management in ensuring data integrity within an organisation and ist suppliers
Data governance within a Quality System
Failures to address poor data integrity practices and no training
Workshop: How to Write Testable Requirements for Data Integrity
Access Control
Archiving
Technology constraints
Data Integrity in Paper Documentation
GMP requirements for good documentation practice
Application to paper documents
Common problems from FDA 483 observations and warning letters and how to avoid them
Workshop: Assessing a System for Data Integrity
Using a checklist based on the data integrity criteria, attendees will assess a system for data integrity
Case study: Can Spreadsheets meet Data Integrity Requirements?
Problems with spreadsheets
Good Practice for using spreadsheets in a regulatedenvironment
Building data integrity features into a spreadsheet
User Account Management and Application Configuration
Separation of roles and responsibilities between IT and the Business
Documentation of the configuration of an application e.g. audit trail, user types and access privileges
User account management: the dos and don’ts
User identities must be unique
Regular review of each system users and privileges
Software Suppliers Responsibility for Data Integrity Compliance
Regulatory requirements for software systems: procedural and technical
Role of software suppliers
Regulations push v market needs pull
Implementing technical requirements for software: architecture, database and application
Marketing literature versus marketing bullshit
IT Support for Data Integrity
IT facilities, environmental controls and physical security
Qualified IT infrastructure and validated IT Systems
Backup and recovery / Change Control
IT support including database Administration
Impact of IT infrastructure on data integrity
Supply Chain Data Integrity – Organisational Interfaces
Approaches to ensuring data integrity of your suppliers
Role of technical agreements and audits
Key Learning Points and Final Discussion
Summary of Data Integrity Requirements and Key Learning Points
Final Discussions and close of the course
This course is part of the GMP Certification Programme "ECA Certified Data Integrity Manager" Learn more