Skip Ribbon Commands
Skip to main content


Apr 10
Part 11 for Process Equipment, Audit Trail Reviewing, Requirements for Bulk Chemicals, And Cal Certs Without Pass/Fail

This week we have five move post-webinar questions from the Data Integrity webinar.
The questions are:

  • Do we need to comply with Part 11 for a system attached to a process equipment if we are taking print outs and filing with our batch records?
  • What should we focus our audit trail reviews on?
  • Are there regulatory requirements for bulk chemical manufacturers?
  • What if our calibration certificates don't come with a pass/fail status, only raw results?
  • Are audit trail reviews tied to an official regulation, or an extrapolation of the need to have audit trail functions?

See all the answers below... Plus, if you missed the data integrity, watch the recorded version. But first...

Measuring CO2? We invite you!

Join us for a webinar on Vaisala's CARBOCAP® technology May 4, 2017.

Learn what's crucial for good CO2 measurement in applications such as:

  •     Demanding HVAC
  •     Agriculture
  •     Greenhouses
  •     Human Safety
  •     Incubators


New White Paper on Data Integrity:
Managing GxP Environmental Systems to Ensure Data Integrity

In this paper we give you eight ways to ensure data integrity in your computerized systems, including:

  • Risk-based Validation
  • Auditing Audit trails
  • Ensuring accuracy and functionality
  • Change control
  • Selecting system providers

    Download the paper

More Data Integrity Webinar Q&A

Data Integrity Questions and Answers

Do we require part 11 compliance for a computer system attached to a process equipment if we are taking print out and filing in our batch records?


Questions and Answers from our Data Integrity Webinar
You do not need to worry about compliance with Part 11 if the print-out is the raw data directly from the process equipment.  An example would be the print-out from an electronic scale.  If the process equipment creates a file, or does any processing of the file before printing it out, you will need to investigate deeper.

Another example would be an HPLC where the raw data is manipulated and analyzed before it is printed. In these instances validation may be required, including verification of elements of Part 11.  


Data Integrity Questions and Answers

For audit trails reviews, what should we focus our attention on?

Questions and Answers from our Data Integrity WebinarI love this question! Almost everybody accepts it must be done, but almost no-one asks how to actually do it.  The answer to this question is largely dependent on what the system is used for, how it stores dcen-g-viewLinc5-Events-view.jpgata, and how detailed the audit trail is. 

In our viewLinc system, no user can actually make a record involving raw data, or even change it.  So in some sense we don't even need an audit trail…  But, since it is a hard argument to have,  we put an audit trail in anyway. The viewLinc audit trail tracks events and configuration changes. 

Since a monitoring system's secondary function, after collecting raw data, is sending alarms for any out-of-spec conditions or data, the configuration of the alarms is probably the most sensitive data that can be changed by a user.  Therefore, in a review of a monitoring system audit trail I would be looking for administrative events that involved configuration changes.  I would be looking at the comments tied to the events to see that the changes were part of legitimate change controls. Here's what the "Events" view panel looks like in viewLinc...

However, if I was dealing with a more complex system, such as a HPLC tied to a LIMS system I would see it differently. In this type of setup the raw data files are often created by users and often need analysis and adjustment to make the data into actual and meaningful test results.  Such as system would likely be equipped with security roles to prevent people with review responsibilities from being able to change data, but if it wasn't (which would be a Part 11 compliance violation) I would look for change events by users known to have review roles.  

Otherwise, I would check the dates associated with the given projects and files. If a HPLC analysis and review of the file is typically completed and reviewed within 3 working days, I would look for instances where the changes to the data were made outside that 3-day window.  This might be indicative of people making changes after the fact.

So we see that our audit trail review strategy is tied very much to the type of system we are using. We consider the system's existing data protections, and the way the it is used to process and store data.  To really understand how to review the audit trail, you must imagine the ways a person could "cheat" the data, and then design your review strategies to detect these activities.

Data Integrity Questions and Answers

Is there a regulatory requirement for bulk chemical manufacturers (e.g. excipients) to apply Data Integrity practices?


Questions and Answers from our Data Integrity Webinar

I have to answer your question with another question: Are there any GMP requirements for manufacturers of excipients?  Because data integrity requirements are not new, and are part of the core requirements for any GMP activity, therefore any activity that is has a regulatory requirement for GMP compliance, will also have a regulatory requirement to apply Data Integrity practices. 

I make a distinction between manufacturers of raw materials, excipients, and API's.  In my definition, an excipient is something that is not an API, but changes the action of the drug in some way, like a tablet coating. 

Excipients will differ between generic and patented formulations, even though the actual drug products will have the same API's, and likely other raw materials. The only reason I make this distinction is that I believe that it will help answer the question.  Some raw material providers are just making a raw material that could be used in many industries, and the way they are made suitable for pharmaceutical use is through testing and purification by the pharmaceutical manufacturer.  In this case, I could see a bulk raw material supplier being exempt from GMPs and therefore Data Integrity requirements.  Now a manufacturer of excipients, as I have defined them as unique drug components that are not APIs, could likely be seen as being subject to GMPs and therefore to Data Integrity requirements.

Data Integrity Questions and Answers

Regarding showing PASSED on a calibration certificate in the U.K., UKAS certified calibrations don't come with a pass/fail status, only raw results.  What's the best way to deal with these?

