Data Integrity Master Class & Audit Trail Review

Data Integrity Master Class & Audit Trail Review

Berlin, Germany

Course No 16044


This training/webinar cannot be booked. To find alternative dates for this training/webinar or similar events please see the events list by topic.

For many training courses and webinars, there are also recordings you can order and watch any time. You can find these recordings in a list sorted by topic.

Or simply send us your inquiry by using the following contact form.

* also payable by credit card American Express Visa Mastercard

If you have any questions, please contact us:
Tel.: +49 (0)6221 / 84 44 0 E-Mail:


Bob McDowall, R.D.McDowall Ltd.

Yves Samson, Kereon AG

Dr Wolfgang Schumacher, formerly F. Hoffmann-La Roche Ltd.

Dr Arno Terhechte, Bezirksregierung Münster


Data Integrity Master Class

Regulatory Update
  • EU GMP Requirements: Chapter 4, Annex 11
  • Guidance Documents Overview (state of the art): GMDP Inspectors WG, Data Integrity Q&A, (PIC/S Good Practices for Data Management and Integrity in regulated GMP/GDP Environments), WHO, Annex 5 Guidance on Good Data and Record Management Practices, MHRA GxP Data Integrity Definitions and Guidance for Industry
  • FDA, Data Integrity and Compliance with cGMP
  • “These Guides are not intended to impose additional regulatory burden upon regulated entities”. Is This correct?: Data Governance, Dynamic Data
Data Integrity in the pharmaceutical quality system
  • Which PQS elements need to be added or updated?
  • The Data Integrity Program: Priorities (immediate/short/mid-term), Capacity, Timing
Data Integrity in paper documentation
  • GMP requirements for good documentation practice
  • Application to paper documents
  • Common problems from FDA 483 observations and warning letters and how to avoid them
Data flow analysis
  • Objective and purpose
  • Electronic data flow
  • Complete data flow
  • Identification of possible weaknesses
Metrics for Data Integrity
  • Metrics in the context of a corporate data integrity programme
  • Suggested metrics in the assessment phase
  • Suggested metrics in the operational phase
Preparing your company for an Data Integrity inspection
  • How to present the DI status and future approach?
  • Gap analysis
  • Training program coverage
  • Experience from FDA inspections – Hot Buttons
DI Inspections
  • Basis for Inspections: “PIC/S Good Practices for Data Management and Integrity in regulated GMP/GDP Environments”
  • Data Integrity Assessment during Inspection: Quality Control, Manufacturing
  • Inspection Findings
Second Person Review
  • Regulatory and guidance document requirements for the second person review
  • Role of the second person review
  • Scope of the second person review
  • Documenting the review for paper, hybrid and electronic systems
  • Facilitated discussion on Second Person review
Time synchronisation
  • Purpose and requirements
  • TAI, UTC, time zone, legal time, local time, system time
  • ntp - network time protocol
  • Time management concept
Software Suppliers Responsibility for Data Integrity Compliance
  • Regulatory requirements for software systems:
  • procedural and technical
  • Role of software suppliers
  • Regulations push vs market needs pull
  • Implementing technical requirements for software: architecture, database and application
  • Marketing literature versus marketing bullshit
Control of Master Templates and Blank Forms
  • Why is control of master templates and blank forms important?
  • Regulatory requirements from FDA, MHRA, WHO, EMA and PIC/S
  • Devising and controlling the master template
  • Operational use of the blank forms
  • Do you really want to work this way?
Risk-based approach for manufacturing and laboratory audit trail review
  • Regulatory requirements and expectations for audit trail review
  • Is the application adequate for audit trail review?
  • Application of a risk based approach to audit trail review
Workshop on Audit Trail Review
Vulnerability of Records
  • What is record vulnerability?
  • Protection and security of electronic records requirements
  • What can go wrong? Scope of misfortunes that can impact records
  • Assessment of record vulnerability and implementation of control measures
Workshop on Vulnerability of Records

QA oversight for data integrity
  • Data integrity training
  • Enforce data flows
  • Reviews
  • Internal inspection
  • Audit of external organisations

Cyber security measures to assure data integrity
  • Cyber security reality and concerns
  • Possible security weaknesses
  • Designing robust IT and automation infrastructures
Data governance
  • Governance responsibilities
  • Data governance vs. IT governance
  • Elements of a data governance
  • Embedding data governance into the PQS
Data integrity audit results of a contract laboratory
  • Audit context
  • Audit scope
  • Findings
  • Root causes
Case study Data Migration - Production
  • Migration of complex data collections
  • Migration of a large collection of similar data
  • Design of the migration process
  • Risk-based elaboration of the verification strategy
Options for Long Term Data Retention of Laboratory Data
  • Proprietary v open standards for laboratory data
  • Options for long term retention:
  • Keep original system
  • Virtualisation
  • Data migration
Data Integrity Investigations
  • What are data integrity investigations?
  • Human and technical triggers for DI investigations
  • Who should investigate the problem?
  • Process description and how to document a DI investigation
  • Should we inform regulatory authorities?
Workshop on Data Integrity Investigations

Key Learning Points and Final Discussion

Audit Trail Review

Why Is An Audit Trail and Its Review Important?
  • Part 11 and Annex 11 / Chapter 4 requirements for audit trail
  • Regulatory requirements for audit trail review
  • Guidance documents for audit trail review
  • Do I really need an audit trail?
What is in a Name?
  • What do we look for in an application for auditing?
  • Pros and cons for event logs and audit logs?
  • Which audit trail(s) should I review?
Workshop 1: Which Audit Trail to Review?

What are GMP-Relevant Data?
  • Annex 11 requires that audit trails monitor GMP-relevant data – what are GMP relevant data?
Workshop 2: Identifying GMP Relevant Data

Review of Audit Trail Entries
  • Guidance for frequent is “frequent review” of audit trails
  • Process versus system: avoiding missing data integrity issues when only focussing on a per system review
  • What are we looking for in an audit review?
  • Suspected data integrity violation - What do we need to do?
Workshop 3: Reviewing Audit Trail Entries

Technical Controls to Aid Second Person Review of Audit Trails
  • Technical considerations for audit trail review e.g.
  • Identifying data that has been changed or modified – how the system can help
  • Documenting the audit trail review has occurred
  • Review by exception – how technical controls can help
  • Have you specified and validated these functions?

Go back

GMP Conferences by Topics