Data Integrity Master Class & Audit Trail Review

20-23 June 2017, Berlin, Germany

Course No. 16044



Bob McDowall, R.D.McDowall Ltd.

Yves Samson, Kereon AG

Dr Wolfgang Schumacher, formerly F. Hoffmann-La Roche Ltd.

Dr Arno Terhechte, Bezirksregierung Münster


Data Integrity Master Class

Regulatory Update
  • EU GMP Requirements: Chapter 4, Annex 11
  • Guidance Documents Overview (state of the art): GMDP Inspectors WG, Data Integrity Q&A, (PIC/S Good Practices for Data Management and Integrity in regulated GMP/GDP Environments), WHO, Annex 5 Guidance on Good Data and Record Management Practices, MHRA GxP Data Integrity Definitions and Guidance for Industry
  • FDA, Data Integrity and Compliance with cGMP
  • “These Guides are not intended to impose additional regulatory burden upon regulated entities”. Is This correct?: Data Governance, Dynamic Data
Data Integrity in the pharmaceutical quality system
  • Which PQS elements need to be added or updated?
  • The Data Integrity Program: Priorities (immediate/short/mid-term), Capacity, Timing
Data Integrity in paper documentation
  • GMP requirements for good documentation practice
  • Application to paper documents
  • Common problems from FDA 483 observations and warning letters and how to avoid them
Data flow analysis
  • Objective and purpose
  • Electronic data flow
  • Complete data flow
  • Identification of possible weaknesses
Metrics for Data Integrity
  • Metrics in the context of a corporate data integrity programme
  • Suggested metrics in the assessment phase
  • Suggested metrics in the operational phase
Preparing your company for an Data Integrity inspection
  • How to present the DI status and future approach?
  • Gap analysis
  • Training program coverage
  • Experience from FDA inspections – Hot Buttons
DI Inspections
  • Basis for Inspections: “PIC/S Good Practices for Data Management and Integrity in regulated GMP/GDP Environments”
  • Data Integrity Assessment during Inspection: Quality Control, Manufacturing
  • Inspection Findings
Second Person Review
  • Regulatory and guidance document requirements for the second person review
  • Role of the second person review
  • Scope of the second person review
  • Documenting the review for paper, hybrid and electronic systems
  • Facilitated discussion on Second Person review
Time synchronisation
  • Purpose and requirements
  • TAI, UTC, time zone, legal time, local time, system time
  • ntp - network time protocol
  • Time management concept
Software Suppliers Responsibility for Data Integrity Compliance
  • Regulatory requirements for software systems:
  • procedural and technical
  • Role of software suppliers
  • Regulations push vs market needs pull
  • Implementing technical requirements for software: architecture, database and application
  • Marketing literature versus marketing bullshit
Control of Master Templates and Blank Forms
  • Why is control of master templates and blank forms important?
  • Regulatory requirements from FDA, MHRA, WHO, EMA and PIC/S
  • Devising and controlling the master template
  • Operational use of the blank forms
  • Do you really want to work this way?
Risk-based approach for manufacturing and laboratory audit trail review
  • Regulatory requirements and expectations for audit trail review
  • Is the application adequate for audit trail review?
  • Application of a risk based approach to audit trail review
Workshop on Audit Trail Review
Vulnerability of Records
  • What is record vulnerability?
  • Protection and security of electronic records requirements
  • What can go wrong? Scope of misfortunes that can impact records
  • Assessment of record vulnerability and implementation of control measures
Workshop on Vulnerability of Records

QA oversight for data integrity
  • Data integrity training
  • Enforce data flows
  • Reviews
  • Internal inspection
  • Audit of external organisations

Cyber security measures to assure data integrity
  • Cyber security reality and concerns
  • Possible security weaknesses
  • Designing robust IT and automation infrastructures
Data governance
  • Governance responsibilities
  • Data governance vs. IT governance
  • Elements of a data governance
  • Embedding data governance into the PQS
Data integrity audit results of a contract laboratory
  • Audit context
  • Audit scope
  • Findings
  • Root causes
Case study Data Migration - Production
  • Migration of complex data collections
  • Migration of a large collection of similar data
  • Design of the migration process
  • Risk-based elaboration of the verification strategy
Options for Long Term Data Retention of Laboratory Data
  • Proprietary v open standards for laboratory data
  • Options for long term retention:
  • Keep original system
  • Virtualisation
  • Data migration
Data Integrity Investigations
  • What are data integrity investigations?
  • Human and technical triggers for DI investigations
  • Who should investigate the problem?
  • Process description and how to document a DI investigation
  • Should we inform regulatory authorities?
Workshop on Data Integrity Investigations

Key Learning Points and Final Discussion

Audit Trail Review

Why Is An Audit Trail and Its Review Important?
  • Part 11 and Annex 11 / Chapter 4 requirements for audit trail
  • Regulatory requirements for audit trail review
  • Guidance documents for audit trail review
  • Do I really need an audit trail?
What is in a Name?
  • What do we look for in an application for auditing?
  • Pros and cons for event logs and audit logs?
  • Which audit trail(s) should I review?
Workshop 1: Which Audit Trail to Review?

What are GMP-Relevant Data?
  • Annex 11 requires that audit trails monitor GMP-relevant data – what are GMP relevant data?
Workshop 2: Identifying GMP Relevant Data

Review of Audit Trail Entries
  • Guidance for frequent is “frequent review” of audit trails
  • Process versus system: avoiding missing data integrity issues when only focussing on a per system review
  • What are we looking for in an audit review?
  • Suspected data integrity violation - What do we need to do?
Workshop 3: Reviewing Audit Trail Entries

Technical Controls to Aid Second Person Review of Audit Trails
  • Technical considerations for audit trail review e.g.
  • Identifying data that has been changed or modified – how the system can help
  • Documenting the audit trail review has occurred
  • Review by exception – how technical controls can help
  • Have you specified and validated these functions?


This course is part of the GMP Certification Programme "ECA Certified Data Integrity Manager" Learn more

This training/webinar cannot be booked. Send us your inquiry by using the following contact form.

To find alternative dates for this training/webinar or similar events please see the complete list of all events.

For many training courses and webinars, there are also recordings you can order and watch any time. Just take a look at the complete list of all recordings.

* also payable by credit card
American Express Visa Mastercard

Further dates on-site
Further dates on-site
Not available
Further dates online
Further dates online
Not available
Not available

Do you have any questions?

Please contact us:
Tel.: +49 6221 8444-0

Woman with headset

Go back

Testimonials about our courses and conferences

“Fantastic course – I really enjoyed the interactive structure & greatly appreciate social activity.”

Anthony Cummins, Sebela Pharmaceuticals, Ireland
GMP Auditor Practice, September 2023


“Very well organized, information on point without being overwhelming.”

Eleni Kallinikou, Pharmathen
Live Online Trainng - Pharmaceutical Contracts - Febuary 2024


“Good overview of different types of agreements, good to see both the GMP and the legal angle”

Ann Michiels, Johnson&Johnson
Live Online Trainng - Pharmaceutical Contracts, Febuary 2024



“Well prepared presentations and good presenters. I also like the way of asking questions.”

Alexandra Weidler, Hookipa Biotech GmbH, Austria
Live Online Training – QP Education Course Module A, November 2023