Elsanhouty Pharma Notes, Cairo, Egypt.

Standard Operating Procedure

Dr. Hasan Elsanhouty
Document Title Data Integrity Page 1 of 7

1. Objective
1.1. To lay down a procedure for data integrity as part of quality management system.
1.2. To establish guidelines and procedures to ensure data integrity in regulatory activities.
1.3. To prevent unauthorized access, loss, alteration, or falsification of data throughout the
regulatory processes, including data generation, collection, analysis, and reporting.
1.4. Adherence to data integrity principles is essential to maintain regulatory compliance and
ensure the reliability and trustworthiness of submitted data.
2. SCOPE
2.1. This procedure is applicable for all the data associated with GxP and quality
management system.
2.2. Applied to all personnel involved in regulatory activities, including data generation,
collection, analysis, and reporting.
2.3. It covers both electronic and paper-based data and encompasses all regulatory
functions, such as clinical trials, product registration, post-marketing surveillance, and
quality management.
3. DEFINITIONS
3.1. GxP: Common terms used for multiple practices defined by regulatory agencies (e.g.
Good Manufacturing Practices, Good Laboratory Practices (GLP), Good Clinical Practices
(GCP) etc.)
3.2. Complete: The data must be whole; a complete set
3.3. Consistent: The data must be self-consistent
3.4. Enduring: Durable; lasting throughout the data lifecycle
3.5. Audit Trial: An audit trail is a chronology of the “who, what, when, and why” of a record
and exists in paper and/or electronic formats. The audit trail is a form of metadata
containing information associated with actions that relate to the creation, modification
or deletion of GXP records. An audit trail provides for secure recording of life-cycle
details such as creation, additions, deletions or alterations of information in a record,
either paper or electronic, without obscuring or overwriting the original record.

Elsanhouty Pharma Notes Dr. Hassan Elsanhouty

Contact No: +20 01023481152 Email:Elsanhouty2018@gmail.com
 Elsanhouty Pharma Notes, Cairo, Egypt.

Standard Operating Procedure

Dr. Hasan Elsanhouty
Document Title Data Integrity Page 2 of 7

3.6. Data: The information derived or obtained from raw data and generated as paper-based
or electronic records is called data.
3.7. Data Life Cycle: All phases in the life of the data (including raw data) from initial
generation and recording through processing (including transformation or migration),
use, data retention, archive/retrieval, and destruction.
3.8. GxP: GxP stands for Good X Practices (X can mean: Clinical, Laboratory, Manufacturing,
Pharmaceutical, etc.)
3.9. True copy: A copy (electronic or paper based) of the original record that has been
verified and approved.
3.10. Raw data: Raw data is defined as the original record (data) which can be described as
the first-capture of information, whether recorded on paper or electronically.
3.11. Accuracy: All data must be accurate, reflecting the true and actual observations or
measurements without intentional or unintentional errors.
3.12. Legibility: All data must be recorded in a clear, legible, and permanent manner to
ensure proper understanding and interpretation.
3.13. Contemporaneousness: Data must be recorded at the time of the activity, reflecting
real-time observations and events.
3.14. Attributable: All data must be attributable to the person responsible for generating,
recording, or modifying the data, with clear identification of personnel involved.
3.15. Consistency: Data must be consistent throughout all records and systems, and any
inconsistencies or discrepancies must be promptly addressed and documented.
3.16. Completeness: All data must be complete, including necessary metadata, to provide a
comprehensive and accurate record of the activity or process.
3.17. Security: Electronic data must be protected with appropriate access controls to prevent
unauthorized changes, deletions, or alterations.
3.18. Documentation: All data must be properly documented, including the use of approved
forms, templates, and electronic systems, following Good Documentation Practices
(GDP).

Elsanhouty Pharma Notes Dr. Hassan Elsanhouty

Contact No: +20 01023481152 Email:Elsanhouty2018@gmail.com
 Elsanhouty Pharma Notes, Cairo, Egypt.

Standard Operating Procedure

Dr. Hasan Elsanhouty
Document Title Data Integrity Page 3 of 7

3.19. Review: Regular reviews and audits of data integrity practices must be conducted to
identify and address potential vulnerabilities or areas for improvement.
3.20. Training: Personnel involved in data generation and processing must receive adequate
training on data integrity principles and procedures.

4. RESPONSIBILTIES
4.1. All department involved in data generation, usage and retention. Senior management shall be
accountable for the implementation of systems and procedures to minimize the potential risk to
data integrity.
4.2. All HODs are to comply with the SOP for data security and integrity.
4.3. QA department shall conduct the periodic review of data handling in accordance with the SOP.
5. Procedure:
5.1. Use validated and calibrated instruments and equipment for data generation.
5.2. Document all relevant information, such as date, time, and personnel involved, for each
data entry or modification.
5.3. Store electronic data in secure, validated systems with appropriate access controls.
5.4. Implement data backup and recovery procedures to prevent data loss or corruption.
5.5. Store paper-based records in controlled environments with restricted access and proper
labeling.
5.6. Implement access controls to ensure only authorized personnel can access, modify, or
delete data.
5.7. Use unique user accounts and strong passwords for system access.
5.8. Maintain an audit trail of data changes, including the identity of the person making the
change and the reason for the change.
5.9. Perform regular data reviews to ensure accuracy, completeness, and compliance with
regulatory requirements.
5.10. Document data review activities, including any discrepancies or corrective actions taken.
5.11. Obtain appropriate approvals for finalized data before submission to regulatory
authorities.

