Regulatory Use & Lifecycle Management

Accountability & governance

Data & digital tools: 

Full lifecycle management established (ref. ICH Q12); data management systems, version control, and continual optimisation. Digital CMC tools used in GMP environments should comply with the requirements described in PIC/S Annex 11 (revised version 2024 – currently in draft) and, for systems using AI, also with Annex 22 (currently in draft).

Personnel Training:

Ensure ongoing compliance with GMP, GxP, and relevant regulatory standards.​

Links:

ICH Q1: https://database.ich.org/sites/default/files/Q1A%28R2%29%20Guideline.pdf

ICH Q2(R2): https://database.ich.org/sites/default/files/ICH_Q2%28R2%29_Guideline_2023_1130_ErrorCorrection_2025.pdf

ICH Q8(R2): https://database.ich.org/sites/default/files/Q8%28R2%29%20Guideline.pdf

ICH Q9(R1): https://database.ich.org/sites/default/files/ICH_Q9%28R1%29_Guideline_Step4_2025_0115_0.pdf

ICH Q10: https://database.ich.org/sites/default/files/Q10%20Guideline.pdf

ICH Q12: https://database.ich.org/sites/default/files/Q12_Guideline_Step4_2019_1119.pdf

ICH Q14: https://database.ich.org/sites/default/files/ICH_Q14_Guideline_2023_1130_ErrorCorrection_2025.pdf

ICH M4Q (R1); https://database.ich.org/sites/default/files/M4Q_R1_Guideline.pdf

ICH M15: https://database.ich.org/sites/default/files/ICH_M15_EWG_Step2_DraftGuideline_2024_1031.pdf

ISO/IEC 5259:2024-2025 (AI data quality management bundle): https://www.iso.org/publication/PUB200525.html

ISO 8000-61:2016 (Data quality management): https://www.iso.org/standard/63086.html

ISO/IEC/IEEE 15288:2023 (Systems and software engineering — System life cycle processes): https://www.iso.org/standard/81702.html

ISO/IEC 27001:2022/Amd 1:2024 (Information security, cybersecurity and privacy protection — Information security management systems — Requirements): https://www.iso.org/standard/88435.html

ISO/IEC 38505-1:2017 (Information technology — Governance of data): https://www.iso.org/standard/56639.html

ISO 42001:2023 (Information technology — Artificial intelligence — Management system): https://www.iso.org/standard/42001

ISPE GAMP Guide: Artificial Intelligence: https://ispe.org/publications/guidance-documents/gamp-guide-artificial-intelligence?utm_source=HubSpot&utm_medium=Popup&utm_campaign=Guide%20GAMP%20AI&hsCtaAttrib=192776150296

PIC/S Good Practices For Data Management And Integrity In Regulated GMP/GDP Environments: https://picscheme.org/docview/4234

FDA Data Integrity and Compliance With Drug CGMP Questions and Answers Guidance for Industry: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/data-integrity-and-compliance-drug-cgmp-questions-and-answers

EMA and FDA set common principles for AI in medicine development: https://www.ema.europa.eu/en/news/ema-fda-set-common-principles-ai-medicine-development-0

UK Gov Artificial Intelligence Playbook for the UK Government: https://www.gov.uk/government/publications/ai-playbook-for-the-uk-government/artificial-intelligence-playbook-for-the-uk-government-html

MHRA ‘GXP’ Data Integrity Guidance and Definitions: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/687246/MHRA_GxP_data_integrity_guide_March_edited_Final.pdf

National Cyber Security Centre Principles for the security of machine learning: https://www.ncsc.gov.uk/collection/machine-learning-principles