Based on NIST SP 800-33, Computer Security, and the EMA Q&A GMP Data integrity (Aug 2016), this paper covers the basic technical elements to assess the risk to the integrity of CGMP e-records throughout the e-records lifecycle. However, this is not an all-inclusive list.
Out of the scope in this paper are discussions on procedural controls, business processes and electronic signatures.
Relevant to the medicines’ manufacturing environments, production-related records can be electronically recorded as long as the requirements of current good manufacturing practices (CGMP) records are met. An electronic record (e-record) undergoes any number of operations in support of CGMPs decision-making, such as capture, storage, retrieval, update, integrate, transfer and retirement.
The manufacturing-related information properly recorded and maintained are the CGMP foundation to evaluate product identity, strengths, purity and safety . The CGMP e-records also demonstrate that the manufacturing process adheres to the CGMPs, including instructions , .
One of the expectations by all Regulatory Authorities applicable to computer systems performing manufacturing regulated functions is the integrity in the CGMP e-records.
E-records must be kept free from corruption, and free of unauthorized modifications or disclosures that can affect the accuracy of the manufacturing processes . Inaccuracies can occur either accidentally like with programming errors, files corrupted by the system. They can also be caused maliciously with a breach or hack.
Defining the suitable controls for e-records integrity is critical to establish the reliability of the e-records affecting the quality of the manufactured product.