Another guideline with reference to implementing the legal requirements is the WHO Guideline on Good Practice for Data and Records Management by the World Health Organization. This guideline contains detailed and practical explanations on the implementation and thus closes existing gaps in other guidelines. It also explains how the regulatory requirements affect practice and what should be demonstrably implemented to meet all requirements.
This guideline especially deals with the application of data management procedures. It is fundamentally specified to use a systematic approach which guarantees that all GxP records are comprehensive and reliable during the entire lifecycle. For this effect, the guideline refers to the aspects and specifications already mentioned above. Nevertheless, the chapter 7 of the guideline dealing with contractors, suppliers and service providers, must be specially mentioned. Due to the increasing transfer of GxP tasks, the WHO deems it necessary to define roles and responsibilities and to consistently maintain them. The security of the comprehensive and correct data and records during the working relationship must be mutually guaranteed. The responsible positions of the contracting entity and the contractor must comprehensively specify the processes to be introduced to ensure the data integrity. These details should be included in a contract to be concluded for the outsourced work.
If the provision of databases and software is outsourced, the contracting entity must make sure that the contractors are approved, specified in the quality agreement and are adequately qualified and trained in the GxP environment. The outsourced activities must be monitored regularly and the controlling intervals must be specified as part of the risk assessment.