未分類

Understanding Authenticity: A Core Requirement of Japanese ER/ES Guidelines

Understanding Authenticity: A Core Requirement of Japanese ER/ES Guidelines

What is Authenticity?

The Japanese ER/ES Guidelines (Guidelines for Electronic Records and Electronic Signatures in Applications for Approval or Permission of Pharmaceuticals) establish three fundamental requirements to ensure the reliability of electronic records and electromagnetic records: Authenticity, Legibility, and Archivability. These three pillars form the cornerstone of data integrity in pharmaceutical regulatory compliance.

The concept of authenticity (真正性, shinsei-sei) became widely recognized in Japan during the infamous Livedoor fake email incident in 2006, where a politician’s aide claimed to have received an email as evidence of political wrongdoing, only for it to be later revealed as fabricated. During the investigation, questions repeatedly arose: “Is this email authentic?” This incident powerfully illustrated the fundamental challenge that authenticity addresses—establishing that something is “genuine” or “the real thing.”

The Challenge of Electronic Records

Unlike handwritten documents that leave unique traces of the writer’s penmanship and are difficult to perfectly replicate, electronic records such as emails and word-processed documents present distinct challenges. Electronic files created by different individuals can appear identical, making it difficult to definitively identify the creator. This inherent characteristic of digitization creates ambiguity around authorship and origin, which is why the Japanese ER/ES Guidelines explicitly require the authenticity of electromagnetic records.

This challenge has become increasingly critical in the pharmaceutical industry. As regulatory authorities worldwide strengthen their oversight of data integrity, incidents of data falsification and manipulation have been exposed across multiple countries. These cases have demonstrated that the reliability of electronic records directly impacts drug safety and public health, making authenticity not merely a technical requirement but a fundamental ethical obligation.

Defining Authentic Records

An authentic record is one that can demonstrate the following characteristics:

a) Identity: The record is precisely what it claims to be (it is genuine)

b) Attribution: The person or system claimed to have created or transmitted it actually did so

c) Temporal integrity: The record was created and transmitted at the claimed time

These elements collectively ensure that electronic records possess the same trustworthiness and legal standing as traditional paper records with handwritten signatures.

The Three Requirements for Authenticity

According to the Japanese ER/ES Guidelines, authenticity is ensured through three specific technical and procedural requirements:

(1) Security

Security measures protect electromagnetic records from unauthorized access, modification, or deletion. This includes:

  • Access control: Implementing user identification and authentication systems (e.g., unique user IDs and passwords, biometric authentication)
  • Authorization management: Defining and enforcing role-based permissions that specify which users can create, modify, or delete records
  • Physical security: Protecting systems and storage media from unauthorized physical access
  • Documented procedures: Establishing written procedures for security management and ensuring their proper implementation

Security serves as the first line of defense against both intentional manipulation and inadvertent errors. It is important to note that security measures must address not only external threats but also internal controls, as many data integrity issues arise from inadequate internal management practices.

(2) Audit Trail

An audit trail is a secure, computer-generated, time-stamped electronic record that allows reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. The audit trail must capture:

  • Who: The identity of the individual or system that performed the action
  • What: The specific action taken (creation, modification, deletion, viewing)
  • When: The date and time stamp of the action
  • Original values: The content before any modification
  • Reason: Where applicable, the rationale for the change

The Japanese ER/ES Guidelines state that audit trail functionality is “desirable” (望ましい), though in practice, regulatory authorities increasingly expect robust audit trail implementation for critical systems. Audit trails represent the “last line of defense” in detecting and investigating data integrity issues, making them essential for maintaining trust in electronic records.

The importance of audit trails has been emphasized by international regulatory guidance, including FDA’s 21 CFR Part 11 and EU’s GMP Annex 11, which mandate comprehensive audit trail requirements. The audit trail ensures accountability and enables detection of unauthorized or erroneous data changes, even after they occur.

