Chapter 4: Understanding the Changes to GMP Documentation

A number of additions and updates were recently published for EudraLex Volume 4 – Good Manufacturing Practice Guidelines for stakeholder consultation, including Revision of Chapter 4 Documentation and:

• Revision of Annex 11 Computerised Systems – read about the updates here
• New Annex 22 Artificial Intelligence – a blog about this new annex is coming soon

As a technical writer, this Chapter 4 change is one close to my heart, documentation being the backbone of all GMP activities. Who hasn’t heard that old adage “If it’s not written down, it didn’t happen”?

Mirroring Annex 11 Computerised Systems, Chapter 4 – Documentation hasn’t been updated since 2011, during which time we have witnessed a massive shift towards digital control and management of documents and records.

Reflective of the changes that have already occurred in the industry, this new draft chapter is nearly twice as long as its predecessor, introducing a number of digital considerations such as data governance and integrity.

Of course, as with every GMP update in the last 10-15 years, the focus of practice has shifted considerably to a more pragmatic risk-based implementation of processes and systems. This Chapter 4 update perhaps sets a record though, with the current version making no reference at all to risk, and this update including it 54 times!

Major Content Changes in Chapter 4 Documentation

Of the existing eight current sections, all have been edited or rearranged in some way.

• Principle: Reflective of the chapter’s refocus on technology and risk, the principles now consider the application of requirements for both paper and electronic records.
• Data Governance Systems: This entirely new section recognises the need for defining data management processes, which provide appropriate control based on risk.
• Risk Management: Now called out with it’s own section, risk management takes a front seat when defining the processes and controls needed for documentation and record management, throughout the data lifecycle.
• General Requirements for Documentation: This new section highlights lifecycle management, the application of Annex 11, and the need to maintain data integrity.
• Master Documents: Defined and master documents have remained relatively unchanged with the exception that Validation Master Plans are now explicitly included.
• Generation and Control of Documentation: Once again content changes here are to recognise electronic data and its associated technology, and the need for validation
• Good Documentation Practice: Now incorporating ALCOA++, this section makes better use of the opportunity to define how data entry, whether paper or electronic, can be controlled, defined, assured, and accurate.
• Signatures in GMP Relevant Documentation: Not previously addressed under documentation, the full purpose, legality and control of signatures have been clarified here.
• Retention of Documents: This updated content reiterates the requirements for retentions on all types of records, adding the need for back-up, restoration and archiving in light of electronic data.
• Data Integrity in Documentation: This new section explicitly applies data integrity principles already so engrained in GMP to documentation systems, enforcing risk management to assure levels of control appropriate to data criticality and complexity.
• Hybrid Systems: Hybrid systems are identified as needing specific attention in this new section, requiring clear definition of data and systems and subsequent risk mitigation.

For a comprehensive review of all the new content and updated sections, read Chapter 4 Documentation in Consultation

New principles in document management – Chapter 4

This update formalises the inclusions of existing GMP concepts into document management:

Lifecycle management: Pharmaceutical products have long been managed through a “whole life” premise, requiring initial and ongoing validation, change management and decommissioning processes. The same will now explicitly apply to documents and records.

ALCOA+: This basic tenet of data integrity is now identified as essential for the proper management and control of documents and records.

Risk-based approach: Catching up to the rest of GMP, due consideration regards risk (system complexity, data criticality, data integrity, lifecycle, technology) is now explicitly and thoroughly applied to document and record management.

Data governance: Data governance as a concept is an outcome of a risk-based approach to applying data integrity principles to all types of data.

Key implications of Chapter 4 for pharmaceutical manufacturing

• System Integration: Documentation systems must integrate with PQS and may require upgrading
• Technology Adoption: Formal processes supporting the implementation of new digital technologies
• Data Governance: Formal data governance frameworks and procedures
• Risk Management: Risk-based approaches to documentation control and data integrity
• Lifecycle Risk: Risk management applied throughout document lifecycle
• Validation Scope: Expanded to include all documentation systems
• Hybrid System Controls: Risk management and validated procedures for mixed environments
• Metadata Management: New procedures for metadata control, preservation and potentially migration
• Training Needs: Comprehensive training for data governance

The above requirements suggest significant procedural changes will be needed and may require investment and resourcing to introduce them to your personnel.

Implementation Challenges and Considerations

The shift in outlook on document management will present some organisational challenges needing appropriate risk management and expertise to resolve.

• Training Requirements: Additional training in new concepts and processes will be needed. This may be beyond your organisation’s current expertise.
• Resource Allocation: Substantial investment of both time and money will be required for system upgrades, data governance implementation, and additional validation and risk management.
• Organisational Change Management: The proper application of organisational change for new documentation culture should be a significant consideration to garner appropriate buy-in and compliance amongst your personnel.

The changes to Chapter 4 reflect a modernised approach to documentation in the pharmaceutical industry. They align regulatory expectations with technological advancements and provide a framework for maintaining data integrity and compliance. Pharmaceutical professionals must embrace these changes, invest in training and system upgrades, and foster a culture of accountability and continuous improvement.

The consultation is ongoing with final implementation expected by Q1 2026, giving companies time to prepare for these significant changes in GMP documentation requirements. Conducting a comprehensive gap assessment would be a good way to start your journey to compliance.

PharmOut Services

At PharmOut, we specialise in delivering comprehensive consulting services tailored to the pharmaceutical industry.

If you need assistance determining the impact of regulatory changes on your organisation, there are a number of ways we can help:

• Conduct gap assessments and risk analyses, and propose process and documentation updates. Contact us via the website or via email for assistance.
• Provide consultation on the steps that you need to take. To book a one-on-one chat with us, please go to our website: Consultancy Time
• Train you so you have all the knowledge you need, via online elearning or face to face. Visit our website to read about training options.
• https://www.pharmout.net/training/data-integrity-training/

Frequently Asked Questions (FAQ)