Questions and Answers from our Data Integrity Webinar

Ah... forgive me for playing a little fast and loose with the word "PASSED".  It's often easier to teach GxP standards using phrases that imply that something MUST meet calibration criteria by saying that the certificate must say "PASSED." 

But of course you are correct that you don't always get the word "PASSED" on the certificate.  The best practice I was alluding to was simply that calibration should be documented, typically with a certificate, and you should be able to determine from the certificate that the instrument was successfully calibrated, and within the due dates.  Successfully calibrated (which is what we mean by "Pass") means that measurements against a standard, after adjustment if any, were within the acceptable performance parameters for accuracy for that instrument.  Ideally, the certificate will also carry some kind of indicator of what the expected performance parameters are so that one may make such a determination from the certificate itself without having to refer to additional documents.  A word of warning – when you do send an instrument out for calibration, the calibration service providers will allow you to tell them what the acceptable limits of performance are, and you do not need to simply parrot the manufacturer's performance specifications.  What is more important is your process tolerance specifications.  If your process tolerance is quite a bit wider than the instrument's performance specifications (this is typical of Vaisala loggers) you gain some additional protection against failed calibrations AND the attendant paperwork.


Data Integrity Questions and Answers

Are the periodic audit trail reviews tied to an official regulation, or is it an extrapolation of the need to have audit trail functions?

Questions and Answers from our Data Integrity Webinar

Since you are in the UK, I looked to the MHRA. Their expectation is that the audit trail is there to specifically provide the ability to review it, and in that review to be able to reconstruct the actions to create the data record.  So, in that context, audit trail review is the reason for the audit trail to exist, as opposed to an extrapolation in the other direction. 

It is suggested by some that the appropriate time to review an audit trail is at the time the data itself is reviewed, or used for a GMP decision.  This is different than simple periodic audit trail review.  However, I consider both processes to be necessary and not mutually exclusive.


If you have any questions, ping me at

Don't miss this:
Upcoming Webinar on New Wireless Technology

Join us for "The Internet of Things Now Includes Wireless Technology That Rises Above Crowded Frequencies" 

  • Wednesday, April 19, 2017
  • 11:00 AM EDT / 8:00 AM PDT
  • Your presenter: Paul Daniel, Senior Regulatory Compliance Expert at Vaisala

Who Should Attend:

  • Facilities managers
  • Calibration managers
  • Validation managers
  • Validation specialists
  • Regulatory officers
  • Distribution, Logistics Managers
  • Stability Scientists & Laboratory Managers


The Internet of Things has allowed the development of wireless technology that ensures reliable, long-range signal strength in sensor-equipped data loggers. This webinar will show you how recent advances in long-range wireless communication are changing the way controlled environments are monitored, especially in GxP-regulated applications. 

  • A brief history of wireless technology
  • Key differences in current technologies and functional comparisons of each (i.e. Wi-Fi, Bluetooth and ZigBee)
  • The fundamentals of wireless monitoring networks, including: frequency, modulation, LoRa®, link budgets, and network topology
  • Discover the new VaiNet Wireless Technology
Register for the VaiNet Webinar today!



Paul Daniel

20.04.2017 22:02
Robert - Thanks for your contribution to our blog. I think you are absolutely correct that we must focus not on the type of instrument, but rather on the way the instrument is used. A simple instrument (such as a balance) may not be so simple once we change the firmware or attach it to a larger system like your example of the LES. I'm not quite in alignment with your prediction that "Paper and Pen" will go extinct. It's safe, stable, and a perfect solution to many data recording tasks. I believe that the main driver to go electronic is not regulatory, but financial. So in cases where an economy of scale doesn't provide the financial incentive to fund a switch to electronic records, I think we will still see pen and paper, especially in emerging economies. Let's check back on this topic in 7-years and see where the industry has moved! Thanks again for your insightful contribution.

Robert Seltzer

12.04.2017 20:34
The fact that a balance or pH meter or other simple, microprocessor-containing equipment is set up for direct print does not automatically mean it's not possible to reconfigure or apply or install a different eprom to enable a lab execution system (LES) solution to preserving and transferring e-data and all the source data's precision (in case of a repeating decimal rational no. or infinite decimals irrational no.) that minimizes cumulative rounding error in the immediate or other calculation(s) using this data. Alternatively, health authorities, e..g., FDA, MHRA, et al, may very soon mandate or recommend strongly that all URSs and purchased lab equipment must be LES-ready or have an LES-default software/configuration, for the reasons above mentioned, and that this possible enactment may not come with a grandfather clause. Bottom line: budgets are no excuse for not keeping up with 21st Century technology that minimizes risk of data integrity breach or loss of data/bytes due to cumulative rounding error as well as risk of lost printouts, etc. Paper and pen, inherently static data, will become extinct like the dinosaurs (I predict within 7 years). Also, FDA's statements/caveats on manual integration in its 2013 Draft Guidance "Bioanalytical Method Validation," (specifically at Line #'s 459,735, 921), 932, 1012).

Add Comment

Name *

Email address * (Your email address will not appear publicly.)

Comments *

Enter the code above here:
Can't read? Try different words.

 About this blog


This blog contains updates from industry events provided by our regional applications engineers, changes to life science regulations and guidance, and information about new environmental measurement and monitoring technologies. 

Please share your thoughts and ideas within the comments field of the blog posts. Please email us if you have questions or feedback about the blog.


About the bloggers