Data Integrity App
Question 31:
Is it an essential element to execute a disaster recovery process on
a manufacturing kit during qualification, and do you see any risk with respect
to software removal?
Best Answer: Disaster recovery testing is
expected by the regulations. European regulations are slightly more explicit on
the subject. A disaster recovery test can often fail due to incorrect
assumptions. Disaster recovery testing is particularly useful for
mission-critical systems.
Question 32: Are there examples of audit trail review that are less
cumbersome than what Agilent is building into its software?
Best Answer: Some systems that have electronic audit trails don’t have the means to indicate that those audit trails have been reviewed, resulting in having to divide the audit trail review into smaller chunks and primarily having those audit trails be very, very relevant to the data that is being reviewed.
For example, for pharmaceutical batch release, a QA review must be performed for all the relevant records that go into manufacturing that product and all the systems that support its manufacture.
If the QA review looks at audit trail entries that are relevant to those records, even if it happens to be on paper the audit trail review is more relevant to the record review itself. So the review is less cumbersome simply as a result of dividing the problem into smaller chunks that are more relevant to the actual record.
Question 33:
At some point, there must be an administrator for every system who
will have access to modify or delete records, how do you recommend dealing with
this potential data Integrity problem?
Best Answer: The best practice for selecting a system administrator is making sure that the administrator on a particular system does not have a vested interest in the data on that system.
What this means in larger organization is
that often someone in the IT department is in charge of administering the
system. Separation of duties is a subject that IBM has discussed in the past,
and it is also significant in the financial world.
If a
person has no motivation to do anything with the data on that system, then it’s
unlikely that there will be a problem. The FDA has said that if there is any
evidence of intentional fraud that they would pursue it as a criminal activity
and that is something that they do look for.
Question 34:
When samples are processed, are an audit trail comment enough or are an approval process also necessary?
Best Answer: It depends on what a company’s policies and
procedures expect. If there are sufficient controls in the system and people
are sufficiently trained, so that when sample reprocessing occurs, it’s
occurring under the proper conditions with the proper controls and procedures
in place, then the audit trail comment may be enough.
However, if the procedure doesn’t address
the reprocessing of samples, or if it’s considered anomalous or unusual, then
it may be important to have an explicit documented approval process.
Question 35:
Is it ever acceptable to delete data in the eyes of the FDA?
Best Answer: The FDA has answered this question explicitly and implicitly in two different areas. First, they talk about data retention requirements for pharmaceutical products, and the requirement is to maintain pharmaceutical manufacturing records for seven years after the expiration of the last manufactured lot of a particular pharmaceutical product.
So, if after seven years production of a
drug product is halted, and the product has an expiry that’s 12 or 18 months
out, then seven years after that expiration date, it is acceptable to delete
data.
Second, CFR Part 11 specifies that audit
trails need to deal with three things: they need to deal with creation of
regulated records, modification of regulated records, and the deletion of
records.
However, pre-Part 11 in the mid-90s, the
FDA found that many companies, in their analytical laboratories, were deciding
that the final analytical report was the regulated record, and companies were
deleting the raw data.
Question 36:
Is the audit trail review prior to the release of each batch a regulatory requirement or is it only recommended so far?
Best Answer: Annex 11 requires the audit trail review. Inspectors consider the release of batches to be the most critical process of all.
Question 37:
It is useful to review the "windows event viewer"
for GxP devices?
Best Answer: This is a good idea but it will probably not be realistic as too many events
would be reported. Its use would anyway only be worth considering for systems
which save data locally, and thank God this isn't done by many modern systems
anymore.
Question 38:
May the Head of Laboratory have admin rights for example to
carry out the audit trail review?
Best Answer: Yes, as long as she/he does not operationally process analyses herself/himself. This
is possible but it needs to be described in a SOP.
Question 39: . Is it possible for a user to have two system accounts? One as
a user and one as administrator or reviewer?
Best Answer: Yes, in small organizational units. Guarantee by means of an SOP that the admin
account will NOT be used operationally.
Question 40: . What do you do with legacy equipment? If no audit trail is available or if "user login" is not possible?
Best Answer: The
systems have to be replaced in the short or in the long run - according to the
risks.
Question 41: . Equipment often has a standard audit trail function. A lot of data is recorded (on/off), but only a small part of it is critical or relevant for a review. What is the best way to proceed when carrying out a review?
Best Answer: The
best way is to configure a report that only shows the critical data but leaves
out all the unnecessary elements (such as login/logout). But this has to be
programmed and is expensive.
“Trust but Verify “ Ronald Reagan
Across the internet, there are millions of resources are available which provide information about Everything.
If you found all content under one roof then it will save your time, effort & you will more concentrated on your important activity.
 |
| Data Integrity App |
Our Data integrity app will helpful for understanding what Data integrity & CSV really means & How 21 CFR Part 11, EU Annex 11 & other regulatory guidelines affects in pharmaceutical Industry.
- Basic Data Integrity Concepts
- ERES & Its Requirement
- CSV & Its best practices
- Mock Inspection and General Q&A
- Checklist for inspection
- Inspection Readiness
- Useful SOP’s
- Stay Regulatory Compliant.
“Stay One Step Ahead in Pharma IT Compliance”
https://play.google.com/store/apps/details?id=com.innovativeapps.dataintegrity
Try our "Data Integrity" app which helps you to better understand current regulatory agencies thinking on Data Integrity & CSV.
Comments
Post a Comment