Skip to Main Content
Royal Society of Chemistry Logo Open Menu
header search
Search
(0)
Skip Nav Destination
Book cover for Data Integrity and Data Governance: Practical Implementation in Regulated Laboratories
Data Integrity and Data Governance: Practical Implementation in Regulated LaboratoriesCheck Access
By
R D McDowall
R D McDowall
Director, R.D.McDowall Ltd
Search for other works by this author on:
This Site
PubMed
Google Scholar
DOI:
https://doi.org/10.1039/9781788013277
Hardback ISBN:
978-1-78801-281-2
PDF ISBN:
978-1-78801-327-7
EPUB ISBN:
978-1-78801-662-9
Special Collection: 2018 ebook collection
No. of Pages:
598
Published online:
06 Nov 2018
Published in print:
09 Nov 2018
Chapter Contents
Book Chapter

Glossary, Abbreviations and Data Integrity Terms Free

Doi:
https://doi.org/10.1039/9781788013277-FP009
Page range:
P009 - P031

Data integrity terms presented here are quoted from several sources that can be found in the references at the end of this section. In some cases, a term may have several definitions from different sources to illustrate the differences between regulatory authorities. Also, an authority may have published two or three versions of guidance over time and the same term may have different definitions from the same authority that are included here, this is deliberate so that readers can see how the definition of a single term has evolved over time. Note that detailed references are not given for all terms in this glossary as the focus is on data integrity terms.

Glossary

TermMeaning
Acceptance Criteria The criteria a system must meet to satisfy a test or other requirement.1  
ALCOA A commonly used acronym for “attributable, legible, contemporaneous, original and accurate”.2  
ALCOA+ A commonly used acronym for “attributable, legible, contemporaneous, original and accurate”, which puts additional emphasis on the attributes of being complete, consistent, enduring and available – implicit basic ALCOA principles.2  
ALCOA-plus The guidance refers to the acronym ALCOA rather than “ALCOA+”. ALCOA being Attributable, Legible, Contemporaneous, Original, and Accurate and the “+” referring to Complete, Consistent, Enduring, and Available. ALCOA was historically regarded as defining the attributes of data quality that are suitable for regulatory purposes. The “+” has been subsequently added to emphasise the requirements. There is no difference in expectations regardless of which acronym is used since data governance measures should ensure that data is complete, consistent, enduring and available throughout the data lifecycle.3  
Analytical Instrument Qualification (AIQ) AIQ is the collection of documented evidence that an instrument performs suitably for its intended purpose. Use of a qualified instrument in analyses contributes to confidence in the validity of generated data.4  
Application Software installed on a defined platform/hardware providing specific functionality.5  
Archival Archiving is the process of protecting records from the possibility of being further altered or deleted, and storing these records under the control of independent data management personnel throughout the required retention period. Archived records should include, for example, associated metadata and electronic signatures.2  
Archive Long term, permanent retention of completed data and relevant metadata in its final form for the purposes of reconstruction of the process or activity.6  
A designated secure area or facility (e.g. cabinet, room, building or computerised system) for the long term, permanent retention of complete data and relevant metadata in its final form for the purposes of reconstruction of the process or activity.7  
A designated secure area or facility (e.g. cabinet, room, building or computerised system) for the long term, retention of data and metadata for the purposes of verification of the process or activity.3  
Archivist An independent individual designated in good laboratory practice (GLP) who has been authorised by management to be responsible for the management of the archive, i.e. for the operations and procedures for archiving.2  
Audit An audit is a formal, independent, disciplined and objective review activity designed to assess the performance of a process or system with regards to established regulations and procedures. There are internal audits, second party audits (between two companies) and third-party audits (using an independent auditor). 
Audit Trail GMP/GDP audit trails are metadata that are a record of GMP/GDP critical information (for example, the change or deletion of GMP/GDP relevant data), which permit the reconstruction of GMP/GDP activities.6  
A secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. An audit trail is a chronology of the “who, what, when, and why” of a record. Electronic audit trails include those that track creation, modification, or deletion of data (such as processing parameters and results) and those that track actions at the record or system level (such as attempts to access the system or rename or delete a file).8  
Audit trail means a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. An audit trail is a chronology of the “who, what, when, and why” of a record.2  
Audit trails are metadata that are a record of critical information (for example, the change or deletion of relevant data) that permit the reconstruction of activities.7  
The audit trail is a form of metadata containing information associated with actions that relate to the creation, modification or deletion of GXP records. An audit trail provides for secure recording of life-cycle details such as creation, additions, deletions or alterations of information in a record, either paper or electronic, without obscuring or overwriting the original record. An audit trail facilitates the reconstruction of the history of such events relating to the record regardless of its medium, including the “who, what, when and why” of the action.3  
Back-up A copy of current (editable) data, metadata and system configuration settings (e.g. variable settings that relate to an analytical run) maintained for the purpose of disaster recovery.6  
A true copy of the original data that is maintained securely throughout the records retention period (for example, § 211.180). The backup file should contain the data (which includes associated metadata) and should be in the original format or in a format compatible with the original format.8  
A copy of one or more electronic files created as an alternative in case the original data or system are lost or become unusable (e.g. in the event of a system crash or corruption of a disk). 
It is important to note that backup differs from archival in that back-up copies of electronic records are typically only temporarily stored for the purposes of disaster recovery and may be periodically overwritten. Such temporary back-up copies should not be relied upon as an archival mechanism.2  
A copy of current (editable) data, metadata and system configuration settings (variable settings that relate to a record or analytical run) maintained for the purpose of disaster recovery.7  
A copy of current (editable) data, metadata and system configuration settings maintained for recovery including disaster recovery.3  
FDA uses the term backup in § 211.68(b) to refer to a true copy of the original data that is maintained securely throughout the records retention period (for example, § 211.180). The backup file should contain the data (which includes associated metadata) and should be in the original format or in a format compatible with the original format. This should not be confused with backup copies that may be created during normal computer use and temporarily maintained for disaster recovery (e.g., in case of a computer crash or other interruption).8  
Bespoke/Customised Computerised System A computerised system individually designed to suit a specific business process.9  
Boundary Value A minimum or maximum input, output or internal data value, applicable to a system.1  
Branch Testing Execution of tests to assure that every branch alternative has been exercised at least once. 
Calibration The demonstration that a particular instrument or device results within specified limits by comparison with those produced by a reference or traceable standard over an appropriate range of measurements.10  
An operation that, under specified conditions, in a first step, establishes a relation between the quantity values, with measurement uncertainties provided by measurement standards, and corresponding indications with associated measurement uncertainties and, in a second step, uses this information to establish a relation for obtaining a measurement result from an indication. Note that:

  1. A calibration may be expressed by a statement, calibration function, calibration diagram, calibration curve, or calibration table. In some cases, it may consist of an additive or multiplicative correction of the indication with associated measurement uncertainty.

  2. Calibration should not be confused with adjustment of a measuring system, often mistakenly called “self-calibration”, or with verification of calibration.

