Disaster Recovery Plan (DRP) for GMP Computerised Systems

 

1. Purpose

To establish a documented procedure for recovery of GMP-relevant computerised systems (e.g., LIMS, CDS, Stability Monitoring, HVAC/BMS data) in case of disaster or system failure, ensuring data integrity, availability, and compliance with EU GMP Annex 11.

2. Scope

This SOP applies to:

• All GMP-critical computerised systems (QC instruments, stability chamber monitoring, environmental monitoring, BMS/HVAC, LIMS).
• Data stored in servers, local PCs, and backup systems.
• Disasters including power failure, hardware/software failure, cyber-attack, fire, flood, or other natural/man-made events.

3. References

• EU GMP Vol. 4, Annex 11 (Computerised Systems) – Sections 7.1, 7.2, 16.
• EU GMP Part I, Chapter 4 (Documentation) – Data integrity.
• Annex 15 – Qualification & validation principles.

4. Responsibilities

• IT Head:
• Lead disaster recovery execution.
• Ensure backups and restore capability.
• QA Head:
• Verify GMP data integrity after restore.
• Approve DRP records and deviations.
• System Owners (QC/Production/Engineering):
• Confirm restored system is operational and data is accurate.
• All Users:
• Report system failures immediately to IT & QA.

5. Definitions

• DRP: Disaster Recovery Plan – procedure to recover systems after disaster.
• Backup: Copy of data stored in a secure location.
• UPS: Uninterruptible Power Supply.
• DG: Diesel Generator.

6. Procedure

6.1 Incident Identification

• System failure detected (alarm, monitoring system, or user report).
• User informs IT + QA immediately.
• QA raises a Deviation Report.

6.2 Power Backup (if power-related)

• UPS provides short-term backup (15–60 min).
• DG activated for extended power outages.
• Stability chambers & server room remain powered continuously.

6.3 Data Backup & Restore

• IT retrieves latest verified backup (server/cloud/external drive).
• Restore data to replacement/functional server.
• Log restore activity in Disaster Recovery Logbook.

6.4 Verification of Restored System

• QA & System Owner jointly verify:
• User login functionality.
• Random data file comparison (checksum / file count).
• Audit trail continuity.
• Instrument connectivity (for CDS/LIMS).
• If discrepancies found → initiate Deviation + CAPA.

6.5 Documentation

• Record all actions in DRP Execution Form.
• Attach backup restore evidence (screenshot, checksum logs).
• QA reviews & approves final report.

7. Periodic Testing & Training

• IT performs mock recovery drill every 6–12 months.
• QA verifies and signs off drill report.
• Staff trained annually on DRP SOP.

8. Records

• Disaster Recovery Logbook.
• Backup & Restore Reports.
• Mock Drill Records.
• Deviation/CAPA reports.

 

9. Revision & Review

• SOP reviewed every 2 years or upon significant system changes.
• DRP plan updated if new GMP systems are introduced.

 

10. Approval

Prepared by: __________ (IT Head)
Reviewed by: __________ (QA Head)
Approved by: __________ (Managing Director)