Menu - BLL Logo


February 20

Data Integrity - Beyond User Controls

You've installed your chromatography data system in your laboratory, you've implemented user access controls and audit trails…..job done? Well, you're part way there.

The past couple of years have seen a significant increase in expectations from the regulatory bodies regarding Data Integrity within the pharma industry and has culminated with clearer guidance from the MHRA, FDA and PIC/S. Most companies are aware of the regulations and have taken significant steps forward in ensuring their computerised systems are compliant. There is however a common trend for companies to focus on one set of guidelines. In fact each set of guidelines should be used in harmony to design, deploy and validate your systems.

The following links provide access to the latest guidance on Data Integrity:

UK Medicines & Healthcare products Regulatory Agency (MHRA) -

European Medicines Agency (EMA) -

US Food and Drug Administration (FDA) -

Pharmaceutical Inspection Convention (PIC/S)

World Health Organisation (WHO) -

With many companies focusing on the critical areas of user control and audit trails it is important to remember that it doesn't end there. A couple of key points to take into consideration are:

Data Lifecycle

It’s not just about your CDS, user access and audit trails. Yes, these are key areas to address but don't forget about your standalone systems such as UV and it’s critical that you must also consider the full data lifecycle.

The EMA guidance notes provide a lot more detail with regards to the expectations on data lifecycle. It's not just about how you control the data whilst within a specific system but what you do with that data outside of that system.

Validating a CDS adds little value if you then transfer this data into an uncontrolled system or you don't have adequate processes in place for backup and archiving of your electronic data. Systems such as LIMS (Laboratory Information Management Systems) can added significant value to your laboratory options in terms of efficiency but also with regards to ensuring that the integrity of your laboratory data is maintained.

Residual Risk

A factor in the validation of any computerised systems is the risk assessment. This must identify the potential weaknesses in your system, how you intend to mitigate, test and review these.

If you are asked ‘can you completely assure that the integrity of your electronic data is infallible?’, the answer can't be ‘yes’. More important is that you understand the residual risks within your system, continue to review these and implement further mitigating procedures where required. This approach must be used to give yourself and the regulators confidence that the data has been generated and maintained in accordance with the appropriate regulatory guidance. 


Broughton is an approved GMP contract laboratory regularly inspected by both the MHRA and FDA. Download our Quality Policy and Compliance Certificates.


About the Author

Chris Allen started his career within Smith and Nephew Wound Management Division in 1997 after graduating from the University of Hull with a BSc (hons) in Chemistry and completion of a post graduate course in Analytical Science. Chris’ first role within the contract industry began in 1999 with Intertek Melbourn where he gained experience working alongside the world’s major pharmaceutical companies in the field of inhaled medicines. Chris moved to Yorkshire in 2002 to join Sciantec Analytical where he successfully developed the operational services of the Animal Health division, overseeing GMP certification for the laboratory. Chris joined Paul Moran as co-founder of Broughton Laboratories in 2006 and has held the position of Managing Director since 2011. More recently Chris has assumed the position of Chief Scientific Officer.