39 ELECTRONIC DATA PROCESSING AND CONTROL SYSTEMS – Food and Drink – Good Manufacturing Practice, 7th Edition



The use of electronic data processing, including the use of computers for storing and handling any kind of documentation referred to in Chapter 13, or the use of computers or electronic devices in control of processes or operations, does not in any way alter the need to observe the relevant principles set out in this Guide. However, it imposes the additional need for safeguards to ensure that there is no consequent adverse effect on the achievement of requisite product safety, legality, integrity or quality, and no risk of required records or data being irretrievably lost, damaged, corrupted or altered in other than a properly authorised way.

Implementation and Operation

39.1 Before a computer system is put into operation, the required purpose should be clearly defined, and it should be tested for capability to achieve that purpose. If a manual system is being replaced, or an existing system is being replaced by a new one, the old system should be continued alongside for a period, both as part of the validation of the new system and as a safeguard in the event of problems or teething troubles in the new system.

39.2 Access to data and documents should be readily obtainable by authorised persons where necessary. The risk of unauthorised access to computer systems should be considered as part of the threat analysis critical control point (TACCP) risk assessment (see Chapters 5, 6 and 7).

39.3 An effective back‐up system is essential (see 39.10).

Responsibility for Systems

39.4 The use of computers and electronic data control systems does not change the responsibilities, as set out elsewhere in this Guide, of key personnel but additionally requires close collaboration between them and those responsible for the computer systems. Where this responsibility lies should be clearly stated. Persons using an electronic system should be appropriately trained in its use, and should be able to obtain rapid expert advice to deal with any problems that might arise in its use. The requirements outlined in Chapter 13 with regard to document and data control apply equally to electronic data, as they do to data in paper format. This is especially so for the management of obsolete files, documents and data held electronically either in a memory that has personal access only or on a server. Consideration should be given to the use of read‐only files by those who can access but do not have authority to alter or amend electronic documents such as policies, procedures and work instructions.


39.5 Where the system contains personal information (e.g. related to consumer complaints), governed by the UK Data Protection Act 1998, the requirements of the Act and as amended must be observed.

39.6 Alterations to the system or a computer programme should be made only with proper authorisation and in accordance with a defined procedure, which should include the checking, approving and implementing of the change. When any such change is made, previously stored data should be checked for accessibility and accuracy. A log of all such alterations should be maintained to record the date, the changed details, the person making the alteration, authorisation details and any other pertinent information.

39.7 By means of appropriate keys, pass cards, personal codes or passwords and restriction of access to computer terminals and recording media, the system should contain safeguards against unauthorised access to, or alteration of, any data (see Chapter 7). Personnel, visitor and contractor procedures should clearly outline the protocols that are in place for the ownership and use within the organisation of portable back‐up hard drives, memory sticks and pens, laptops, tablets or other mobile electronic devices that are brought onto the premises. Where the computer is part of a network (whether internal or external), security measures against unauthorised access should be taken. Where the same equipment is used for other functions (e.g. accounting, sales records, personnel records), access to the types of data referred to in this chapter should not enable access to data pertaining to such other company functions. Data should only be obtained, entered or amended by persons authorised to do so, and there should be a defined procedure for the issue, cancellation or alteration of authorisation. Where critical data are altered by an authorised person, the record should show that the alteration has been made, by whom and the reason.

39.8 When critical performance data are being entered on a computer file record, there should be an independent check on the accuracy of the entry.

39.9 The system should be designed, precautions provided and controls (of the type mentioned in Section 39.10) exercised so as to safeguard against accidental or wilful damage of stored data by persons or physical or electronic means. A system of cross‐checking for any loss of data is advisable.


39.10 There should be available adequate back‐up arrangements for any system that needs to be operated in the event of a breakdown or emergency, and such back‐up arrangements should be capable of being called into use at short notice. As a safeguard against loss or corruption of stored data and documents, provision should be made for back‐up copies of data and systems software to be stored remotely from the computer’s location; such copies should be kept up to date and tested periodically. Access to the types of documents listed in Chapter 13 should be available to the quality control manager and the production manager.

39.11 The procedures to be followed in the event of a system failure or breakdown should be defined and routinely tested. Any failures and remedial action taken should be recorded.

39.12 If hardware service or software maintenance is provided by an outside agency, there should be a formal agreement that includes a clear statement of the responsibilities of that agency, including a clause on the maintenance of confidentiality.

39.13 Consideration should be given to the ease of access to files with regard to system hacking, viral attack or other activity that could compromise the security of controlled data.