Guest Column | February 26, 2021

Important cGMP Considerations For Implementing Electronic Batch Records

By Tim Sandle, Ph.D.

While human error is never the ultimate root cause, mistakes in batch records can have considerable consequences for the release of medicines in terms of delays and rejections. In more serious cases, when the error is initially undetected, the consequence can be a product recall. Errors can be minimized through the implementation of electronic batch records. However, with any electronic system within the pharmaceutical industry, the requirements of current good manufacturing practice (cGMP), including those of data integrity, need to be met. These essential requirements need to be included in the initial design phase of the system.

cGMP Factors For Successful Electronic Batch Records

A central part of cGMP concerns electronic data management, not least because control of the use of batch records when manufacturing pharmaceutical and biotechnology products is regulated to assure product quality and patient safety. cGMP in relation to electronic records includes:

  • limiting system access to authorized individuals
  • use of operational system checks
  • use of authority checks
  • use of device checks
  • determination that persons who develop, maintain, or use electronic systems have the education, training, and experience to perform their assigned tasks
  • establishment of and adherence to written policies that hold individuals accountable for actions initiated under their electronic signatures
  • appropriate controls over systems documentation

These requirements need to also be considered for all electronic records, with specific attention to electronic batch records. The electronic batch record uses the certified copy of the Master Batch Record in the form of a digital document with a digital signature. Through the data capture process, data is compiled and aggregated. The management of the validation and traceability of the data is a cGMP concern, requiring aspects like electronic signatures to confirm each operation and to electronically recognize each operator.

A driver of the adoption of electronic batch records is reduction of errors. One study found a 75% decrease in human errors in electronic batch records compared to a hardcopy system, thereby yielding improvements in production efficiency. The main disadvantages were cost, implementation resources, and the in-built obsolescence of manufacturing software systems. Despite these disadvantages, the study found that implementation of an electronic batch record system resulted in a significant increase in production efficiency.1

Yet, electronic batch records need to be implemented according to cGMP if they are to successfully deliver error reduction and avoid flaws in design that might lead to error creation. Guidance on electronic records is provided by 21 CFR Part 11, Electronic Records, Electronic Signatures; ISO/IEC 17799114; The Good Automated Manufacturing Practice Guide for Validation of Automated Systems in Pharmaceutical Manufacture; and FDA guidance documents on 21 CFR Part 11.2 The CFR requires:

  • The ability to determine the existence of invalid or altered records.
  • System access is limited to authorized individuals.
  • There is a secure, computer-generated, time-stamped audit trail that records the date and time of operator entries and actions that create, modify, or delete electronic records.
  • Operational systems checks exist that enforce permitted sequencing of steps and/or events as appropriate.
  • The identity of an individual is verified before the individual's electronic signature, or any element of such electronic signature, is established, assigned, certified, or otherwise sanctioned.
  • Transaction safeguards are used to prevent unauthorized use of passwords and/or identification codes and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management.

These principles should tally with an organization’s data governance process and should be checked at each stage of electronic batch record design and implementation.

Given that the connection of sensors and equipment is important for capturing batch data in real time, data acquisition must not be overlooked. The FDA guidance also covers batch SCADA (supervisory control and data acquisition) systems. Where data can be captured electronically, the following are possible:

  • Enhanced validation to ensure functionality creates compliant electronic records and signatures
  • Enhanced SOPs for life cycle management
  • Limited system access by authorized individuals to CPU and data files with automated identity verification with electronic signature and electronic logging of recipe procedures executed by system with time-stamped audit trails
  • Protection of records to maintain data integrity and enable retrieval
  • Non-obscured revisions to electronic data records with traceable version histories

Where the above requirements are met, the importance of SCADA systems is automation. A SCADA system enables manufacturers to:

  • Produce multiple products periodically using the same equipment
  • Produce products requiring a multitude of different recipes of ingredients and equipment operations
  • Associate each batch with different production orders targeted for different containers, customers, and locations
  • Develop production schedules that account for numerous factors such as specific customer orders, quantity, materials, equipment, logistics, shelf-life, and setup time
  • Store production data recorded during batch execution in a manner such that it is directly associated with a specific batch production run identifier

The technology allows an organization to carefully study and anticipate the optimal response to measured conditions and execute those responses automatically every time. Relying on precise machine control for monitoring equipment and processes can eliminate most human error. This goes some way to meeting cGMP expectations. Another step is with a thorough consideration of data integrity.

