Guidance On Good Data and Record Management Practices
Guidance On Good Data and Record Management Practices
165
...,
WHO Expert Committee on Specifications for Pharmaceutical Preparations fiftlt':h report
1. Introduction 167
3. Glossary 169
4. Principles 173
11. Managing data and records throughout the data life cycle 186
166
Annex 5
......... ' " ' .
1. Introduction
1.1 Medicines regulatory systems worldwide have always depended upon the
knowledge of organizations that develop, manufacture and package, test,
distribute and monitor pharmaceutical products. Implicit in the assessment
and review process is trust between the regulator and the regulated that
the information submitted in dossiers and used in day-to-day decision-
making is comprehensive, complete and reliable. The data on which
these decisions are based should therefore be complete as well as being
attributable, legible, contemporaneous, original and accurate, commonly
referred to as "ALCOA".
1.2 These basic ALCOA principles and the related good practice expectations
that assure data reliability are not new and much high- and mid-level
normative guidance already exists. However, in recent years, the nu mber of
observations made regarding good data and record management practices
(GDRP) during inspections of good manufacturing practice (GMP) (1),
good clinical practice (GCP) and good laboratory practice (GLP) has been
increasing. The reasons for the increasing concern of health authorities
regarding data reliability are undoubtedly multifactorial and include
increased regulatory awareness and concern regarding gaps between
industry choices and appropriate and modern control strategies.
•
WHO Expert Committee on Specifications for Pharmaceutical Preparations ~I!:'~'h I~~"I,
....................... . ...............................
•
Annex 5
2.2 These guidelines highlight, and in some instances clarify, the application
of data management procedures. 111efocus is on those principles that are
implicit in existing WHO guidelines and that if not robustly implemented
can impact on data reliability and completeness and undermine the
robustness of decision-making based upon those data. Illustrative
examples are provided as to how these principles may be applied to
current technologies and business models. These guidelines do not define
all expected controls for assuring data reliability and this guidance should
be considered in conjunction with existing WHO guidelines and other
related international references.
3. Glossary
The definitions given below apply to the terms used in these guidelines. They
may have different meanings in other contexts.
ALCOA. A commonly used acronym for "attributable, legible,
contemporaneous, original and accurate':
ALCOA-plus. A commonly used acronym for "attributable, legible,
contemporaneous, original and accurate", which puts additional emphasis on
the attributes of being complete, consistent, enduring and available - implicit
basic ALCOA principles.
archival. Archiving is the process of protecting records from the
possibility of being further altered or deleted, and storing these records
under the control of independent data management personnel throughout -
the required retention period. Archived records should include, for example,
associated metadata and electronic signatures.
archivist. An independent individual designated in good laboratory
practice (GLP) who has been authorized by management to be responsible
for the management of the archive, i.e. for the operations and procedures for
archiving. GLP requires a designated archivist (i.e. an individual); however, in
169
•
WHO Expert Committee on Specifications for Pharmaceutical Preparations ', :,C"
other GXPs the roles and responsibilities of the archivist are normally fulfilled
by several_designated personnel or groups of personnel (e.g. both quality
assurance document control personnel and information technology (IT) system
administrators) without there being one single person assigned responsibility for
control as is required in GLP.
It is recognized that in certain circumstances it may be necessary for the
archivist to delegate specific archiving tasks, for example, the management of
electronic data, to specific IT personnel. Tasks, duties and responsibilities should
be specified and detailed in standard operating procedures. The responsibilities
of the archivist and the staff to whom archival tasks are delegated include -
(or both paper and electronic data - ensuring that access to the archive is
controlled, ensuring that the orderly storage and retrieval of records and
materials is facilitated by a system of indexing, and ensuring that movement
of records and materials into and out of the archives is properly controlled and
documented. These procedures and records should be periodically reviewed by
an independent auditor.
audit trail. 111eaudit trail is a form of metadata that contains information
associated with actions that relate to the creation, modification or deletion of
GXP records. An audit trail provides for secure recording of life-cycle details
such as creation, additions, deletions or alterations of information in a record,
either paper or electronic, without obscuring or overwriting the original record.
