Jump to content

GxP

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 122.162.157.143 (talk) at 06:19, 6 December 2007 (See also). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

This is about the pharmaceutical term. For other uses see GXP

The term GxP is a generalization of quality guidelines, predominantly used in the pharmaceutical industry. It abbreviation comes from a guideline beginning with "Good" and ending in "Practice" with the specific practice descriptor in between.

GMP is the most commonly known instance of GxP. The term GxP is only used in a casual manner, to abstract from the actual set of quality guidelines.

Purpose

The purpose of the GxP quality guidelines is to ensure a quality product, guiding pharmaceutical product research, development and manufacturing, but also presents a codex for much of the activities off the critical path.

The most central aspects of GxP are:

  • Traceability: the ability to reconstruct the development history of a drug.
  • Accountability: the ability to resolve who has contributed what to the development, and when.

Documentation is thus the most crucial instrument. For more information, see Good Manufacturing Practice.

Consequences of GxP in IT

For the drug to be produced in a truly GxP compliant manner, these guidelines must also be applied for anything that contributes directly or indirectly to its development. This includes anything used in handling information.

The pharmaceutical industry therefore must heed various things that are somewhat neglected in other industries.

  • Secure logging: each system activity must be registered, in particular what users of the system do, that relate to research, development and manufacturing. The logged information is to be secured appropriately so that it cannot be changed once logged, not even by an administrative user of the system.
  • Auditing: an IT system must be able to provide conclusive evidence in litigation cases, to reconstruct the decisions and potential mistakes that were made in developing a drug.
  • Keeping archives: relevant audit information must be kept for a set period, several decades in certain countries. Archived information is still subject to the same requirements, but its only purpose is to provided trusted evidence in litigation cases.
  • Accountability: Every piece of audited information must have a known author, or statement who did the action listed. Nothing is to be anonymous.
  • Non-repudiation: audit information must be logged in a way that no user could say that the information is invalid, e.g. saying that someone could have tampered with the information. One way of assuring this, is by means of digitally signing activities.

The business case for any overhead in technical measures in this field is easily made, if one considers the importance of winning some of the most spectacular litigation cases that are attributed to the pharmaceutical industry. This is also the perspective that you should use to understand the sense and nonsense of high investments in your IT security concept (IT infrastructure, standard operating procedures for system administration).

At the same time, system development in the pharmaceutical industry needs more attention than usual on its record-keeping. Traceability is of central importance, creating a chain of decisions that lead from user needs and business goals down to the design decisions of the system, and the qualification of its installation and operation.

See also