CONTROLLED DOCUMENT Status: Effective Effective Date: 31/Mar/2021

Global Quality Standard

Document Title: Data Integrity
Revision: 1 Page 1 of 9

Purpose

To Define the Bausch Health Global Quality Standard related to Data Integrity and establishes
the requirements for processes used to ensure the integrity and reliability in the data lifecycle.
This document shall ensure data and records are (A)ttributable, (L)egible, (C)ontemporaneously
recorded, (O)riginal, (A)ccurate, (C)omplete, (C)onsistent, (E)nduring and (A)vailable (ALCOA +).

Scope

This standard is applicable to sites and functions within the scope of the Global Quality
Management System for the company. Bausch Health and its subsidiaries/legal manufacturers
are the owners of all data generated on their behalf when they are the legal owner of the
product being manufactured.

Definitions

Term Description

Accurate Information is correct, truthful, complete, and valid.

Archive Long-term storage of completed data and all metadata in

its final form for the purposes of reconstruction and
evaluation of the original processes or activities.

Attributable Information captured in a record so that it is uniquely

identified as having been executed by the originator of
the data (e.g. a person and/or computer system).

Available Can be accessed for review at any point (e.g. audit or

inspection) over the lifetime of the product.

Backup True copy of the original data that is maintained securely

throughout the record’s retention period. The backup
file must contain the data (which includes associated
metadata) and must be in the original format or in a
format compatible with the original format.

Viewed/Printed: 21 January 2022 8:48:18 AM ** GDMS-D2 Copy-Use per procedure** < STD-000217813 > Rev 1 >
 CONTROLLED DOCUMENT Status: Effective Effective Date: 31/Mar/2021

Global Quality Standard

Document Title: Data Integrity
Revision: 1 Page 2 of 9

Term Description

Back-up Copy A version of a document or data that may be created

and maintained for disaster/recovery (e.g., in case of a
computer crash or other interruption).

Complete All necessary and relevant data are available. (evidence:

audit trail).

Consistent Data are recorded with a clear chronology. (with date

and time)
(evidence: audit trail).

Computerized System A system that collectively controls the performance of

one or more automated process and/or function (e.g.,
PC, HMI, PLC, MES).

Computer Related Components Computer hardware, software, peripheral devices,

networks, cloud infrastructure, operators, and
associated documents (e.g., user manuals and standard
operating procedures).

Contemporaneous Recording of transactions, observations, data at the time

generated and/or observed.

Data Any records including documents in paper, electronic,

and/or hybrid form, or copies thereof that preserve the
content and meaning of the original record, that are the
result of original observations and activities governed by
current regulations and are necessary for the accurate
and complete reconstruction and evaluation of those
activities.

Data Audit Trail A secure, computer-generated, time-stamped electronic

record that allows for reconstruction of the course of the
events relating to creation, modification, or deletion of
data while retaining previous and original data.

Data Governance Sum total of processes which provide assurance of data

integrity.

Data Lifecycle All phases in the life of the data (including raw data)
from initial generation and recording through processing
(including transformation or migration), use, data
retention, archive / retrieval, and destruction.

Viewed/Printed: 21 January 2022 8:48:18 AM ** GDMS-D2 Copy-Use per procedure** < STD-000217813 > Rev 1 >
 CONTROLLED DOCUMENT Status: Effective Effective Date: 31/Mar/2021

Global Quality Standard

Document Title: Data Integrity
Revision: 1 Page 3 of 9

Term Description

Data Review Process for reviewing data, including raw data.

Enduring Data are accessible based on the defined retention

period.

Hybrid System A process requiring the use of both paper and electronic
records to prepare a complete data record.

Legible Data that are readable, understandable, and provide a

clear picture of the sequencing of steps or events in the
record.

Metadata The contextual information required to understand data;

subsequent data supporting a main source. It is data that
describes, explains, or otherwise makes it easier to
retrieve, use, or manage data.

Original Data / Record Data in the format in which it was originally generated,
preserving the integrity (accuracy, completeness,
content, and meaning) of the record (e.g. original paper
record of manual observation, or electronic raw data file
from a computerized system.).

Powerful Accounts An account by a user that is used to perform application

or operating system maintenance, user account
administration, installation, configuration, change access
privilege, or direct data access (e.g., Database Admin,
System Admin, Domain Admin, QSECOFR, Application
Architect, Vendor Remote Maintenance, etc.).