An audit trail facilitates the reconstruction of the history of such events relating
to the record regardless of its medium, including the "who, what, when and why"
of the action.
For example, in a paper record, an audit trail of a change would be
documented via a single-line cross-out that allows the original entry to remain
legible and documents the initials of the person making the change, the date
of the change and the reason for the change, as required to substantiate and
justify the change. In electronic records, secure, computer-generated, time-
stamped audit trails should allow for reconstruction of the course of events
relating to the creation, modification and deletion of electronic data. Computer-
generated audit trails should retain the original entry and document the user
identification, the time/date stamp of the action, as well as the reason for the
change, as required to substantiate and justify the action. Computer-generated
audit trails may include discrete event logs, history files, database queries or
reports or other mechanisms that display events related to the computerized
system, specific electronic records or specific data contained within the record.
backup. A backup means a copy of one or more electronic files created
as an alternative in case the original data or system are lost or become unusable
(for example, in the event of a system crash or corruption of a disk). It is
important to note that backup differs from archival in that back-up copies of
electronic records are typically only temporarily stored for the purposes of
170
Annex 5
4. Principles
4.1 GDRP are critical elements of the pharmaceutical quality system and a
systematic approach should be implemented to provide a high level of
assurance that throughout the product life cycle, all GXP records and datu
are complete and reliable.
173
WHO Expert Committee on Specifications for Pharmaceutical Preparations
4.3 Applicability to both paper and electronic data. The requirements for
GDRP that assure robust control of data validity apply equally Lo paper
and electronic data. Organizations subject to GXP should be fully aware
that reverting from automated or computerized to manual or paper-based
systems does not in itself remove the need for robust management controls.
4.7 Quality. culture. Management, with the support of the quality unit, should
establish and maintain a working environment that minimizes the risk
of non-compliant records and erroneous records and data. An essential
element of the quality culture is the transparent and open reporting
of deviations, errors, omissions and aberrant results at all levels of the
organization, irrespective of hierarchy. Steps should be taken to prevent,
and to detect and correct weaknesses in systems and procedures that may
lead to data errors so as to continually improve the robustness of scientific
decision-making within the organization. Senior management should
actively discourage any management practices that might reasonably be
expected to inhibit the active and complete reporting of such issues, for
example, hierarchical constraints and blame cultures.
4.8 Quality risk management and sound scientific principles. Robust decision-
making requires appropriate quality and risk management systems, and
adherence to sound scientific and statistical principles, which must be
based upon reliable data. For example, the scientific principle of being an
objective, unbiased observer regarding the outcome of a sample analysis
requires that suspect results be investigated and rejected from the reported
results only if they are clearly attributable to an identified cause. Adhering
to good data and record-keeping principles requires that any rejected
results be recorded, together with a documented justification for their
rejection, and that this documentation is subject to review and retention.
4.10 To ensure that the organization, assimilation and analysis of data into a
format or structure that facilitates evidence-based and reliable decision-
making, data governance should address data ownership and accountability
for data process(es) and risk management of the data life cycle.
• restricting the ability to change any clock used for recording timed
events, for example, system clocks in electronic systems and
process instrumentation;
• ensuring controlled forms used for recording GXP data (e.g. paper
batch records, paper case report forms and laboratory worksheets)
are accessible at the locations where an activity is taking place, at the
time that the activity is taking place, so that ad hoc data recording
and later transcription is not necessary;
controlling the issuance of blank paper tern plates for data recording
of GXP activities so that all printed forms can be reconciled and
accounted for;
•. restricting user access rights to automated systems to prevent (or
audit trail) data amendments;
•• ensuring automated data capture or printers are attached and
connected to equipment, such as balances, to ensure independent
and timely recording of the data;
ensuring proximity of printers to sites of relevant activities;
" ensuring ease of access to locations of sampling points (e.g. sampling
points for water systems) to allow easy and efficient performance of
sampling by the operators and therefore minimizing the temptation
to take shortcuts or falsify samples;
,I ensuring access to original electronic data for staff performing data
checking activities.
4.13 Data and record media should be durable. For paper records, the ink
should be indelible. Temperature-sensitive or photosensitive inks and
other erasable inks should not be used. Paper should also not be
temperature-sensitive, photosensitive or easily oxidizable. If this is not
feasible or limited (as may be the case in printouts from legacy printers
of balance and other instruments in quality control laboratories), then
true or certified copies should be available until this equipment is retired
or replaced.
'"
4.14 Maintenance of record-keeping systems. The systems implemented and
maintained for both paper and electronic record-keeping should take
account of scientific and technical progress. Systems, procedures and
methodology used to record and store data should be periodically reviewed
for effectiveness and updated as necessary.
176
Annex 5
5.2 Within the quality management system, the organization should establish
the appropriate infrastructure, organizational structure, written policies
and procedures, processes and systems to both prevent and detect
situations that may impact on data integrity and, in turn, the risk-based
and scientific robustness of decisions based upon those data.
5.4 Strategies that promote good practices and prevent record and data
integrity issues from occurring are preferred and are likely to be the most
effective and cost-effective. For example, access controls that allow only
people with the appropriate authorization to alter a master processing
formula will reduce the probability of invalid and aberrant data being
generated. Such preventive measures, when effectively implemented, also
reduce the amount of monitoring required to detect uncontrolled change,
should therefore design appropriate tools and strategies for the management
of data integrity risks based upon their own GXP activities, technologies
and processes.
6.6 All GXP .records held by the GXP organization are subject to inspection
by the responsible health authorities. This includes original electronic data
and metadata, such as audit trails maintained in computerized systems.
Management of both contract givers and contract acceptors should
ensure that adequate resources are available and that procedures for
com puterized systems are available for inspection. System administrator
personnel should be available to readily retrieve requested records and
facilitate inspections.
7.2 111e organization that outsources work has the responsibility for
the integrity of all results reported, including those furnished by any
subcontracting organization or service provider. These responsibilities
extend to any providers of relevant computing services. When outsourcing
databases and software provision, the contract giver should ensure that
any subcontractors have been agreed upon and are included in the quality
agreement with the contract accepter, and are appropriately qualified and
.v
) trained in GRDP. Their activities should be monitored on a regular basis
at intervals determined through risk assessment. This also applies to
cloud-based service providers.
7.4 The personnel who evaluate and periodically assess the competence of a
contracted organization or service provider should have the appropriate
background, qualifications, experience and training to assess data integrity
governanc~ systems and to detect validity issues. The nature and frequency
of the evaluation of the contract acceptor and the approach to ongoing
monitoring of their work should be based upon documented assessment
of risk. This assessment should include an assessment of relevant data
processes and their risks.
7.5 111e expected data integrity control strategies should be included Il1
quality agreements and in written contract and technical arrangements,
as appropriate and applicable, between the contract giver and the contract
acceptor. These should include provisions for the contract giver to have
access to all data held by the contracted organization that are relevant
to the contract giver's product or service as well as all relevant quality
systems records. This should include ensuring access by the contract
giver to electronic records, including audit trails, held in the contracted
organization's computerized systems as well as any printed reports and
other relevant paper or electronic records.
7.7 When outsourcing databases, the contract giver should ensure that if
subcontractors are used, in particular cloud-based service providers, they
are included in the quality agreement and are appropriately qualified and
trained in GRDP. Their activities should be monitored 011 a regular basis
at intervals determined through risk assessment.
181
•
WHO Expert Committee on Specifications for Pharmaceutical Preparations ':!' ,'::','
........................................................................
8.3 Management should also ensure that, at the time of hire and periodically
afterwards, as needed, all personnel are trained in procedures to
ensure GDocP for both paper and electronic records. The quality unit
should include checks for adherence to GDocP for both paper records
and electronic records in their day-to-day work, system and facility
audits and self-inspections and report any opportunities for improvement
to management.
9.3 Legible, traceable and permanent. The terms legible and traceable and
permanent refer to the requirements that data are readable, understandable,
and allow a clear picture of the sequencing of steps or events in the record
so that all GXP activities conducted can be fully reconstructed by the
people reyiewing these records at any point during the records retention
period set by the applicable GXp.
