? management should allocate adequate human and technical resources such that the workload, work hours and pressures on those responsible for data generation and record keeping do not increase errors;
? management should also make staff aware of the importance of their role in ensuring data integrity and the relationship of these activities to assuring product quality and protecting patient safety.
Quality culture. Management, together with the quality unit, should establish and maintain a working environment often referred to as a quality culture that minimizes the risk of non- compliant records and erroneous records and data. An essential element is the transparent and open reporting of deviations, errors, omissions and aberrant results at all levels of the organization. Steps should be taken to prevent and detect and correct weaknesses in systems and procedures that may lead to data errors so as to continually the improve scientific robustness of decision making of the organization.
Quality risk management and sound scientific principles. Assuring robust decision making requires valid and complete data, appropriate quality and risk
management systems, adherence to sound scientific and statistical principles. For example, the scientific principle of being an objective, unbiased observer regarding the outcome of a sample analysis requires that suspect results be investigated and rejected from the reported results only if they are clearly due to an identified cause. Adhering to good data and record-keeping principles requires that any rejected results be recorded,
together with a documented justification for their rejection, and that this documentation is subject to review and retention.
Data life cycle. Continual improvement of products to ensure and enhance their safety, efficacy and quality requires a data governance approach to ensure management of data integrity risks throughout all phases of the process by which data are recorded, processed, reviewed, reported, retained, retrieved and subject to ongoing review. In order to ensure that the organization, assimilation and analysis of data into information facilitates evidence based and reliable decision-making, data governance should address data ownership and accountability for data process(es) and risk management of the data lifecycle.
Design of record-keeping methodologies and systems. Record-keeping
methodologies and systems, whether paper or electronic, should be designed in a way that encourages compliance with the principles of data integrity. Examples include but are not restricted to:
? ?
restricting access to changing clocks for recording timed events;
ensuring batch records are accessible at locations where activities take place so that ad hoc data recording and later transcription to official records is not necessary;
? controlling the issuance of blank paper templates for data recording so that all printed forms can be reconciled and accounted for;
? restricting user access rights to automated systems in order to prevent (or audit trail) data amendments;
? ensuring automated data capture or printers are attached to equipment such as balances; ensuring proximity of printers to relevant activities;
? ensuring ease of access to locations for sampling points (e.g. sampling points for water systems) such that the temptation to take shortcuts or falsify samples is minimized; ensuring access to original electronic data for staff performing data checking activities.
Maintenance of record-keeping systems. The systems implemented and maintained for both paper and electronic record-keeping should take account of scientific and technical progress. Systems, procedures and methodology used to record and store data should be periodically reviewed and updated as necessary.
5. QUALITY RISK MANAGEMENT TO ENSURE GOOD DATA MANAGEMENT
All organizations performing work subject to GxP are required by applicable existing WHO guidance to establish, implement and maintain an appropriate quality
management system, the elements of which should be documented in their prescribed format such as a quality manual or other appropriate documentation. The quality manual, or equivalent documentation, should include a quality policy statement of management’s commitment to an effective quality management system and good professional practice. These policies should include expected ethics and proper code of conduct to assure the reliability and completeness of data, including mechanisms for staff to report any questions or concerns to management.
Within the quality management system, the organization should establish the appropriate infrastructure, organizational structure, written policies and procedures,
processes and systems to both prevent and detect situations that may impact data integrity and in turn the risk-based and scientific robustness of decisions based upon that data.
Quality risk management is an essential component of an effective data and record validity program. The effort and resource assigned to data and record governance should be commensurate with the risk to product quality. The risk-based approach to record and data management should ensure that adequate resources are allocated and that control strategies for the assurance of the integrity of GxP data are commensurate their potential impact on product quality and patient safety and related decision-making.
Control strategies that promote good practices and prevent record and data integrity issues from occurring are preferred and are likely to be the most effective and cost-effective. For example, security controls that prevent persons from altering a master processing formula will reduce the probability of invalid and aberrant data occurring. Such preventive measures, when effectively implemented, also reduce the degree of monitoring required to detect uncontrolled change.
Record and data integrity risks should be assessed, mitigated, communicated and reviewed throughout the data life cycle in accordance with the principles of quality risk management. Example approaches that may enhance data reliability are given in these guidelines but should be viewed as recommendations. Other approaches may be justified and shown to be equally effective in achieving satisfactory control of risk. Organizations should therefore design appropriate tools and strategies for
management of data integrity risks based upon their specific GxP activities, technologies and processes.
A data management program developed and implemented, based upon sound quality risk management principles, is expected to leverage existing technologies to their full potential, streamline data processes in a manner that not only improves good data management but also the business process efficiency and effectiveness, thereby reducing costs and facilitating continual improvement.
6. MANAGEMENT GOVERNANCE AND QUALITY AUDITS
Assuring robust data integrity begins with management which has the overall responsibility for the technical operations and provision of resources to ensure the required quality of GxP operations. Senior management has the ultimate responsibility to ensure an effective quality system is in place to achieve the quality objectives, and that staff roles, responsibilities and authorities, including those required for effective data governance programs, are defined, communicated and implemented throughout the organization. Leadership is essential to establish and maintain a company-wide commitment to data reliability as an essential element of the quality system.
The building blocks of behaviours, procedural/policy considerations and basic technical controls together form the basis of a good data governance foundation upon which future revisions can be built. For example, a good data governance program requires the necessary management arrangements to ensure personnel are not subject to commercial, political, financial and other pressures or conflicts of interest that may