Data Integrity Audit Trail

Master Class Review

SPEAKERS:

Bob McDowall DATA

INTEGRITY
R.D.McDowall Ltd.

Yves Samson
Kereon AG

Dr Wolfgang Schumacher
formerly F. Hoffmann-La
Roche Ltd. 20-22 and 23 June 2017, Berlin, Germany

HIGHLIGHTS:
Dr Arno Terhechte Data Integrity Master Class
Bezirksregierung Münster „„ Data Integrity in the Pharmaceutical Quality System
„„ Data Flow Analysis
„„ Metrics for Data Integrity
„„ Preparing your company for an Data Integrity inspection
„„ Control of Master templates
Save up to € 290.- by „„ Vulnerability of Records
booking both courses „„ QA Oversight for Data Integrity
„„ Data Integrity Audit results
„„ Data Integrity interventions

Audit Trail Review

„„ Understand the regulatory requirements for an Audit Trails (review)
„„ Identifying GMP relevant data
„„ Review of Audit Trail entries
„„ Technical Controls to Aid Second Person Review of Audit Trails

Both courses are recognised for the ECA GMP Certification Programme „Certified Data Integrity Manager“.
Please find details at www.gmp-certification.eu
Data Integrity Master Class | 20-22 June 2017, Berlin, Germany

Learning Goals Programme

ƒƒ Your will get familiar with the current regulatory re- Regulatory Update
quirements on data integrity and how regulators refine ƒƒ EU GMP Requirements
these requirements –– Chapter 4
ƒƒ You will get a deeper understanding what FDA and –– Annex 11
European inspectors expects from pharmaceutical ƒƒ Guidance Documents Overview (state of the art)
companies in regard to Data Integrity –– GMDP Inspectors WG, Data Integrity Q&A
ƒƒ You will learn how to implement the (new) regulatory –– (PIC/S Good Practices for Data Management and Integrity
in regulated GMP/GDP Environments)
requirements on Data Integrity into your Pharmaceuti- –– WHO, Annex 5 Guidance on Good Data and Record
cal Quality System Management Practices
ƒƒ You will learn how to prepare your company for an –– MHRA GxP Data Integrity Definitions and Guidance for
successful inspection in regard to Data Integrity Industry
ƒƒ You will understand how to establish an effective Data –– FDA, Data Integrity and Compliance with cGMP
Governance system ƒƒ “These Guides are not intended to impose additional
ƒƒ You will learn how to investigate Data Integrity issues regulatory burden upon regulated entities”. Is This
in your company correct?
–– Data Governance
–– Dynamic Data

Data Integrity in the pharmaceutical quality system

ƒƒ Which PQS elements need to be added or updated?
ƒƒ The Data Integrity Program
–– Priorities (immediate/short/mid-term)
–– Capacity
–– Timing

