Understanding “Storage” in Japanese ER/ES Guidelines: A Critical Concept Often Misunderstood

Introduction to Electronic Record Storage

One of the most frequently misunderstood concepts in the Japanese ER/ES (Electronic Records/Electronic Signatures) Guidelines is the definition of “storage.” This fundamental concept requires careful understanding as it differs significantly from everyday computer operations and has important implications for regulatory compliance in pharmaceutical development and manufacturing.

The Japanese ER/ES Guidelines were issued by the Ministry of Health, Labour and Welfare (MHLW) in April 2005 and have been further clarified through revised explanatory documents, most recently updated in March 2024. These guidelines establish the requirements for using electronic records and electronic signatures in regulatory submissions and the preservation of source documents in the pharmaceutical industry.

What “Storage” Actually Means

Storage, in the context of electronic records, refers to preserving documents and data using electronic storage media instead of paper. Historically, this included media such as magnetic tapes, optical disks, and other removable storage devices. In contemporary practice, most electronic records are stored on hard disk drives, solid-state drives (SSDs), or cloud storage systems that utilize data centers with redundant storage infrastructure.

It is crucial to understand that clicking the “save” button in software applications is NOT what the guidelines mean by “storage” in the regulatory sense. This distinction is fundamental yet frequently confused.

When you save your work during lunch breaks or at the end of the workday by clicking the save function on your personal computer, this is merely a temporary preservation of work-in-progress data. This action does not constitute regulatory “storage” as defined in the ER/ES Guidelines.

The Timing and Nature of Proper Storage

The transition from paper-based to electronic storage does not—and should not—change when documents are considered “stored” for regulatory purposes. The timing of storage remains the same whether using paper or electronic media.

Just as paper-based “storage” refers to filing approved documents (and in some cases, source documents) in a locked cabinet in an organized manner, electronic “storage” requires similar formality and finality. The document must have completed its creation process, undergone necessary reviews and approvals, and reached a state where it represents an official record.

However, electronic storage introduces additional requirements that differ from paper-based storage, particularly when storing records on hard disk drives or in cloud environments.

Requirements for Electronic Storage Systems

Secure Document Management Systems

For proper electronic storage, documents must be stored (or “checked in”) into a secure document management system or database that meets specific criteria:

1. Security Controls: The system must have appropriate security measures to prevent unauthorized access, including:
   1. User authentication and access controls
   1. Role-based permissions
   1. Physical and logical security measures
   1. Encryption of data at rest and in transit (particularly important for cloud storage)
2. Audit Trail Capabilities: The system must automatically record an audit trail to protect against unauthorized modifications. This audit trail should capture:
   1. Who accessed or modified the record
   1. When the action occurred
   1. What changes were made
   1. Why the changes were made (where applicable)
3. Data Integrity Assurance: Modern implementations must address data integrity requirements, often referred to as the ALCOA+ principles, which have become a global standard:

ALCOA Original Principles	ALCOA+ Extended Principles
Attributable: Records must clearly identify who created them	Complete: All data necessary to recreate events must be present
Legible: Records must be readable throughout retention period	Consistent: Records must be internally consistent with proper chronology
Contemporaneous: Records created at time of activity	Enduring: Records must remain intact throughout required retention period
Original: Records must be in original form or certified copies	Available: Records must be readily retrievable when needed
Accurate: Records must be correct and complete

These ALCOA+ principles have been emphasized in guidance documents from regulatory authorities worldwide, including:

• FDA Guidance on Data Integrity (2018)
• PIC/S Good Practices for Data Management and Integrity (2021)
• MHRA Guidance on GxP Data Integrity (2018)
• WHO Guidance on Data Integrity (2023)

Inadequate Storage Practices

Simply storing files on a network file server or on a personal computer’s hard drive is insufficient for regulatory storage requirements. To use a paper analogy, this would be equivalent to leaving documents scattered on your desk rather than properly filing them in a secure cabinet.

Such inadequate practices create several risks:

• Easy modification without detection
• Lack of proper access controls
• Absence of audit trails
• Difficulty in demonstrating compliance during inspections
• Potential loss or corruption of data

Contemporary Storage Technologies and Compliance

Cloud Storage Considerations

In modern pharmaceutical and clinical trial environments, cloud-based storage solutions have become increasingly prevalent. The revised ER/ES Guidelines explanatory document (March 2024) acknowledges that cloud-type services have become mainstream and that implementing measures based on the guidelines requires approaches based on the latest information technology.