QMS Quality Management System

Raw Data Any records including documents in paper, electronic

and/or hybrid form, or exact copies thereof that
preserve the content and meaning of the original record,
that are the result of the original observations and
activities governed by regulatory bodies and are

Viewed/Printed: 21 January 2022 8:48:18 AM ** GDMS-D2 Copy-Use per procedure** < STD-000217813 > Rev 1 >
 CONTROLLED DOCUMENT Status: Effective Effective Date: 31/Mar/2021

Global Quality Standard

Document Title: Data Integrity
Revision: 1 Page 4 of 9

Term Description

necessary for the accurate and complete reconstruction

and evaluation of those activities.

Retention Period Period of time in which data must be retrievable.

System Administrator Personnel responsible for higher level duties (e.g.,

account creation, system audit trail review) for relevant
software/computer systems.

System Audit Trail A record of the operating system (OS) events that
indicates how the system processes and other critical
activities were executed. The system audit trail shows
informational, error and warning events related to the
computer OS, security and other infrastructure related
activities. ] All events are date and time stamped.

True Copy A copy of the original recording of data that has been
verified to confirm that it is a complete copy that
preserves the entire content and meaning of the original
record, including, in the case of electronic data, all
essential metadata and original record format.

User Privilege Levels Defined user levels based on the role the user will
execute in the system.

Responsibilities

Function Responsibility
IT Representative(s)  Ensures compliance to internal and external IT policies and
procedures
Management  Ensure this standard is followed and cascaded throughout
the organization
 Ensuring that data integrity training is developed and
deployed to appropriate personnel.

Viewed/Printed: 21 January 2022 8:48:18 AM ** GDMS-D2 Copy-Use per procedure** < STD-000217813 > Rev 1 >
 CONTROLLED DOCUMENT Status: Effective Effective Date: 31/Mar/2021

Global Quality Standard

Document Title: Data Integrity
Revision: 1 Page 5 of 9

Function Responsibility
Process Owner  Defines data integrity requirements
Representative(s)
 Supports systems validation and implementation activities
Quality  Ensures compliance to internal procedures and regulatory
Representative(s) requirements

Standard

1.0 General Requirements

1.1 Controls over the data lifecycle which are commensurate with the principles of quality
risk management shall exist. These controls can be Organizational (e.g. procedures,
training) and / or Technical (e.g. computerized system control, automation) and shall be
documented.
1.2 Data integrity requirements apply equally to manual (paper), electronic, as well as
hybrid systems.
1.3 Data integrity control measures must be established and defined, based on risk and
must consider criticality of the data to product quality, vulnerability of the data to
involuntary or deliberate alteration, falsification, deletion, loss or re-creation, and the
probability or ease of detection.
1.4 Employees must be trained in the elements of data integrity in any roles they perform in
the data lifecycle.
1.5 There must be confirmation by objective evidence, through means of validation, that
computer systems and/or equipment conform to user needs and intended uses, and
that requirements can be consistently fulfilled. In the absence of objective evidence,
mitigation shall be established.

2.0 Data Creation, Recording and Retention

2.1 Processes must be established to document data creation, recording and retention and
must include:
2.1.1 Good Documentation Practices Data that meets the requirements captured in
the ALCOA+ acronym.

Viewed/Printed: 21 January 2022 8:48:18 AM ** GDMS-D2 Copy-Use per procedure** < STD-000217813 > Rev 1 >
 CONTROLLED DOCUMENT Status: Effective Effective Date: 31/Mar/2021

Global Quality Standard

Document Title: Data Integrity
Revision: 1 Page 6 of 9

2.1.2 The generation of paper and computer-based data generated by a computerized

system
2.1.3 The generation of data in hybrid environments that include designation of
original data
2.1.4 A record of changes to data in manual, computerized and hybrid systems are
completely traceable, specify the individual responsible for the change, data and
time of the change and the reason for change.
2.1.5 The protection and preservation of data in paper, computerized and hybrid
systems from accidental, intentional deletion, alteration, manipulation,
falsification.
2.2 Requirements for data must be specified and must include data retention periods.

3.0 Documentation
3.1 Process must be established for Records and Documentation Management and must
include:
3.1.1 Data recorded/generated via a paper-based, hybrid, or computerized system.
3.1.2 Good documentation practices inclusive of manual paper data generation.
3.2 Data integrity requirements for computerized systems must be specified.

4.0 User Access Controls

4.1 Processes must be established to document and define the requirements for user access
controls and must include:
4.1.1 Access to computer systems must follow an approval process and provide unique
user access accounts and roles and responsibilities based on business needs
4.1.2 Periodic review of user access
4.1.3 System Administrator access must be held by personnel with no direct interest to
the data maintained in the system
4.1.4 Maintaining and ensuring security is verified and unauthorized access attempts
are monitored and investigated.