9.5 Original. Original data include the first or source capture of data or
information and all subsequent data required to fully reconstruct the
conduct of the GXP activity. The GXP requirements for original data
include the following:
9.6 Accurate. 1he term "accurate" means data are correct, truthful, complete,
valid and reliable.
9.7 Implicit in the above-listed requirements for ALCOA are that the records
should be complete, consistent, enduring and available (to emphasize
these requirements, this is sometimes referred to as ALCOA-plus).
184
Annex 5
...................................................................................................... - .
10.6 Data life cycle. Validation should include assessing risk and developing
quality risk mitigation strategies for the data life cycle, including controls
to prevent and detect risks throughout the steps of:
10.7 SOPs and training. The validation activities should ensure that adequate
training and procedures are developed prior to release of the system for
GXP use. These should address:
•
Annex 5
11.7 Data processing. To ensure data integrity, data processing should be done
in an objective manner, free from bias, using validated/qualified or verified
protocols, processes, methods, systems, equipment and according to
approved procedures and training programmes.
11.9 Data review and reporting. Data should be reviewed and, where
appropriate, evaluated statistically after completion of the process to
determine whether outcomes are consistent and compliant with established
standards. The evaluation should take into consideration all data,
including atypical, suspect or rejected data, together with the reported
data. This includes a review of the original paper and electronic records.
187
•
WHO Expert Committee on Specifications for Pharmaceutical Preparations '-,j,I<':11 r"f (II,
11,10 For example, during self-inspection, some key questions to ask are: Am I
collecti.ng all my data? Am I considering all my data? If I have excluded
some data from my decision-making process, what is the justification
for doing so, and are all the data retained, including both rejected and
reported data?
11.11 The approach to reviewing specific record content, such as critical data
fields and metadata such as cross-outs on paper records and audit trails
in electronic records, should meet all applicable regulatory requirements
and be risk-based.
11.13 During the data life cycle, data should be subject to continuous
monitoring, as appropriate, to enhance process understanding and
facilitate knowledge management and informed decision-making.
11.15 Data retention and retrieval. Retention of paper and electronic records
is discussed in the section above, including measures for backup and
archival of electronic data and metadata.
1) Data folders on some stand-alone systems may not include all audit
trails or other metadata needed to reconstruct all activities. Other
metadata may be found in other electronic folders or in operating
system logs. When archiving electronic data, it is important to
ensure that associated meta data are archived with the relevant
data set or securely traceable to the data set through appropriate
documentation. The ability to successfully retrieve from the archives
I;
188
•
Annex 5
2) Only validated systems are used for storage of data; however, the
media used [or the storage of data do not have an indefinite lifespan.
~onsideration must be given to the longevity of media and the
environment in which they are stored. Examples include the fading
of microfilm records, the decreasing readability of the coatings of
optical media such as compact disks (CDs) and digital versatile/
video disks (DVDs), and the fact that these media may become
brittle. Similarly, historical data stored on magnetic media will also
bec-ome unreadable over time as a result of deterioration.
12.2 The investigation should ensure that copies of all data are secured in a
timely manner to permit a thorough review of the event and all potentially
related processes.
12.4 111einvestigation should not be limited to the specific issue identified but
should also consider potential impact on previous decisions based upon
the data and systems now found to be unreliable. In addition, it is vital that
the deeper, underlying root causers) of the issue be considered, including
potential management pressures and incentives, for example, a lack of
adequate resources.
12.5 Corrective and preventive actions taken should not only address
the identified issue, but also previous decisions and datasets that are
impacted, as well as deeper, underlying root causes, including the need
for realignment of management expectations and allocation of additional
resources to prevent risks from recurring in the future.
189
WHO Expert Committee on Specifications for Pharmaceutical Preparations
Further reading
Computerised systems. In: The rules governing medicinal products in the European Union. Volume 4:
Good manufacturing practice (GMP) guidelines: Annex 11. Brussels: European Commission (http://
ec.eu ropa .eu/ ente rprise/p ha rm ace uti ca Isl eud ra lex/vol-4/pdfs-enl anx 11en .pdf).
Good automated manufacturing practice (GAMP) good practice guide: electronic data archiving.
Tampa (FL): International Society for Pharmaceutical Engineering (lSPE); 2007.
