1. PURPOSE:
The purpose of this Site DI Policy is to ensure that there is an agreed and integrated approach to implementing data integrity (DI) controls and improvements identified through the Data Integrity Programme. Data integrity is a core part of the pharmaceutical quality system. Compliance requirements are equally applicable to both electronic data and paper records.
The main purpose of DI as below:
• Increase product quality.
• Reduce product defect and cost.
• Increase regulatory confidence.
• Real time release.
• Increase brand reputation.
• Increase process control.
2. SCOPE
The scope of the Site DI Plan includes:
• GxP data and data systems, as well as the (Company Name) personnel and external service suppliers who interact with GxP data and data systems.
The scope of the Site DI Plan excludes:
• Non GxP systems and data (for example financial or Human Resource data).
3. RESPONSIBILITY
3.1 It is the responsibility of every employee of BCL to comply with the policy.
3.2 Each departmental head will ensure the implementation of Data Integrity plan by its implementing technique practices.
3.3 Head of Quality Operations/Designee is responsible to publish and implement the policy & will conduct training program on ‘Data Integrity and its detection and prevention.
4. PRECAUTIONS
4.1 Must flow the core SOP of Data Integrity (DI) by proper training.
4.2 The person who involve in wrong practice in data integrity, first time he or she will got warning latter but further case punishment will be considered.
5. POLICY
The management of (Company Name) is committed to data integrity is one of the ways we will ensure that data, which documents the quality of the products that go to patients, is complete and correct.
The management of (Company Name) is also committed to zero error in data integrity (DI) for all document, system, instrument and equipment used in GMP environment by using a yearly plan, verification committee, plan review, plan components etc for continuous efforts on achieving high quality data support across all operations with the highest standards in quality with a keen focus to assuring that products are safe, effective and fully traceable and to provide the highest degree of satisfaction to all regulatory market.
DI Policy illustrates the following points but not limited to:
1. There are no offline documentation practices
2. There is no practice of advance dating of document.
3. There is no use of scrap paper/unofficial document for recording of official information before recording data on official records.
4. Signature on records matching with relevant specimen signature.
5. There is no blank record with doer/reviewer signature.
6. There are no prefilled training questionnaires without employee details such as name code sign
7. There are no sign of data tampering and altering.
8. Attendance date/timing of employee are matching with the date/timing of document updated by him/her
9. There are no overlapping in date/timing when multiple tasks handled by one person.
10. There is no mismatch between saved data and printed data.
11. There are no trial analyses of sample, before final analysis.
12. There is no hiding of failure results and reporting of pass results.
13. Microbiology test specimen/plates/ tubes are not discarded without recording results.
14. Data falsification e.g. failures results observed but reported results within the limit. Ensure that there are no such events.
15. Data Fabrication e.g data generated without activity. Ensure that there are no such practices.
16. All software (if applicable) which is used in the business and manufacturing activities should contain an audit trail function to track the activity of the user. If this function is not available, establish the alternate tracking system.
17. User must access the software through an individual login account.
18. All software must be validated.
19. The administrator for all software shall be from Information Technology (IT) department.
20. Electronic data backup shall be done by Information Technology (IT) department.
21. Use only validated data backup methods for the backup of all kinds of electronic data.
5.1 Employee Behavior:
1. All employees in the organization must follow this policy and must comply at all times.
2. Employees must report to the respective In-Charge/Designee of individual function immediately if any DI issues observe.
3. Employees should not breach the data integrity, in any form, intentionally with wrong motives.
4. An intentional approach for the breach of data integrity is subject to the disciplinary actions mentioned in the Section: Consequences for breach of the Data Integrity Policy.
5.2 Reporting & Investigation of Data Integrity Policy Violations:
1. It is the responsibility of every individual, department and division to bring all violations of this policy, to the respective In-Charge/Designee of individual function immediately.
2. In-Charge/Designee immediately communicates with Head of QO/Designee regarding this issue and initiates the investigation on policy violations as per Quality Incident Management Procedure.
5.3 Consequences for breach of Data Integrity Policy:
A. Disciplinary Actions – Violation of policy due to insufficient training.
1. Do not allow the employee to perform the tasks.
2. Provide the employee effective training.
3. Evaluate the employee’s knowledge of the policy after the retraining.
4. Allow the employee to perform the tasks after satisfactory completion of retraining.
B. Disciplinary Actions – Violation of policy due to negligence
1. Give an informal warning in the form of advice for the first violation.
2. Issue a formal warning letter for the second violation
3. Suspend the employee for a month for the third violation.
4. If the violation repeats more than three times consider it as an intentional violation and disciplinary action shall be initiated as per the section ” Intentional violation of policy”
C. Disciplinary Actions – Intentional violation of data integrity policy
1. Immediately suspend the employee for 6 months.
2. File the complaint and investigate the root cause and estimate the impact of the violation on the product or patient.
3. After completion of the investigation, if found any DI Violence terminate the employee.
6. PREVENTION
• There must be written procedure designed to carry out each activity, followed in the execution and such activities shall be documented contemporaneously. Must ensure GDP & ALCOA+.
• For both Paper and electronic data, a backup procedure must be in place. The records shall be maintained for certain time period (retention period).
• If a computer or computer system is used for data generation or processing, then appropriate control measure shall be applied on such systems to ensure that only an authorized person can make changes in the master documents.
• Documents shall be designed, prepared, reviewed, and distributed with care. Documents containing instruction shall be approved by an authorized person only. All the documents within Quality management system shall be reviewed periodically.
• Good documentation practices shall be strictly followed while documenting an event.
• Computerized systems shall be validated to ensure accuracy, reliability, consistent performance, and the ability to detect invalid or altered records.
• Audit trail function shall be enabled to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information.
• Data Quality Culture: This section of the Site DI Plan will focus on building the culture and mindset needed for compliance with DI requirements. Efforts will focus on education, capability building, management governance, and leveraging programs that complement the BCL Data Integrity goals such as Human Factors, Excellence in Deviation Management, and the BCL Production System.
• Data & Documentation Lifecycle: This section of the BCL DI Plan will focus on all aspects of the data and documentation lifecycle for both electronic and paper data for all GxP activities, as well as the interfaces between paper and electronic data processes. Deliverables related to the data and document lifecycle will include activities within all functional areas of BCL, including the laboratories, manufacturing and engineering.