  3. Often, the first step alone in the above definition is perceived as being calibration.4 

 
Change The addition, modification or removal of approved, supported or baselined hardware, network, software, application, environment, system, desktop build or associated documentation (ITIL). 
Change Advisory Board A group of people who can give expert advice to change management on the implementation of changes. This board is likely to be made up of representatives from all areas within IT and representatives from business units (ITIL). 
Change Control A formal monitoring system by which qualified representatives of appropriate disciplines review proposed or actual changes that might affect a validated status to determine the need for corrective action that would assure that the system retains its validated state.11  
Change History Auditable information that records, for example, what was done, when it was done by who and why (ITIL). 
Change Management Process of controlling Changes to the system or any aspect of services, in a controlled manner, enabling approved Changes with minimum disruption (ITIL). 
Code of Federal Regulations (CFR) The codification of the general rules of the United States of America published in the Federal Register by the executive departments and agencies of the Federal Government. Divided into 50 titles that represent the areas regulated by the US Government. 
Commercial off the shelf software Software commercially available, whose fitness for use is demonstrated by a broad spectrum of users.9  
Author note: this term can be abused and can be used to confuse. GAMP software categories should be used instead. 
Commissioning The setting up, adjustment and testing of equipment or a system to ensure that it meets all the requirements, specified in the user requirements specification, and capacities specified by the designer or developer. Commissioning is carried out before qualification and validation (WHO GMP). 
Computer Hardware Various hardware components in the computer system, including the central processing unit, printer, screen and other related apparatus. 
Computer System Computer hardware components assembled to perform in conjunction with a set of programs, which are collectively designed to perform a specific function or group of functions. 
A group of hardware components and associated software designed and assembled to perform a specific function or group of functions.9  
Computerised System A system including the input of data, electronic processing and the output of information to be used either for reporting or automatic control.5  
People, machines, and methods organised to accomplish a set of specific functions. Computer or related systems can refer to computer hardware, software, peripheral devices, networks, cloud infrastructure, operators, and associated documents (e.g., user manuals and standard operating procedures).12  
A computerised system collectively controls the performance of one or more automated processes and/or functions. It includes computer hardware, software, peripheral devices, networks and documentation, e.g. manuals and standard operating procedures, as well as the personnel interfacing with the hardware and software, e.g. users and information technology support personnel.2  
Computerised System Specification A document or set of documents that describe how a computerised system will satisfy the system requirements of the computer related system. 
Computer System Transactions A computerised system transaction is a single operation or sequence of operations performed as a single logical “unit of work”. The operation(s) that makes a transaction may not be saved as a permanent record on durable storage until the user commits the transaction through a deliberate act (e.g. pressing a save button), or until the system forces the saving of data.3  
Computerised System Validation Establishing documented evidence that provides a high degree of assurance that a specific computer related system will consistently operate in accordance with predetermined specifications.1  
Confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled.13  
Control Strategy A planned set of controls, derived from current protocol, test article or product and process understanding, which assures protocol compliance, process performance, product quality and data reliability, as applicable. The controls should include appropriate parameters and quality attributes related to study subjects, test systems, product materials and components, technologies and equipment, facilities, operating conditions, specifications and the associated methods and frequency of monitoring and control.2  
Configuration – 1 The arrangement of a computer system or component as defined by the number, nature, and interconnections of its constituent parts (IEEE). 
Configuration – 2 Changing the business process automated by an application by modifying the parameters within the software provided by the supplier (also known as parameterisation). 
Configuration Baseline Configuration of a system established at a specific point in time, which captures the structure and details of the system and enables that system to be rebuilt at a later date (ITIL). 
Configuration Item (CI) Component of an infrastructure or system or an item such as Request for Change that is under the control of Configuration Management. Configuration Items may vary widely in complexity, size and type – from an entire system (including all hardware, software and documentation) to a single module or a minor hardware component (ITIL). 
Configuration Management A system for identifying the configuration of hardware, software, firmware or documentation of a computerised system at discrete points in time with the purpose of systematically controlling changes to the configuration and maintaining the integrity and traceability of the configuration throughout the system life cycle. 
Corrective Action and Preventative Action (CAPA) System for implementing corrective actions and preventative actions resulting from the investigation of non-conformances, deviations, audits, regulatory inspections and findings.14  
Actions taken to improve an organisation's processes and to eliminate causes of non-conformities or other undesirable situations. CAPA is a concept common across the GXPs (good laboratory practices, good clinical practices and good manufacturing practices), and numerous International Organization for Standardization business standards.2  
COTS Software Commercial off the shelf software application is used as is without altering the basic program. 
Configurable off the shelf software applications that can be configured to specific user applications by “filling in the blanks” without altering the basic program. 
Author Note: This term should not be used in a validation project as the term is confusing. A much better approach is to use the GAMP Software category. 
Controlled Function A process and any related equipment controlled by a computer system. 
Customisation Changing the business process automated by an application by writing software modules to add to an existing commercial application. 
Note enhancement of an application via a supplier language is custom code. 
Data Facts, figures and statistics collected together for reference or analysis.6  
Data means all original records and true copies of original records, including source data and metadata and all subsequent transformations and reports of these data, which are generated or recorded at the time of the GXP activity and allow full and complete reconstruction and evaluation of the GXP activity.6  
Facts and statistics collected together for reference or analysis. Data governance measures should also ensure that data are compete, consistent and enduring throughout the lifecycle.7  
Data Governance The sum total of arrangements to ensure that data, irrespective of the format in which it is generated, is recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle.6  
The totality of arrangements to ensure that data, irrespective of the format in which they are generated, are recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data life cycle.7  
The sum total of arrangements to ensure that data, irrespective of the format in which it is generated, is recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle.7  
The arrangements to ensure that data, irrespective of the format in which they are generated, are recorded, processed, retained and used to ensure the record throughout the data lifecycle.3  
Data Integrity The extent to which all data are complete, consistent and accurate throughout the data lifecycle.6  
Data integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA).8  
Data integrity is the degree to which data are complete, consistent, accurate, trustworthy and reliable and that these characteristics of the data are maintained throughout the data life cycle. The data should be collected and maintained in a secure manner, such that they are attributable, legible, contemporaneously recorded, original or a true copy and accurate. Assuring data integrity requires appropriate quality and risk management systems, including adherence to sound scientific principles and good documentation practices.2  
The extent to which all data are complete, consistent and accurate throughout the data lifecycle.15  
Data integrity is the degree to which data are complete, consistent, accurate, trustworthy, reliable and that these characteristics of the data are maintained throughout the data life cycle. The data should be collected and maintained in a secure manner, so that they are attributable, legible, contemporaneously recorded, original (or a true copy) and accurate. Assuring data integrity requires appropriate quality and risk management systems, including adherence to sound scientific principles and good documentation practices.3  
Data Lifecycle All phases in the life of the data (including raw data) from initial generation and recording through processing (including transformation or migration), use, data retention, archive/retrieval and destruction.6  
All phases of the process by which data are created, recorded, processed, reviewed, analysed and reported, transferred, stored and retrieved and monitored until retirement and disposal. There should be a planned approach to assessing, monitoring and managing the data and the risks to those data in a manner commensurate with potential impact on patient safety, product quality and/or the reliability of the decisions made throughout all phases of the data life cycle.2  
All phases in the life of the data (including raw data) from initial generation and recording through processing (including analysis, transformation or migration), use, data retention, archive/retrieval and destruction.15  
All phases in the life of the data from generation and recording through processing (including analysis, transformation or migration), use, data retention, archive/retrieval and destruction.3  
Data Processing A sequence of operations performed on data in order to extract, present or obtain information in a defined format. Examples might include: statistical analysis of individual patient data to present trends or conversion of a raw electronic signal to a chromatogram and subsequently a calculated numerical result.3  
Data Quality The assurance that data produced is exactly what was intended to be produced and fit for its intended purpose. This incorporates ALCOA.3  
Data Retention Data retention may be classified as either archive (protected data for long term storage) or backup (dynamic data for the purposes of disaster recovery).7  
Data Review There should be a procedure that describes the process for the review and approval of data. Data review should also include a review of relevant metadata, including audit trails.7  
Data Transfer/Migration Data transfer is the process of transferring data and metadata between storage media types or computer systems. 
Data migration changes the format of data to make it usable or visible on an alternative computerised system. 
Data transfer/migration should be designed and validated to ensure that data integrity principles are maintained.7  
Dynamic Data/Record Dynamic data means that the record format allows interaction between the user and the record content, e.g. interpretation of a chromatography data file for integration of the peaks of interest.16  
Records in dynamic format, such as electronic records, that allow for an interactive relationship between the user and the record content. For example, electronic records in database formats allow the user to track, trend and query data; chromatography records maintained as electronic records allow the user (with proper access permissions) to reprocess the data and expand the baseline to view the integration more clearly.2  
Information that is originally captured in a dynamic state should remain available in that state.3  
Design Qualification (DQ) The documented verification that the proposed design of the facilities, systems and equipment is suitable for the intended purpose.11  
DQ is the documented collection of activities that define the functional and operational specifications of the instrument, including the criteria for selection of the supplier, based on the intended purpose of the instrument. DQ states what the laboratory wants the instrument to do and shows that the selected one is suitable.17  
DQ is the documented collection of activities that define the functional and operational specifications and intended purpose of the instrument. DQ states what the laboratory wants the instrument to do and shows that the selected one is suitable.4  