Data Integrity in paper documentation

ƒƒ GMP requirements for good documentation practice
Background ƒƒ Application to paper documents
ƒƒ Common problems from FDA 483 observations and
warning letters and how to avoid them
Even Data Integrity is one of the basic GMP principles
since years multiple Data Integrity citations were report-
Data flow analysis
ed by FDA and European inspectors during the last 3
ƒƒ Objective and purpose
years. Many US Warning Letters and EU Non-Compliance
ƒƒ Electronic data flow
Reports deal with serious Data Integrity violations. Data
ƒƒ Complete data flow
Integrity questions have been and will continue to be the
ƒƒ Identification of possible weaknesses
focus of many GMP inspections.
As a consequence international authorities – FDA, EMA,
Metrics for Data Integrity
PIC/S, WHO, MHRA - published draft documents to de-
ƒƒ Metrics in the context of a corporate data integrity
scribe the regulatory expectations of Data Integrity.
programme
Although all guidelines are not intended to impose ad-
ƒƒ Suggested metrics in the assessment phase
ditional regulatory burden to the regulated companies, a
ƒƒ Suggested metrics in the operational phase
lot of uncertainty predominates the pharmaceutical in-
dustry how to implement these requirements into the
Preparing your company for an Data Integrity
daily business.
inspection
ƒƒ How to present the DI status and future approach?
Target Audience ƒƒ Gap analysis
ƒƒ Training program coverage
ƒƒ Experience from FDA inspections – Hot Buttons
The Data Integrity Master Class is directed at
„„ Managers and staff from Manufacturing, QC/QA and
DI Inspections
Analytical Development Laboratories of pharmaceuti-
ƒƒ Basis for Inspections: “PIC/S Good Practices for Data
cal companies
Management and Integrity in regulated GMP/GDP
„„ Contract Research Organisation and Contract Manu- Environments”
facturing Organisation manufacturing, laboratory and ƒƒ Data Integrity Assessment during Inspection
QA personnel –– Quality Control
„„ Auditors (internal and external) responsible for –– Manufacturing
performing self-inspections or external audits and ƒƒ Inspection Findings
needing to understand and assess data integrity
Second Person Review Workshop on Vulnerability of Records
ƒƒ Regulatory and guidance document requirements for Working in teams, the attendees will be presented with a
the second person review scenario of a computerised system that generates elec-
ƒƒ Role of the second person review tronic records. They will assess the record vulnerability
ƒƒ Scope of the second person review and determine the controls to put in place to protect the
ƒƒ Documenting the review for paper, hybrid and elec- records and ensure data integrity. Team outputs will be
tronic systems discussed with all participants.
ƒƒ Facilitated discussion on Second Person review
QA oversight for data integrity
Time synchronisation ƒƒ Data integrity training
ƒƒ Purpose and requirements ƒƒ Enforce data flows
ƒƒ TAI, UTC, time zone, legal time, local time, system ƒƒ Reviews
time ƒƒ Internal inspection
ƒƒ ntp - network time protocol ƒƒ Audit of external organisations
ƒƒ Time management concept
Cyber security measures to assure data integrity
Software Suppliers Responsibility for Data Integrity ƒƒ Cyber security reality and concerns
Compliance ƒƒ Possible security weaknesses
ƒƒ Regulatory requirements for software systems: ƒƒ Designing robust IT and automation infrastructures
procedural and technical Data governance
ƒƒ Role of software suppliers ƒƒ Governance responsibilities
ƒƒ Regulations push vs market needs pull ƒƒ Data governance vs. IT governance
ƒƒ Implementing technical requirements for software: ƒƒ Elements of a data governance
architecture, database and application ƒƒ Embedding data governance into the PQS
ƒƒ Marketing literature versus marketing bullshit
Data integrity audit results of a contract laboratory
Control of Master Templates and Blank Forms ƒƒ Audit context
ƒƒ Why is control of master templates and blank forms ƒƒ Audit scope
important? ƒƒ Findings
ƒƒ Regulatory requirements from FDA, MHRA, WHO, ƒƒ Root causes
EMA and PIC/S
ƒƒ Devising and controlling the master template Case study Data Migration - Production
ƒƒ Operational use of the blank forms ƒƒ Migration of complex data collections
ƒƒ Do you really want to work this way? ƒƒ Migration of a large collection of similar data
ƒƒ Design of the migration process
Risk-based approach for manufacturing and laboratory ƒƒ Risk-based elaboration of the verification strategy
audit trail review
Options for Long Term Data Retention of Laboratory
ƒƒ Regulatory requirements and expectations for audit
Data
trail review
ƒƒ Proprietary v open standards for laboratory data
ƒƒ Is the application adequate for audit trail review?
ƒƒ Application of a risk based approach to audit trail review ƒƒ Options for long term retention:
–– Keep original system
–– Virtualisation
Workshop on Audit Trail Review –– Data migration
Working in teams, the attendees will be presented with a
series of scenarios involving computerised systems with Data Integrity Investigations
audit trails. Based on the regulations and the team’s as- ƒƒ What are data integrity investigations?
sessment of risk, they will determine what they will re- ƒƒ Human and technical triggers for DI investigations
view and how frequently they will review audit trails. ƒƒ Who should investigate the problem?
Team outputs will be discussed with all participants. ƒƒ Process description and how to document a DI
investigation
Vulnerability of Records ƒƒ Should we inform regulatory authorities?
ƒƒ What is record vulnerability?
ƒƒ Protection and security of electronic records require- Workshop on Data Integrity Investigations
ments Based on a case study, attendees will be presented with
ƒƒ What can go wrong? Scope of misfortunes that can key facts and determine what an organisation should do
impact records to investigate a data integrity issue. At the end of the
ƒƒ Assessment of record vulnerability and implementa- workshop, during the discussion of the team outputs
tion of control measures there will be a comparison with the work performed in
the case study.

