>

CONTROLLED DOCUMENT TD-GEN-FRM-094 Status: Effective Effective Date: 16/Aug/2021

DPE Data Integrity Equipment/Software Assessment

(TD-GEN-FRM-094)

Instructions: Complete the following assessment under the guidelines of the Data Integrity Directive (10.1.GDIR). If no is selected for any of
the assessment questions, resolve and document corrective actions.

A. General

Assessment Questions Yes No N/A Comments/Corrective Actions

Does the equipment/software provide security access controls and are these
1.
enabled, implemented and used?
Do end user procedures exist defining use and control of the equipment/software
2.
in the regulated business process(es)?

3. Is there a validation summary report for intended use of the equipment/software?

Is the equipment/software being maintained under change control and subject to

4.
a periodic review process to ensure it is maintained in a validated state?
Are there written procedures and training programs defining the review of
5.
electronic data and meaningful metadata?

6. Is the equipment/software included in an up to date listing of all relevant systems?

Is there a business continuity process in place in the event of an

7.
equipment/software breakdown?

8. Is there a process to track, assess and address equipment/system issues?

B. User Access

Assessment Questions Yes No N/A Comments/Corrective Actions

1. Is there an administrator external to the users?

Is there a procedure that defines the roles, responsibilities and authorization of

2.
the system administrator?

3. Is the administrator authorization documented and retained in a secure location?

Page 1 of 5

Viewed/Printed: 21 January 2022 8:56:3 AM ** GDMS-D2 Copy-Use per procedure** FORM-000249184 < > Rev 1 >
 >
CONTROLLED DOCUMENT TD-GEN-FRM-094 Status: Effective Effective Date: 16/Aug/2021

DPE Data Integrity Equipment/Software Assessment

(TD-GEN-FRM-094)

Assessment Questions Yes No N/A Comments/Corrective Actions

Is there a procedure that defines the roles, responsibilities, authorization and
4.
termination of the users?
Prior to access being granted, is there documentation that the user should have
5.
access to the equipment/software?
Is the user authorization/termination documented and retained in a secure
6.
location?

7. Is there a specific level of training for intended roles?

8. Is the training documented and retained in a secure location?

Is access reviewed periodically but at least on an annual basis and updated as

9.
required?
Is there a procedure that states frequency of the user access review and who
10.
performs the task?

11. Is the user access documented and retained in a secure location?

Is there a log off mechanism after a pre-defined period of user inactivity, or a

12.
mechanism where user ID entry is required after inactivity period?

13. Are User IDs unique?

Does the system/equipment utilize a unique access control that contains User IDs
14.
in combination with password?
Is unauthorized system access detectable and reportable to organization
15.
management?
Is there an electronic signature that is permanently linked to the electronic
16.
records?

17. Does an electronic signature contain the name of the signer?

18. Is an electronic signature unique to one individual?

Does an electronic signature contain at least two distinct identification

19.
components such as a User ID and password?

Page 2 of 5

Viewed/Printed: 21 January 2022 8:56:3 AM ** GDMS-D2 Copy-Use per procedure** FORM-000249184 < > Rev 1 >
 >
CONTROLLED DOCUMENT TD-GEN-FRM-094 Status: Effective Effective Date: 16/Aug/2021

DPE Data Integrity Equipment/Software Assessment

(TD-GEN-FRM-094)

Assessment Questions Yes No N/A Comments/Corrective Actions

Does the electronic signature contain the date and time the signature was
20.
executed?
If electronic signatures are based upon biometric, are they designed to ensure
21.
that they cannot be used by anyone other than their genuine owners?
Are users prevented from deleting electronic records from within the software
22.
application?
Are users prevented from deleting electronic records from outside the software
application (e.g., via the “back-end” such as on the local drive through Windows
23.
Explorer or via undocumented requests to the Database Administrator to execute
a backend database delete)?

