CONTROLLED DOCUMENT 10.

1-GDIR Status: Effective Effective Date: 26/Jun/2018

VALEANT PHARMACEUTICALS INC. 10.1-GDIR

Global Quality System Directive Revision: 1
Title: Data Integrity Page 1 of 11

Purpose
This directive establishes the requirements for processes used to ensure the integrity and
reliability in the data lifecycle governed by the Quality Management System (QMS). This
directive shall ensure data and records are attributable, legible, contemporaneously recorded,
original and accurate (ALCOA).

Scope and Applicability

This directive establishes the requirements for the governance of data throughout its
lifecycle of creation, processing, analysis, recording, review, approval, reporting,
transcription, transfer, back-up, storage, and retrieval until such time as they are no longer
required to be retained according to an approved retention policy. This directive applies to
the systems that create, manage, and control data, that are used in the assessment of
suitability of raw materials/excipients, active pharmaceutical ingredients, commercial,
clinical, and/or validation batches of finished goods. Data included in regulatory
submissions, such as method and/or process validation activities, are also in scope. This
directive applies to both paper-based and electronic data governed by the global quality
system.

Definitions and Acronyms

Term Description

Accurate Information is correct, truthful, complete, and valid.

Archive Long-term storage of completed data and all metadata in

its final form for the purposes of reconstruction and
evaluation of the original processes or activities.

Attributable Information captured in a record so that it is uniquely

identified as having been executed by the originator of
the data (e.g. a person and/or computer system).

Audit Trail A secure, computer-generated, time-stamped electronic

record that allows for reconstruction of the course of the
events relating to creation, modification, or deletion of
data while retaining previous and original data.

Backup True copy of the original data that is maintained securely

Viewed/Printed(EST): 2 October 2020 4:9:5 PM ** GDMS-D2 Copy-Use per procedure** < DIR-000152585 > Rev 1 >
 CONTROLLED DOCUMENT 10.1-GDIR Status: Effective Effective Date: 26/Jun/2018

VALEANT PHARMACEUTICALS INC. 10.1-GDIR

Global Quality System Directive Revision: 1
Title: Data Integrity Page 2 of 11

Term Description

throughout the record’s retention period. The backup file

should contain the data (which includes associated
metadata) and should be in the original format or in a
format compatible with the original format.

Back-up Copy A version of a document or data that may be created

during normal computer use and maintained for disaster
recovery (e.g., in case of a computer crash or other
interruption).

Computerized System A system that collectively controls the performance of

one or more automated process and/or function (i.e. PC,
HMI, PLC, MES).

Computer Related Systems Computer hardware, software, peripheral devices,

networks, cloud infrastructure, operators, and associated
documents (e.g., user manuals and standard operating
procedures).

Contemporaneous Recording of transactions/observations/data at the time

they are generated and/or observed.

Data Any records, both paper and electronic, or copies thereof

that preserve the content and meaning of the original
record, that are the result of original observations and
activities governed by current regulations and are
necessary for the accurate and complete reconstruction
and evaluation of those activities.

Data Governance Sum total of arrangements which provide assurance of

data integrity.

Data Integrity The completeness, consistency, and accuracy of data

throughout the data lifecycle. Complete, consistent and
accurate data should be:
A - attributable to the person generating the data
L - legible and permanent
C - contemporaneously recorded
O - original or a true copy
A - accurate

Data Lifecycle All phases in the life of the data (including raw data) from
initial generation and recording through processing
(including transformation or migration), use, data
retention, archive / retrieval, and destruction.

Dynamic Record A record format that allows interaction between the user
and the record content.

Viewed/Printed(EST): 2 October 2020 4:9:5 PM ** GDMS-D2 Copy-Use per procedure** < DIR-000152585 > Rev 1 >
 CONTROLLED DOCUMENT 10.1-GDIR Status: Effective Effective Date: 26/Jun/2018

VALEANT PHARMACEUTICALS INC. 10.1-GDIR

Global Quality System Directive Revision: 1
Title: Data Integrity Page 3 of 11

Term Description

Data Review Procedure that describes the process for the review and
approval of data, including raw data.

Flat File An individual record which may not carry with it all
relevant metadata (e.g. pdf, dat, doc).

Hybrid System A process requiring the use of both paper and electronic
records to prepare a complete data record.

