Good documentation practices (GDocP or GRK) are a crucial component of the Pharmaceutical Quality System (PQS) or Quality Management System (QMS). In fact, good documentation practices are the foundation of a reliable quality management approach.

So you must engage in regular audits of your documentation procedures and systems, both electronic and paper-based. Each type of data system requires unique assessments of data integrity risks. And, of course, all records/documents must meet Good Documentation Practice (GDocP or ‘GDP’ although the latter is reserved for Good Distribution Practice, so GDocP is preferred). GDocP is also referred to as Good Recordkeeping Practice (GRK). One of the tenets of GRK/GDocP is meeting ALCOA+ requirements.

Records that meet ALCOA+ requirements enable more efficient:

Read more on meeting ALCOA+ requirements in a GMP industry.

Recordkeeping Practices (GRK/GDocP) – Audits

  • Your record-keeping practices, documentation procedures and computer systems will be thoroughly scrutinised during inspections by Authorities (including TGA inspections, FDA audits, manufacturer audits of their suppliers, etc.)
  • Scrutiny will include your computer system validation activities, documentation practices and data governance measures (data integrity) — not only at your manufacturing facilities — but at your supplier sites, storage facilities/warehouses, and across your distribution channels — because good recordkeeping is mandatory for ‘recall preparedness

Recordkeeping Systems

Good Record-Keeping Practice (GRK) is imperative for passing numerous industry-specific quality inspections (PICS/GMP inspections and TGA or FDA GMP compliance audits).  Including inspections of your compliance with ISO9001 Quality Management Standards, or other regulatory standards covering laboratories, medical devices and pharmaceutical manufacturing operations.

Complete Good Recordkeeping Practice (GRK) training online (good documentation practice) by clicking here.

If your documentation practices and recordkeeping systems are not up to current GDP/GRK/GDocP standards, you’re facing serious risks to patients, and serious liabilities for your business.

But how, exactly, have new digital record-keeping technologies impacted pharmaceutical and medical device manufacturing businesses in terms of their good documentation practices and data integrity risks?

Read on to learn more about Good Documentation Practices (GDocP), with key points excerpted from resources listed on the TGA’s website, the FDA’s website, and PharmOut’s white paper on Good Documentation Practices (download the GDocP implementation white paper in PDF format).

Good documentation practices (GDocP)

Good Documentation & Recordkeeping in GMP Manufacturing

Good record keeping requirements GRK current GMP

Good documentation practices are an essential part of complying with GMP guidance and EU cGMP regulations.

But these have changed with new methods of record-keeping and data security technologies, including blockchain.

Common GMP audit failings include:

  • Neglecting to validate all computerised systems
  • Operators using shared log-ins
  • Failing to limit administrative roles for electronic data to IT Administrators only (limiting operational personnel’s ability to edit data post-data recording/post-data entry).

How have good documentation practices — including signature registers  — changed with disruptive digital technologies, including blockchain?

Digital technologies continue to evolve at a rapid pace.

Automation, user tracking, and real-time data recording are now built into many electronic systems including for production, laboratory testing, product storage, and distribution.

But new automated technologies and data recording systems can both help — and hinder — your compliance with GMP (PIC/S). It all comes down to justifying that the systems you choose are validated as being ‘fit for purpose’, and ensuring you have appropriate data governance measures in place (data integrity assurances). Regular reviews of your computerised systems, and data integrity assurances, are essential.

Electronic and paper systems both have risks in relation to data integrity.

Paper-based systems have a lot of data integrity risks, usually mediated by requiring signatures by other operators (‘witness signatures’) and other data integrity measures for paper-based systems.

When it comes to electronic systems, organisations must consider the risks of any new computerised systems and/or automated data capture systems.  Quality Managers must ensure regularly, documented assessments of data integrity measures and recordkeeping practices as well as validation schedules for these systems (and any software updates).

Self-inspections, quality management reporting, and continuous improvement initiatives should include:

Serialisation requirements for pharmaceutical product labels add an entirely new level to record-keeping practices & data system integration projects.

  • New data collection technologies offer many benefits to manufacturing industries in terms of product quality, safety, effectiveness, and distribution recordkeeping  (preparation for a recall)
  • But new technologies also bring unprecedented data integrity/data security risks
  • So like all technological changes, these systems need to be carefully risk-assessed and managed, including after data system updates or upgrades
  • As with any new technology, data integrity issues and/or power outages have the potential to impact your production and distribution systems, product safety, and audit outcomes 


Digital technology & good documentation practices (GDocP)

Evolving digital technologies have enabled new electronic methods for data validation and record-keeping security. Examples include automated date-stamping, data change-tracking logs, and testing result records being recorded directly from the laboratory machines being used for product evaluations prior to batch release.

Even so, Quality Managers must keep an eye on these systems, and on operational practices, to ensure they are functioning as intended.

Regular self-inspection of operational documentation practices is a must, across the entire organisation (and product life-cycle). Failure to monitor documentation practices and data integrity is a frequent area for failure(s) during FDA and TGA audits of your GMP and GDocP.

But not every organisation is aware of the full extent of risks that new record-keeping technology can bring to a GMP organisation. Nor does every organisation adequately train (and re-train) their employees in good documentation practices.

