SOP for Data Integrity

1. Objective
1.1. To lay down a procedure for data integrity as part of quality management system.
1.2. To establish guidelines and procedures to ensure data integrity in regulatory activities.
1.3. To prevent unauthorized access, loss, alteration, or falsification of data throughout the regulatory processes, including data generation, collection, analysis, and reporting.
1.4. Adherence to data integrity principles is essential to maintain regulatory compliance and ensure the reliability and trustworthiness of submitted data.

2.1. This procedure is applicable for all the data associated with GxP and quality management system.
2.2. Applied to all personnel involved in regulatory activities, including data generation, collection, analysis, and reporting.
2.3. It covers both electronic and paper-based data and encompasses all regulatory functions, such as clinical trials, product registration, post-marketing surveillance, and quality management.

3.1. GxP: Common terms used for multiple practices defined by regulatory agencies (e.g. Good Manufacturing Practices, Good Laboratory Practices (GLP), Good Clinical Practices (GCP) etc.)
3.2. Complete: The data must be whole; a complete set
3.3. Consistent: The data must be self-consistent
3.4. Enduring: Durable; lasting throughout the data lifecycle
3.5. Audit Trial: An audit trail is a chronology of the “who, what, when, and why” of a record and exists in paper and/or electronic formats. The audit trail is a form of metadata containing information associated with actions that relate to the creation, modification or deletion of GXP records. An audit trail provides for secure recording of life-cycle details such as creation, additions, deletions or alterations of information in a record, either paper or electronic, without obscuring or overwriting the original record.
3.6. Data: The information derived or obtained from raw data and generated as paper-based or electronic records is called data.
3.7. Data Life Cycle: All phases in the life of the data (including raw data) from initial generation and recording through processing (including transformation or migration), use, data retention, archive/retrieval, and destruction.
3.8. GxP: GxP stands for Good X Practices (X can mean: Clinical, Laboratory, Manufacturing, Pharmaceutical, etc.)
3.9. True copy: A copy (electronic or paper based) of the original record that has been verified and approved.
3.10. Raw data: Raw data is defined as the original record (data) which can be described as the first-capture of information, whether recorded on paper or electronically.
3.11. Accuracy: All data must be accurate, reflecting the true and actual observations or measurements without intentional or unintentional errors.
3.12. Legibility: All data must be recorded in a clear, legible, and permanent manner to ensure proper understanding and interpretation.
3.13. Contemporaneousness: Data must be recorded at the time of the activity, reflecting real-time observations and events.
3.14. Attributable: All data must be attributable to the person responsible for generating, recording, or modifying the data, with clear identification of personnel involved.
3.15. Consistency: Data must be consistent throughout all records and systems, and any inconsistencies or discrepancies must be promptly addressed and documented.
3.16. Completeness: All data must be complete, including necessary metadata, to provide a comprehensive and accurate record of the activity or process.
3.17. Security: Electronic data must be protected with appropriate access controls to prevent unauthorized changes, deletions, or alterations.
3.18. Documentation: All data must be properly documented, including the use of approved forms, templates, and electronic systems, following Good Documentation Practices (GDP).
3.19. Review: Regular reviews and audits of data integrity practices must be conducted to identify and address potential vulnerabilities or areas for improvement.
3.20. Training: Personnel involved in data generation and processing must receive adequate training on data integrity principles and procedures.

4.1. All department involved in data generation, usage and retention. Senior management shall be accountable for the implementation of systems and procedures to minimize the potential risk to data integrity.
4.2. All HODs are to comply with the SOP for data security and integrity.
4.3. QA department shall conduct the periodic review of data handling in accordance with the SOP.