Data Integrity

There are some specific data integrity requirement pertaining to electronic records, including, in particular, for storage and backup. To recap, data integrity is defined as the extent to which all data are complete, consistent, and accurate throughout the data’s life cycle.

Data must be stored and backed up securely, utilizing a validated process and controlled by verification of completeness. Where data retention is outsourced to an external party, the elements of the contract that relate to ownership and retrieval of data should be thoroughly understood, and the vendor should be qualified and managed like any other critical services vendor through established vendor management processes.

Further, with electronic records, the relevance of data retained in audit trails should be considered by each organization in order to permit robust data review. An audit trail is a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the events relating to the creation, modification, or deletion of an electronic record.3

Electronic records should be assessed for compliance with data integrity standards. The following checklist may prove useful in this regard:4

  • How is data collected and reported?
  • How is data reviewed?
  • How is the integrity of data protected?
  • How are calculation errors handled?
  • How are alarms managed?
  • Who has the authority to invalidate data?
  • What happens to this data? (For instance, is it discarded or archived with sample analysis package?)
  • How is electronic data protected from editing, changing, deletion?
  • How are passwords assigned and protected?

To mitigate risks stemming from the above, each organization operating electronic batch records should have:5

  • An understanding of computerized system capabilities and transfer of data between systems.
  • An up-to-date listing of all relevant systems and GMP functionality.
  • Control of networked and stand-alone instruments.
  • Policies and procedures detailing processing and control of data.
  • Policies and procedures regarding security of the system and user access levels, including appropriate segregation of duties.
  • Policies and procedures for electronic signatures, including use of individual and generic passwords.

Overall, all data captured within the electronic batch record must be attributable, legible, contemporaneous, original, and accurate.

These design principles help to drive error reduction, although attention also needs to be paid to staff training to ensure acceptance of a different way of working. Digital transformation is as much about the technology as it is about corporate leadership and redesigning workplace culture.


Bringing together various processes and laboratory databases that hold the data recorded during manufacture of a batch in a digital format is becoming more common. Electronic batch records can present a more streamlined and less error-prone means to assess and release pharmaceuticals, provided the design is appropriate and that cGMP principles have been adhered to. Of the important aspects of GMP, ensuring that the data captured are reliable and accurate is essential; hence, data integrity considerations need to be at the forefront of any electronic batch record implementation exercise and part of the everyday use of such systems.

This article has been adapted from chapter 8 of the book Digital Transformation and Regulatory Considerations for Biopharmaceutical and Healthcare Manufacturers, Volume 1, written by Tim Sandle and co-published by PDA and DHI. Copyright 2021. All rights reserved.


  1. Marsh, J. L. and Eyers, D. R. (2016) Increasing Production Efficiency Through Electronic Batch Record Systems: A Case Study. In: Setchi R., Howlett R., Liu Y., Theobald P. (eds) Sustainable Design and Manufacturing 2016. SDM 2016. Smart Innovation, Systems and Technologies, vol 52. Springer, Cham, pp261-269
  2. FDA (1997) 21 CFR Part 11, Electronic Batch Records, 62 Federal Register 13464, Mar. 20, 1997, US Food and Drug Administration
  3. Schmitt, S. (2014a) Data Integrity, Pharmaceutical Technology Europe, 38 (7). Online edition: 
  4. Sandle, T. and Sandle, J. (2019) Audit and Control for Healthcare Manufacturers: A Systems-Based Approach, PDA / DHI Books, River Grove, IL, USA
  5. Schmitt, S. (2014b) Data Integrity - FDA and Global Regulatory Guidance, Journal of Validation Compliance, 20 (3). At:

About The Author:

Tim SandleTim Sandle, Ph.D., is a pharmaceutical professional with wide experience in microbiology and quality assurance. He is the author of over 30 books relating to pharmaceuticals, healthcare, and life sciences, as well as over 170 peer-reviewed papers and some 500 technical articles. Sandle has presented at over 200 events and he currently works at Bio Products Laboratory Ltd. (BPL), and he is a visiting professor at the University of Manchester and University College London, as well as a consultant to the pharmaceutical industry. Visit his microbiology website at