It’s no surprise, then, that inadequate documentation practices are an area of frequent GMP (PIC/S) audit failures, when the FDA, TGA or other regulatory agency come to inspect your premises and documentation practices at every stage of production and distribution.

data integrity gmp requirements grk

Data Integrity Risks | Pharma 4.0

  • Some new technologies enable tamper-proof, real-time documentation practices; yet new technologies can also add new risks to your data integrity and quality management systems (QMS).
  • New risks stem from the latest digital data collection methods, for example:
    • photoshopping documents
    • copying digital signatures
    • sharing log-ins
    • new employees and/or contractors not getting timely log-ins
    • neglecting to immediately add new signatures and initials (or suppliers and contractors) to the signature register
    • neglecting to train employees, warehouse and transportation/delivery workers and suppliers in GDocP, even though you’re responsible for ensuring their compliance as the responsible person/entity

For custom GMP training courses and employee training certificate courses in GDP/GDocP, click here.

Online GxP training courses are also available (certificate courses).

Advances in technological recordkeeping advances (such as ‘real time’ data collection and secure data storage) mean that digital systems can help ensure real-time record keeping and data integrity. However, if the basic elements of data governance aren’t in place or data integrity monitoring is overlooked during self-inspections — you could find yourself with serious breaches of data integrity.

Many new data systems are designed to reduce data integrity risks and data security risks.
  • But these systems must be thoroughly validated and risk-assessed.
  • Quality Managers must ensure all data recording procedures, electronic data systems and data storage methods are evaluated and monitored for data security breaches
  • New digital technologies, including automated record keeping, must be risk assessed in relation to documentation weaknesses and data security concerns
  • The potential risks of a system failure or power outage must also be assessed (e.g., risk assessments for data backups).

Continuous improvement initiatives relating to your recordkeeping systems and data storage methods are a necessirty in modern times. Frequent risk assessments, along with employee training (refresher courses in good documentation practices) should be an ongoing part of your approaches to minimising data integrity risks in your organisation.

Solution: To reduce record-keeping failure risks, documentation procedures, data-entry systems and employee training in record-keeping all need to be continually risk-assessed, and re-validated, as part of your quality management procedures.

So what do Good Documentation Practices (GDocP) require for employees and contractors working in the pharmaceutical, veterinary medicines, laboratory testing or medical device sectors?

As the saying goes, “if you didn’t write it down, it didn’t happen.

If your record-keeping fails to meet standards for GDocP (PIC/S), the result is the same — a GMP audit failure, unacceptable product safety risk and liability — which could lead to jail time for managers and owners who fail to implement proper record-keeping and data security measures.

Good documentation practices (known as GDocP vs GDP, which stands for good distribution practices), are an imperative part of assessing risks and managing production quality to GMP / EU GMP, PIC/S and other industry standards. They are imperative for batch tracing, quality management and recall procedures.

But new digital record-keeping methods, if not engineered to current data integrity standards, can lead to data integrity risks, security and safety risks, and GMP audit failures.

Log-in details and signature registers, passwords, system use tracking, and other data security/data integrity risk management — including employee training — need to be regularly assessed, validated and risk-managed.

As breaches of data security occur frequently throughout the world, you’ll want to ensure your data systems and record-keeping procedures are risk-assessed, tamper-proof, secure, validated and investigated on a regular basis as part of your quality management system (QMS).

For GMP consultancy or GMP audit assistance or quality management systems (QMS) and data integrity consultancy, visit PharmOut’s site.  You can also browse our top online GMP training courses for industry-specific training.

Who audits your Good Documentation Practices (GDocP)?

Remember, GDocP was formerly called GDP, but GDP is now exclusively used for Good Distribution Practices.

  • Your organisation’s Quality Manager (typically working within the Quality Risk Management Department or in Quality Assurance) will aim to ensure employees, contractors and vendors follow GDocP and GDP, as well as other components of GMP.
  • GDP and GDocP can also be an inspection area (audit area/audit response) when government agencies inspect your people and premises.
  • These government agencies could include the TGA or FDA, although they may focus on other areas of GMP during their GMP audits.

Names and roles of these regulatory agencies will vary, depending on where you are located and/or where you are importing or exporting your pharmaceutical goods, source supplies, medical devices, veterinary medicines or other types of medicines (e.g., blood and tissue products).

Examples of Regulatory Authorities enforcing GMP (Gxp) including Good Documentation Practices include:
  • the USA’s FDA (Food and Drug Administration)
  • Australia’s TGA (Therapeutic Goods Administration)
  • EMA (UK)
  • Health Canada (Canada)
  • WHO (World Health Organisation)

For more information on regulatory authorities, read the blog on Agencies who regulate and audit GxP (GMP, CAPA, GMP, GDP, QMS, GDocP, GACP and more).

Online E-Learning Courses for Good Documentation Practices

Learn Good Documentation Practices and Data Integrity

good record keeping courses GMPtraining-online Warehousing and Distribution Practices – a required GMP training topic for employees, contractors and suppliers working in the distribution of pharmaceuticals and other regulated products including goods with high illicit value (GHIV) 

The 4-course training bundle for GMP compliance includes Good Warehouse Practices (GWP), Good Record Keeping (GRK), Good Distribution Practices (GDocP) and 10 golden rules of GMP.

GMP for Sterile Final Dose – GMP online training 

Other Training Bundles

Or for individual or onsite training courses, review GMP training courses by PharmOut’s GMP Training, learning and development expert, Maria Mylonas and other GMP manufacturing and medicinal cannabis TGA industry experts.


Warehouse, Distribution and GMP Training for Transportation employees and Outsourced contractors (Training)

FDA Good Documentation Practices (FDA GDP)

TGA Good Record Keeping / GDocP

For GMP consultancy and/or GMP audit assistance, validated quality management systems (QMS) and other data integrity or production engineering and distribution practice consultancy, visit PharmOut’s site.

You can also browse our top online GMP training courses for industry-specific training, available in bundles.  Onsite custom courses by Maria Mylonas are also available at your facility anywhere in the world.


Last updated on July 6th, 2023 at 11:30 am

Similar Posts