Legible Data that are readable, understandable, and provide a

clear picture of the sequencing of steps or events in the
record so that all activities conducted can be fully
reconstructed and evaluated by those reviewing these
records at any point during the records retention.

Metadata The contextual information required to understand data.

It is the information that describes, explains, or otherwise
makes it easier to retrieve, use, or manage data.

Original Record Data in the format in which it was originally generated,

preserving the integrity (accuracy, completeness,
content, and meaning) of the record, e.g. original paper
record of manual observation, or electronic raw data file
from a computerized system.

PIN Personal Identification Number

Powerful Accounts An account by an IT user that is used to perform

application or operating system maintenance, user
account administration, installation, configuration,
change access privilege, or direct data access (e.g.,
Database Admin, System Admin, Domain Admin,
QSECOFR, Application Architect, Vendor Remote
Maintenance, etc.).

QMS Quality Management System as defined by Quality

Manual

Raw Data Any records, both paper and electronic, or exact copies
thereof that preserve the content and meaning of the
orinal record, that are the result of the original
observations and activities governed by regulatory
bodies and are necessary for the accurate and complete
reconstruction and evaluation of those activities.

Viewed/Printed(EST): 2 October 2020 4:9:5 PM ** GDMS-D2 Copy-Use per procedure** < DIR-000152585 > Rev 1 >
 CONTROLLED DOCUMENT 10.1-GDIR Status: Effective Effective Date: 26/Jun/2018

VALEANT PHARMACEUTICALS INC. 10.1-GDIR

Global Quality System Directive Revision: 1
Title: Data Integrity Page 4 of 11

Term Description

Retention Period A minimum number of years in which data must be

retrievable.

Static Record A fixed data document such as a paper record or an

electronic image (e.g. pdf) such that the data cannot be
reprocessed.

System Administrator Personnel responsible for higher level duties (e.g.,

account creation, system audit trail review) for relevant
software/computer systems.

True Copy A copy of the original recording of data that has been
verified to confirm that it is a complete copy that
preserves the entire content and meaning of the original
record, including, in the case of electronic data, all
essential metadata and original record format.

User Privilege Levels Defined user levels based on the role the user will
execute in the system. Examples of user levels include
analyst, supervisor, manager, and administrator.

Responsibilities

Function Responsibility

Quality  Ensure that this directive is implemented and

maintained
 Ensure that processes needed to meet the
requirements established in this directive are
developed, documented, implemented and
maintained

Site/Departmental Quality;  Ensure site/departmental implementation of this

Site/Departmental Leadership directive and associated processes
 Monitor performance of document management
processes at the site level and initiate
appropriate action to ensure process adherence

Information Technology/System  Establish and implement computer security

Owner  Backup and recovery

Viewed/Printed(EST): 2 October 2020 4:9:5 PM ** GDMS-D2 Copy-Use per procedure** < DIR-000152585 > Rev 1 >
 CONTROLLED DOCUMENT 10.1-GDIR Status: Effective Effective Date: 26/Jun/2018

VALEANT PHARMACEUTICALS INC. 10.1-GDIR

Global Quality System Directive Revision: 1
Title: Data Integrity Page 5 of 11

Function Responsibility

 Disaster recovery
 Server maintenance and stability
 Hardware –Installation Qualification (IQ)

Global Compliance  Audit globally to ensure compliance with the

directive

1.0 Requirements
1.1 Controls over the data lifecycle which are commensurate with the principles of quality
risk management shall exist. These controls can be Organizational (e.g. procedures,
training) and / or Technical (e.g. computerized system control, automation).
1.2 Data integrity requirements apply equally to manual (paper), electronic, as well as hybrid
systems.
1.3 Data integrity control measures should be based on a risk and should take into account
criticality of the data to product quality, vulnerability of the data to involuntary or
deliberate alteration, falsification, deletion, loss or re-creation, and probability or ease of
detection.
1.4 Employees must be trained in the elements of data integrity in any/all roles they perform
in the data lifecycle.
1.5 Out-of-specification values should undergo formal, documented investigations.
1.6 There should be confirmation by examination and provision of objective evidence,
thorugh means of validation, that computer systems and/or equipment conform to user
needs and intended uses, and that all requirements can be consistently fulfilled.
1.7 There should be a data governance system that is integral to the quality system. It
should address data ownership throughout the lifecycle and consider the design,
operation, and monitoring of processes / systems in order to comply with the principles
of data integrity, including control over intentional and unitentional changes to, and
deletion of information.