Good automated manufacturing practice GAMP good practice guide: A risk-based approach to GxP
compliant laboratory computerized systems, 2nd edition. Tampa (FL): International Society for
Pharmaceutical Engineering (lSPE); 2012.
MHRA GMP data integrity definitions and guidance for industry. London: Medicines and Healthcare
Products Regulatory Agency; March 2015 (https:llwww.gov.uklgovernment/uploads/system/uploads/
attachment_data/file/412735/Data_integ rity _definitions_a nd_g uida nce_ v2.pdf).
OECD series on principles of good laboratory practice (GLP) and compliance monitoring. Paris:
Organisation for Economic Co-operation and Development (http://www.oecd.org/chemicalsafety/
tes ti n gl oecd seri eso n p ri nci p Iesofg ood Iabo ratoryp racticeg Ipa ndco m p Iiance mon ito ri ng. htm).
Official Medicines Control Laboratories Network of the Council of Europe: Quality assurance documents:
PA/PH/OMCL (08) 69 3R - Validation of computerised systems - core document (https:llwww.edqm.
eu/sites/default/files/medias/fichierslValidation_oCComputerised_Systems_Core_Document.pdf)
and its annexes:
• PA/PH/OMCL (08) 87 2R - Annex 1: Validation of computerised calculation systems: example
of validation of in-house software
(https:llwww.edqm.eu/sites/default/fi les/medias/fich iers/N EW_An nex_l_ Va lidation_ of_
computerised_calculation,pdf),
• PA/PH/OMCL (08) 88 R - Annex 2: Validation of databases (DB), laboratory information
management systems (LlMS) and electronic laboratory notebooks (ELN)
(https:llwww.edq m .eu/ sitesl defa u lt/f les/med ias/fich iers/N EW_An n ex_2_ Validatio n_ of_
Databases_DB_Laboratory_.pdf),
190
Annex 5
191
•
WHO Expert Committee on Specifications for Pharmaceutical Preparations ,':"';' ",,'1
Appendix 1
Attributable
192
•
Annex :,
195
II
WHO Expert Committee on Specifications for Pharmaceutical Preparations ;ifllt'ii: iepor:
Table continued
196
Annex 5
197
WHO Expert Committee on Specifications for Pharmaceutical Preparations ;iill,':i \'(' I
Contemporaneous
Contemporaneous data are data recorded at the time they are generated
or observed.
Contemporaneous
198
•
Annex 5
Original
Original data include the first or source capture of data or information and all
subsequent data required to fully reconstruct the conduct of the GXP activity.
111eGXP requirements for original data include the following:
Controls for review of original paper Controls for review of original electronic
records include, but are not limited to: records include, but are not limited to:
• written procedures and training and • written procedures and training and
review and audit and self-inspection review and audit and inspection
controls to ensure that personnel controls that ensure personnel conduct
conduct an adequate review and an adequate review and approval of
approval of original paper records, original electronic records, including
including those used to record human readable source records of
the contemporaneous capture of electronic data;
information; • data review procedures describing
• data review procedures describing review of original electronic data
review of relevant metadata. For and relevant metadata. For example,
example, written procedures for review written procedures for review should
should require that personnel evaluate require that personnel evaluate
changes made to original information changes made to original information
on paper records (such as changes in electronic records (such as changes
documented in cross-out or data documented in audit trails or history
correction) to ensure these changes fields or found in other meaningful
are appropriately documented, and metadata) to ensure these changes
justified with substantiating evidence are appropriately documented and
and investigated when required; justified with substantiating evidence
and investigated when required;
-
200
Annex 5
Data integrity risks may occur when people choose to rely solely
upon paper printouts or PDF reports from computerized systems
without meeting applicable regulatory expectations [or original
records. Original records should be reviewed - this includes
electronic records. If the reviewer only reviews the subset of data
provided as a printout or PDF, risks may go undetected and harm
may occur.
Although original records should be reviewed, and all personnel
involved are fully accountable for the integrity and reliability of the
subsequent decisions made based upon original records, a risk-
based review of the content of original records is recommended.
201
•
WHO Expert Committee on Specifications for Pharmaceutical Preparations 'if':"·'1 i":"!