(3) Backup

Backup procedures ensure that electromagnetic records can be recovered in the event of system failure, data corruption, or disaster. The requirements include:

  • Regular backup: Establishing documented procedures for periodic backup of electronic records
  • Backup verification: Confirming that backed-up data can be successfully restored
  • Off-site storage: Ideally maintaining backups in a physically separate location to protect against site-specific disasters such as fires, earthquakes, or floods
  • Retention aligned with regulations: Ensuring backup procedures maintain data throughout the required retention period

Why Backup is a Requirement for Authenticity

The original column questioned why backup is classified as an authenticity requirement rather than an archivability requirement. This classification is actually well-justified and intentional. Here’s why:

Authenticity fundamentally requires that records be reliable and trustworthy. Unlike paper records that can be physically preserved with relative stability, electromagnetic storage media face significant risks:

  • Media degradation: Magnetic and optical storage media deteriorate over time, potentially rendering data unreadable
  • Hardware failure: Storage devices can fail suddenly and without warning
  • Catastrophic loss: Disasters such as fires, earthquakes, or floods can destroy primary storage systems entirely

If electromagnetic records cannot be reliably preserved against these risks, they cannot be considered trustworthy, and therefore cannot satisfy the authenticity requirement. Backup is thus essential to maintaining the reliability aspect of authenticity—ensuring that the authentic record remains available and unchanged over time, not merely for storage purposes but as proof of its continued integrity and trustworthiness.

Furthermore, the ability to recover data from backup provides additional assurance that the record has been properly maintained and has not been subject to unauthorized deletion or loss, which supports both the authenticity and archivability requirements simultaneously.

The Relationship Between Authenticity and Data Integrity

The concept of authenticity in the Japanese ER/ES Guidelines aligns closely with international data integrity principles, particularly the ALCOA+ principles that have become the global standard for pharmaceutical data management:

ALCOA+ Principles

PrincipleDefinitionRelation to ER/ES
AttributableData is attributed to the person who generated it, with secure signaturesSecurity, Audit Trail
LegibleData is readable and understandable throughout its lifecycleLegibility
ContemporaneousData is recorded at the time the activity is performedAudit Trail (time stamps)
OriginalData is the original record or a true copyAuthenticity (identity)
AccurateData is free from errors and correctly represents observationsAuthenticity, Security
CompleteAll data is present; nothing is missingAudit Trail (change history)
ConsistentData is internally consistent and matches across systemsAuthenticity
EnduringData is durable and available throughout retention periodArchivability, Backup
AvailableData is readily accessible for review and audit when neededLegibility, Archivability

As this table illustrates, the authenticity requirements in the Japanese ER/ES Guidelines encompass many elements of the ALCOA+ principles, demonstrating that Japan’s regulatory framework is fundamentally aligned with international best practices in data integrity.

The evolution from ALCOA to ALCOA+ reflects the pharmaceutical industry’s growing recognition that data integrity extends beyond basic record-keeping requirements. It encompasses the entire data lifecycle—from generation through processing, review, reporting, archival, and eventual retirement or destruction. The Japanese ER/ES Guidelines’ emphasis on authenticity, particularly through comprehensive audit trails and reliable backup systems, supports this lifecycle approach to data integrity.

International Regulatory Alignment

The Japanese ER/ES Guidelines were developed with awareness of international regulatory standards, particularly:

FDA 21 CFR Part 11 (United States)

Established in 1997, this regulation defines the criteria under which electronic records and electronic signatures are considered trustworthy and equivalent to paper records and handwritten signatures. Like the Japanese guidelines, it emphasizes system validation, audit trails, security controls, and electronic signature standards.

EU GMP Annex 11 (European Union)

This annex to the European Good Manufacturing Practice guidelines addresses computerized systems and closely parallels the Japanese ER/ES Guidelines in requiring documented procedures, validation, audit trails, and data integrity controls.

PIC/S Guidelines

The Pharmaceutical Inspection Co-operation Scheme has issued guidance on data integrity that incorporates ALCOA+ principles and has been adopted by regulatory authorities in over 50 countries.

While each regulatory framework has unique characteristics reflecting its legal and cultural context, they share a common goal: ensuring that electronic records in pharmaceutical development and manufacturing are as reliable and trustworthy as traditional paper records. The three-pillar approach of the Japanese ER/ES Guidelines (Authenticity, Legibility, Archivability) effectively addresses the same concerns as these international frameworks, providing a solid foundation for companies operating in the global pharmaceutical market.

