The Stage 1 workshop is focused on developing a solid understanding of the foundations of GXP data governance and data integrity assurance. In this two-day workshop we discuss current regulatory expectations and guidance, including the ALCOA principles, with the goal of developing a comprehensive understanding of how to operate efficiently within a GXP regulated environment. We discuss risk-based approaches to ensure regulatory compliance; referencing current regulations, regulatory actions, and harmonized guidance. Specific sub-topics include:

• A modern interpretation of 21 CFR Part 11/EU Annex 11; including proposed updates to EU Annex 11 (2026)

• FDA GMP regulation 21 CFR Part 211.68 – computerized systems in GMP

• Guideline on computerised systems and electronic data in clinical trials (EMA, 2023)

• FDA Draft Guidance: “Data Integrity for In Vivo Bioavailability and Bioequivalence Studies” (2024)

• PIC/s Final Guidance (June 2021): Data Integrity

• Data Integrity expectations for GLP

• Quality Risk Management & ICH Q9:

  • Design

  • Operation

  • Monitoring

• Strategies for metadata (e.g. audit trail) review

• Critical Thinking and Data Integrity

Each day will include hands-on case studies where participants will practice application of data integrity principles in real-life scenarios.

The Stage 1 workshop is designed for personnel engaged in regulated GXP activities (employees who create, review or approve GXP data), including employees who support GXP activities, such as IT professionals. This workshop moves beyond the ALCOA+ principles with a heavy emphasis on quality risk management and is relevant to both new and experienced employees as we discuss data integrity from a regulator’s perspective. This workshop is designed to set individuals up for success in an evolving regulatory environment that is rapidly adapting to new technologies.

Each topic is presented and discussed from a regulatory patient-focused perspective, with one objective being gaining the confidence necessary to address complicated questions (e.g., hybrid systems) during regulatory inspections and/or internal audits. When employees are able to confidently describe “why we do what we do” from a risk-based and patient-centric perspective, inspectors are better able to understand the site’s rationale, reducing misunderstandings and ultimately leading to improved regulatory/audit outcomes.

Who should join the Stage 1 Fundamentals course? Individuals working within a GXP environment that:

• are required to operate efficiently within a regulated environment (QC, Manufacturing, Quality, Warehouse, Engineering, IT, etc.) where the integrity of data (paper or electronic) is considered critical to patient safety,

• may (or are) tasked with contributing to investigations (e.g., deviations) that include data integrity concerns,

• perform or participate in internal or external audits,

• participate in computer system validation or IT systems management,

• or field data integrity related questions (written or verbal) during regulatory or customer interaction.

In this two-day stage 2 data integrity/governance course, we discuss intermediate GXP data integrity and data governance concepts, with the goal of preparing individuals for success in an ever evolving technology and regulatory landscape. This is an intermediate workshop that includes ~50% lecture and ~50% hands on individual and group problem solving. Participants will be challenged to apply critical thinking in the context of GXP data integrity through discussion and debate, and will be equipped with the experience and insight necessary to operate as a thought leader in the area of data governance within their organization. The workshop will culminate with a final project: the design and presentation of a data governance plan using risk-based strategies to ensure data integrity.

Thought leaders will gain the background necessary to:

1. apply critical thinking during the process and data mapping

2. perform assessment of new or existing processes to determine if the level of residual risk acceptable,

3. develop and execute risk-based strategies for GXP review by exception,

4. develop and execute risk-based strategies for GXP audit trail review,

5. optimize the use of data through implementation of FAIR principles within an existing Quality System,

6. participate in the planning and execution of a data governance strategy in compliance with regulatory expectations, and

7. seamlessly integrate quality risk management within the data integrity/data governance compliance plans

This course is a continuation of Stage 1, as we practice utilizing the tools that will allow us to achieve our goal: a flexible and risk-based approach towards managing our GXP data processes. Most, if not all, of our data processes are in some form hybrid, as humans interact with the systems in various ways during data entry, transcription, review, and/or lifecycle management. Through practicing and sharing best practices during use of the data/process mapping tool considering steps and system interfaces, in combination with risk-management principles, we can gain confidence that our ultimate management strategies are indeed patient-centric and truly inspection ready!