2.0 User Access

2.1 There shall be a process for maintaining user access privileges to computerized
systems.
2.1.1 This should include use of, and controls required for non-standard user
access accounts and/or powerful accounts, where employed.
2.2 Access to systems shall be documented and authorized by appropriate personnel and
be specific to the level of training and intended role.

Viewed/Printed(EST): 2 October 2020 4:9:5 PM ** GDMS-D2 Copy-Use per procedure** < DIR-000152585 > Rev 1 >
 CONTROLLED DOCUMENT 10.1-GDIR Status: Effective Effective Date: 26/Jun/2018

VALEANT PHARMACEUTICALS INC. 10.1-GDIR

Global Quality System Directive Revision: 1
Title: Data Integrity Page 6 of 11

2.3 Access should be reviewed periodically but at least on an annual basis to ensure
assigned roles are appropriate and aligned with employees’ current position and status
within the company.
2.3.1 Access privileges shall be revised as appropriate when an employee changes
roles or leaves the company.
2.4 Employees must not share their unique user logins and /or passwords or PINs with
others or use the login or password of another employee to access systems.
2.5 System Administrator rights should be assigned to individuals who do not have a direct
interest with the data (i.e. generation, review, or approval). Where this is not possible
additional mitigating controls are required.
2.6 There shall be a process for computer system security for restricting permissions and
unauthorized access to the computer system and applications.

3.0 Data Lifecycle

3.1 Data Creation and Recording
3.1.1 Data should meet general requirements captured in the ALCOA acronym
(Attributable, Legible, Contemporaneous, Original, and Accurate). See 10.1-
GREF-1, ALCOA Pointers, for more details.
a. Attributable: traceable to the unique individual who originated the data
b. Legible: readable, traceable changes, and permanent
c. Contemporaneous: activities must be recorded at the time they occur
(Reference 24.1.1-NREF-2, Good Documentation Practices)
d. Original: includes source capture of data and must be complete
e. Accurate: information is correct, truthful, complete, and valid
3.1.2 Documentation should conform to Quality System Directive 25.1-NDIR,
Records Management.
3.1.3 Requirements around paper-based data and data generated by a
computerized system are the following:
a. Paper-based data entries (as well as electronic records) should have clear
requirements to identify individuals who record data and the required data
entry formats. These entries serve as evidence of activities performed that
can be fully reconstructed and evaluated as per Quality System Directive
25.1-NDIR, Records Management.
b. Computerized systems should be assessed to determine that there are
electronic record inherent controls, what is the intended use of such
controls, and the impact of the data to product quality as per Quality System
Directive 18.1-NDIR, Software Development Life Cycle.

Viewed/Printed(EST): 2 October 2020 4:9:5 PM ** GDMS-D2 Copy-Use per procedure** < DIR-000152585 > Rev 1 >
 CONTROLLED DOCUMENT 10.1-GDIR Status: Effective Effective Date: 26/Jun/2018

VALEANT PHARMACEUTICALS INC. 10.1-GDIR

Global Quality System Directive Revision: 1
Title: Data Integrity Page 7 of 11

c. Where a hybrid system exists, each piece must comply with the relevant
requirements documented in either 3.1.3.a or 3.1.3.b.
3.1.4 In a hybrid system, the initially generated data (whether paper-based, or
electronic, or both) is considered the original data. Processes for generation
and distribution of forms / template records should be established. Incomplete
or erroneous forms that were started with a process should be kept as part of
the permanent record along with written justification for their replacement.
3.1.5 Corrections to data should be fully traceable and requirements for paper-
based, computerized, and hybrid systems should be followed as defined
within 25.1-NDIR, Records Management and 24.1.1-NREF-2, Good
Documentation Practices.
Note: When documenting a reason for change, only approved abbreviations
may be used in place of a complete description. The documentation and
reason must be clear to anyone reviewing the record.
a. Computerized systems (both networked systems and stand-alone individual
systems) should have controls that protect the data from accidental or
deliberate manipulation, falsification, and deletion based on criticality of data
generated.
b. Corrections made to records generated from hybrid systems should be made
consistently between the paper-based and computerized aspects of the hybrid
system.
3.1.6 For specific laboratory operation data integrity requirements, refer to 9.1-
NDIR, Laboratory Opeartions.
3.1.7 When Valeant is the licensed manufacturer of a product, but utilizes suppliers
for any and all aspects of production, including testing, Valeant maintains
responsibility for all aspects of product quality, including data integrity. See
5.1-NDIR, Supplier Management for requirements of supplier management.
3.2 Data Review
3.2.1 Data review involves the review of the process of obtaining the final result
including the associated audit trails. Refer to Section 4.0 for more information
on audit trail requirements.
3.2.2 24.1.1-NREF-2, Good Documentation Practices, gives specific requirements
for verifying that data meet requirements of “ALCOA.”
3.2.3 In hybrid environments, there shall be a process for verification of printouts /
data packets and sign-off of logbooks / notebooks which signifies stored
electronic data including the audit trail has been reviewed in addition to
paper-based data and associated metadata. The initially generated data
(whether paper-based, or electronic, or both) is considered the original data.
3.2.4 Changes to electronic data must be documented and the supporting
explanation reviewed. In hybrid systems, changes to the electronic and paper
data must match.

