Glossary, Abbreviations and Data Integrity Terms




Data integrity terms presented here are quoted from several sources that can be found in the references at the end of this section. In some cases, a term may have several definitions from different sources to illustrate the differences between regulatory authorities. Also, an authority may have published two or three versions of guidance over time and the same term may have different definitions from the same authority that are included here, this is deliberate so that readers can see how the definition of a single term has evolved over time. Note that detailed references are not given for all terms in this glossary as the focus is on data integrity terms.

Glossary

TermMeaningAcceptance CriteriaThe criteria a system must meet to satisfy a test or other requirement.1ALCOAA commonly used acronym for “attributable, legible, contemporaneous, original and accurate”.2ALCOA+A commonly used acronym for “attributable, legible, contemporaneous, original and accurate”, which puts additional emphasis on the attributes of being complete, consistent, enduring and available – implicit basic ALCOA principles.2ALCOA-plusThe guidance refers to the acronym ALCOA rather than “ALCOA+”. ALCOA being Attributable, Legible, Contemporaneous, Original, and Accurate and the “+” referring to Complete, Consistent, Enduring, and Available. ALCOA was historically regarded as defining the attributes of data quality that are suitable for regulatory purposes. The “+” has been subsequently added to emphasise the requirements. There is no difference in expectations regardless of which acronym is used since data governance measures should ensure that data is complete, consistent, enduring and available throughout the data lifecycle.3Analytical Instrument Qualification (AIQ)AIQ is the collection of documented evidence that an instrument performs suitably for its intended purpose. Use of a qualified instrument in analyses contributes to confidence in the validity of generated data.4ApplicationSoftware installed on a defined platform/hardware providing specific functionality.5ArchivalArchiving is the process of protecting records from the possibility of being further altered or deleted, and storing these records under the control of independent data management personnel throughout the required retention period. Archived records should include, for example, associated metadata and electronic signatures.2ArchiveLong term, permanent retention of completed data and relevant metadata in its final form for the purposes of reconstruction of the process or activity.6A designated secure area or facility (e.g. cabinet, room, building or computerised system) for the long term, permanent retention of complete data and relevant metadata in its final form for the purposes of reconstruction of the process or activity.7A designated secure area or facility (e.g. cabinet, room, building or computerised system) for the long term, retention of data and metadata for the purposes of verification of the process or activity.3ArchivistAn independent individual designated in good laboratory practice (GLP) who has been authorised by management to be responsible for the management of the archive, i.e. for the operations and procedures for archiving.2AuditAn audit is a formal, independent, disciplined and objective review activity designed to assess the performance of a process or system with regards to established regulations and procedures. There are internal audits, second party audits (between two companies) and third-party audits (using an independent auditor).Audit TrailGMP/GDP audit trails are metadata that are a record of GMP/GDP critical information (for example, the change or deletion of GMP/GDP relevant data), which permit the reconstruction of GMP/GDP activities.6A secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. An audit trail is a chronology of the “who, what, when, and why” of a record. Electronic audit trails include those that track creation, modification, or deletion of data (such as processing parameters and results) and those that track actions at the record or system level (such as attempts to access the system or rename or delete a file).8Audit trail means a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. An audit trail is a chronology of the “who, what, when, and why” of a record.2Audit trails are metadata that are a record of critical information (for example, the change or deletion of relevant data) that permit the reconstruction of activities.7The audit trail is a form of metadata containing information associated with actions that relate to the creation, modification or deletion of GXP records. An audit trail provides for secure recording of life-cycle details such as creation, additions, deletions or alterations of information in a record, either paper or electronic, without obscuring or overwriting the original record. An audit trail facilitates the reconstruction of the history of such events relating to the record regardless of its medium, including the “who, what, when and why” of the action.3Back-upA copy of current (editable) data, metadata and system configuration settings (e.g. variable settings that relate to an analytical run) maintained for the purpose of disaster recovery.6A true copy of the original data that is maintained securely throughout the records retention period (for example, § 211.180). The backup file should contain the data (which includes associated metadata) and should be in the original format or in a format compatible with the original format.8A copy of one or more electronic files created as an alternative in case the original data or system are lost or become unusable (e.g. in the event of a system crash or corruption of a disk).It is important to note that backup differs from archival in that back-up copies of electronic records are typically only temporarily stored for the purposes of disaster recovery and may be periodically overwritten. Such temporary back-up copies should not be relied upon as an archival mechanism.2A copy of current (editable) data, metadata and system configuration settings (variable settings that relate to a record or analytical run) maintained for the purpose of disaster recovery.7A copy of current (editable) data, metadata and system configuration settings maintained for recovery including disaster recovery.3FDA uses the term backup in § 211.68(b) to refer to a true copy of the original data that is maintained securely throughout the records retention period (for example, § 211.180). The backup file should contain the data (which includes associated metadata) and should be in the original format or in a format compatible with the original format. This should not be confused with backup copies that may be created during normal computer use and temporarily maintained for disaster recovery (e.g., in case of a computer crash or other