GxP Documentation and Computerized Systems Requirements
There's a well-known and often parroted saying in our industry, "if it ain't documented, then it didn't happen." Wise words, and as for GxP basics are concerned – paramount. The length and breadth of boxes you need to tick to get your product produced, packaged, shipped, and delivered are vast. One of the biggest headaches for pharmaceutical businesses is the recording and storage of documentation. Because what information you retain, how it is kept and then stored, all has to be compliant.
In the end, it all comes down to the accessibility and agility of your digital tools. You need to be able to access your products' data down to the batch. This is so you can prove your implementation and observation of GxPs throughout your entire process, assuring the U.S. Food & Drug Administration (FDA) and/or European Medicines Agency (EMA) your products’ quality meets their GxP requirements and are completely safe and secure from tamper.
What documents are required in GxP?
The specific “x” documentation will vary between industries. However, they must confirm the integrity, safety, and quality of your products and services. The shape these documents take is in the form of policies. These policies are then accounted for and actioned as processes or procedures. Examples could include, but aren't limited to:
Basically, any GxP requirement needs documented approval or validation before moving on to the following process.
It isn't so much the collecting and storing of data that needs to be compliant. It's more the integrity of your document management. These areas are under intense scrutiny by regulatory inspections and are a critical issue in document governance. Regulators now expect staff working in GxP roles to have sufficient data integrity training. GxP for beginners can be tricky to get your head around. Still, compliance for documentation in computerized systems is a whole other ball game, so here it goes…
Your data's integrity includes the maintenance of and assurance of your data's accuracy and consistency. In the eyes of GxP, requirements are seen as the critical component in proving the safety, efficacy, and quality of your product. Violations relating to document management and data integrity are serious and can result in costly repercussions.
GxP Requirements for Computerized Systems – a Checklist
Listing all the documents GxP could require would be exorbitant. Each industry has their individual criteria to administer, but there are some core, standard GxP requirements that could benefit all industries. If you answer yes to each question, you know your foundation is pretty solid and can take industry-specific requirements in stride.
1. Is there a documented process of procedures for:
1(a). the storage, review, maintenance, retention, and archiving of data and documentation;
1(b). guaranteeing the security and controlled access of all business data and documentation;
1(c). deviations from standard procedures; and
1(d). corrective and preventative actions (CAPA)?
2. Is there a back-up system for documents?
3. Are changes to documents audit-trailed replaced with superseded versions and stored?
4. Is there a process of procedures for:
4(a). continuously validating and qualifying the equipment documenting time, date, and relevant personnel;
4(b). establishing agreed and standardized tolerance limits for equipment and asset health;
4(c). replacing equipment or assets whose health falls outside the agreed tolerance limits;
4(d). implementing a continuity plan in the event of IT disruption;
and 4(e). documenting changes, maintenance actions, errors, and repairs?
5. Is there a central equipment and asset inventory, including instruction and operation manuals?