Viewed/Printed(EST): 2 October 2020 4:9:5 PM ** GDMS-D2 Copy-Use per procedure** < DIR-000152585 > Rev 1 >
 CONTROLLED DOCUMENT 10.1-GDIR Status: Effective Effective Date: 26/Jun/2018

VALEANT PHARMACEUTICALS INC. 10.1-GDIR

Global Quality System Directive Revision: 1
Title: Data Integrity Page 8 of 11

3.2.5 A clear reference to an approved investigation must be present for any out-of-
specification data.
3.2.6 Internal procedures and policies should describe the actions to be taken if
data review identifies an error or omission.
3.3 Data Reporting
3.3.1 After data have been reviewed and approved and meet all review and
approval requirements, the data can then be reported according to local
processes.
3.3.2 All approved data are to be reported objectively and without bias regarding
the impact the data may have on future decisions.
3.3.3 All out-of-specification results are reported with reference to any
investigation.
3.3.4 Out-of-specification results are appropriately tracked and trended.
3.4 Data Storage, Back-Up, and Archival
3.4.1 Data should be stored in a designated secured environment to prevent
accidental or deliberate manipulation, falsification, and deletion. This includes
raw data, metadata, static record, dynamic record, true copies, and electronic
copies.
3.4.2 All electronic data should be backed-up and/or archived and hard-copy
originals should be archived following approved procedures regarding
retention periods.
a. When a piece of equipment is targeted to be retired, any residual data
should be downloaded and stored prior to equipment being retired.
b. Archived data should be verified to ensure that the entire data set is
retrievable throughout its retention period and has not been altered. This
verification should be done when the data is first archived and periodically
throughout its retention period.
c.If using a third party vendor to store, archive, and/or back-up data, the
vendor must be approved through the supplier management program.
3.4.3 Data should be stored for the extent of the required retention life in a format
that preserves the content and meaning of the original raw data and that is
easily retrievable.This includes all audit trails and associated metadata.
Suitable equipment shall be readily available through this period to display
the original raw data or accurate and complete copies of raw data. Periodic
assessments of the suitable equipment should be completed to ensure that
original or true copies of the data is readily available to be displayed.
3.4.4 Data should be stored and archived to prevent future user and program
modifications and will be maintained with limited access to only the
appropriate personnel.

Viewed/Printed(EST): 2 October 2020 4:9:5 PM ** GDMS-D2 Copy-Use per procedure** < DIR-000152585 > Rev 1 >
 CONTROLLED DOCUMENT 10.1-GDIR Status: Effective Effective Date: 26/Jun/2018

VALEANT PHARMACEUTICALS INC. 10.1-GDIR

Global Quality System Directive Revision: 1
Title: Data Integrity Page 9 of 11

3.4.5 Internal procedures and policies should describe the actions to be taken if
review of data storage, back-up and archival identifies an error or omission
(Reference 27.1.1-NSOP, Nonconformance Management).
3.4.6 In the event of a disaster, users must ensure integrity of data has not been
compromised after recovery (Reference 18.1-NDIR, Software Development
Lifecycle).
3.4.7 Reference 25.1-NDIR, Records Management for:
a. Data recorded with Labile Medium
b. Electronic Record Storage
c. Retention Period and Destruction