~ Written procedures for data review should define the frequency, roles
and responsibilities and approach to review of meaningful metadata,
such as audit trails. These procedures should also describe how
aberrant data are to be handled if found during the review. Personnel
who conduct such reviews should have adequate and appropriate
training in the review process as well as in the software systems
containing the data subject to review. The organization should make
the necessary provisions for personnel reviewing the data to access
the systemis) containing the electronic data and metadata.
I'l Quality assurance should also review a sample of relevant audit trails,
raw data and metadata as part of self-inspection to ensure ongoing
compliance with the data governance policy and procedures.
" Any significant variation from expected outcomes should be fully
recorded and investigated.
Ii! In the hybrid approach, which is not the preferred approach, paper
printouts of original electronic records from computerized systems
may be useful as summary reports if the requirements for original
electronic records are also met. To rely upon these printed summaries
of results for future decision-making, a second person would have to
review the original electronic data and any relevant metadata such
as audit trails, to verify that the printed summary is representative
of all results. This verification would then be documented and the
printout could be used for subsequent decision-making.
" 111eGXP organization may choose a fully electronic approach to
allow more efficient, streamlined record review and record retention.
111iswould require authenticated and secure electronic signatures
to be implemented for signing records where required. 111is,in turn,
would require preservation of the original electronic records, or
true copy, as well as the necessary software and hardware or other
suitable reader equipment to view the records during the records
retention period.
• System design and the manner of data capture can significantly
influence the ease with which data consistency can be assured. For
example, and where applicable, the use of programmed edit checks
or features such as drop-down lists, check boxes or branching of
questions or data fields based on entries are useful in improving
data consistency.
,. Data and their metadata should be maintained in such a way that
they are available for review by authorized individuals, and in a
format that is suitable for review for as long as the data retention
requirements apply. It is desirable that the data should be maintained
203
WHO Expert Committee on Specifications for Pharmaceutical Preparations '-,b-::: :',': i
Controls for retention of original paper Controls for retention of original electronic
records or true copies of original paper records or true copies of original electronic
records include, but are not limited to: records include, but are not limited to:
• controlled and secure storage areas, • routine back-up copies of original
including archives, for paper records; electronic records stored in another
• a designated paper archivist(s) who location as a safeguard in case of disaster
is independent of GXP operations is that causes loss of the original electronic
required by GLP guidelines; in other records;
GXPsthe roles and responsibilities • controlled and secure storage areas,
for archiving GXP records should be including archives, for electronic records;
defined and monitored (and should • a designated electronic archivist(s) such
normally be the responsibility of as is required in GLP guidelines who is
the quality assurance function or independent of GXP operations (the
an independent documentation designated personnel should be suitably
control unit); qualified and have relevant experience
• indexing of records to permit ready and appropriate training to perform
retrieval; their duties);
• periodic tests at appropriate intervals • indexing of records to permit ready
based upon risk assessment, to verify retrieval;
the ability to retrieve archived paper or periodic tests to verify the ability to
static format records; retrieve archived electronic data from
• the provision of suitable reader storage locations. The ability to retrieve
equipment when required, such as archived electronic data from storage
microfiche or microfilm readers if locations should be tested during the
original paper records are copied as validation of the electronic archive.
true copies to microfilm or microfiche After validation the ability to retrieve
for archiving; archived electronic data from the
storage locations should be periodically
reconfirmed, including retrieval from
third-party storage;
204
Annex 5
Table continued .
Retention of original records or true copies
205
•
WHO Expert Committee on Specifications for Pharmaceutical Preparations i iI~il'iillq,jf,
207
•
WHO Expert Committee on Specifications for Pharmaceutical Preparations Illul'til rcpcli
Accurate
The term "accurate" means data are correct, truthful, complete, valid and reliable.
For both paper and electronic records, achieving the goal of accurate
data requires adequate procedures, processes, systems and controls that comprise
the quality management system. 111e quality management system should be
appropriate to the scope of its activities and risk-based.
Controls that assure the accuracy of data in paper records and electronic
records include, but are not limited to:
Examples of these controls applied to the data life cycle are provided
below.
208
Annex 5
209