How to Maintain Exceptional Pharmaceutical Data Integrity - Excerpts from Interview with Dr. Mark Powell
In a conversation with Dr. Mark Powell, with ComplianceOnline, discussed the importance of maintaining exceptional pharmaceutical data integrity.
Dr. Mark Powell is a Fellow of the Royal Society of Chemistry (RSC) with over thirty years' experience as an analytical chemist. Since 2013, he has been providing training and consultancy services to pharmaceutical companies of all sizes around the world. He joined the panel of ComplianceOnline subject matter expert trainers in March 2019. His courses include theory and practical content in sampling and sample preparation, basic laboratory skills, technical report writing, pharmaceutical dissolution testing, data integrity, chromatography, and spectroscopy.
He has been delivering webinars, seminars and customized on-site training programs with ComplianceOnline and has trained over 250 professionals from 50+ Companies across the world. In 2020 he is speaking at more than 20 ComplianceOnline seminars in the US (San Diego, San Francisco, Boston and Philadelphia) and Europe (London, Zurich, Amsterdam and Copenhagen). You can join in at one of these powerful events.
- CO - What are some key data integrity issues your clients face?
- CO - What are the challenges, you helped your clients to overcome recently?
- CO - Why is data integrity so important to pharmaceutical companies?
- CO - What are some of the key data integrity issues facing the pharmaceutical industry today?
- CO - What are some common mistakes that companies make with respect to data integrity?
- CO - What are some common mistakes that companies make with respect to data integrity?
- CO - What are the common pitfalls and lessons learned from warning letters received due to noncompliance with data integrity regulations?
- CO - What are some myths about data integrity?
- There is no audit trail for a manual titration; unless the analyst is being observed, an incorrect titre value could be entered either accidentally or deliberately.
- CO - How can a company maintain exceptional data integrity?
- CO - What approach to compliance should pharmaceutical companies take and why?
- CO - What measures should the senior management take to facilitate data integrity?
- CO - What did I overlook or forget to ask about Data Integrity Compliance?
- For critical data, it is much better to perform the calculation using GxP-compliant software, such as a chromatography data system. This is because Excel's access control and audit trail functions are limited. Alternatively, third-party applications are available that complement Excel, enabling a GxP-compliant record to be created and protected.
- CO - You are a member of the ComplianceOnline Subject Matter Experts community of trainers for pharmaceutical companies over the years. What is your recommendation for pharmaceutical compliance trainers and companies looking for compliance training?
- Good quality culture
- Staff awareness/training
- Data integrity risk assessment/gap analysis; data governance policy
- Procedural and technical controls for data integrity risks that require mitigation
MP - Mostly ignorance of current regulatory expectations. Many of the companies that I work with already have a good quality culture but lack the required procedural and technical data integrity controls.
MP - I help companies focus on the greatest risks and justify their data integrity control strategy. An external data integrity auditor is often better at identifying weaknesses in current policies and practices than internal quality management.
MP - If we cannot rely on the data that we use to make decisions about the quality of drug products, there are obvious implications for the safety of patients and the effectiveness of medication. In addition, a critical data integrity observation by a regulatory inspector can cause significant damage to the reputation of a pharmaceutical company.
MP - Several, including: designing and implementing a robust, effective data governance strategy; making staff aware of the importance of data integrity and how to avoid accidental data integrity breaches; implementing a scientifically-sound policy on chromatographic integration; reviewing audit trails; maintaining the qualified status of computerized systems; and taking a risk-based approach to data integrity compliance.
MP - Either doing too much or too little. All the current data integrity guidances stress the importance of a risk-based approach to compliance, which suggests that we could choose to accept risks that we consider minor. ICH Q9 (Quality Risk Management) is essential reading for those developing a data integrity policy. However, we should be careful not to use a quality risk assessment as a justification for inaction where risk mitigation is necessary.
MP - This question would need an essay-sized answer! I recently co-authored a data integrity guide in collaboration with the laboratory supply company VWR. It's written from a chromatographic perspective, but it summarizes all the main guidance documents; non-chromatographers would find it useful too. The approach set out here, together with the risk management tools mentioned in ICH Q9, will help regulated companies to implement data integrity controls in a logical, proportionate manner. An important principle is that data integrity risks should be considered from the patient's perspective. We are expected to focus on risks that could affect the safety or efficacy of medicines or medical devices.
