It is important to understand that (quality) risk management is essential to the implementation and maintenance of Data Integrity concepts. In order to control the risks they need to be categorized. Such a categorization must be simple and easy to be applied fast, consistently and reliably.
The question we want to explore is whether Data Integrity is a completely new approach or just a different perspective on already existing GMP requirements as those arising from ICH Q7.
There should be an SOP for the audit trail review that also defines responsibilities. Who creates such an SOP and who is the process owner for the audit trail review?
The requirements for an audit trail are formulated even more comprehensively in the current draft of the revised Annex 11. But how should systems without an audit trail be handled, and do legacy systems need to be retrofitted with audit trail functionality?
What is the role of the QP in the audit trail review in connection with batch release, and does a lack of justification in the audit trail automatically lead to a complaint in an audit? How would an inspector respond to these questions?
Changes and deletions of GMP-relevant data must be logged in the audit trail. Which events must be recorded in the audit trail and who determines which data is relevant for the audit trail?
On 07 July 2025, the EU Commission published 3 drafts of the EU GMP Guidance Annex 11 “Computerised Systems”, the new Annex 22 “Artificial Intelligence” and Chapter 4 “Documentation”. Here is an initial analysis of the Annex 11 draft.