interruption).8Bespoke/Customised Computerised SystemA computerised system individually designed to suit a specific business process.9Boundary ValueA minimum or maximum input, output or internal data value, applicable to a system.1Branch TestingExecution of tests to assure that every branch alternative has been exercised at least once.CalibrationThe demonstration that a particular instrument or device results within specified limits by comparison with those produced by a reference or traceable standard over an appropriate range of measurements.10An operation that, under specified conditions, in a first step, establishes a relation between the quantity values, with measurement uncertainties provided by measurement standards, and corresponding indications with associated measurement uncertainties and, in a second step, uses this information to establish a relation for obtaining a measurement result from an indication. Note that:A calibration may be expressed by a statement, calibration function, calibration diagram, calibration curve, or calibration table. In some cases, it may consist of an additive or multiplicative correction of the indication with associated measurement uncertainty.Calibration should not be confused with adjustment of a measuring system, often mistakenly called “self-calibration”, or with verification of calibration.Often, the first step alone in the above definition is perceived as being calibration.4ChangeThe addition, modification or removal of approved, supported or baselined hardware, network, software, application, environment, system, desktop build or associated documentation (ITIL).Change Advisory BoardA group of people who can give expert advice to change management on the implementation of changes. This board is likely to be made up of representatives from all areas within IT and representatives from business units (ITIL).Change ControlA formal monitoring system by which qualified representatives of appropriate disciplines review proposed or actual changes that might affect a validated status to determine the need for corrective action that would assure that the system retains its validated state.11Change HistoryAuditable information that records, for example, what was done, when it was done by who and why (ITIL).Change ManagementProcess of controlling Changes to the system or any aspect of services, in a controlled manner, enabling approved Changes with minimum disruption (ITIL).Code of Federal Regulations (CFR)The codification of the general rules of the United States of America published in the Federal Register by the executive departments and agencies of the Federal Government. Divided into 50 titles that represent the areas regulated by the US Government.Commercial off the shelf softwareSoftware commercially available, whose fitness for use is demonstrated by a broad spectrum of users.9Author note: this term can be abused and can be used to confuse. GAMP software categories should be used instead.CommissioningThe setting up, adjustment and testing of equipment or a system to ensure that it meets all the requirements, specified in the user requirements specification, and capacities specified by the designer or developer. Commissioning is carried out before qualification and validation (WHO GMP).Computer HardwareVarious hardware components in the computer system, including the central processing unit, printer, screen and other related apparatus.Computer SystemComputer hardware components assembled to perform in conjunction with a set of programs, which are collectively designed to perform a specific function or group of functions.A group of hardware components and associated software designed and assembled to perform a specific function or group of functions.9Computerised SystemA system including the input of data, electronic processing and the output of information to be used either for reporting or automatic control.5People, machines, and methods organised to accomplish a set of specific functions. Computer or related systems can refer to computer hardware, software, peripheral devices, networks, cloud infrastructure, operators, and associated documents (e.g., user manuals and standard operating procedures).12A computerised system collectively controls the performance of one or more automated processes and/or functions. It includes computer hardware, software, peripheral devices, networks and documentation, e.g. manuals and standard operating procedures, as well as the personnel interfacing with the hardware and software, e.g. users and information technology support personnel.2Computerised System SpecificationA document or set of documents that describe how a computerised system will satisfy the system requirements of the computer related system.Computer System TransactionsA computerised system transaction is a single operation or sequence of operations performed as a single logical “unit of work”. The operation(s) that makes a transaction may not be saved as a permanent record on durable storage until the user commits the transaction through a deliberate act (e.g. pressing a save button), or until the system forces the saving of data.3Computerised System ValidationEstablishing documented evidence that provides a high degree of assurance that a specific computer related system will consistently operate in accordance with predetermined specifications.1Confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled.13Control StrategyA planned set of controls, derived from current protocol, test article or product and process understanding, which assures protocol compliance, process performance, product quality and data reliability, as applicable. The controls should include appropriate parameters and quality attributes related to study subjects, test systems, product materials and components, technologies and equipment, facilities, operating conditions, specifications and the associated methods and frequency of monitoring and control.2Configuration – 1The arrangement of a computer system or component as defined by the number, nature, and interconnections of its constituent parts (IEEE).Configuration – 2Changing the business process automated by an application by modifying the parameters within the software provided by the supplier (also known as parameterisation).Configuration BaselineConfiguration of a system established at a specific point in time, which captures the structure and details of the system and enables that system to be rebuilt at a later date (ITIL).Configuration Item (CI)Component of an infrastructure or system or an item such as Request for Change that is under the control of Configuration Management. Configuration Items may vary widely in complexity, size and type – from an entire system (including all hardware, software and documentation) to a single module or a minor hardware component (ITIL).Configuration ManagementA system for identifying the configuration of