5.0 Data Review

5.1 Processes must be established to document and define data review and must include:

Viewed/Printed: 21 January 2022 8:48:18 AM ** GDMS-D2 Copy-Use per procedure** < STD-000217813 > Rev 1 >
 CONTROLLED DOCUMENT Status: Effective Effective Date: 31/Mar/2021

Global Quality Standard

Document Title: Data Integrity
Revision: 1 Page 7 of 9

5.1.1 Data recorded/generated via a paper-based, hybrid, or computerized system

(including the audit trail).
5.1.2 The review of the final result including the associated audit trails.
5.1.3 Assessment if ALCOA+ requirements were met.
5.1.4 Changes to electronic data must be documented and the supporting explanation
reviewed. In hybrid systems, changes to the electronic and paper data must
match.
5.1.5 Investigation must be documented for any out-of-specification data.
5.1.6 Action(s) to be taken if/when data review identifies an error or omission.

6.0 Data Reporting

6.1 Once data has been reviewed and approved, the data must be reported objectively and
without bias.
6.2 This reporting must include or reference relevant deviations, non-conformances, out-of-
specification results and investigations.

7.0 Data Storage, Back-Up, and Archival

7.1 Data storage, back-up, and archival processes must be established and include the
following:
Data must be stored in a designated secured environment to prevent accidental or
intentional manipulation, falsification, deletion or alteration. Electronic data
(includes all meta data and audit trail data) must be backed-up and/or archived
Original paper records must be archived following approved processes regarding
retention periods.
7.2 Retirement of equipment/Instruments must address the retention of the original data
stored on that equipment.
7.3 Archived data must be verified to ensure that the entire data set is retrievable, human
readable and understandable throughout its retention period and has not been altered.
This also applies to third party vendor storage.
7.4 Processes must be established to prevent and detect omission of data. Any omission
should be justified and documented
7.5 Processes must be established to document the recovery of data in the event of a
disaster or unexpected loss of data systems.

Viewed/Printed: 21 January 2022 8:48:18 AM ** GDMS-D2 Copy-Use per procedure** < STD-000217813 > Rev 1 >
 CONTROLLED DOCUMENT Status: Effective Effective Date: 31/Mar/2021

Global Quality Standard

Document Title: Data Integrity
Revision: 1 Page 8 of 9

8.0 Audit Trail

8.1 Audit trail review processes must be established for data generated from identified
electronic and hybrid systems and include the following:
8.1.1 Establish criticality levels and required action for data contained in the audit
trail.
8.1.2 Reviewing audit trails for data generated from identified electronic and hybrid
systems must include:
a. Review and approval process of data, including raw data associated with
metadata
b. Ensure review is established based on impact to product
c. Ensure review includes the data record as well as the records associated with
the data record.
d. Ensure reviewers inspect data elements including metadata, as applicable, for
accuracy and completeness.
e. Ensure data integrity and uncover potential anomalies, and/or variances (e.g.
errors or omissions) from approved procedures.
f. Ensure for hybrid system the review encompasses a combination of original
electronic records and paper records that comprise the total record.
g. Actions to be taken if errors or omissions are identified during the review.
8.2 Process must be established for conducting scheduled system audit trail review on
computerized and hybrid systems based on the complexity, intended use, frequency of
use, inherent controls, and impact to product quality.

References

Number Title
POL-000214484 Bausch Health Records Retention Policy
Global Quality Manual
STD-000217812 Document and Records Management
STD-000217811 Management of Change
Applicable IT policies
Applicable Supplier Management documents

Viewed/Printed: 21 January 2022 8:48:18 AM ** GDMS-D2 Copy-Use per procedure** < STD-000217813 > Rev 1 >
 CONTROLLED DOCUMENT Status: Effective Effective Date: 31/Mar/2021

Global Quality Standard

Document Title: Data Integrity
Revision: 1 Page 9 of 9

Revision History

Rev: 1 Author: Andrew Walnoha CR-000218781

Description of Changes: New document

Implementation Implementation shall be performed in phases once risk

Instructions: assessment / gap analysis is completed at each site.

Viewed/Printed: 21 January 2022 8:48:18 AM ** GDMS-D2 Copy-Use per procedure** < STD-000217813 > Rev 1 >
 >
CONTROLLED DOCUMENT Status: Effective Effective Date: 31/Mar/2021

CONTROLLED DOCUMENT
SIGNATURE PAGE
Document Name :STD-000217813

Document Title :Data Integrity

Document ID :

Signed By Date (GMT) Justification

Asharin Dennis 04/May/2020 Functional Approval

15:10:56

Ramakrishna Tage 09/Sep/2020 Functional Approval

14:42:56

Yu Louis 09/Sep/2020 Quality Approval

16:06:50

Viewed/Printed: 21 January 2022 8:48:18 AM ** GDMS-D2 Copy-Use per procedure** STD-000217813 Rev 1