MP - Many companies do not understand the importance of periodically verifying access controls in GxP computerized systems or the requirement to maintain dynamic records in electronic format. Dynamic records are defined as those that allow results to be modified during the data retention period (e.g. spectroscopic or chromatographic data). Analytical facilities using chromatography should have a sound procedure on chromatographic integration so that results are produced consistently and correctly from run to run. Also, data integrity is not solely an analytical problem. For example, there have been cases of companies falsifying raw material inventory records. There are still cases of production or analytical data being recorded temporarily on scraps of paper and of retesting/overturning failed results without performing a proper out-of-specification (OOS) investigation.
MP - There is a common misconception that data integrity is solely concerned with computerized data systems: in reality, manual operations are easier to manipulate or perform incorrectly without detection. For example, it is much easier to falsify the result of a manual titration than data from a computerized test.
A second misconception is that deliberate data manipulation is the only regulatory concern, whereas erroneous data are often the result of honest mistakes.
Finally, many companies believe that all data integrity vulnerabilities must be addressed: in fact, regulators do not expect disproportionate efforts to mitigate minor risks.
MP - Good data governance policies and data integrity controls are clearly important, but a good quality culture combined with staff training is critical. Many of the early cases of data manipulation that led to the regulatory spot-light being turned on data integrity were not the result of fraudulent actions by junior staff; senior managers were at fault in putting pressure on their subordinates to get failing batches to pass by falsifying results or performing trial injections.
MP - As I've already mentioned, a risk-based approach is key. This requires an honest and thorough evaluation of data integrity risk for every operation with an impact on data quality. For example, the analytical process needs to be considered in its entirety, from sampling to the reporting of results. If the sample is taken incorrectly, either by accident or design, no amount of control over sample testing will ensure data reliability. Similarly, production processes should be evaluated from raw material receipt to the final packaging operation. Questions to ask at each stage include: "How are data recorded?", "How are decisions taken?" and "How are records protected against alteration or loss?
MP - Foster a good quality culture, set an excellent personal example and communicate data integrity expectations to staff clearly. In addition, senior managers should define data governance policy. This would include evaluating data integrity compliance for key suppliers and contractors.
MP - You've covered the topic fairly well. One subject that I've not mentioned is the use of Excel spreadsheets to calculate GxP data.
Secondly, although regulators will be considering data integrity risk for licensed products from the patient's point of view, there is a case for safeguarding data quality during product development. At the preclinical stage there is no patient risk, but a sizeable commercial risk exists if decisions affecting the direction of the development program are based on unreliable data.
MP - Staff training in data integrity is a regulatory expectation. One of the risk factors in data integrity is the competence of personnel, so staff training, and development should be supported in every pharmaceutical company. Making staff aware of regulatory requirements is important, but so is good science: poorly-developed or executed test methods also affect data reliability. External trainers can help to identify these problems.
Summary of the interview
Here are my priorities for data integrity compliance:
Dr. Mark Powell ComplianceOnline Event Calendar:
SL | Seminar Title | Location | Duration |
---|---|---|---|
1 | Lifecycle Management of Analytical Methods and Procedures - according to new FDA and USP guidelines |
Virtual Seminar | 2 days |
2 | Data Integrity: FDA/EU Requirements and Implementation | Virtual Seminar | 2 days |
3 | Analytical Instrument Qualification and System Validation | Virtual Seminar | 2 days |
4 | Lifecycle Management of Analytical Methods and Procedures - according to new FDA and USP guidelines |
Virtual Seminar | 2 days |
5 | Validation, Verification and Transfer of Analytical Methods (Understanding and implementing guidelines from FDA/EMA, USP and ICH) |
Virtual Seminar | 2 days |
6 | The Drug Development Process from Concept to Market | Virtual Seminar | 1 days |
7 | Laboratory Inspection and Auditing | Virtual Seminar | 1 days |
8 | Pharmaceutical Dissolution Testing | Virtual Seminar | 3 days |
9 | Technical Writing for Pharma, Biotech and Med Devices | Virtual Seminar | 2 days |