Key Learning Points and Final Discussion

Audit Trail Review | 23 June 2017, Berlin, Germany

Objectives Programme

ƒƒ You will learn the current regulatory requirements and Why Is An Audit Trail and Its Review Important?
regulatory expectations for an audit trail (review) ƒƒ Part 11 and Annex 11 / Chapter 4 requirements for audit
ƒƒ All GMP-relevant data (changes and deletions) should trail
be audit trailed – you will learn how to identify GMP- ƒƒ Regulatory requirements for audit trail review
relevant data ƒƒ Guidance documents for audit trail review
ƒƒ Event and audit logs: you will understand the differ- ƒƒ Do I really need an audit trail?
ences between and what the regulators expect
ƒƒ How should an audit trail review be performed? You What is in a Name?
will get familiar with the content and the frequency of ƒƒ What do we look for in an application for auditing?
an audit trail review ƒƒ Pros and cons for event logs and audit logs?
ƒƒ Which audit trail(s) should I review?

Workshop 1: Which Audit Trail to Review?

Attendees will be presented with an overview of the
audit trails within an application and the content of each
one . Which audit trails should be reviewed and when?

What are GMP-Relevant Data?

ƒƒ Annex 11 requires that audit trails monitor GMP-rele-
vant data – what are GMP relevant data?

Workshop 2: Identifying GMP Relevant Data

Attendees will be presented with a list of records to
identify if they are GMP records and how critical they are
to help focus the second person review of audit trail
data. Examples from production, laboratory and QA
Background examples of GMP relevant data will be provided

Audit Trail Reviews are required by international regula- Review of Audit Trail Entries
tions like US 21 CFR Part 11 and EU GMP Guide Annex 11: ƒƒ Guidance for frequent is “frequent review” of audit
Clause 9 requests: trails
ƒƒ Process versus system: avoiding missing data integrity
“Consideration should be given, based on a risk assess- issues when only focussing on a per system review
ment, to building into the system the creation of a record ƒƒ What are we looking for in an audit review?
of all GMP-relevant changes and deletions (a system ƒƒ Suspected data integrity violation - What do we need
generated “audit trail”). For change or deletion of to do?
GMP-relevant data the reason should be documented.
Audit trails need to be available and convertible to a gen- Workshop 3: Reviewing Audit Trail Entries
erally intelligible form and regularly reviewed” Attendees will be provided with the output of an audit
trail to review and see if any potential issues are identi-
Regulators focus on the (creation), modification and fied for further investigation.
deletion of (GMP-relevant) data while many IT systems
are not able to generate audit trails at all or they are not Technical Controls to Aid Second Person Review of
able to generate audit trails for GMP-relevant data. Audit Trails
ƒƒ Technical considerations for audit trail review e.g.
Therefore, this course is designed to support you to iden- ƒƒ Identifying data that has been changed or modified –
tify GMP-relevant data and how to perform and docu- how the system can help
ment an Audit Trail review as part of a second person ƒƒ Documenting the audit trail review has occurred
review. ƒƒ Review by exception – how technical controls can
help
ƒƒ Have you specified and validated these functions?
Target Audience