Developer The company, group or individuals responsible for developing a system or some portion of a software application. 
Electronic Signature A signature in digital form (bio-metric or non-biometric) that represents the signatory. This should be equivalent in legal terms to the handwritten signature of the signatory.3  
Excluding Data Data may only be excluded where it can be demonstrated through sound science that the data is anomalous or non-representative. In all cases, this justification should be documented and considered during data review and reporting. All data (even if excluded) should be retained with the original data set, and be available for review in a format that allows the validity of the decision to exclude the data to be confirmed.7  
Exception Report A validated search tool that identifies and documents predetermined “abnormal” data or actions, which requires further attention or investigation by the data reviewer.6  
Flat File A “flat file” is an individual record that may not carry any additional metadata with it, other than that which is included in the file itself.6  
A “flat file” is an individual record that may not carry any additional metadata with it, other than that included in the file itself.7  
Firmware A software program permanently recorded in a hardware device such as a chip or EPROM. 
Typified by GAMP software category 2 (now unfortunately discontinued) or USP <1058> Group B analytical instruments.4  
Fully Electronic Approach This term refers to use of a computerised system in which the original electronic records are electronically signed.2  
Functional Requirements Statements that describe functions a computer related system must be capable of performing. 
Functional Specification Statements of how the computerised system will satisfy functional requirements of the computer related system. Typically for a CDS validation, this is replaced by a configuration specification. 
Functional Testing A process for verifying that software, a system or a system component performs its intended functions. 
Good Data and Record Management Practices The totality of organised measures that should be in place to collectively and individually ensure that data and records are secure, attributable, legible, traceable, permanent, contemporaneously recorded, original and accurate and that if not robustly implemented can impact on data reliability and completeness and undermine the robustness of decision making based upon those data records.2  
Good Documentation Practices The measures that collectively and individually ensure documentation, whether paper or electronic, is secure, attributable, legible, traceable, permanent, contemporaneously recorded, original and accurate.2  
GXP Acronym for the group of good practice guides governing the preclinical, manufacturing, testing, storage, and distribution for regulated pharmaceuticals, biologicals and medical devices, such as good laboratory practice, good clinical practice and good manufacturing practice.2  
Harm Physical injury or damage to the health of people, or damage to property or the environment. Note this is for a medical device; this needs to be interpreted as the consequences of a software error or malfunction of the system.18  
Hazard A potential source of harm.18  
Hybrid System The use of a computerised system in which there is a combination of original electronic records and paper records that comprise the total record set that should be reviewed and retained. The hybrid approach requires a secure link between all record types, including paper and electronic, throughout the records retention period.2  
Inspection The action by a regulatory authority of conducting an official review of facilities, documents, records, systems and any other resources to determine compliance with applicable regulations. 
Installation Qualification (IQ) Documented verification that the facilities, systems and equipment, as installed or modified, comply with the approved design and the manufacturer's recommendations.11  
IQ is the documented collection of activities necessary to establish that an instrument is delivered as designed and specified, and is properly installed in the selected environment, and that this environment is suitable for the instrument.17  
IQ is the documented collection of activities necessary to establish that an instrument is delivered as designed and specified, is properly installed in the selected environment, and that this environment is suitable for the instrument.4  
Instrument Instrument includes any apparatus, equipment, instrument, or instrument system used in pharmacopoeial analyses.4  
IT Infrastructure The hardware and software such as networking software and operating systems, which makes it possible for the application to function.9  
Life cycle (Computerised System) All phases in the life of the system from initial requirements until retirement including design, specification, programming, testing, installation, operation, and maintenance.9  
Maintenance Actions performed to keep an analytical instrument in a state of proper function so that it continues to operate within the boundaries set during qualification or validation.4  
Metadata Data that describe the attributes of other data, and provide context and meaning.6  
Metadata is the contextual information required to understand data. A data value is by itself meaningless without additional information about the data. Metadata is often described as data about data. Metadata is structured information that describes, explains, or otherwise makes it easier to retrieve, use, or manage data.8  
Metadata are data about data that provide the contextual information required to understand those data. These include structural and descriptive metadata. Such data describe the structure, data elements, interrelationships and other characteristics of data. They also permit data to be attributable to an individual. Metadata necessary to evaluate the meaning of data should be securely linked to the data and subject to adequate review.2  
Metadata are data that describe the attributes of other data and provide context and meaning. Typically, these are data that describe the structure, data elements, inter-relationships and other characteristics of data, e.g. audit trails. Metadata also permit data to be attributable to an individual (or if automatically generated, to the original data source). Metadata forms an integral part of the original record. Without metadata, the data has no meaning.3  
Ongoing Evaluation The dynamic process employed after a system's initial validation to maintain its validated state. 
Operating Environment Those conditions and activities interfacing directly or indirectly with the system of concern, control of which can affect the system's validated state. 
Operating System A set of software programs provided with a computer that function as the interface between the hardware and the applications program. 
Operational Qualification (OQ) The documented verification that the facilities, systems and equipment, as installed or modified, perform as intended throughout the anticipated operating ranges.11  
Operational Qualification (OQ) is the documented collection of activities necessary to demonstrate that an instrument will function according to its operational specification testing in the selected environment. OQ demonstrates fitness of purpose for the user's ways of working, and should reflect the contents of the DQ document.17  
OQ is the documented collection of activities necessary to demonstrate that an instrument will function according to its operational specification testing in the selected environment. OQ demonstrates fitness for the selected use, and should reflect the contents of the DQ document.4  
Original record Data as the file or format in which it was originally generated, preserving the integrity (accuracy, completeness, content and meaning) of the record, e.g. original paper record of manual observation, or electronic raw data file from a computerised system.7  
The first or source capture of data or information, e.g. original paper record of manual observation or electronic raw data file from a computerised system, and all subsequent data required to fully reconstruct the conduct of the GXP activity. Original records can be Static or Dynamic.3  
Out of Specification (OOS) Result A reportable result outside of specification or acceptance criteria limits. As we are dealing with specifications, OOS results can apply to test of raw materials, starting materials, active pharmaceutical ingredients and finished products but not for in-process testing. If a system suitability test fails this will not generate an OOS result as the whole run would be invalidated, however, there needs to be an investigation of the failure.19  
Out of Trend (OOT) Result Not an out of specification result but does not fit with the expected distribution of results. This can include a single result outside of acceptance limits for a replicate result used to calculate a reportable result. If investigated, the same rules as OOS should be followed. 
Outsourced Activities Activities conducted by a contract acceptor under a written agreement with a contract giver.14  
Path Testing Execution of important control flow paths throughout the program. 
Performance Qualification (PQ) The documented verification that the facilities, systems and equipment, as connected together, can perform effectively and reproducibly, based on the approved process method and product specification.11  
The documented verification that the integrated computerised system performs as intended in its normal operating environment, i.e. that computer related system performs as intended.1  
Performance Qualification (PQ) is the documented collection of activities necessary to demonstrate that an instrument consistently performs according to the specifications defined by the user, and is appropriate for the intended use. The PQ verifies the fitness for purpose of the instrument under actual conditions of use. After IQ and OQ have been performed, the instrument's continued suitability for its intended use is demonstrated through continued performance qualification.4,17  
Policy A directive usually specifying what is to be accomplished. 
Process Structured activities intended to achieve a desired outcome. 
Process Owner The person responsible for the business process.9  
Prospective Validation Validation carried out before routine use of the system.11  
Qualification Action of proving that any equipment works correctly and actually leads to the expected results. The word validation is sometimes widened to incorporate the concept of qualification.5  
Action of proving and documenting that equipment or ancillary systems are properly installed, work correctly and actually lead to the expected results. Qualification is part of validation, but the individual qualification steps alone do not constitute process validation.10  
Action of proving that any instrument works correctly and delivers the expected results; demonstration of fitness for purpose.4  
Qualification Protocol A prospective experimental plan that when executed is intended to produce documented evidence that a system or subsystem has been qualified properly. 
Quality The degree of which a set of properties of a product, system or process fulfils requirements.20  
Quality Assurance The sum total of organised arrangements made with the object of ensuring that all APIs are of the quality required for their intended use and that quality systems are maintained.10  
Quality Control Checking or testing that specifications are met.10  
Quality Unit An organisational unit independent of production that fulfils both Quality Assurance and Quality Control responsibilities. This can be in the form of separate QC and QA units or a single individual or group depending on the size of the organisation.10  
Raw Data Original records, retained in the format in which they were originally generated (i.e. paper or electronic), or as a “true copy”. Raw data must be contemporaneously and accurately recorded by permanent means. The definition of “original records” currently varies across regulatory documents. By its nature, paper copies of raw data generated electronically cannot be considered as “raw data”. Raw data must permit the full reconstruction of the activities resulting in the generation of the data. In the case of basic electronic equipment that does not store electronic data, or provides only a printed data output (e.g. balance or pH meter), the printout constitutes the raw data.21  
Raw data is defined as the original record (data) that can be described as the first-capture of information, whether recorded on paper or electronically.3  
Raw data means any laboratory worksheets, records, memoranda, notes, or exact copies thereof, that are the result of original observations and activities of a nonclinical laboratory study and are necessary for the reconstruction and evaluation of the report of that study 21 CFR 58.3(k).22  
Recording Data Companies should have an appropriate level of process understanding and technical knowledge of systems used for data recording, including their capabilities, limitations and vulnerabilities.21  
Reportable Result The term reportable result as used in this document means a final analytical result. This result is appropriately defined in the written approved test method and derived from one full execution of that method/procedure, starting from the sample. Compared with the specification to determine pass/fail of a test.19  
Retrospective Validation Validation of a process or system after it has become operational.10  
Revalidation A repeat of all or part of the validation to provide assurance that changes in the system introduced in accordance with change control procedures do not adversely affect the system operation or data integrity. 
Risk Combination of the probability of occurrence of harm and the severity of that harm.18  
Risk analysis The systematic use of available information to identify hazards and estimate the risk.18  
Risk assessment The overall process of a risk analysis and risk evaluation.18  
Risk evaluation Judgement, on the basis of risk analysis, of whether a risk that is acceptable has been achieved in a given context.18  
Risk management The systematic application of management policies, procedures and practices to the tasks of analysing, evaluating and controlling risk.18  
Self-Inspection An internal evaluation of compliance with applicable regulation in relevant regulated areas.2  
Senior Management Person(s) who direct and control a company or site at the highest levels with the authority and responsibility to mobilise resources within the company or site.2  
Severity Measure of the possible consequences of a hazard.18  
Software Configuration Adaptation of software functions to a business process using tools provided within the application by the supplier of the software.4  
Software Customisation Changing the way software automates a business process by the addition of externally custom coded software modules using a recognised programming language or the development of macros within the application software.4  
Standard Operating Procedure Instructions that specify how an activity or process is to be performed 
Static Data/Record Static record format is used to indicate a fixed-data document such as a paper record or an electronic image.8  
A static record format, such as a paper or pdf record, is one that is fixed and allows little or no interaction between the user and the record content. For example, once printed or converted to static pdfs, chromatography records lose the capability of being reprocessed or enabling more detailed viewing of baselines.2  
Structural Integrity Software attributes reflecting the degree to which source code satisfies specified software requirements and conforms to contemporary software development. 
Structural Verification An activity intended to produce documented assurance that software has the appropriate structural integrity. 
Supplier The company or group responsible for developing, constructing and delivering a software application, computerised system or part of a system. 
This term is used generically and can mean the manufacturer, a vendor, a service agent, or a consultant, depending on the circumstances.4  
System Owner The person responsible for the availability, and maintenance of a computerised system and for the security of the data residing on that system.9  
Third Party Parties not directly managed by the holder of the manufacturing and/or import authorisation.9  
True Copy/Certified Copy/Verified Copy A true copy is a copy of an original recording of data that has been verified and certified to confirm it is an exact and complete copy that preserves the entire content and meaning of the original record, including, in the case of electronic data, all essential metadata and the original record format as appropriate.2  
A copy of original information that has been verified as an exact (accurate and complete) copy having all of the same attributes and information as the original. The copy may be verified by dated signature or by a validated electronic signature. A true copy may be retained in a different electronic file format to the original record, if required, but must retain the equivalent static/dynamic nature of the original record.7  
A copy (irrespective of the type of media used) of the original record that has been verified (i.e. by a dated signature or by generation through a validated process) to have the same information, including data that describe the context, content, and structure, as the original.3  
User The company or group responsible for the operation of the system. 
User access/system administrator roles Full use should be made of access controls to ensure that people have access only to functionality that is appropriate for their job role, and that actions are attributable to a specific individual. Companies must be able to demonstrate the access levels granted to individual staff members and ensure that historical information regarding user access level is available. Controls should be applied at both the operating system and application levels. Shared logins or generic user access should not be used. Where the computerised system design supports individual user access, this function must be used. This may require the purchase of additional licences.7  
Validated scanning process A process whereby documents/items are scanned as a process with added controls such as location identifiers and OCR so that each page duplicated does not have to be further checked by a human.3  
Validation – for intended purpose Computerised systems should comply with regulatory requirements and associated guidance and be validated for their intended purpose. This requires an understanding of the computerised system's function within a process. For this reason, the acceptance of vendor-supplied validation data in isolation of system configuration and intended use is not acceptable. In isolation from the intended process or end user IT infrastructure, vendor testing is likely to be limited to functional verification only and may not fulfil the requirements for performance qualification. 
Validation Master Plan A document providing information on the company's validation work programme. It should define details of and timescales for the validation work to be performed. Responsibilities relating to the plan should be stated.23  
Validation Plan A document that identifies all systems and subsystems involved in a specific validation effort and the approach by which they will be qualified and the total system will be validated; includes the identification of responsibilities and expectations. 
Worst Case Requirements or set of requirements that can include upper and lower limits and circumstances for a computerised system. Typically represent the limits of use within a specific laboratory. 
TermMeaning
Acceptance Criteria The criteria a system must meet to satisfy a test or other requirement.1  
ALCOA A commonly used acronym for “attributable, legible, contemporaneous, original and accurate”.2  
ALCOA+ A commonly used acronym for “attributable, legible, contemporaneous, original and accurate”, which puts additional emphasis on the attributes of being complete, consistent, enduring and available – implicit basic ALCOA principles.2  
ALCOA-plus The guidance refers to the acronym ALCOA rather than “ALCOA+”. ALCOA being Attributable, Legible, Contemporaneous, Original, and Accurate and the “+” referring to Complete, Consistent, Enduring, and Available. ALCOA was historically regarded as defining the attributes of data quality that are suitable for regulatory purposes. The “+” has been subsequently added to emphasise the requirements. There is no difference in expectations regardless of which acronym is used since data governance measures should ensure that data is complete, consistent, enduring and available throughout the data lifecycle.3  
Analytical Instrument Qualification (AIQ) AIQ is the collection of documented evidence that an instrument performs suitably for its intended purpose. Use of a qualified instrument in analyses contributes to confidence in the validity of generated data.4  
Application Software installed on a defined platform/hardware providing specific functionality.5  
Archival Archiving is the process of protecting records from the possibility of being further altered or deleted, and storing these records under the control of independent data management personnel throughout the required retention period. Archived records should include, for example, associated metadata and electronic signatures.2  
Archive Long term, permanent retention of completed data and relevant metadata in its final form for the purposes of reconstruction of the process or activity.6  
A designated secure area or facility (e.g. cabinet, room, building or computerised system) for the long term, permanent retention of complete data and relevant metadata in its final form for the purposes of reconstruction of the process or activity.7  
A designated secure area or facility (e.g. cabinet, room, building or computerised system) for the long term, retention of data and metadata for the purposes of verification of the process or activity.3  
Archivist An independent individual designated in good laboratory practice (GLP) who has been authorised by management to be responsible for the management of the archive, i.e. for the operations and procedures for archiving.2  
Audit An audit is a formal, independent, disciplined and objective review activity designed to assess the performance of a process or system with regards to established regulations and procedures. There are internal audits, second party audits (between two companies) and third-party audits (using an independent auditor). 
Audit Trail GMP/GDP audit trails are metadata that are a record of GMP/GDP critical information (for example, the change or deletion of GMP/GDP relevant data), which permit the reconstruction of GMP/GDP activities.6  
A secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. An audit trail is a chronology of the “who, what, when, and why” of a record. Electronic audit trails include those that track creation, modification, or deletion of data (such as processing parameters and results) and those that track actions at the record or system level (such as attempts to access the system or rename or delete a file).8  
Audit trail means a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. An audit trail is a chronology of the “who, what, when, and why” of a record.2  
Audit trails are metadata that are a record of critical information (for example, the change or deletion of relevant data) that permit the reconstruction of activities.7  
The audit trail is a form of metadata containing information associated with actions that relate to the creation, modification or deletion of GXP records. An audit trail provides for secure recording of life-cycle details such as creation, additions, deletions or alterations of information in a record, either paper or electronic, without obscuring or overwriting the original record. An audit trail facilitates the reconstruction of the history of such events relating to the record regardless of its medium, including the “who, what, when and why” of the action.3  
Back-up A copy of current (editable) data, metadata and system configuration settings (e.g. variable settings that relate to an analytical run) maintained for the purpose of disaster recovery.6  
A true copy of the original data that is maintained securely throughout the records retention period (for example, § 211.180). The backup file should contain the data (which includes associated metadata) and should be in the original format or in a format compatible with the original format.8  
A copy of one or more electronic files created as an alternative in case the original data or system are lost or become unusable (e.g. in the event of a system crash or corruption of a disk). 
It is important to note that backup differs from archival in that back-up copies of electronic records are typically only temporarily stored for the purposes of disaster recovery and may be periodically overwritten. Such temporary back-up copies should not be relied upon as an archival mechanism.2  
A copy of current (editable) data, metadata and system configuration settings (variable settings that relate to a record or analytical run) maintained for the purpose of disaster recovery.7  
A copy of current (editable) data, metadata and system configuration settings maintained for recovery including disaster recovery.3  
FDA uses the term backup in § 211.68(b) to refer to a true copy of the original data that is maintained securely throughout the records retention period (for example, § 211.180). The backup file should contain the data (which includes associated metadata) and should be in the original format or in a format compatible with the original format. This should not be confused with backup copies that may be created during normal computer use and temporarily maintained for disaster recovery (e.g., in case of a computer crash or other interruption).8  
Bespoke/Customised Computerised System A computerised system individually designed to suit a specific business process.9  
Boundary Value A minimum or maximum input, output or internal data value, applicable to a system.1  
Branch Testing Execution of tests to assure that every branch alternative has been exercised at least once. 
Calibration The demonstration that a particular instrument or device results within specified limits by comparison with those produced by a reference or traceable standard over an appropriate range of measurements.10  
An operation that, under specified conditions, in a first step, establishes a relation between the quantity values, with measurement uncertainties provided by measurement standards, and corresponding indications with associated measurement uncertainties and, in a second step, uses this information to establish a relation for obtaining a measurement result from an indication. Note that:

  1. A calibration may be expressed by a statement, calibration function, calibration diagram, calibration curve, or calibration table. In some cases, it may consist of an additive or multiplicative correction of the indication with associated measurement uncertainty.

  2. Calibration should not be confused with adjustment of a measuring system, often mistakenly called “self-calibration”, or with verification of calibration.

  3. Often, the first step alone in the above definition is perceived as being calibration.4 

 
Change The addition, modification or removal of approved, supported or baselined hardware, network, software, application, environment, system, desktop build or associated documentation (ITIL). 
Change Advisory Board A group of people who can give expert advice to change management on the implementation of changes. This board is likely to be made up of representatives from all areas within IT and representatives from business units (ITIL). 
Change Control A formal monitoring system by which qualified representatives of appropriate disciplines review proposed or actual changes that might affect a validated status to determine the need for corrective action that would assure that the system retains its validated state.11  
Change History Auditable information that records, for example, what was done, when it was done by who and why (ITIL). 
Change Management Process of controlling Changes to the system or any aspect of services, in a controlled manner, enabling approved Changes with minimum disruption (ITIL). 
Code of Federal Regulations (CFR) The codification of the general rules of the United States of America published in the Federal Register by the executive departments and agencies of the Federal Government. Divided into 50 titles that represent the areas regulated by the US Government. 
Commercial off the shelf software Software commercially available, whose fitness for use is demonstrated by a broad spectrum of users.9  
Author note: this term can be abused and can be used to confuse. GAMP software categories should be used instead. 
Commissioning The setting up, adjustment and testing of equipment or a system to ensure that it meets all the requirements, specified in the user requirements specification, and capacities specified by the designer or developer. Commissioning is carried out before qualification and validation (WHO GMP). 
Computer Hardware Various hardware components in the computer system, including the central processing unit, printer, screen and other related apparatus. 
Computer System Computer hardware components assembled to perform in conjunction with a set of programs, which are collectively designed to perform a specific function or group of functions. 
A group of hardware components and associated software designed and assembled to perform a specific function or group of functions.9  
Computerised System A system including the input of data, electronic processing and the output of information to be used either for reporting or automatic control.5  
People, machines, and methods organised to accomplish a set of specific functions. Computer or related systems can refer to computer hardware, software, peripheral devices, networks, cloud infrastructure, operators, and associated documents (e.g., user manuals and standard operating procedures).12  
A computerised system collectively controls the performance of one or more automated processes and/or functions. It includes computer hardware, software, peripheral devices, networks and documentation, e.g. manuals and standard operating procedures, as well as the personnel interfacing with the hardware and software, e.g. users and information technology support personnel.2  
Computerised System Specification A document or set of documents that describe how a computerised system will satisfy the system requirements of the computer related system. 
Computer System Transactions A computerised system transaction is a single operation or sequence of operations performed as a single logical “unit of work”. The operation(s) that makes a transaction may not be saved as a permanent record on durable storage until the user commits the transaction through a deliberate act (e.g. pressing a save button), or until the system forces the saving of data.3  
Computerised System Validation Establishing documented evidence that provides a high degree of assurance that a specific computer related system will consistently operate in accordance with predetermined specifications.1  
Confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled.13  
Control Strategy A planned set of controls, derived from current protocol, test article or product and process understanding, which assures protocol compliance, process performance, product quality and data reliability, as applicable. The controls should include appropriate parameters and quality attributes related to study subjects, test systems, product materials and components, technologies and equipment, facilities, operating conditions, specifications and the associated methods and frequency of monitoring and control.2  
Configuration – 1 The arrangement of a computer system or component as defined by the number, nature, and interconnections of its constituent parts (IEEE). 
Configuration – 2 Changing the business process automated by an application by modifying the parameters within the software provided by the supplier (also known as parameterisation). 
Configuration Baseline Configuration of a system established at a specific point in time, which captures the structure and details of the system and enables that system to be rebuilt at a later date (ITIL). 
Configuration Item (CI) Component of an infrastructure or system or an item such as Request for Change that is under the control of Configuration Management. Configuration Items may vary widely in complexity, size and type – from an entire system (including all hardware, software and documentation) to a single module or a minor hardware component (ITIL). 
Configuration Management A system for identifying the configuration of hardware, software, firmware or documentation of a computerised system at discrete points in time with the purpose of systematically controlling changes to the configuration and maintaining the integrity and traceability of the configuration throughout the system life cycle. 
Corrective Action and Preventative Action (CAPA) System for implementing corrective actions and preventative actions resulting from the investigation of non-conformances, deviations, audits, regulatory inspections and findings.14  
Actions taken to improve an organisation's processes and to eliminate causes of non-conformities or other undesirable situations. CAPA is a concept common across the GXPs (good laboratory practices, good clinical practices and good manufacturing practices), and numerous International Organization for Standardization business standards.2  
COTS Software Commercial off the shelf software application is used as is without altering the basic program. 
Configurable off the shelf software applications that can be configured to specific user applications by “filling in the blanks” without altering the basic program. 
Author Note: This term should not be used in a validation project as the term is confusing. A much better approach is to use the GAMP Software category. 
Controlled Function A process and any related equipment controlled by a computer system. 
Customisation Changing the business process automated by an application by writing software modules to add to an existing commercial application. 
Note enhancement of an application via a supplier language is custom code. 
Data Facts, figures and statistics collected together for reference or analysis.6  
Data means all original records and true copies of original records, including source data and metadata and all subsequent transformations and reports of these data, which are generated or recorded at the time of the GXP activity and allow full and complete reconstruction and evaluation of the GXP activity.6  
Facts and statistics collected together for reference or analysis. Data governance measures should also ensure that data are compete, consistent and enduring throughout the lifecycle.7  
Data Governance The sum total of arrangements to ensure that data, irrespective of the format in which it is generated, is recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle.6  
The totality of arrangements to ensure that data, irrespective of the format in which they are generated, are recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data life cycle.7  
The sum total of arrangements to ensure that data, irrespective of the format in which it is generated, is recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle.7  
The arrangements to ensure that data, irrespective of the format in which they are generated, are recorded, processed, retained and used to ensure the record throughout the data lifecycle.3  
Data Integrity The extent to which all data are complete, consistent and accurate throughout the data lifecycle.6  
Data integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA).8  
Data integrity is the degree to which data are complete, consistent, accurate, trustworthy and reliable and that these characteristics of the data are maintained throughout the data life cycle. The data should be collected and maintained in a secure manner, such that they are attributable, legible, contemporaneously recorded, original or a true copy and accurate. Assuring data integrity requires appropriate quality and risk management systems, including adherence to sound scientific principles and good documentation practices.2  
The extent to which all data are complete, consistent and accurate throughout the data lifecycle.15  
Data integrity is the degree to which data are complete, consistent, accurate, trustworthy, reliable and that these characteristics of the data are maintained throughout the data life cycle. The data should be collected and maintained in a secure manner, so that they are attributable, legible, contemporaneously recorded, original (or a true copy) and accurate. Assuring data integrity requires appropriate quality and risk management systems, including adherence to sound scientific principles and good documentation practices.3  
Data Lifecycle All phases in the life of the data (including raw data) from initial generation and recording through processing (including transformation or migration), use, data retention, archive/retrieval and destruction.6  
All phases of the process by which data are created, recorded, processed, reviewed, analysed and reported, transferred, stored and retrieved and monitored until retirement and disposal. There should be a planned approach to assessing, monitoring and managing the data and the risks to those data in a manner commensurate with potential impact on patient safety, product quality and/or the reliability of the decisions made throughout all phases of the data life cycle.2  
All phases in the life of the data (including raw data) from initial generation and recording through processing (including analysis, transformation or migration), use, data retention, archive/retrieval and destruction.15  
All phases in the life of the data from generation and recording through processing (including analysis, transformation or migration), use, data retention, archive/retrieval and destruction.3  
