exists ; however, in recent years the number of observations made regarding good data management practices during good manufacturing practices (GMP), good clinical practice (GCP) and good laboratory practices (GLP) inspections has been increasing. The reasons for this increased level of health authority concern regarding data reliability are undoubtedly multifactorial and include increased regulatory awareness and concern regarding gaps between industry choices and appropriate and modern control strategies.
Contributing factors include failures by organizations to apply robust systems that inhibit data risks, to improve the detection of situations where data reliability may be compromised, and/or to investigate and address root causes when failures do arise. For example, organizations subject to medical product good practice requirements have been using computerized systems for many decades but many fail to adequately review and manage original electronic records and instead often only review and manage incomplete and/or inappropriate printouts. These observations highlight the need for industry to modernize historical control strategies and apply modern quality risk managementand sound scientific principles to current business models (such as out-sourcing and globalization) as well as current technologies in use (such as computerized systems).
Examples of controls that may require development and strengthening to ensure good data management strategies include, but are not limited to:
? a quality risk management approach that effectively assures patient safety and product quality and validity of data by ensuring that management aligns
expectations with actual process capabilities. Management should govern good data management by first setting realistic and achievable expectations for the true and current capabilities of a process, method, environment, personnel, technologies, etc. ; ?
management should continuously monitor process capabilities and allocate the necessary resources to ensure and enhance infrastructure, as required (for example, to continuously improve processes and methods; to ensure adequate design and maintenance of buildings, facilities, equipment and systems; to ensure adequate reliable power and water ; to provide necessary training for personnel; to allocate the necessary resources to the oversight of contract sites and suppliers to ensure adequate quality standards are met, etc.). Active engagement by management in this manner remediates and reduces pressures and possible sources of error that may increase data integrity risks; ?
adoption of a quality culture within the company that encourages personnel to be transparent in failures so that management has an accurate understanding of risks and can then provide the necessary resources to achieve expectations and data quality standards ; ?
mapping of data processes and application of modern quality risk management and sound scientific principles across the data life cycle ; ?
modernization of the understanding of all site personnel in the application of good documentation practices to ensure that the GxP principles of ALCOA are
understood and applied to electronic data in the same manner that has historically been applied to paper records; ?
implementation and confirmation during validation of computerized systems that all necessary controls for good documentation practices for electronic data are in place and that the probability of the occurrence of errors in the data is minimized ; training of personnel who use computerized systems and review electronic data in basic understanding of how computerized systems work and how to efficiently review the electronic data an d metadata, such as audit trails; ?
definition and management of appropriate roles and responsibilities for quality agreements and contracts entered into by contract givers and contract acceptors, including the need for risk-based monitoring of data generated and managed by the contract acceptor on behalf of the contract giver; ?
modernization of quality assurance inspection techniques and gathering of quality metrics to efficiently and effectively identify risks and opportunities to improve data processes.
2. AIMS AND OBJECTIVES OF THIS GUIDANCE
This guidance consolidates existing normative principles and gives further detailed illustrative implementation guidance to bridge the gaps in current guidance. Additionally, it gives guidance as to what these high-level requirements mean in practice and what should be demonstrably implemented to achieve compliance. These guidelines highlight, and in some instances clarify, the application of data management procedures. The focus is on those principles that are implicit in existing
WHO guidelines and that if not robustly implemented can impact on data reliability and completeness and undermine the robustness of decision making based upon that data. Illustrative examples are provided as to how these principles may be applied to current technologies and business models. These guidelines do not define all expected controls for assure data reliability and this guidance should be considered in conjunction with existing WHO guidelines and references.
3. GLOSSARY
ALCOA. A commonly used acronym short for “accurate, legible, contemporaneous, original and attributable.
archival. Archiving is the process of protecting records from the ability to be further altered or deleted and storing these records under the control of dedicated data management personnel throughout the required records retention period.
audit trail. An audit trail is a process that captures details such as additions, deletions, or alterations of information in a record, either paper or electronic, without obscuring or over-writing the original record. An audit trail facilitates the reconstruction of the history of such events relating to the record regardless of its media, including the “who, what, when and why” of the action. For example, in a paper record, an audit trail of a change would be documented via a single-line cross-out that allows the original entry to be legible and documents the initials of the person making the change, the date of the change and the reason for the change, as required to substantiate and justify the change. Whereas, in electronic records, secure, computer-generated, time-stamped
audit trails at both the system and record level should allow for reconstruction of the course of events relating to the creation, modification and deletion of electronic data. Computer-generated audit trails shall retain the original entry and document the user ID, time/date stamp of the action, as well as a reason for the action, as required to substantiate and justify the action. Computer-generated audit trails may include discrete event logs, history files, database queries or reports or other mechanisms that display events related to the computerized system, specific electronic records or specific data contained within the record.
backup. A backup means a copy of one or more electronic files created as an
alternative in case the original data or system are lost or become unusable (for example, in the event of a system crash or corruption of a disk). It is important to note that backup differs from archival in that back-up copies of electronic records are typically only temporarily stored for the purposes of disaster recovery and may be periodically over-written. Back-up copies should not be relied upon as an archival mechanism. computerized system. A computerized system collectively controls the performance of one or more automated business processes. It includes computer hardware, software, peripheral devices, networks, personnel and documentation, e.g. manuals and standard operating procedures.
data. Data means all original records and certified true copies of original records, including source data and metadata and all subsequent transformations and reports of this data, which are recorded at the time of the GxP activity and allow full and complete reconstruction and evaluation of the GxP activity. Data should be accurately recorded