C. Data Backup and Restoration

Assessment Questions Yes No N/A Comments/Corrective Actions

1. Is there a procedure for backup, restoration and archival of data?

Is a backup of the original electronic data maintained in a designated secure

2.
environment?
Are backup and recovery processes verified to ensure the accuracy of the transfer
3. of the set of electronic records and metadata from point of origin and to each
storage location?
4. Is backup and archived data maintained in a secure environment?

Is there a process to ensure that when records are retrieved from archive, the set
5.
of records provided accurately and completely reflect the source set of records?

6. Is the archive process periodically checked to ensure the restoration of all data?
Are the persons responsible for any manual transfers of electronic records to
storage locations independent of the group responsible for the content of the
7. records or are there other reasonable controls in place to assure the integrity of
the transfer, such as second person verification of the accuracy and
completeness of the transfer?
8. Are Disaster Recovery process(s) defied and tested?

Page 3 of 5

Viewed/Printed: 21 January 2022 8:56:3 AM ** GDMS-D2 Copy-Use per procedure** FORM-000249184 < > Rev 1 >
 >
CONTROLLED DOCUMENT TD-GEN-FRM-094 Status: Effective Effective Date: 16/Aug/2021

DPE Data Integrity Equipment/Software Assessment

(TD-GEN-FRM-094)

D. Audit Trail Review/Backup

Assessment Questions Yes No N/A Comments/Corrective Actions

Are personnel reviewing the electronic records and relevant metadata (such as
1. audit trails) for this equipment/software and reconciling the electronic records with
the final printout?
Does the equipment/software have computer-generated audit trails in place to
2. track changes and deletions of critical data, and if not, are alternate means in
place to ensure the documentation and traceability of these actions?
Are the audit trails, or equivalent record histories, readily retrievable and
comprehensible for changes to critical data fields and critical system activities
3.
(such as lot release triggers, critical quality attributes, changing security profiles,
etc.)?
Does the audit trail include user credentials, date and time stamps and entries
4.
and actions that create, modify or delete electronic records?
Are user rights restricted to ensure users cannot turn on/off the computer-
5.
generated audit trails?
Are users’ rights restricted to ensure users cannot alter the time/date stamp for
6.
the equipment/software?

7. Is there a procedure in place for periodic review and backup of audit trails?

Is the periodic review of the backup of audit trails documented and retained in a
8.
secure location?

Assessed by:
(Sign/Date)

Approved by:
(Sign/Date)

Page 4 of 5

Viewed/Printed: 21 January 2022 8:56:3 AM ** GDMS-D2 Copy-Use per procedure** FORM-000249184 < > Rev 1 >
 >
CONTROLLED DOCUMENT TD-GEN-FRM-094 Status: Effective Effective Date: 16/Aug/2021

DPE Data Integrity Equipment/Software Assessment

(TD-GEN-FRM-094)

Note: Revision history is not required to be copied with the form.

Rev: 1 Author: Abigail Bull CR: 000249070

Description of Change: New Form

Implementation Instructions: Upon Document Approval

Page 5 of 5

Viewed/Printed: 21 January 2022 8:56:3 AM ** GDMS-D2 Copy-Use per procedure** FORM-000249184 < > Rev 1 >
 >
CONTROLLED DOCUMENT TD-GEN-FRM-094 Status: Effective Effective Date: 16/Aug/2021

CONTROLLED DOCUMENT
SIGNATURE PAGE
Document Name :FORM-000249184

Document Title :DPE Data Integrity Equipment/Software Assessment

Document ID :TD-GEN-FRM-094

Signed By Date (GMT) Justification

Storm Bonnie 13/Aug/2021 Quality Approval

12:38:02

Cassidy Darlene M 27/Jul/2021 Author Confirmation

13:38:41

Viewed/Printed: 21 January 2022 8:56:3 AM ** GDMS-D2 Copy-Use per procedure** FORM-000249184 Rev 1