How Robust are Your Data Review Procedures?

The ISPE has issued a GAMP: Records and Data Integrity guide which provides principles and practical guidance on meeting current expectations for the management of GxP regulated records and data, ensuring that they are complete, consistent, secure, accurate and available throughout their lifecycle. A critical component of the data lifecycle is Data Review.

Data review should be based upon a thorough process which is defined within the procedure. The GAMP guide states that the review should be on the original records and include the metadata and the GxP data related audit trails. These audit trails should be configured and qualified to ensure that they would capture any changes to the critical data associated with each record, and that the review of the record would detect such record changes (before approval of the record).

The Data Review procedure should cover

  • The method of review
  • The method of approval (wet signature vs e-signature)
  • Defined meaning of signature
  • Handling errors of omissions

In addition, the data review procedure should define the process for the review of the audit trails and ensure that those who review the audit trails have a deep understanding of the system including the meaning of and the terms referenced within the audit trail (including their significance and impact). These items are key to ensuring an effective data review process that would detect potential data integrity issues.

The GAMP guide categorizes the review of the audit trail as follows:

  1. Routine Data Review
  2. As part of investigations
  • Part of periodic assessment of the system (verifying the audit trail remains enabled and users cannot disable)

A copy of the full guidance document can be found here.  For further information or questions relating to any aspect of Data Review, including the review of computerized systems (laboratory and non-laboratory) audit trails, please contact Paul Mason, Ph.D. at or James Davison, Ph.D. at