hardware, software, firmware or documentation of a computerised system at discrete points in time with the purpose of systematically controlling changes to the configuration and maintaining the integrity and traceability of the configuration throughout the system life cycle.Corrective Action and Preventative Action (CAPA)System for implementing corrective actions and preventative actions resulting from the investigation of non-conformances, deviations, audits, regulatory inspections and findings.14Actions taken to improve an organisation's processes and to eliminate causes of non-conformities or other undesirable situations. CAPA is a concept common across the GXPs (good laboratory practices, good clinical practices and good manufacturing practices), and numerous International Organization for Standardization business standards.2COTS SoftwareCommercial off the shelf software application is used as is without altering the basic program.Configurable off the shelf software applications that can be configured to specific user applications by “filling in the blanks” without altering the basic program.Author Note: This term should not be used in a validation project as the term is confusing. A much better approach is to use the GAMP Software category.Controlled FunctionA process and any related equipment controlled by a computer system.CustomisationChanging the business process automated by an application by writing software modules to add to an existing commercial application.Note enhancement of an application via a supplier language is custom code.DataFacts, figures and statistics collected together for reference or analysis.6Data means all original records and true copies of original records, including source data and metadata and all subsequent transformations and reports of these data, which are generated or recorded at the time of the GXP activity and allow full and complete reconstruction and evaluation of the GXP activity.6Facts and statistics collected together for reference or analysis. Data governance measures should also ensure that data are compete, consistent and enduring throughout the lifecycle.7Data GovernanceThe sum total of arrangements to ensure that data, irrespective of the format in which it is generated, is recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle.6The totality of arrangements to ensure that data, irrespective of the format in which they are generated, are recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data life cycle.7The sum total of arrangements to ensure that data, irrespective of the format in which it is generated, is recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle.7The arrangements to ensure that data, irrespective of the format in which they are generated, are recorded, processed, retained and used to ensure the record throughout the data lifecycle.3Data IntegrityThe extent to which all data are complete, consistent and accurate throughout the data lifecycle.6Data integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA).8Data integrity is the degree to which data are complete, consistent, accurate, trustworthy and reliable and that these characteristics of the data are maintained throughout the data life cycle. The data should be collected and maintained in a secure manner, such that they are attributable, legible, contemporaneously recorded, original or a true copy and accurate. Assuring data integrity requires appropriate quality and risk management systems, including adherence to sound scientific principles and good documentation practices.2The extent to which all data are complete, consistent and accurate throughout the data lifecycle.15Data integrity is the degree to which data are complete, consistent, accurate, trustworthy, reliable and that these characteristics of the data are maintained throughout the data life cycle. The data should be collected and maintained in a secure manner, so that they are attributable, legible, contemporaneously recorded, original (or a true copy) and accurate. Assuring data integrity requires appropriate quality and risk management systems, including adherence to sound scientific principles and good documentation practices.3Data LifecycleAll phases in the life of the data (including raw data) from initial generation and recording through processing (including transformation or migration), use, data retention, archive/retrieval and destruction.6All phases of the process by which data are created, recorded, processed, reviewed, analysed and reported, transferred, stored and retrieved and monitored until retirement and disposal. There should be a planned approach to assessing, monitoring and managing the data and the risks to those data in a manner commensurate with potential impact on patient safety, product quality and/or the reliability of the decisions made throughout all phases of the data life cycle.2All phases in the life of the data (including raw data) from initial generation and recording through processing (including analysis, transformation or migration), use, data retention, archive/retrieval and destruction.15All phases in the life of the data from generation and recording through processing (including analysis, transformation or migration), use, data retention, archive/retrieval and destruction.3Data ProcessingA sequence of operations performed on data in order to extract, present or obtain information in a defined format. Examples might include: statistical analysis of individual patient data to present trends or conversion of a raw electronic signal to a chromatogram and subsequently a calculated numerical result.3Data QualityThe assurance that data produced is exactly what was intended to be produced and fit for its intended purpose. This incorporates ALCOA.3Data RetentionData retention may be classified as either archive (protected data for long term storage) or backup (dynamic data for the purposes of disaster recovery).7Data ReviewThere should be a procedure that describes the process for the review and approval of data. Data review should also include a review of relevant metadata, including audit trails.7Data Transfer/MigrationData transfer is the process of transferring data and metadata between storage media types or computer systems.Data migration changes the format of data to make it usable or visible on an alternative computerised system.Data transfer/migration should be designed and validated to ensure that data integrity principles are maintained.7Dynamic Data/RecordDynamic data means that the record format allows interaction between the user and the record content, e.g. interpretation of a chromatography data file for integration of the peaks of interest.16Records in dynamic format, such as electronic records, that allow for an interactive relationship between the user and the record content. For example, electronic records in database formats allow the user to track, trend and query