Data Processing A sequence of operations performed on data in order to extract, present or obtain information in a defined format. Examples might include: statistical analysis of individual patient data to present trends or conversion of a raw electronic signal to a chromatogram and subsequently a calculated numerical result.3  
Data Quality The assurance that data produced is exactly what was intended to be produced and fit for its intended purpose. This incorporates ALCOA.3  
Data Retention Data retention may be classified as either archive (protected data for long term storage) or backup (dynamic data for the purposes of disaster recovery).7  
Data Review There should be a procedure that describes the process for the review and approval of data. Data review should also include a review of relevant metadata, including audit trails.7  
Data Transfer/Migration Data transfer is the process of transferring data and metadata between storage media types or computer systems. 
Data migration changes the format of data to make it usable or visible on an alternative computerised system. 
Data transfer/migration should be designed and validated to ensure that data integrity principles are maintained.7  
Dynamic Data/Record Dynamic data means that the record format allows interaction between the user and the record content, e.g. interpretation of a chromatography data file for integration of the peaks of interest.16  
Records in dynamic format, such as electronic records, that allow for an interactive relationship between the user and the record content. For example, electronic records in database formats allow the user to track, trend and query data; chromatography records maintained as electronic records allow the user (with proper access permissions) to reprocess the data and expand the baseline to view the integration more clearly.2  
Information that is originally captured in a dynamic state should remain available in that state.3  
Design Qualification (DQ) The documented verification that the proposed design of the facilities, systems and equipment is suitable for the intended purpose.11  
DQ is the documented collection of activities that define the functional and operational specifications of the instrument, including the criteria for selection of the supplier, based on the intended purpose of the instrument. DQ states what the laboratory wants the instrument to do and shows that the selected one is suitable.17  
DQ is the documented collection of activities that define the functional and operational specifications and intended purpose of the instrument. DQ states what the laboratory wants the instrument to do and shows that the selected one is suitable.4  
Developer The company, group or individuals responsible for developing a system or some portion of a software application. 
Electronic Signature A signature in digital form (bio-metric or non-biometric) that represents the signatory. This should be equivalent in legal terms to the handwritten signature of the signatory.3  
Excluding Data Data may only be excluded where it can be demonstrated through sound science that the data is anomalous or non-representative. In all cases, this justification should be documented and considered during data review and reporting. All data (even if excluded) should be retained with the original data set, and be available for review in a format that allows the validity of the decision to exclude the data to be confirmed.7  
Exception Report A validated search tool that identifies and documents predetermined “abnormal” data or actions, which requires further attention or investigation by the data reviewer.6  
Flat File A “flat file” is an individual record that may not carry any additional metadata with it, other than that which is included in the file itself.6  
A “flat file” is an individual record that may not carry any additional metadata with it, other than that included in the file itself.7  
Firmware A software program permanently recorded in a hardware device such as a chip or EPROM. 
Typified by GAMP software category 2 (now unfortunately discontinued) or USP <1058> Group B analytical instruments.4  
Fully Electronic Approach This term refers to use of a computerised system in which the original electronic records are electronically signed.2  
Functional Requirements Statements that describe functions a computer related system must be capable of performing. 
Functional Specification Statements of how the computerised system will satisfy functional requirements of the computer related system. Typically for a CDS validation, this is replaced by a configuration specification. 
Functional Testing A process for verifying that software, a system or a system component performs its intended functions. 
Good Data and Record Management Practices The totality of organised measures that should be in place to collectively and individually ensure that data and records are secure, attributable, legible, traceable, permanent, contemporaneously recorded, original and accurate and that if not robustly implemented can impact on data reliability and completeness and undermine the robustness of decision making based upon those data records.2  
Good Documentation Practices The measures that collectively and individually ensure documentation, whether paper or electronic, is secure, attributable, legible, traceable, permanent, contemporaneously recorded, original and accurate.2  
GXP Acronym for the group of good practice guides governing the preclinical, manufacturing, testing, storage, and distribution for regulated pharmaceuticals, biologicals and medical devices, such as good laboratory practice, good clinical practice and good manufacturing practice.2  
Harm Physical injury or damage to the health of people, or damage to property or the environment. Note this is for a medical device; this needs to be interpreted as the consequences of a software error or malfunction of the system.18  
Hazard A potential source of harm.18  
Hybrid System The use of a computerised system in which there is a combination of original electronic records and paper records that comprise the total record set that should be reviewed and retained. The hybrid approach requires a secure link between all record types, including paper and electronic, throughout the records retention period.2  
Inspection The action by a regulatory authority of conducting an official review of facilities, documents, records, systems and any other resources to determine compliance with applicable regulations. 
Installation Qualification (IQ) Documented verification that the facilities, systems and equipment, as installed or modified, comply with the approved design and the manufacturer's recommendations.11  
IQ is the documented collection of activities necessary to establish that an instrument is delivered as designed and specified, and is properly installed in the selected environment, and that this environment is suitable for the instrument.17  
IQ is the documented collection of activities necessary to establish that an instrument is delivered as designed and specified, is properly installed in the selected environment, and that this environment is suitable for the instrument.4  
Instrument Instrument includes any apparatus, equipment, instrument, or instrument system used in pharmacopoeial analyses.4  
IT Infrastructure The hardware and software such as networking software and operating systems, which makes it possible for the application to function.9  
Life cycle (Computerised System) All phases in the life of the system from initial requirements until retirement including design, specification, programming, testing, installation, operation, and maintenance.9  
Maintenance Actions performed to keep an analytical instrument in a state of proper function so that it continues to operate within the boundaries set during qualification or validation.4  
Metadata Data that describe the attributes of other data, and provide context and meaning.6  
Metadata is the contextual information required to understand data. A data value is by itself meaningless without additional information about the data. Metadata is often described as data about data. Metadata is structured information that describes, explains, or otherwise makes it easier to retrieve, use, or manage data.8  
Metadata are data about data that provide the contextual information required to understand those data. These include structural and descriptive metadata. Such data describe the structure, data elements, interrelationships and other characteristics of data. They also permit data to be attributable to an individual. Metadata necessary to evaluate the meaning of data should be securely linked to the data and subject to adequate review.2  
Metadata are data that describe the attributes of other data and provide context and meaning. Typically, these are data that describe the structure, data elements, inter-relationships and other characteristics of data, e.g. audit trails. Metadata also permit data to be attributable to an individual (or if automatically generated, to the original data source). Metadata forms an integral part of the original record. Without metadata, the data has no meaning.3  
Ongoing Evaluation The dynamic process employed after a system's initial validation to maintain its validated state. 
Operating Environment Those conditions and activities interfacing directly or indirectly with the system of concern, control of which can affect the system's validated state. 
Operating System A set of software programs provided with a computer that function as the interface between the hardware and the applications program. 
Operational Qualification (OQ) The documented verification that the facilities, systems and equipment, as installed or modified, perform as intended throughout the anticipated operating ranges.11  
Operational Qualification (OQ) is the documented collection of activities necessary to demonstrate that an instrument will function according to its operational specification testing in the selected environment. OQ demonstrates fitness of purpose for the user's ways of working, and should reflect the contents of the DQ document.17  
OQ is the documented collection of activities necessary to demonstrate that an instrument will function according to its operational specification testing in the selected environment. OQ demonstrates fitness for the selected use, and should reflect the contents of the DQ document.4  
Original record Data as the file or format in which it was originally generated, preserving the integrity (accuracy, completeness, content and meaning) of the record, e.g. original paper record of manual observation, or electronic raw data file from a computerised system.7  
The first or source capture of data or information, e.g. original paper record of manual observation or electronic raw data file from a computerised system, and all subsequent data required to fully reconstruct the conduct of the GXP activity. Original records can be Static or Dynamic.3  
Out of Specification (OOS) Result A reportable result outside of specification or acceptance criteria limits. As we are dealing with specifications, OOS results can apply to test of raw materials, starting materials, active pharmaceutical ingredients and finished products but not for in-process testing. If a system suitability test fails this will not generate an OOS result as the whole run would be invalidated, however, there needs to be an investigation of the failure.19  
