? controlled issuance of bound, paginated notebooks with sequentially numbered pages (e.g. that allow persons to detect missing or skipped pages);
and processing and deletion of data in temporary memory and that instead enforce the committing of the data at the time of the activity to durable memory prior to the next step in the sequence); ?
use of secure, time-stamped audit trails that independently record operator actions; ?
configuration settings that limit access to enhanced security rights, (such as the system administrator role that can be used to potentially turn off the audit trails or enable over-writing and deletion of data), only to persons independent of those responsible for the content of the electronic records; ?
configuration settings and SOPs, as required, to disable and prohibit the ability to overwrite data, including prohibiting overwriting of preliminary and intermediate processing of data;
? controlled issuance of sequentially numbered copies of blank forms (e.g. that allow persons to account for all issued forms);
? archival of paper records by independent, designated archivist in secure and controlled paper archives.
? strictly controlled configuration and use of data annotation tools in a manner that prevents data in display and prints from being obscured); ? backup of electronic records to ensure disaster recovery; ? archival of electronic records by independent, designated archivist(s) in secure and controlled electronic archives. Special risk management considerations for legible, traceable and permanent recording of GxP data
? When computerized systems are used to generate electronic data, it should be possible to associate all changes to data with the persons making those changes and those changes should be time stamped and a reason for the change recorded. This traceability of user actions should be documented via computer-generated audit trails or in other metadata fields or system features that meet these requirements.
? Users should not have the ability to amend or switch off the audit trails or alternate means of providing traceability of user actions.
? Where a computerized system lacks computer-generated audit trails, persons may use alternate means such as procedurally-controlled use of logbooks, change
control, record version control or other combinations of paper and electronic records to meet GxP regulatory expectations for traceability to document the what, who, when and why of an action. Procedural controls should include written procedures, training programmes, review of records and audits and self-inspections of the governing process(es). ?
Business process owners and users should not be granted enhanced security access permissions, such as system administrator privileges, at any system level (e.g. operating system, application, database), since these enhanced permissions may include the ability to change settings to overwrite, rename, delete, move data, change time/date settings, disable audit trails and perform other system maintenance functions that turn off the GDP controls for legible and traceable electronic data.
- To avoid conflicts of interest, these enhanced system access permissions should only be given to persons in system maintenance roles (e.g. IT, metrology, records control, engineering, etc.), that are fully independent of the persons responsible for the content of the records (e.g. laboratory analysts, laboratory management, clinical investigators, study directors, production operators, production management, etc.). Where these independent security role assignments are not feasible, other control strategies should be employed to reduce data validity risks.
Contemporaneous
Contemporaneous data are data recorded at the time they are generated or observed.
Contemporaneous
Expectations for paper
Expectations for electronic
Contemporaneous recording of actions in electronic records should occur, as
Contemporaneous recording of actions in appropriate, through use of: paper records should occur, as appropriate, through use of: ?
written procedures and training and review and audit and self- inspection controls that ensure personnel record data entries and information at the time of the activity
? ?
configuration settings and SOPs, as required, that enforce the committing of electronic data to durable media at the time of the activity and prior to proceeding to the next step or event in the sequence of steps and events;
secure system time/date stamps that cannot be altered by personnel;
procedures and maintenance programs that ensure time/date stamps are synchronized across the GxP operations;
controls that allow for the
discerning of the timing of one activity relative to another (e.g. time zone controls).
Special risk management considerations for contemporaneous recording of GxP data
directly in official controlled documents (e.g. laboratory notebooks, batch records, case report forms, etc.); ?
procedures should require that activities be recorded in paper records with the date of the activity (and time as ? well, if it is a time-sensitive activity).
?
? Training programmes in GDP should emphasize that it is improper to record data first in unofficial documentation (e.g. on a scrap of paper) and later transfer the data to official documentation (e.g. the laboratory notebook). Instead, original data should be recorded directly in official records, such as approved analytical worksheets, immediately at the time of the GxP activity.
? Training programmes should emphasize that it is improper to back date or forward date a record. Instead the date recorded should be the actual date of the data entry. Late entries should be indicated as such. If a person makes mistakes on a paper document he or she should make single-line corrections, sign and date and provide reasons for the changes and retain this record in the record set.
? If users of stand-alone computerized systems are provided with full administrator rights to the workstation operating systems on which the original electronic records are stored, this may inappropriately grant permissions to users to rename, copy, delete files stored on the local system and to change the time/date stamp. For this reason validation of the stand-alone computerized system should ensure proper security restrictions to protect time/date settings and ensure data integrity in all computing environments, including the workstation operating system, the software application and any other applicable network environments.
Original
Original data includes the first or source capture of data or information and all subsequent data required to fully reconstruct the conduct of the GxP activity. The GxP requirements for original data include: