configuration settings that may intentionally or unintentionally allow data to be overwritten or obscured through the use of hidden fields or data annotation tools; supervisors responsible for reviewing electronic data should learn which audit trails in the system track significant data changes and how these might be most efficiently accessed as part of their review.
Management should also ensure that, at the time of hire and periodically afterwards as needed, all personnel are trained in procedures to ensure GDP for both paper and electronic records. The quality unit should include checks for adherence to GDP for both paper records and electronic records in their day-to-day work, system and facility audits and self- inspections and report any opportunities for improvement to management.
9. GOOD DOCUMENTATION PRACTICES
The basic building blocks of good GxP data are to follow GDP and then to manage risks to the accuracy, completeness, consistency and reliability of the data throughout its entire period of usefulness – that is, throughout the data life cycle. Each of these essentials – GDP and the data life cycle – are outlined in sections below.
Personnel should follow GDP for both paper records and electronic records in order to assure data integrity. These principles require that documentation have the
characteristics of being accurate, legible, contemporaneously recorded, original and attributable (sometimes referred to as ALCOA). These guidelines outline these general
ALCOA concepts for both paper and electronic records and provide several examples to aid understanding in the tables below. Attributable.
Attributable means information is captured in the record so that it is uniquely identified as executed by the originator of the data (e.g. a person, computer system) .
Attributable Expectations for paper Expectations for electronic Attribution of actions in electronic records Attribution of actions in paper records should occur, as appropriate, through the should occur, as appropriate, through the use of: use of: ? ? ? Initials; full handwritten signature; or personal seal. ? ? unique user logons that link the user to actions that create, modify or delete data; or electronic signatures, (either biometric or non-biometric). Special risk management considerations for controls to attribute actions to a unique individual
? For legally-binding signatures, there should be a verifiable, secure link between unique identifiable, (actual) person signing and the signature event.
? Signatures should be executed at the time of signing, with the exception of personal seals that are properly maintained.
? Use of a personal seal to sign documents requires additional risk management controls such as procedures that require storage of the seal in a secure location with access limited only to the assigned individual, or other means of preventing potential misuse.
? Use of stored digital images of a person’s hand-written signature to sign a document is generally not acceptable. This practice compromises the confidence in the authenticity of these signatures when these stored images are not maintained in a secure location with access limited only to the assigned individual or other means of preventing potential misuse, and instead are placed in documents and emails where they can be easily copied and re-used by other persons.
? The use of shared and generic log-on credentials should be avoided to ensure that personnel actions documented in electronic records can be attributed to a unique individual. This would apply to the software application level and all applicable network environments where personnel actions may occur (e.g.
workstation and server operating systems, etc.). Where adequate technical controls are not available or feasible in legacy electronic systems, combinations of paper and electronic records should be used to meet the requirements to attribute actions to an individual.
? A hybrid approach may be used to sign electronic records when the system lacks features for electronic signatures. To execute a hand- written signature to an electronic record, a simple means to do so would be to create a single-page controlled form associated with the written procedures for system use and data
review, that would list the electronic dataset reviewed and any metadata subject to review, and would provide fields for the author, reviewer and/or approver of the dataset to apply a hand-written signature. This paper record with the hand-written signatures should then be securely and traceably linked to the electronic dataset, either through procedural means, such as use of detailed archives indexes, or technical means, such as embedding a certified true copy scanned image of the signature page into the electronic dataset. The hybrid approach is likely to be more burdensome than a fully-electronic approach, therefore, utilizing electronic signatures, whenever available, is recommended. ?
The use of scribes to record activity on behalf of another operator should be considered only on an exceptional basis and only take place where:
- the act of recording places the product or activity at risk, e.g. documenting line interventions by aseptic area operators;
- to accommodate cultural or mitigate staff literacy/language limitations, for instance, where an activity is performed by an operator, but witnessed and recorded by a supervisor or officer.
In both situations the supervisory recording should be contemporaneous with the task being performed and should identify both the person performing the observed task and the person completing the record. The person performing the observed task should countersign the record wherever possible, although it is accepted that this countersigning step will be retrospective. The process for supervisory (scribe)
documentation completion should be described in an approved procedure which should also specify the activities to which the process applies. Legible, traceable and permanent
The terms legible and traceable and permanent refer to the requirements that data are readable, understandable and allow a clear picture of the sequencing of steps or events in the record so that all GxP activities conducted can be fully reconstructed by persons reviewing these records at any point during the records retention period set by the applicable GxP.
Legible, traceable, permanent
Expectations for paper
Expectations for electronic
Legible, traceable and permanent controls Legible, traceable and permanent controls for paper records include, but are not limited to: ? ? ?
use of permanent, indelible ink; no use of pencil or erasures; use of single-line cross-outs to record changes with name, date and reason recorded (i.e. the paper equivalent to the audit trail); ?
no use of opaque correction fluid or otherwise obscuring the record;
for electronic records include, but are not limited to: ?
designing and configuring
computer systems and writing standard operating procedures (SOPs), as required, that enforce the saving of electronic data at the time of the activity and prior to proceeding to the next step of the sequence of events (e.g. controls that prohibit generation