StartseiteLeistungenSchulungsdatenbankLebenslaufUsefull LinksCleaning ValidationNew EU GMP Annex 11

New EU GMP Annex 11:


Project Phase

Operational Phase

Table 1: Risk based Approach

Table 2: Suppliers and Service Providers

Table 3: Comparison of Annex 11 versions

Check Your Knowledge






The section on the Operational Phase is subdivided into 13 subsections. In short the annex 11 describes what in practice needs a lot of well organized procedures.


Built-in checks for the correct entry and processing of data are explicitly required when data are exchanged electronically.

Accuracy Checks

As manual data entry is an important source of error, critical data entered manually need to be subjected to accuracy checks. It is up to the regulated user to analyze POTENTIAL CONSEQUENCES on ERRONEOUS OR INCORRECTLY ENTERED DATA and define appropriate checks.

Data Storage

Data Storage needs to be SECURE, both physically and electronically. The ABILITY TO RESTORE BACK-UPS ACCURATELY needs to be PERIODICALLY MONITORED; this implies not only that required hard- and software is available but also that the data can be correctly processed. Procedures need to be in place to define who is authorized to initiate a back-up of data and how any potential adverse effect to most recent data is assessed.


Clear printouts of electronically stored data may be requested by the inspectors and for all records supporting batch release it should be possible to generate printouts indicating if any of the data has been changed since the original entry.

Audit Trail

A risk assessment is required to define which data need to be subject to an audit trail. The requirement that audit trails need to be available and CONVERTIBLE TO A GENERALLY INTELLIGIBLE FORM implies that a mere triggering and recording of changes in a database may not be sufficient. The 2008 draft of the annex explained the idea behind the audit trail as the aim is to know at any given time point what the information was and clearly stated that changed data should be available in their appropriate context: For example if a relevant electronic record is created using a number of data fields, all these data fields need to be linked within the audit trail.

Change and Configuration Management

Exactly as required for any other GMP-relevant process a Change and Configuration Management needs to be established to guarantee that CHANGES TO A COMPUTERISED SYSTEM including system configurations should only be MADE IN A CONTROLLED MANNER IN ACCORDANCE WITH A DEFINED PROCEDURE.

Periodic Evaluation

Also, following a general GMP-requirement periodic evaluation needs to demonstrate that the computerized system is still compliant to GMP. The EU GMP annex 11 explicitly requires the following items to be evaluated:


Physical and/or logical controls should be in place to RESTRICT ACCESS TO COMPUTERISED SYSTEMS, therefore CREATION, CHANGE, AND CANCELLATION OF ACCESS AUTHORISATIONS SHOULD BE RECORDED. Mechanisms for the detection of attempts of unauthorised access as required in the 2008 draft annex are no longer explicitly demandedas part of Security. When document or data management systems are used these should be designed to record the identity of operators entering, changing, confirming or deleting data including date and time. There is no explicit requirement how this time stamp should be configured; PharmAdvice recommends considering using UTC instead of a local time zone especially in process equipment and continuous processes.

Incident Management

Incident Management shall REPORT AND ASSESS ALL INCIDENTS, NOT ONLY SYSTEM FAILURES AND DATA ERRORS, the root cause of a critical incident should be identified and should form the basis of corrective and preventive actions. This requirement is considerably more challenging than the current requirement to record and analyse errors and to enable corrective action to be taken. However it is consonant with section 5.46 of Part II of the EU guide: Basic Requirements for Active Substances used as Starting Materials requesting Incidents related to computerized systems that could affect the quality of intermediates or APIs or the reliability of records or test results should be recorded and investigated.

Electronic Signatures

Electronic signatures are expected to:
b. be permanently linked to their respective record,
c. include the time and date that they were applied.
The restriction within the boundaries of the company,is very important, because it indicates that there is no requirement for a “qualified electronic signature”.

Batch Release

When a computerised system is used for recording certification and batch release only Qualified Persons may be allowed to release the batch placing their electronic signature. Obviously it is the intention to AVOID HYBRID SYSTEMS WITH HANDWRITTEN SIGNATURES TO RECORDS STORED AND MAINTAINED ELECTRONICALLY.

Business Continuity

Arrangements to provide business continuity to bring manual or alternative back-up computerized systems into use needs to be ADEQUATELY DOCUMENTED AND TESTED, if the computerised system supports a critical process. The restriction to critical regulatory or lifesaving processes mentioned in the 2008 draft has been removed. Again it is up to the regulated user to perform a risk assessment and define how fast the alternative system must be operative.


Though storage capacities permanently increase considerably the annex 11 accepts that DATA MAY BE ARCHIVED, i.e. removed from immediate system access. Migration plans are required if relevant changes are to be made to the system (e.g. computer equipment or programs) and the ability to retrieve the data should be ensured and tested. This is a very challenging task in practice as different data need to be available for different required retention periods defined by predicate rules.