4.0 Audit Trail

4.1 Procedures which describe the process for the review and approval of data, including
raw data and associated metadata, should include the process of reviewing audit trails.
4.1.1 The process for the review of audit trails should be established based on
impact to product quality and the capability of the system to establish audit
trails.
4.1.2 The purpose of this audit trail review is to ensure data integrity and uncover
potential anomalies, and/or variances (e.g. errors or omissions) from
approved procedures. This is done with the minimum requirements:
a. Verify Good Documentation Practices were followed (Reference 24.1.1-
NREF-2, Good Documentation Practices).
b. Results are consistent with standards.
c. Reportable results can be verified with substantiating evidence (source data).
4.1.3 Reviewers should inspect all data elements including metadata, as
applicable, for accuracy and completeness.
4.2 There should also be a process to conduct scheduled system audit trail review on
computerized and hybrid systems based on the complexity, intended use, frequency of
use, inherent controls, and impact to product quality.
4.2.1 The purpose of this audit trail review is to ensure data integrity of the system
and to uncover potential system level activity without correct documentation
(e.g. changing system policies, user access, modification of data, etc.).
4.2.2 Reviewers should inspect all applicable data elements for adherence to
approved company policies and procedures.
4.3 In the case of a hybrid system, audit trail review should encompass a combination of
original electronic records and paper records that comprise the total record.
4.4 Evidence of audit trail review should be documented.

Viewed/Printed(EST): 2 October 2020 4:9:5 PM ** GDMS-D2 Copy-Use per procedure** < DIR-000152585 > Rev 1 >
 CONTROLLED DOCUMENT 10.1-GDIR Status: Effective Effective Date: 26/Jun/2018

VALEANT PHARMACEUTICALS INC. 10.1-GDIR

Global Quality System Directive Revision: 1
Title: Data Integrity Page 10 of 11

4.5 The extent of the review of an audit trail should be based on the system’s complexity
(probability of detection), intended use (severity of impact), and frequency of use
(likelihood of impact). This review should be documented.
4.5.1 Details regarding specific events to be reviewed in different systems should
be captured in system specific documents.
4.5.2 It may be important to detail which activities are to be reviewed for each audit
trail type if a system provides more than one audit trail.
4.6 Internal procedures and policies should describe the actions to be taken if audit trail
review identifies an error or omission (Reference 27.1.1-NSOP, Nonconformance
Management).

References
Number Title
5.1-NDIR Supplier Management
9.1-NDIR Laboratory Operations
18.1-NDIR Software Development Life Cycle
24.1-NDIR Document Management
25.1 – NDIR Records Management
25.1.1 – NSOP Records Management
24.1.1-NREF-2 Good Documentation Practices
27.1.1-NSOP Nonconformance Management
FDA Draft Guidance
MHRA Draft Guidance
TSA Draft Guidance
PIC/S Guidance
Health Canada Draft
Guidance

10.1-GREF-1 ALCOA Pointers

Viewed/Printed(EST): 2 October 2020 4:9:5 PM ** GDMS-D2 Copy-Use per procedure** < DIR-000152585 > Rev 1 >
 CONTROLLED DOCUMENT 10.1-GDIR Status: Effective Effective Date: 26/Jun/2018

VALEANT PHARMACEUTICALS INC. 10.1-GDIR

Global Quality System Directive Revision: 1
Title: Data Integrity Page 11 of 11

Revisions
Rev: 1 Author: Sara Irizarry CR# 000151602
Description of Changes: New data integrity directive per QCR # 319959
Implementation Instructions: 90 Days from CR Approval

Rev: 1 Author: K. Stone CR# 000161368

Description of Changes: Admin change to update implementation date
Implementation Instructions: Implementation 6/29/18

Rev: 1 Author: K. Stone CR# 000168242

Description of Changes: Admin change to update implementation date as the 6/29/18
implementation date has proved to be not feasible for many
sites.
Implementation Instructions: Implementation 9/28/18

Viewed/Printed(EST): 2 October 2020 4:9:5 PM ** GDMS-D2 Copy-Use per procedure** < DIR-000152585 > Rev 1 >
 >
CONTROLLED DOCUMENT 10.1-GDIR Status: Effective Effective Date: 26/Jun/2018

CONTROLLED DOCUMENT
SIGNATURE PAGE
Document Name :DIR-000152585

Document Title :Data Integrity

Document ID :10.1-GDIR

Signed By Date (GMT) Justification

Padlo Kathy 06/26/2018 Document Management

13:15:34

Viewed/Printed(EST): 2 October 2020 4:9:6 PM ** GDMS-D2 Copy-Use per procedure** DIR-000152585 Rev 1