data; chromatography records maintained as electronic records allow the user (with proper access permissions) to reprocess the data and expand the baseline to view the integration more clearly.2Information that is originally captured in a dynamic state should remain available in that state.3Design Qualification (DQ)The documented verification that the proposed design of the facilities, systems and equipment is suitable for the intended purpose.11DQ is the documented collection of activities that define the functional and operational specifications of the instrument, including the criteria for selection of the supplier, based on the intended purpose of the instrument. DQ states what the laboratory wants the instrument to do and shows that the selected one is suitable.17DQ is the documented collection of activities that define the functional and operational specifications and intended purpose of the instrument. DQ states what the laboratory wants the instrument to do and shows that the selected one is suitable.4DeveloperThe company, group or individuals responsible for developing a system or some portion of a software application.Electronic SignatureA signature in digital form (bio-metric or non-biometric) that represents the signatory. This should be equivalent in legal terms to the handwritten signature of the signatory.3Excluding DataData may only be excluded where it can be demonstrated through sound science that the data is anomalous or non-representative. In all cases, this justification should be documented and considered during data review and reporting. All data (even if excluded) should be retained with the original data set, and be available for review in a format that allows the validity of the decision to exclude the data to be confirmed.7Exception ReportA validated search tool that identifies and documents predetermined “abnormal” data or actions, which requires further attention or investigation by the data reviewer.6Flat FileA “flat file” is an individual record that may not carry any additional metadata with it, other than that which is included in the file itself.6A “flat file” is an individual record that may not carry any additional metadata with it, other than that included in the file itself.7FirmwareA software program permanently recorded in a hardware device such as a chip or EPROM.Typified by GAMP software category 2 (now unfortunately discontinued) or USP <1058> Group B analytical instruments.4Fully Electronic ApproachThis term refers to use of a computerised system in which the original electronic records are electronically signed.2Functional RequirementsStatements that describe functions a computer related system must be capable of performing.Functional SpecificationStatements of how the computerised system will satisfy functional requirements of the computer related system. Typically for a CDS validation, this is replaced by a configuration specification.Functional TestingA process for verifying that software, a system or a system component performs its intended functions.Good Data and Record Management PracticesThe totality of organised measures that should be in place to collectively and individually ensure that data and records are secure, attributable, legible, traceable, permanent, contemporaneously recorded, original and accurate and that if not robustly implemented can impact on data reliability and completeness and undermine the robustness of decision making based upon those data records.2Good Documentation PracticesThe measures that collectively and individually ensure documentation, whether paper or electronic, is secure, attributable, legible, traceable, permanent, contemporaneously recorded, original and accurate.2GXPAcronym for the group of good practice guides governing the preclinical, manufacturing, testing, storage, and distribution for regulated pharmaceuticals, biologicals and medical devices, such as good laboratory practice, good clinical practice and good manufacturing practice.2HarmPhysical injury or damage to the health of people, or damage to property or the environment. Note this is for a medical device; this needs to be interpreted as the consequences of a software error or malfunction of the system.18HazardA potential source of harm.18Hybrid SystemThe use of a computerised system in which there is a combination of original electronic records and paper records that comprise the total record set that should be reviewed and retained. The hybrid approach requires a secure link between all record types, including paper and electronic, throughout the records retention period.2InspectionThe action by a regulatory authority of conducting an official review of facilities, documents, records, systems and any other resources to determine compliance with applicable regulations.Installation Qualification (IQ)Documented verification that the facilities, systems and equipment, as installed or modified, comply with the approved design and the manufacturer's recommendations.11IQ is the documented collection of activities necessary to establish that an instrument is delivered as designed and specified, and is properly installed in the selected environment, and that this environment is suitable for the instrument.17IQ is the documented collection of activities necessary to establish that an instrument is delivered as designed and specified, is properly installed in the selected environment, and that this environment is suitable for the instrument.4InstrumentInstrument includes any apparatus, equipment, instrument, or instrument system used in pharmacopoeial analyses.4IT InfrastructureThe hardware and software such as networking software and operating systems, which makes it possible for the application to function.9Life cycle (Computerised System)All phases in the life of the system from initial requirements until retirement including design, specification, programming, testing, installation, operation, and maintenance.9MaintenanceActions performed to keep an analytical instrument in a state of proper function so that it continues to operate within the boundaries set during qualification or validation.4MetadataData that describe the attributes of other data, and provide context and meaning.6Metadata is the contextual information required to understand data. A data value is by itself meaningless without additional information about the data. Metadata is often described as data about data. Metadata is structured information that describes, explains, or otherwise makes it easier to retrieve, use, or manage data.8Metadata are data about data that provide the contextual information required to understand those data. These include structural and descriptive metadata. Such data describe the structure, data elements, interrelationships and other characteristics of data. They also permit data to be attributable to an individual. Metadata necessary to evaluate the meaning of data should be securely linked to the data and subject to adequate review.2Metadata are data that describe the attributes of other data and provide context and meaning. Typically, these are data that describe the structure, data elements, inter-relationships and other characteristics of data, e.g. audit trails. Metadata also permit data to be attributable to an individual (or if automatically generated, to the original data source). Metadata forms an integral part of the original record. Without metadata, the data has no meaning.3Ongoing EvaluationThe dynamic process employed after a system's initial validation to maintain its validated state.Operating EnvironmentThose conditions and activities interfacing directly or indirectly with the system of concern, control of which can affect the system's validated state.Operating SystemA set of software programs provided with a computer that function as the interface between the hardware and the applications program.Operational Qualification (OQ)The documented verification that the facilities, systems and equipment, as installed or modified, perform as intended throughout the anticipated operating ranges.11Operational Qualification (OQ) is the documented collection of activities necessary to demonstrate that an instrument will function according to its operational specification testing in the selected environment. OQ demonstrates fitness of purpose for the user's ways of working, and should reflect the contents of the DQ document.17OQ is the documented collection of activities necessary to demonstrate that an instrument will function according to its operational specification testing in the selected environment. OQ demonstrates fitness for the selected use, and should reflect the contents of the DQ document.4Original recordData as the file or format in which it was originally generated, preserving the integrity (accuracy, completeness, content and meaning) of the record, e.g. original paper record of manual observation, or electronic raw data file from a computerised system.7The first or source capture of data or information, e.g. original paper record of manual observation or electronic raw data file from a computerised system, and all subsequent data required to fully reconstruct the conduct of the GXP activity. Original records can be Static or Dynamic.3Out of Specification (OOS) ResultA reportable result outside of specification or acceptance criteria limits. As we are dealing with specifications, OOS results can apply to test of raw materials, starting materials, active pharmaceutical ingredients and finished products but not for in-process testing. If a system suitability test fails this will not generate an OOS result as the whole run would be invalidated, however, there needs to be an investigation of the failure.19Out of Trend (OOT) ResultNot an out of specification result but does not fit with the expected distribution of results. This can include a single result outside of acceptance limits for a replicate result used to calculate a reportable result. If investigated, the same rules as OOS should be followed.Outsourced ActivitiesActivities conducted by a contract acceptor under a written agreement with a contract giver.14Path TestingExecution of important control flow paths throughout the program.Performance Qualification (PQ)The documented verification that the facilities, systems and equipment, as connected together, can perform effectively and reproducibly, based on the approved process method and product specification.11The documented verification that the integrated computerised system performs as intended in its normal operating environment, i.e. that computer related system performs as intended.1Performance Qualification (PQ) is the documented collection of activities necessary to demonstrate that an instrument consistently performs according to the specifications defined by the user, and is appropriate for the intended use. The PQ verifies the fitness for purpose of the instrument under actual conditions of use. After IQ and OQ have been performed, the instrument's continued suitability for its intended use is demonstrated through continued performance qualification.4,17PolicyA directive usually specifying what is to be accomplished.ProcessStructured activities intended to achieve a desired outcome.Process OwnerThe person responsible for the business process.9Prospective ValidationValidation carried out before routine use of the system.11QualificationAction of proving that any equipment works correctly and actually leads to the expected results. The word validation is sometimes widened to incorporate the concept of qualification.5Action of proving and documenting that equipment or ancillary systems are properly installed, work correctly and actually lead to the expected results. Qualification is part of validation, but the individual qualification steps alone do not constitute process validation.10Action of proving that any instrument works correctly and delivers the expected results; demonstration of fitness for purpose.4Qualification ProtocolA prospective experimental plan that when executed is intended to produce documented evidence that a system or subsystem has been qualified properly.QualityThe degree of which a set of properties of a product, system or process fulfils requirements.20Quality AssuranceThe sum total of organised arrangements made with the object of ensuring that all APIs are of the quality required for their intended use and that quality systems are maintained.10Quality ControlChecking or testing that specifications are met.10Quality UnitAn organisational unit independent of production that fulfils both Quality Assurance and Quality Control responsibilities. This can be in the form of separate QC and QA units or a single individual or group depending on the size of the organisation.10Raw DataOriginal records, retained in the format in which they were originally generated (i.e. paper or electronic), or as a “true copy”. Raw data must be contemporaneously and accurately recorded by permanent means. The definition of “original records” currently varies across regulatory documents. By its nature, paper copies of raw data generated electronically cannot be considered as “raw data”. Raw data must permit the full reconstruction of the activities resulting in the generation of the data. In the case of basic electronic equipment that does not store electronic data, or provides only a printed data output (e.g. balance or pH meter), the printout constitutes the raw data.21Raw data is defined as the original record (data) that can be described as the first-capture of information, whether recorded on paper or electronically.3Raw data means any laboratory worksheets, records, memoranda, notes, or exact copies thereof, that are the result of original observations and activities of a nonclinical laboratory study and are necessary for the reconstruction and