Out of Trend (OOT) Result Not an out of specification result but does not fit with the expected distribution of results. This can include a single result outside of acceptance limits for a replicate result used to calculate a reportable result. If investigated, the same rules as OOS should be followed. 
Outsourced Activities Activities conducted by a contract acceptor under a written agreement with a contract giver.14  
Path Testing Execution of important control flow paths throughout the program. 
Performance Qualification (PQ) The documented verification that the facilities, systems and equipment, as connected together, can perform effectively and reproducibly, based on the approved process method and product specification.11  
The documented verification that the integrated computerised system performs as intended in its normal operating environment, i.e. that computer related system performs as intended.1  
Performance Qualification (PQ) is the documented collection of activities necessary to demonstrate that an instrument consistently performs according to the specifications defined by the user, and is appropriate for the intended use. The PQ verifies the fitness for purpose of the instrument under actual conditions of use. After IQ and OQ have been performed, the instrument's continued suitability for its intended use is demonstrated through continued performance qualification.4,17  
Policy A directive usually specifying what is to be accomplished. 
Process Structured activities intended to achieve a desired outcome. 
Process Owner The person responsible for the business process.9  
Prospective Validation Validation carried out before routine use of the system.11  
Qualification Action of proving that any equipment works correctly and actually leads to the expected results. The word validation is sometimes widened to incorporate the concept of qualification.5  
Action of proving and documenting that equipment or ancillary systems are properly installed, work correctly and actually lead to the expected results. Qualification is part of validation, but the individual qualification steps alone do not constitute process validation.10  
Action of proving that any instrument works correctly and delivers the expected results; demonstration of fitness for purpose.4  
Qualification Protocol A prospective experimental plan that when executed is intended to produce documented evidence that a system or subsystem has been qualified properly. 
Quality The degree of which a set of properties of a product, system or process fulfils requirements.20  
Quality Assurance The sum total of organised arrangements made with the object of ensuring that all APIs are of the quality required for their intended use and that quality systems are maintained.10  
Quality Control Checking or testing that specifications are met.10  
Quality Unit An organisational unit independent of production that fulfils both Quality Assurance and Quality Control responsibilities. This can be in the form of separate QC and QA units or a single individual or group depending on the size of the organisation.10  
Raw Data Original records, retained in the format in which they were originally generated (i.e. paper or electronic), or as a “true copy”. Raw data must be contemporaneously and accurately recorded by permanent means. The definition of “original records” currently varies across regulatory documents. By its nature, paper copies of raw data generated electronically cannot be considered as “raw data”. Raw data must permit the full reconstruction of the activities resulting in the generation of the data. In the case of basic electronic equipment that does not store electronic data, or provides only a printed data output (e.g. balance or pH meter), the printout constitutes the raw data.21  
Raw data is defined as the original record (data) that can be described as the first-capture of information, whether recorded on paper or electronically.3  
Raw data means any laboratory worksheets, records, memoranda, notes, or exact copies thereof, that are the result of original observations and activities of a nonclinical laboratory study and are necessary for the reconstruction and evaluation of the report of that study 21 CFR 58.3(k).22  
Recording Data Companies should have an appropriate level of process understanding and technical knowledge of systems used for data recording, including their capabilities, limitations and vulnerabilities.21  
Reportable Result The term reportable result as used in this document means a final analytical result. This result is appropriately defined in the written approved test method and derived from one full execution of that method/procedure, starting from the sample. Compared with the specification to determine pass/fail of a test.19  
Retrospective Validation Validation of a process or system after it has become operational.10  
Revalidation A repeat of all or part of the validation to provide assurance that changes in the system introduced in accordance with change control procedures do not adversely affect the system operation or data integrity. 
Risk Combination of the probability of occurrence of harm and the severity of that harm.18  
Risk analysis The systematic use of available information to identify hazards and estimate the risk.18  
Risk assessment The overall process of a risk analysis and risk evaluation.18  
Risk evaluation Judgement, on the basis of risk analysis, of whether a risk that is acceptable has been achieved in a given context.18  
Risk management The systematic application of management policies, procedures and practices to the tasks of analysing, evaluating and controlling risk.18  
Self-Inspection An internal evaluation of compliance with applicable regulation in relevant regulated areas.2  
Senior Management Person(s) who direct and control a company or site at the highest levels with the authority and responsibility to mobilise resources within the company or site.2  
Severity Measure of the possible consequences of a hazard.18  
Software Configuration Adaptation of software functions to a business process using tools provided within the application by the supplier of the software.4  
Software Customisation Changing the way software automates a business process by the addition of externally custom coded software modules using a recognised programming language or the development of macros within the application software.4  
Standard Operating Procedure Instructions that specify how an activity or process is to be performed 
Static Data/Record Static record format is used to indicate a fixed-data document such as a paper record or an electronic image.8  
A static record format, such as a paper or pdf record, is one that is fixed and allows little or no interaction between the user and the record content. For example, once printed or converted to static pdfs, chromatography records lose the capability of being reprocessed or enabling more detailed viewing of baselines.2  
Structural Integrity Software attributes reflecting the degree to which source code satisfies specified software requirements and conforms to contemporary software development. 
Structural Verification An activity intended to produce documented assurance that software has the appropriate structural integrity. 
Supplier The company or group responsible for developing, constructing and delivering a software application, computerised system or part of a system. 
This term is used generically and can mean the manufacturer, a vendor, a service agent, or a consultant, depending on the circumstances.4  
System Owner The person responsible for the availability, and maintenance of a computerised system and for the security of the data residing on that system.9  
Third Party Parties not directly managed by the holder of the manufacturing and/or import authorisation.9  
True Copy/Certified Copy/Verified Copy A true copy is a copy of an original recording of data that has been verified and certified to confirm it is an exact and complete copy that preserves the entire content and meaning of the original record, including, in the case of electronic data, all essential metadata and the original record format as appropriate.2  
A copy of original information that has been verified as an exact (accurate and complete) copy having all of the same attributes and information as the original. The copy may be verified by dated signature or by a validated electronic signature. A true copy may be retained in a different electronic file format to the original record, if required, but must retain the equivalent static/dynamic nature of the original record.7  
A copy (irrespective of the type of media used) of the original record that has been verified (i.e. by a dated signature or by generation through a validated process) to have the same information, including data that describe the context, content, and structure, as the original.3  
User The company or group responsible for the operation of the system. 
User access/system administrator roles Full use should be made of access controls to ensure that people have access only to functionality that is appropriate for their job role, and that actions are attributable to a specific individual. Companies must be able to demonstrate the access levels granted to individual staff members and ensure that historical information regarding user access level is available. Controls should be applied at both the operating system and application levels. Shared logins or generic user access should not be used. Where the computerised system design supports individual user access, this function must be used. This may require the purchase of additional licences.7  
Validated scanning process A process whereby documents/items are scanned as a process with added controls such as location identifiers and OCR so that each page duplicated does not have to be further checked by a human.3  
Validation – for intended purpose Computerised systems should comply with regulatory requirements and associated guidance and be validated for their intended purpose. This requires an understanding of the computerised system's function within a process. For this reason, the acceptance of vendor-supplied validation data in isolation of system configuration and intended use is not acceptable. In isolation from the intended process or end user IT infrastructure, vendor testing is likely to be limited to functional verification only and may not fulfil the requirements for performance qualification. 
Validation Master Plan A document providing information on the company's validation work programme. It should define details of and timescales for the validation work to be performed. Responsibilities relating to the plan should be stated.23  
Validation Plan A document that identifies all systems and subsystems involved in a specific validation effort and the approach by which they will be qualified and the total system will be validated; includes the identification of responsibilities and expectations. 
Worst Case Requirements or set of requirements that can include upper and lower limits and circumstances for a computerised system. Typically represent the limits of use within a specific laboratory. 
View Large