Elsanhouty Pharma Notes Dr. Hassan Elsanhouty

Contact No: +20 01023481152 Email:Elsanhouty2018@gmail.com
 Elsanhouty Pharma Notes, Cairo, Egypt.

Standard Operating Procedure

Dr. Hasan Elsanhouty
Document Title Data Integrity Page 4 of 7

5.12. Provide training to personnel on data integrity principles, including data entry, handling,
and storage practices.
5.13. Conduct periodic awareness programs to reinforce the importance of data integrity and
regulatory compliance.
5.14. Data integrity is applicable for both manual recording (paper) and automated system
(electronic).
5.15. Sufficient training shall be imparted to all concern personnel on data integrity.
Completeness, consistency and accuracy of data should be ensured.
5.16. Any data integrity identified shall be handled as per quality management system and
risk assessment shall be performed wherever applicable. Appropriate corrective
and preventive action shall be taken.
5.17. Falsification of GxP records or data shall result in disciplinary actions.
5.18. The generation or processing of data shall follow a logical and sequential application of
date and time.
5.19. Data shall be attributable (person generated or modified the data), legible (readable and
permanent), contemporaneous (data recording at the time of activity), original (true
copy) and accurate (error free). Additionally, data should be complete, consistent,
enduring and should be readily available and accessible throughout the life-cycle of
data.
5.20. Data verification and approval shall be documented and shall include the review of
raw data and metadata (metadata- data generated about data, e.g. audit trail).
5.21. Audit trail shall be reviewed as part of routine data review/approval process. Any
abnormalities identified during review shall be handled appropriately.
5.22. Data recording on behalf of others should be avoided and if unavoidable,
appropriate justification (e.g. language/literacy limitations, documenting line
interventions by sterile operators) shall be given with traceability of both persons
performing the task and person completing the record. All recording shall be
contemporaneous.

Elsanhouty Pharma Notes Dr. Hassan Elsanhouty

Contact No: +20 01023481152 Email:Elsanhouty2018@gmail.com
 Elsanhouty Pharma Notes, Cairo, Egypt.

Standard Operating Procedure

Dr. Hasan Elsanhouty
Document Title Data Integrity Page 5 of 7

5.23. Clocks for time recording should be controlled and synchronized. Time zones should
be specified where data is used.
5.24. Data generated during maintenance or suitability testing activity shall be
documented and retained.
5.25. There should be traceability of data reprocessing or modification i.e. traceability
from final result to original raw data is required.
5.26. Equipment (e.g. pH meter, balances) that provides only printed data output, then
print out shall constitute the raw data. Equipment that stores the data permanently and
only holds certain volume, the data should be extracted as electronic data.
5.27. Errors or inconsistency identified during the data review, the reviewer must
obtain clarification from the recorder and correction shall be made after
appropriate justification.
5.28. Any modification in electronic or paper-based data shall be attributable.
5.29. Data should be excluded based on valid scientific justification only. All data (even
if excluded) shall be retained with original data set.
5.30. There shall be reconciliation of issued pages, worksheets, logbooks, notebooks
and printouts wherever applicable.
5.31. Original data shall be maintained as per document retention policy and shall
be destroyed as per policy.
5.32. Computer system and software for data processing shall be validated based on
usage wherever applicable.
5.33. Electronic signature should be secured and it can be applied by the ‘owner’ of
the signature only. Electronic signature must provide traceability of signatory and date
of signature along with meaning of signature (e.g. reviewed or approved).
5.34. System users shall be given access as per their roles and responsibilities. User
access rights shall prevent unauthorized data amendments.
5.35. Data migration/transfer shall be validated wherever applicable to ensure data integrity
is maintained throughout the data life-cycle.

Elsanhouty Pharma Notes Dr. Hassan Elsanhouty

Contact No: +20 01023481152 Email:Elsanhouty2018@gmail.com
 Elsanhouty Pharma Notes, Cairo, Egypt.

Standard Operating Procedure

Dr. Hasan Elsanhouty
Document Title Data Integrity Page 6 of 7

5.36. Any rights to alter the files and setting shall be given to personnel from

independent department or different from user department.

5.37. Login should not be shared among individuals. If unavoidable, appropriate justification and
documentation should be in place
5.38. Data backup should be performed routinely.
5.39. Data backup and recovery process must be appropriately validated to avoid any alteration
during backup and recovery process.
5.40. Records shall be retained in a manner that they cannot be modified or deleted
without traceability.

6. Process Flow chart

7. Safety Requirements:

Elsanhouty Pharma Notes Dr. Hassan Elsanhouty

Contact No: +20 01023481152 Email:Elsanhouty2018@gmail.com
 Elsanhouty Pharma Notes, Cairo, Egypt.

Standard Operating Procedure

Dr. Hasan Elsanhouty
Document Title Data Integrity Page 7 of 7

N/A
8. REFERENCES
8.1. MHRA GXP Data Integrity Guidance and Definitions; Revision 1: March 2018
8.2. Good Practices for Data Management and Integrity in Regulated GMP/GDP
Environments – PIC/S; PI041-1(draft 2); August 2016

Elsanhouty Pharma Notes Dr. Hassan Elsanhouty

Contact No: +20 01023481152 Email:Elsanhouty2018@gmail.com