evaluation of the report of that study 21 CFR 58.3(k).22Recording DataCompanies should have an appropriate level of process understanding and technical knowledge of systems used for data recording, including their capabilities, limitations and vulnerabilities.21Reportable ResultThe term reportable result as used in this document means a final analytical result. This result is appropriately defined in the written approved test method and derived from one full execution of that method/procedure, starting from the sample. Compared with the specification to determine pass/fail of a test.19Retrospective ValidationValidation of a process or system after it has become operational.10RevalidationA repeat of all or part of the validation to provide assurance that changes in the system introduced in accordance with change control procedures do not adversely affect the system operation or data integrity.RiskCombination of the probability of occurrence of harm and the severity of that harm.18Risk analysisThe systematic use of available information to identify hazards and estimate the risk.18Risk assessmentThe overall process of a risk analysis and risk evaluation.18Risk evaluationJudgement, on the basis of risk analysis, of whether a risk that is acceptable has been achieved in a given context.18Risk managementThe systematic application of management policies, procedures and practices to the tasks of analysing, evaluating and controlling risk.18Self-InspectionAn internal evaluation of compliance with applicable regulation in relevant regulated areas.2Senior ManagementPerson(s) who direct and control a company or site at the highest levels with the authority and responsibility to mobilise resources within the company or site.2SeverityMeasure of the possible consequences of a hazard.18Software ConfigurationAdaptation of software functions to a business process using tools provided within the application by the supplier of the software.4Software CustomisationChanging the way software automates a business process by the addition of externally custom coded software modules using a recognised programming language or the development of macros within the application software.4Standard Operating ProcedureInstructions that specify how an activity or process is to be performedStatic Data/RecordStatic record format is used to indicate a fixed-data document such as a paper record or an electronic image.8A static record format, such as a paper or pdf record, is one that is fixed and allows little or no interaction between the user and the record content. For example, once printed or converted to static pdfs, chromatography records lose the capability of being reprocessed or enabling more detailed viewing of baselines.2Structural IntegritySoftware attributes reflecting the degree to which source code satisfies specified software requirements and conforms to contemporary software development.Structural VerificationAn activity intended to produce documented assurance that software has the appropriate structural integrity.SupplierThe company or group responsible for developing, constructing and delivering a software application, computerised system or part of a system.This term is used generically and can mean the manufacturer, a vendor, a service agent, or a consultant, depending on the circumstances.4System OwnerThe person responsible for the availability, and maintenance of a computerised system and for the security of the data residing on that system.9Third PartyParties not directly managed by the holder of the manufacturing and/or import authorisation.9True Copy/Certified Copy/Verified CopyA true copy is a copy of an original recording of data that has been verified and certified to confirm it is an exact and complete copy that preserves the entire content and meaning of the original record, including, in the case of electronic data, all essential metadata and the original record format as appropriate.2A copy of original information that has been verified as an exact (accurate and complete) copy having all of the same attributes and information as the original. The copy may be verified by dated signature or by a validated electronic signature. A true copy may be retained in a different electronic file format to the original record, if required, but must retain the equivalent static/dynamic nature of the original record.7A copy (irrespective of the type of media used) of the original record that has been verified (i.e. by a dated signature or by generation through a validated process) to have the same information, including data that describe the context, content, and structure, as the original.3UserThe company or group responsible for the operation of the system.User access/system administrator rolesFull use should be made of access controls to ensure that people have access only to functionality that is appropriate for their job role, and that actions are attributable to a specific individual. Companies must be able to demonstrate the access levels granted to individual staff members and ensure that historical information regarding user access level is available. Controls should be applied at both the operating system and application levels. Shared logins or generic user access should not be used. Where the computerised system design supports individual user access, this function must be used. This may require the purchase of additional licences.7Validated scanning processA process whereby documents/items are scanned as a process with added controls such as location identifiers and OCR so that each page duplicated does not have to be further checked by a human.3Validation – for intended purposeComputerised systems should comply with regulatory requirements and associated guidance and be validated for their intended purpose. This requires an understanding of the computerised system's function within a process. For this reason, the acceptance of vendor-supplied validation data in isolation of system configuration and intended use is not acceptable. In isolation from the intended process or end user IT infrastructure, vendor testing is likely to be limited to functional verification only and may not fulfil the requirements for performance qualification.Validation Master PlanA document providing information on the company's validation work programme. It should define details of and timescales for the validation work to be performed. Responsibilities relating to the plan should be stated.23Validation PlanA document that identifies all systems and subsystems involved in a specific validation effort and the approach by which they will be qualified and the total system will be validated; includes the identification of responsibilities and expectations.Worst CaseRequirements or set of requirements that can include upper and lower limits and circumstances for a computerised system. Typically represent the limits of use within a specific laboratory.