Abbreviations

AbbreviationMeaning
AIP Application Integrity Policy 
ALCOA Attributable, Legible, Contemporaneous, Original, Accurate 
ANSI American National Standards Institute 
API Active Pharmaceutical Ingredient 
ASTM American Society for Testing and Materials 
ATP Analytical Target Profile 
BCP Business Continuity Plan 
CAPA Corrective Action and Preventative Action 
CBER Center for Biologics Evaluation and Research (FDA) 
CDER Center for Drug Evaluation and Research (FDA) 
CDRH Center for Devices and Radiological Health (FDA) 
CDS Chromatography Data System 
CE Capillary Electrophoresis 
CFR Code of Federal Regulations (e.g. 21 CFR 11) 
CMC Chemistry, Manufacturing and Controls (of a New Drug Application/Product Licence Application) 
CMO Contract Manufacturing Organisation 
COA Certificate of Analysis 
COTS Commercial/Configurable Off The Shelf (Software) 
This term is not recommended for use as it is confusing when not defined. Define software type using GAMP software categories. 
CPG Compliance Program Guide 
Compliance Policy Guide 
CRO Contract Research Organization 
cGMP current Good Manufacturing Practices 
CS Configuration Specification 
CSF Critical Success Factor 
CSV Computer System Validation 
CTD Common Technical Document 
DHHS Department of Health and Human Services (US) 
DI Data Integrity 
DG Data Governance 
DQ Design Qualification 
DR Disaster Recovery 
DS Design Specification 
EC European Community 
ECD Electron Capture Detector 
EDMS Electronic Document Management System 
EIR Establishment Inspection Report 
ELN Electronic Laboratory Notebook 
EMA European Medicines Agency 
EMEA European Agency for the Evaluation of Medical Products (now EMA) 
EP European Pharmacopoeia (Ph.Eur) 
EU European Union 
FDA Food and Drug Administration 
FID Flame Ionisation Detector 
FMEA Failure Mode and Effects Analysis 
FOI (A) Freedom of Information (Act) 
FR Federal Register 
FS Functional Specifications 
GAMP Good Automated Manufacturing Practice guidelines 
GC Gas Chromatography 
GDocP Good Documentation Practice 
GLP Good Laboratory Practice 
GRDP Good Records and Documentation Practice 
GXP Good X Practices (where X can be clinical, laboratory and/or manufacturing) 
GMP Good Manufacturing Practice 
HACCP Hazard Analysis Critical Control Point 
HPLC High Pressure/Performance Liquid Chromatography 
IaaS Infrastructure as a Service 
ICH International Conference on Harmonisation (1990–2015) 
International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (from October 2015) 
ICP Inductively Coupled Plasma 
IEEE Institute of Electrical and Electronic Engineers, Inc. 
ILT Instructor Lead Training 
IND Investigational New Drug Application 
IQ Installation Qualification 
IP Internet Protocol 
IR Infra-Red 
ISO International Organization for Standardization 
ISPE International Society of Pharmaceutical Engineers 
IT Information Technology 
ITIL IT Infrastructure Library 
ITT Invitation to Tender 
KPI Key Performance Indicator 
LAN Local Area Network 
LES Laboratory Execution System 
LIMS Laboratory Information Management System 
MBA Minus Brain Activity 
MHLW Ministry of Health, Labour and Welfare (Japan) 
MHRA Medicines and Healthcare products Regulatory Agency (UK) 
MOU Memorandum of Understanding 
MRA Mutual Recognition Agreement 
MS Mass Spectrometer 
NCE New Chemical Entity 
NDA New Drug Application 
NIR Near Infra-Red 
NIST National Institute of Standards and Technology (Gaithersville, Maryland, USA) 
NMR Nuclear Magnetic Resonance 
OECD Organization for Economic Cooperation and Development 
OOE Out Of Expectation 
OOS Out Of Specification 
OOT Out Of Trend 
OQ Operational Qualification 
ORA Office of Regulatory Affairs (FDA) 
OTS Off The Shelf (refers to software – use is not recommended) 
PaaS Platform as a Service 
PAI Pre-Approval Inspection 
PDA Parenteral Drug Association 
PDF Portable Document Format 
Ph.Eur. European Pharmacopoeia 
PIC Pharmaceutical Inspection Convention 
PIC/S Pharmaceutical Inspection Convention/Scheme 
PKI Public Key Infrastructure 
PPQ Procedure Performance Qualification 
PPV Procedure Performance Verification 
PQ Performance Qualification 
PQS Pharmaceutical Quality System 
QA Quality Assurance 
QAU Quality Assurance Unit 
QC Quality Control 
QMS Quality Management System 
QP Qualified Person 
QRM Quality Risk Management 
R&D Research and Development 
RAID Redundant Array of Inexpensive Disks 
RFC Request for Change 
RFID Radio Frequency Identity 
RFP Request for Proposal 
RSD Relative Standard Deviation 
SaaS Software as a Service 
SAN Storage Area Network 
SDLC System Development Life Cycle 
SDMS Scientific Data Management System 
SILC System Implementation Life Cycle 
SLA Service Level Agreement 
SOP Standard Operating Procedure 
SPC Statistical Process Control 
SQA Society for Quality Assurance 
SRS System Requirements Specification (equivalent to URS) 
SST System Suitability Test 
TAT Turn Around Time 
TMU Total Measurement Uncertainty 
UAT User Acceptance Testing 
UPS Uninterruptible Power Supply 
URS User Requirement Specifications 
USB Universal Serial Bus 
USP United States Pharmacopoeia 
UV Ultra Violet 
VMP Validation Master Plan 
VSR Validation Summary Report 
WAN Wide Area Network 
WI Work Instruction 
WHO World Health Organisation 
AbbreviationMeaning
AIP Application Integrity Policy 
ALCOA Attributable, Legible, Contemporaneous, Original, Accurate 
ANSI American National Standards Institute 
API Active Pharmaceutical Ingredient 
ASTM American Society for Testing and Materials 
ATP Analytical Target Profile 
BCP Business Continuity Plan 
CAPA Corrective Action and Preventative Action 
CBER Center for Biologics Evaluation and Research (FDA) 
CDER Center for Drug Evaluation and Research (FDA) 
CDRH Center for Devices and Radiological Health (FDA) 
CDS Chromatography Data System 
CE Capillary Electrophoresis 
CFR Code of Federal Regulations (e.g. 21 CFR 11) 
CMC Chemistry, Manufacturing and Controls (of a New Drug Application/Product Licence Application) 
CMO Contract Manufacturing Organisation 
COA Certificate of Analysis 
COTS Commercial/Configurable Off The Shelf (Software) 
This term is not recommended for use as it is confusing when not defined. Define software type using GAMP software categories. 
CPG Compliance Program Guide 
Compliance Policy Guide 
CRO Contract Research Organization 
cGMP current Good Manufacturing Practices 
CS Configuration Specification 
CSF Critical Success Factor 
CSV Computer System Validation 
CTD Common Technical Document 
DHHS Department of Health and Human Services (US) 
DI Data Integrity 
DG Data Governance 
DQ Design Qualification 
DR Disaster Recovery 
DS Design Specification 
EC European Community 
ECD Electron Capture Detector 
EDMS Electronic Document Management System 
EIR Establishment Inspection Report 
ELN Electronic Laboratory Notebook 
EMA European Medicines Agency 
EMEA European Agency for the Evaluation of Medical Products (now EMA) 
EP European Pharmacopoeia (Ph.Eur) 
EU European Union 
FDA Food and Drug Administration 
FID Flame Ionisation Detector 
FMEA Failure Mode and Effects Analysis 
FOI (A) Freedom of Information (Act) 
FR Federal Register 
FS Functional Specifications 
GAMP Good Automated Manufacturing Practice guidelines 
GC Gas Chromatography 
GDocP Good Documentation Practice 
GLP Good Laboratory Practice 
GRDP Good Records and Documentation Practice 
GXP Good X Practices (where X can be clinical, laboratory and/or manufacturing) 
GMP Good Manufacturing Practice 
HACCP Hazard Analysis Critical Control Point 
HPLC High Pressure/Performance Liquid Chromatography 
IaaS Infrastructure as a Service 
ICH International Conference on Harmonisation (1990–2015) 
International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (from October 2015) 
ICP Inductively Coupled Plasma 
IEEE Institute of Electrical and Electronic Engineers, Inc. 
ILT Instructor Lead Training 
IND Investigational New Drug Application 
IQ Installation Qualification 
IP Internet Protocol 
IR Infra-Red 
ISO International Organization for Standardization 
ISPE International Society of Pharmaceutical Engineers 
IT Information Technology 
ITIL IT Infrastructure Library 
ITT Invitation to Tender 
KPI Key Performance Indicator 
LAN Local Area Network 
LES Laboratory Execution System 
LIMS Laboratory Information Management System 
MBA Minus Brain Activity 
MHLW Ministry of Health, Labour and Welfare (Japan) 
MHRA Medicines and Healthcare products Regulatory Agency (UK) 
MOU Memorandum of Understanding 
MRA Mutual Recognition Agreement 
MS Mass Spectrometer 
NCE New Chemical Entity 
NDA New Drug Application 
NIR Near Infra-Red 
NIST National Institute of Standards and Technology (Gaithersville, Maryland, USA) 
NMR Nuclear Magnetic Resonance 
OECD Organization for Economic Cooperation and Development 
OOE Out Of Expectation 
OOS Out Of Specification 
OOT Out Of Trend 
OQ Operational Qualification 
ORA Office of Regulatory Affairs (FDA) 
OTS Off The Shelf (refers to software – use is not recommended) 
PaaS Platform as a Service 
PAI Pre-Approval Inspection 
PDA Parenteral Drug Association 
PDF Portable Document Format 
Ph.Eur. European Pharmacopoeia 
PIC Pharmaceutical Inspection Convention 
PIC/S Pharmaceutical Inspection Convention/Scheme 
PKI Public Key Infrastructure 
PPQ Procedure Performance Qualification 
PPV Procedure Performance Verification 
PQ Performance Qualification 
PQS Pharmaceutical Quality System 
QA Quality Assurance 
QAU Quality Assurance Unit 
QC Quality Control 
QMS Quality Management System 
QP Qualified Person 
QRM Quality Risk Management 
R&D Research and Development 
RAID Redundant Array of Inexpensive Disks 
RFC Request for Change 
RFID Radio Frequency Identity 
RFP Request for Proposal 
RSD Relative Standard Deviation 
SaaS Software as a Service 
SAN Storage Area Network 
SDLC System Development Life Cycle 
SDMS Scientific Data Management System 
SILC System Implementation Life Cycle 
SLA Service Level Agreement 
SOP Standard Operating Procedure 
SPC Statistical Process Control 
SQA Society for Quality Assurance 
SRS System Requirements Specification (equivalent to URS) 
SST System Suitability Test 
TAT Turn Around Time 
TMU Total Measurement Uncertainty 
UAT User Acceptance Testing 
UPS Uninterruptible Power Supply 
URS User Requirement Specifications 
USB Universal Serial Bus 
USP United States Pharmacopoeia 
UV Ultra Violet 
VMP Validation Master Plan 
VSR Validation Summary Report 
WAN Wide Area Network 
WI Work Instruction 
WHO World Health Organisation 
View Large

This Feature Is Available To Subscribers Only

or Create an Account

Close Modal
Close Modal