Recent Regulatory Developments

The importance of data integrity and authenticity continues to grow. Recent trends include:

Increased Regulatory Scrutiny

Regulatory authorities worldwide, including Japan’s PMDA (Pharmaceuticals and Medical Devices Agency), FDA, and EMA (European Medicines Agency), have intensified their focus on data integrity during inspections. Warning letters and inspection findings frequently cite deficiencies in audit trails, access controls, and backup procedures.

Updated Guidance Documents

In March 2024, the Japan CRO Association published a revised interpretation guide for the ER/ES Guidelines, reflecting accumulated experience and clarifying implementation requirements. This revision emphasizes practical approaches for general users, making the guidelines more accessible to those without specialized IT expertise.

Cloud-Based Systems

As pharmaceutical companies increasingly adopt cloud-based systems for electronic data capture (EDC), document management, and laboratory information management (LIMS), new challenges and opportunities have emerged for ensuring authenticity. Modern cloud platforms can provide enhanced security, automated backup, and comprehensive audit trail capabilities, but require careful validation and vendor management.

Artificial Intelligence and Machine Learning

The emerging use of AI and machine learning in pharmaceutical development introduces new considerations for data authenticity. Ensuring the integrity of training data, model outputs, and algorithmic decision-making processes represents a frontier area for regulatory guidance.

Practical Implications for Industry

Understanding and implementing authenticity requirements has several practical implications:

System Design and Validation

Computer systems used for creating, processing, or storing regulatory data must be designed with authenticity requirements in mind from the outset. This includes:

  • Building security controls into the system architecture
  • Implementing robust audit trail functionality that cannot be disabled
  • Designing automated backup procedures with verification capabilities
  • Conducting thorough validation to demonstrate that the system consistently maintains data authenticity

Standard Operating Procedures (SOPs)

Organizations must establish written procedures that define:

  • Who has access to systems and data
  • How audit trails will be reviewed and by whom
  • Backup schedules and restoration testing protocols
  • Responses to security incidents or data integrity concerns

Training and Culture

Authenticity cannot be achieved through technology alone. Personnel must understand:

  • Why authenticity matters for drug safety and regulatory compliance
  • Their individual responsibilities in maintaining data integrity
  • How to properly use systems to ensure authentic records
  • When to report concerns about data integrity

Avoiding Common Pitfalls

Common failures in authenticity include:

  • Sharing user credentials (violates attribution)
  • Disabling audit trail functionality (eliminates change tracking)
  • Irregular or unverified backups (compromises reliability)
  • Inadequate access controls (enables unauthorized changes)
  • Lack of documented procedures (prevents consistent implementation)

Conclusion

Authenticity is not merely a technical checkbox in regulatory compliance—it is a fundamental assurance that the electronic records supporting pharmaceutical applications are genuine, attributable, and reliable. Through the three requirements of security, audit trail, and backup, the Japanese ER/ES Guidelines provide a framework that protects both data integrity and public health.

As the pharmaceutical industry continues to embrace digital transformation, understanding and implementing robust authenticity controls becomes increasingly critical. The alignment between Japan’s ER/ES Guidelines and international standards like ALCOA+ demonstrates a global consensus: authentic data is essential for safe, effective medicines and for the trust that patients and society place in pharmaceutical products.

Whether you are a quality assurance professional, IT specialist, laboratory scientist, or clinical researcher, your role in maintaining data authenticity contributes directly to patient safety and the advancement of medical science. By properly implementing security measures, respecting audit trail integrity, and ensuring reliable backups, we collectively uphold the authenticity that makes electronic records trustworthy foundations for regulatory decision-making.

The question “Is this record authentic?” should never be met with uncertainty. Through diligent application of the ER/ES Guidelines and international data integrity principles, we can confidently answer: “Yes, we can demonstrate that this record is genuine, properly attributed, created at the stated time, and maintained reliably throughout its lifecycle.” This confidence is the ultimate goal of authenticity requirements—and the foundation of trust in pharmaceutical regulation.

Understanding Legibility: A Fundamental Requirement for Electronic Records Previous post The Relationship Between URS (User Requirements Specification) and PQ (Performance Qualification) Next post

Related post

Comment

There are no comment yet.