5. Procedure:
5.1. Use validated and calibrated instruments and equipment for data generation.
5.2. Document all relevant information, such as date, time, and personnel involved, for each data entry or modification.
5.3. Store electronic data in secure, validated systems with appropriate access controls.
5.4. Implement data backup and recovery procedures to prevent data loss or corruption.
5.5. Store paper-based records in controlled environments with restricted access and proper labeling.
5.6. Implement access controls to ensure only authorized personnel can access, modify, or delete data.
5.7. Use unique user accounts and strong passwords for system access.
5.8. Maintain an audit trail of data changes, including the identity of the person making the change and the reason for the change.
5.9. Perform regular data reviews to ensure accuracy, completeness, and compliance with regulatory requirements.
5.10. Document data review activities, including any discrepancies or corrective actions taken.
5.11. Obtain appropriate approvals for finalized data before submission to regulatory authorities.
5.12. Provide training to personnel on data integrity principles, including data entry, handling, and storage practices.
5.13. Conduct periodic awareness programs to reinforce the importance of data integrity and regulatory compliance.
5.14. Data integrity is applicable for both manual recording (paper) and automated system (electronic).
5.15. Sufficient training shall be imparted to all concern personnel on data integrity. Completeness, consistency and accuracy of data should be ensured.
5.16. Any data integrity identified shall be handled as per quality management system and risk assessment shall be performed wherever applicable. Appropriate corrective and preventive action shall be taken.
5.17. Falsification of GxP records or data shall result in disciplinary actions.
5.18. The generation or processing of data shall follow a logical and sequential application of date and time.
5.19. Data shall be attributable (person generated or modified the data), legible (readable and permanent), contemporaneous (data recording at the time of activity), original (true copy) and accurate (error free). Additionally, data should be complete, consistent, enduring and should be readily available and accessible throughout the life-cycle of data.
5.20. Data verification and approval shall be documented and shall include the review of raw data and metadata (metadata- data generated about data, e.g. audit trail).
5.21. Audit trail shall be reviewed as part of routine data review/approval process. Any abnormalities identified during review shall be handled appropriately.
5.22. Data recording on behalf of others should be avoided and if unavoidable, appropriate justification (e.g. language/literacy limitations, documenting line interventions by sterile operators) shall be given with traceability of both persons performing the task and person completing the record. All recording shall be contemporaneous.
5.23. Clocks for time recording should be controlled and synchronized. Time zones should be specified where data is used.
5.24. Data generated during maintenance or suitability testing activity shall be documented and retained.
5.25. There should be traceability of data reprocessing or modification i.e. traceability from final result to original raw data is required.
5.26. Equipment (e.g. pH meter, balances) that provides only printed data output, then print out shall constitute the raw data. Equipment that stores the data permanently and only holds certain volume, the data should be extracted as electronic data.
5.27. Errors or inconsistency identified during the data review, the reviewer must obtain clarification from the recorder and correction shall be made after appropriate justification.
5.28. Any modification in electronic or paper-based data shall be attributable.
5.29. Data should be excluded based on valid scientific justification only. All data (even if excluded) shall be retained with original data set.
5.30. There shall be reconciliation of issued pages, worksheets, logbooks, notebooks and printouts wherever applicable.
5.31. Original data shall be maintained as per document retention policy and shall be destroyed as per policy.
5.32. Computer system and software for data processing shall be validated based on usage wherever applicable.
5.33. Electronic signature should be secured and it can be applied by the ‘owner’ of the signature only. Electronic signature must provide traceability of signatory and date of signature along with meaning of signature (e.g. reviewed or approved).
5.34. System users shall be given access as per their roles and responsibilities. User access rights shall prevent unauthorized data amendments.
5.35. Data migration/transfer shall be validated wherever applicable to ensure data integrity is maintained throughout the data life-cycle.
5.36. Any rights to alter the files and setting shall be given to personnel from

independent department or different from user department.
5.37. Login should not be shared among individuals. If unavoidable, appropriate justification and documentation should be in place
5.38. Data backup should be performed routinely.
5.39. Data backup and recovery process must be appropriately validated to avoid any alteration during backup and recovery process.
5.40. Records shall be retained in a manner that they cannot be modified or deleted without traceability.

Share This Post

Related Articles

© 2024 Pharmaceuticals Index. All rights reserved.