When using cloud storage for regulatory documents, organizations must ensure:

• The cloud service provider can demonstrate compliance with applicable regulations
• Appropriate technical and organizational measures are in place
• Service level agreements (SLAs) address regulatory requirements
• Data residency and sovereignty issues are properly managed
• Business continuity and disaster recovery capabilities meet regulatory expectations

Major cloud service providers now offer compliance frameworks and security reference guides specifically designed for healthcare and pharmaceutical industries, mapping their services to requirements such as the ER/ES Guidelines, FDA 21 CFR Part 11, and EU GMP Annex 11.

Hybrid Systems

Many organizations implement hybrid systems that combine on-premises and cloud storage. These systems must ensure consistent application of security and data integrity requirements across all storage locations.

International Regulatory Harmonization

While this discussion focuses on Japanese ER/ES Guidelines, it’s important to note that similar requirements exist in other regulatory jurisdictions:

FDA 21 CFR Part 11 (United States): Establishes requirements for electronic records and electronic signatures. While there are differences in specific requirements (particularly regarding electronic signatures), the fundamental principles of security, audit trails, and data integrity are consistent.

EU GMP Annex 11 (Europe): Provides guidance on computerized systems used in GMP environments, with requirements for validation, data integrity, and security that parallel the Japanese guidelines.

PIC/S Guidelines: As Japan joined PIC/S (Pharmaceutical Inspection Convention and Pharmaceutical Inspection Co-operation Scheme) in 2014, Japanese manufacturers must also comply with PIC/S requirements, which emphasize data integrity and proper electronic record management.

Organizations operating globally must ensure their electronic storage systems meet the requirements of all applicable jurisdictions.

The Fundamental Principle

The overarching principle is clear: when utilizing electronic records, organizations must implement measures that ensure the quality and quality assurance levels are not degraded compared to paper-based systems. In many respects, electronic systems must provide greater assurances due to the ease with which electronic records can be modified without obvious traces.

This principle extends to:

• True authenticity (Shinseise): Ensuring the record is genuine and created by the identified author
• Readability (Kendokusei): Ensuring the record can be read and understood throughout its retention period
• Preservation (Hozonsei): Ensuring the record remains intact and accessible throughout the required retention period

Practical Implementation Guidance

For those implementing electronic storage systems:

1. Assess Current Practices: Evaluate whether your current electronic record storage meets regulatory requirements or merely represents temporary work files.
2. Implement Proper Systems: Deploy validated document management systems with appropriate security, access controls, and audit trail capabilities.
3. Establish Clear Procedures: Develop and document procedures that define:
   1. When records transition from work-in-progress to stored records
   1. Who is authorized to store records
   1. How stored records can be accessed and by whom
   1. How the integrity of stored records is maintained
4. Training and Awareness: Ensure all personnel understand the distinction between everyday “saving” and regulatory “storage.”
5. Regular Review and Updates: As technology evolves and regulatory expectations develop, periodically review and update storage systems and procedures.

Recent Developments and Future Considerations

The March 2024 revision of the ER/ES Guidelines explanatory document reflects recognition that information technology has advanced significantly since the guidelines were first issued. Organizations should stay informed about:

• Emerging guidance on specific technologies (e.g., blockchain for immutable records)
• Clarifications regarding cloud services and Software as a Service (SaaS) applications
• Integration of artificial intelligence and machine learning in record management systems
• Evolution of cybersecurity requirements to protect electronic records

The Japanese pharmaceutical industry is increasingly moving toward digitalization, and regulatory authorities continue to refine their expectations through revised guidance documents, Q&A publications, and feedback from inspections.

Conclusion

Understanding the true meaning of “storage” in the context of ER/ES Guidelines is fundamental to regulatory compliance. It is not simply about clicking a save button or keeping files on a computer. Rather, it involves implementing robust, validated systems that ensure electronic records maintain their integrity, authenticity, and availability throughout their required retention period.

As the pharmaceutical industry continues its digital transformation, and as cloud-based solutions become more prevalent, maintaining this understanding while adapting to new technologies remains crucial. Organizations must ensure that their electronic storage practices not only meet current regulatory requirements but also position them well for future developments in both technology and regulation.

The key takeaway is simple yet profound: electronic storage must provide the same—or better—level of quality assurance as traditional paper-based storage, with additional controls to address the unique risks and opportunities presented by electronic media.

Note: This article provides general guidance on the interpretation of Japanese ER/ES Guidelines. Organizations should consult with their quality assurance and regulatory affairs departments, and where appropriate, seek advice from regulatory experts or directly from regulatory authorities for specific implementation questions. The regulatory landscape continues to evolve, and it is important to stay current with the latest guidance and requirements.