The importance of data integrity is stressed in recent guidance, citations, and public comments. GAMP 5’s stated aim is to assist in achieving patient safety, product quality, and data integrity, while enabling innovation and technological advances. Patient safety is affected by the integrity of critical records, data, and decisions, as well as by aspects that affect physical attributes of the product. To underline this point, the phrase “patient safety, product quality, and data integrity” is used throughout the Guide.
The new ISPE GAMP Records and Data Integrity Guide (RDI), first published in 2017, takes this further. It provides principles and practical guidance for meeting current expectations involved in managing GxP-regulated records and data, ensuring that they are complete, secure, accurate, and available throughout their life cycle.
While GAMP 5 is focused primarily on compliant computerized systems and their life cycles, RDI takes a wider perspective, covering the data governance framework (including human factors), corporate data integrity programs, and the complete data life cycle, which may span several systems. It describes a holistic and flexible risk-management approach for ensuring the integrity of records and data. This is achieved by applying appropriate controls to manage identified risks within the regulated process, commensurate with the level of risk.
The two guides are complementary, yet focused on their individual objectives. They provide a framework for compliant and validated computerized systems, with GAMP 5 providing a solid foundation for record and data integrity across the regulated organization.
The GAMP CoP Analysis was led by Mike Rutherford (then-GAMP Global Chair, now a director on the ISPE International Board), Chris Clark (GAMP Editorial Review Board Chair), and Siôn Wyn (ISPE Technical Consultant).
For each GAMP 5 section and appendix, the team examined the effects of technical and regulatory updates since the original publication, focusing on substantive topics and guidance rather than background, historical, or supporting information. When identifying potential gaps or enhancements, the team identified:
- Where they are addressed in existing GAMP Guidance
- Where current GAMP activity is addressing the issue, with intent to publish
- Where a new GAMP activity/deliverable is likely to be required
The analysis showed that the principles and concepts of GAMP 5 have not been transformed by the changing regulatory environment. However, some themes and areas were identified for enhancement and improvement:
- Increasing prevalence of third-party service providers, including cloud service providers*
- Current methods and approaches for software development, e.g., iterative and incremental methods, such as Agile†
- Increased use of tools, including the move from a document-based process toward automated tool-based processes such as requirements capture, specification, testing, installation, traceability, and configuration management†
* International life science requirements, such as those set forth in the US FD&C Act, US PHS Act, FDA regulations, EU Directives, Japanese MHLW regulations, or other applicable national legislation or regulations under which a company operates. (ISPE Glossary)