06.02.2018 |

LOGFILE No. 05/2018 – Implementing and Monitoring Data Integrity Measures

Implementing and Monitoring Data Integrity Measures

An excerpt from the GMP Focus PDF Download Data Integrity in the EU

5 minutes reading time

by Markus Veit, PhD

To comply with the requirements of data integrity, suitable monitoring systems must be in place. In addition, regular personnel training on the importance of data integrity principles must be carried out. The training sessions should contribute to the creation of a working environment that promotes an open culture of reporting failures, omissions and deviating results.

In GxP-controlled companies, management is responsible for implementing systems and procedures for minimising the potential risk to data integrity and to identify risks using risk-based principles. Contract givers should ensure as part of supplier qualification that appropriate systems are also implemented at all of their suppliers. In the case of contract manufacturing, contract testing and contract packaging, this also includes monitoring measures and regular checks that cover the following aspects as a minimum:

  • trend recording and systematic follow-up of non-compliant and deviating data as specified in the life-cycle concepts now required during pharmaceutical development, validation and monitoring of analytic procedures and manufacturing processes
  • regular checks of audit trails which help detect possible deviations and situations that necessitate additional training measures
  • validation and routine monitoring of computerised systems as outlined in Annex 11 of the EU GMP Guidelines

Generating reports

If reports are generated using software, it must be ensured that they cannot be changed afterwards. If they are paper-based, they must be marked as original printouts (master documents) using an appropriate method (e.g. a signature). Master documents and true copies of these documents must be controlled. They are normally saved electronically in PDF format. The PDFs created using software or a scanner must be encrypted or password-protected, and appropriate action must be taken to ensure that subsequent changes are no longer possible. Saving the data in PDF format also requires comprehensive verification to ensure that the information loss caused by the embedded graphic formats and/or their compression algorithms is acceptable. This applies in particular when the PDF files are generated by scanning paper-based graphics. When generating reports, it is very important to be aware of the fact that this is a static data format and that the dynamic data format is lost if the original document is not saved separately. It must therefore be ensured that all dynamic data is stored and archived. This is not necessary when dynamic data is not created, e.g. when printing weighing data.

Storing and archiving data

The (final) storage of data and generation of reports must be carried out contemporaneously to prevent subsequent changes or at least make them more difficult. The FDA stipulates that this has to be done at the end of each run and rules out final storage at the end of a measurement day or temporary storage.

The storage of data and the reports generated from it (in paper or electronic form) must be controlled in detail. In the case of hybrid systems, it is important that the data can be retrieved at all times. The readability of proprietary data for the entire period of retention can be a major challenge. In some cases, this can mean that control and evaluation systems that run on operating systems or hardware that are/is not upwardly compatible must be retained after decommissioning. An example of this would be old devices that are required to read data that is stored on floppy disks.

Access to archived data should be restricted to a limited number of individuals, and actions must be taken to prevent changes to the data during the period of retention. The respective established archiving system and the corresponding parameters must be regularly checked to ensure that they are still effective. As an example, sample calculations and/or reports can be recreated from the archived data and compared with those that were initially obtained. This should be done based on a risk assessment.

Requirements on data and data integrity lead to requirements on equipment that have to be taken into account during procurement and/or qualification. These include:

  • comprehensive qualification based on data integrity requirements
  • equipment can be validated
  • user-specific access for operation and evaluation
  • no proprietary data formats
  • downward compatibility
  • documented calculation algorithms
  • no automated rounding off
  • complete output of raw data
  • audit trail



Markus Veit, PhD
i.DRAS GmbH Planegg | Alphatopics GmbH ­Kaufering, Germany

You’ll understand all the requirements with Data Integrity in the EU: Requirements for Quality Management Systems. This report details the ins and outs of all three documents and explains how the FDA regulations fit in.

You will learn:

  • The five principles of data integrity
  • Differences between EU and UK definitions of data integrity and raw data
  • The differences between raw data and metadata
  • Ensuring the integrity of original paper-based records vs. electronic records
  • Systems to monitor data integrity
  • Laboratory handling and testing of samples
  • Storage and archiving of records
  • Data integrity during process development and validation

Get started now! Order your copy of Data Integrity in the EU