Abbreviations

AbbreviationMeaningAIPApplication Integrity PolicyALCOAAttributable, Legible, Contemporaneous, Original, AccurateANSIAmerican National Standards InstituteAPIActive Pharmaceutical IngredientASTMAmerican Society for Testing and MaterialsATPAnalytical Target ProfileBCPBusiness Continuity PlanCAPACorrective Action and Preventative ActionCBERCenter for Biologics Evaluation and Research (FDA)CDERCenter for Drug Evaluation and Research (FDA)CDRHCenter for Devices and Radiological Health (FDA)CDSChromatography Data SystemCECapillary ElectrophoresisCFRCode of Federal Regulations (e.g. 21 CFR 11)CMCChemistry, Manufacturing and Controls (of a New Drug Application/Product Licence Application)CMOContract Manufacturing OrganisationCOACertificate of AnalysisCOTSCommercial/Configurable Off The Shelf (Software)This term is not recommended for use as it is confusing when not defined. Define software type using GAMP software categories.CPGCompliance Program GuideCompliance Policy GuideCROContract Research OrganizationcGMPcurrent Good Manufacturing PracticesCSConfiguration SpecificationCSFCritical Success FactorCSVComputer System ValidationCTDCommon Technical DocumentDHHSDepartment of Health and Human Services (US)DIData IntegrityDGData GovernanceDQDesign QualificationDRDisaster RecoveryDSDesign SpecificationECEuropean CommunityECDElectron Capture DetectorEDMSElectronic Document Management SystemEIREstablishment Inspection ReportELNElectronic Laboratory NotebookEMAEuropean Medicines AgencyEMEAEuropean Agency for the Evaluation of Medical Products (now EMA)EPEuropean Pharmacopoeia (Ph.Eur)EUEuropean UnionFDAFood and Drug AdministrationFIDFlame Ionisation DetectorFMEAFailure Mode and Effects AnalysisFOI (A)Freedom of Information (Act)FRFederal RegisterFSFunctional SpecificationsGAMPGood Automated Manufacturing Practice guidelinesGCGas ChromatographyGDocPGood Documentation PracticeGLPGood Laboratory PracticeGRDPGood Records and Documentation PracticeGXPGood X Practices (where X can be clinical, laboratory and/or manufacturing)GMPGood Manufacturing PracticeHACCPHazard Analysis Critical Control PointHPLCHigh Pressure/Performance Liquid ChromatographyIaaSInfrastructure as a ServiceICHInternational Conference on Harmonisation (1990–2015)International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (from October 2015)ICPInductively Coupled PlasmaIEEEInstitute of Electrical and Electronic Engineers, Inc.ILTInstructor Lead TrainingINDInvestigational New Drug ApplicationIQInstallation QualificationIPInternet ProtocolIRInfra-RedISOInternational Organization for StandardizationISPEInternational Society of Pharmaceutical EngineersITInformation TechnologyITILIT Infrastructure LibraryITTInvitation to TenderKPIKey Performance IndicatorLANLocal Area NetworkLESLaboratory Execution SystemLIMSLaboratory Information Management SystemMBAMinus Brain ActivityMHLWMinistry of Health, Labour and Welfare (Japan)MHRAMedicines and Healthcare products Regulatory Agency (UK)MOUMemorandum of UnderstandingMRAMutual Recognition AgreementMSMass SpectrometerNCENew Chemical EntityNDANew Drug ApplicationNIRNear Infra-RedNISTNational Institute of Standards and Technology (Gaithersville, Maryland, USA)NMRNuclear Magnetic ResonanceOECDOrganization for Economic Cooperation and DevelopmentOOEOut Of ExpectationOOSOut Of SpecificationOOTOut Of TrendOQOperational QualificationORAOffice of Regulatory Affairs (FDA)OTSOff The Shelf (refers to software – use is not recommended)PaaSPlatform as a ServicePAIPre-Approval InspectionPDAParenteral Drug AssociationPDFPortable Document FormatPh.Eur.European PharmacopoeiaPICPharmaceutical Inspection ConventionPIC/SPharmaceutical Inspection Convention/SchemePKIPublic Key InfrastructurePPQProcedure Performance QualificationPPVProcedure Performance VerificationPQPerformance QualificationPQSPharmaceutical Quality SystemQAQuality AssuranceQAUQuality Assurance UnitQCQuality ControlQMSQuality Management SystemQPQualified PersonQRMQuality Risk ManagementR&DResearch and DevelopmentRAIDRedundant Array of Inexpensive DisksRFCRequest for ChangeRFIDRadio Frequency IdentityRFPRequest for ProposalRSDRelative Standard DeviationSaaSSoftware as a ServiceSANStorage Area NetworkSDLCSystem Development Life CycleSDMSScientific Data Management SystemSILCSystem Implementation Life CycleSLAService Level AgreementSOPStandard Operating ProcedureSPCStatistical Process ControlSQASociety for Quality AssuranceSRSSystem Requirements Specification (equivalent to URS)SSTSystem Suitability TestTATTurn Around TimeTMUTotal Measurement UncertaintyUATUser Acceptance TestingUPSUninterruptible Power SupplyURSUser Requirement SpecificationsUSBUniversal Serial BusUSPUnited States PharmacopoeiaUVUltra VioletVMPValidation Master PlanVSRValidation Summary ReportWANWide Area NetworkWIWork InstructionWHOWorld Health Organisation

References

  1. Technical Report 18: Validation of Computer-related Systems , Parenteral Drug Association (PDA), Bethesda, MD, 1995, Search PubMed .