This course is designed for managers and staff from

health care industries as well for auditors who are
responsible for the organisation and execution of audit
trail (reviews) in their companies.
Accommodation Speakers

CONCEPT HEIDELBERG has reserved a limited number Dr Bob McDowall

of rooms in the InterCity Hotel Berlin for both courses. R.D.McDowall Limited, Bromley, Kent, UK
The Steigenberger Hotel am Kanzleramt is located next Analytical chemist with over 40 years
to the InterCity Hotel Berlin. You will receive a room experience including 15 years working in
reservation form when you have registered for the the pharmaceutical industry and afterwards
event. Reservation should be made directly with the working for the industry as a consultant. Bob is an ISO
hotel. Early reservation is recommended. 17025 assessor and he has been involved with the vali-
dation of computerised systems for over 30 years and
Registration is the author of a book on the validation of chromatog-
raphy data systems. He was also a contributor to the
Via the attached reservation form, by e-mail or by fax GAMP IT Infrastructure control & compliance and Lab
message. Or you register online at System Validation 2nd edition Good Practice Guides.
www.gmp-compliance.org. He is a core member of the GAMP Data Integrity SIG.
He recently published the second edition of his book
Conference language on Validation of Chromatography Data Systems: Ensur-
ing Data Integrity, Meetings Business and Regulatory
The official conference language will be English. Requirements.

Organisation and Contact Yves Samson

Kereon AG, Basel, Switzerland
CONCEPT HEIDELBERG Automation and system engineer with over
P.O. Box 10 17 64 25 years experience, including 11 years as
D-69007 Heidelberg, Germany regulated user, Yves is the founder of Kereon
Phone +49 (0) 62 21/84 44-0 AG, Basel. He supports his customers as consultant,
Fax +49 (0) 62 21/84 44 34 trainer, and e-compliance auditor. He is member of
E-mail: info@concept-heidelberg.de GAMP Europe Steering Committees, chairman and co-
www.concept-heidelberg.de founder of GAMP Francophone. He edited the French
version of GAMP 4 and GAMP 5. Within ISPE he was an
For questions regarding content: active member of the working group “IT Infrastructure
Dr Andreas Mangel (Operations Director) at Compliance and Control”.
+49-62 21 / 84 44 41, or per e-mail at
mangel@concept-heidelberg.de. Dr Wolfgang Schumacher
formerly F. Hoffmann-La Roche Ltd.,
For questions regarding reservation, hotel, Switzerland
organisation etc.: Dr Schumacher studied chemistry and
Mr Rouwen Schopka (Organisation Manager) at pharmacy. After entering Asta Medica,
+49-62 21 / 84 44 13, or per e-mail at he headed different positions. In 2001 he
schopka@concept-heidelberg.de. joined F. Hoffmann-La Roche, Basle, where he was
Head of the Quality Computer Systems department..
He is a member of the ECA Advisory Board.

Social Event Dr Arno Terhechte

Bezirksregierung Münster, Germany
After 5 years in the pharmaceutical industry
On the first day of the he was from 1998 – 2003 in the Bezirksre-
Data Integrity Master gierung Düsseldorf. Since 2003 he is inspec-
Class, you are cordially tor in the Bezirksregierung Münster. Arno Terhechte is
invited to a social event. member of the German expert group 11 “computerised
This is an excellent oppor- systems”.
tunity to share your expe-
riences with colleagues
from other companies in
a relaxed atmosphere.

wa/vers.1/21122016
 If the bill-to-address deviates from the specifications on the right, Reservation Form (Please complete in full)  + 49 6221 84 44 34
please fill out here:
Data Integrity Master Class, 20-22 June 2017, Berlin, Germany
Audit Trail Review, 23 June 2017, Berlin, Germany

* Mr. * Ms. Germany

 Reservation
Easy Registration

P.O. Box 10 17 64
Form:

69007 Heidelberg

Title, first name, surname

CONCEPT HEIDELBERG

Company Department

Important: Please indicate your company’s VAT ID Number P.O. Number if applicable


CONCEPT HEIDELBERG Street/P.O. Box

P.O. Box 101764

City Zip Code Country
Fax +49 (0) 62 21/84 44 34
Phone/Fax
D-69007 Heidelberg
Reservation Form:
+ 49 6221 84 44 34

GERMANY
E-Mail (please fill in)
General terms and conditions CONCEPT HEIDELBERG reserves the right to change the materials, in- Important: This is a binding registration and above fees are due in Privacy Policy: By registering for this event, I accept the processing
If you cannot attend the conference you have two options: structors, or speakers without notice or to cancel an event. If the event case of cancellation or non-appearance. If you cannot take part, of my Personal Data. Concept Heidelberg will use my data for the
1. We are happy to welcome a substitute colleague at any time. must be cancelled, registrants will be notified as soon as possible and you have to inform us in writing. The cancellation fee will then be processing of this order, for which I hereby declare to agree that my
2. If you have to cancel entirely we must charge the following process- will receive a full refund of fees paid. CONCEPT HEIDELBERG will not calculated according to the point of time at which we receive your personal data is stored and processed. Concept Heidelberg will only
ing fees: Cancellation be responsible for discount airfare penalties or other costs incurred message. In case you do not appear at the event without having send me information in relation with this order or similar ones. My
- until 2 weeks prior to the conference 10 %, due to a cancellation. informed us, you will have to pay the full registration fee, even if you personal data will not be disclosed to third parties (see also the pri-
- until 1 weeks prior to the conference 50 % Terms of payment: Payable without deductions within 10 days after have not made the payment yet. Only after we have received your vacy policy at http://www.gmp-compliance.org/eca_privacy.html).
- within 1 week prior to the conference 100 %. receipt of invoice. payment, you are entitled to participate in the conference (receipt of I note that I can ask for the modification, correction or deletion of my
@ e-mail:

payment will not be confirmed)! (As of January 2012) data at any time via the contact form on this website.
#

Fax
Fax

Ella-Trebe-Straße 5

Audit Trail Review

ECA Members € 790

APIC Members € 840
ECA Members € 1,790
10557 Berlin, Germany
10557 Berlin, Germany

ECA Members € 2,390

APIC Members € 1,890

APIC Members € 2,490

Katharina-Paulus-Straße 5

Non-ECA Members € 890

Data Integrity Master Class
Non-ECA Members € 1,990

Non-ECA Members € 2,590

Phone +49 (0)30 288 755 0
Internet:

all days and all refreshments.

all days and all refreshments.

EU GMP Inspectorates € 445

EU GMP Inspectorates € 995
Phone +49 (0)30 921 0257 0

EU GMP Inspectorates € 1,440

+49 (0)30 921 0257 99
+49 (0)30 288 755 900

Steigenberger Hotel am Kanzleramt

Friday, 23 June 2017, 09.00 – 16.30 h
InterCityHotel Berlin Hauptbahnhof

Date and Venue “Audit Trail Review”

Thursday, 22 June 2017, 08.30 – 16.00 h
Tuesday, 20 June 2017, 09.00 h – 17.30 h

Wednesday, 21 June 2017, 08.30 h – 17.30 h

(Registration and coffee 08.30 h - 09.00 h)

receipt of invoice and includes conference

receipt of invoice and includes conference
receipt of invoice and includes conference

documentation, lunch and all refreshments.

info@concept-heidelberg.de  www.gmp-compliance.org

The conference fee is payable in advance after

The conference fee is payable in advance after
The conference fee is payable in advance after
Date and Venue “Data Integrity Master Class”

Fees (per delegate plus VAT, VAT is reclaimable)

Data Integrity Master Class + Audit Trail Review

documentation, dinner on the first day, lunch on

documentation, dinner on the first day, lunch on