top of page

The importance of backup processes and how to make it compliant

As World Backup Day 2023 strikes, the importance of saving data and moreover the frequent risks that can damage data are in the spotlight. However, when it comes to the biopharmaceutical field, how can data be saved in a reliable way while still fitting the regulatory guidelines?

As we spoke earlier this year about the principles of Data Integrity in Computerised Systems for the biopharmaceutical field, new elements need to be considered, specifically regarding a transition from paper-based to digital data: backup and restore.

What is a backup?

A backup is a copy of GxP data currently used. It needs to be performed over all types of data, including metadata, method files, audit trail files and system configuration settings.

It needs to:

- be validated and verified.

- be set up with the same security features as the primary data (prohibit unauthorized access, change/deletion of data or their alteration).

- be stored in a remote location (physically separated).

- be performed periodically.

- be readable for all the period of the defined regulatory retention period.

Why are backups important?

Backups allow to ensure that critical data is not lost if the system crashes. It is indissociable from the Restore process, which should be described in a Validated and verified Disaster Recovery Plan (DRP).

It is important not to confuse backups and archives, the latter being a copy of data which is no longer actively used. However, those archives are still necessary, and the archival process needs to be performed as to ensure the readability of data during its entire retention period which should be commensurate with regulatory requirements.

On the other hand, a Disaster Recovery Plan (DRP) needs to be defined to be prepared for a data restoration. It also needs to be validated in regards with guidelines to ensure its compliance.

Relation with Data Integrity

Backup is only one example of data integrity control measure that should be put in place on a computerized system. This should be combined with other control measure to ensure full data integrity compliance. The integrity of this data can only be guaranteed while satisfying the ALCOA+ principles, guaranteeing it is securely gathered, stored and archived throughout its lifecycle.

How to ensure the compliance of backup processes?

Since many inspections highlight misses or fails in compliance of data integrity throughout the previous years, authorities focus their inspection on DI and CSV subjects.

Adequately handled critical data allows to improve the overall quality of a company and its security from external and internal attacks. Maintaining a robust and up-to-date backup processes ensures data is always protected, but also available in cases of unexpected event is mandatory to ensure the compliance with regulation. The backup process needs to match the business continuity plan and the backup tools need to be adapted to it and should be defined during the design phase of the initial validation and maintained through the computerized life cycle.

With its team of CSV and DI experts, Ellion is willing to accompany your structure regarding those questions and help you find solutions fitting with your needs and requirements.

bottom of page