  2. WHO Technical Report Series No. 996 Annex 5 Guidance on Good Data and Records Management Practices , World Health Organisation, Geneva, 2016, Search PubMed .
  3. MHRA GXP Data Integrity Guidance and Definitions , Medicines and Healthcare products Regulatory Agency, London, 2018, Search PubMed .
  4. USP 41 General Chapter <1058> Analytical Instrument Qualification , United States Pharmacopoeia Convention, Rockville, MD, 2018, Search PubMed .
  5. EudraLex – Volume 4 Good Manufacturing Practice (GMP) Guidelines, Glossary , European Commission, Brussels, 2004, Search PubMed .
  6. PIC/S PI-041 Draft Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments , Pharmaceutical Inspection Convention/Pharmaceutical Inspection Co-Operation Scheme, Geneva, 2016, Search PubMed .
  7. MHRA GXP Data Integrity Definitions and Guidance for Industry, Draft Version for Consultation July 2016 , Medicines and Healthcare products and Regulatory Agency, London, 2016, Search PubMed .
  8. FDA Draft Guidance for Industry Data Integrity and Compliance with cGMP , 2016, Search PubMed .
  9. EudraLex – Volume 4 Good Manufacturing Practice (GMP) Guidelines, Annex 11 Computerised Systems , European Commission, Brussels, 2011, Search PubMed .
  10. EudraLex – Volume 4 Good Manufacturing Practice (GMP) Guidelines, Part 2-Basic Requirements for Active Substances Used as Starting Materials , European Commission, Brussels, 2014, Search PubMed .
  11. EudraLex – Volume 4 Good Manufacturing Practice (GMP) Guidelines, Annex 15 Qualification and Validation , European Commission, Brussels, 2015, Search PubMed .
  12. FDA Glossary of Computerized System and Software Development Terminology , 1995, Search PubMed .
  13. FDA Guidance for Industry General Principles of Software Validation , Food and Drug Administration, Rockville, MD, 2002, Search PubMed .
  14. ICH Q10 Pharmaceutical Quality Systems , International Conference on Harmonisation, Geneva, 2008, Search PubMed .
  15. MHRA GMP Data Integrity Definitions and Guidance for Industry 2nd Edition , Medicines and Healthcare products Regulatory Agency, London, 2015, Search PubMed .
  16. MHRA Expectation Regarding Self Inspection and Data Integrity , 2013, Search PubMed .
  17. USP 31 General Chapter <1058> Analytical Instrument Qualification , United States Pharmacopoeial Convention, Rockville, MD, 2008, Search PubMed .
  18. ISO 14971: Risk Management for Medical Devices , International Standards Organisation, Geneva, 2012, Search PubMed .
  19. FDA Guidance for Industry Out of Specification Results , Food and Drug Administration, Rockville, MD, 2006, Search PubMed .
  20. ICH Q9 Quality Risk Management , International Conference on Harmonisation, Geneva, 2005, Search PubMed .
  21. MHRA GMP Data Integrity Definitions and Guidance for Industry 1st Edition , Medicines and Healthcare products Regulatory Agency, London, 2015, Search PubMed .
  22. 21 CFR 58 Good Laboratory Practice for Non-clinical Laboratory Studies , Food and Drug Administration, Washington, DC, 1978, Search PubMed .
  23. PIC/S Recommendations on Validation Master Plan, Installation and Operational Qualification, Non-sterlie Process Validation and Cleaning Validation (PI-006-3) , Pharmaceutical Inspection Convention/Pharmaceutical Inspection Co-Operation Scheme (PIC/S), Geneva, 2007, Search PubMed .

© R. D. McDowall 2019 (2018)