Meeting the Regulatory Expectations for Data Integrity - Best Practices
Many Companies continue to struggle with basic data integrity problems. This is evident from the number of warning letters and Form 483 inspectional observations at manufacturing sites around the world. Non-compliance can lead to product seizures, product non-approvals or delays of approvals, import restrictions, substantial fines, disbarment, and criminal liability for individuals or company. Data integrity errors can erode the trust with customers and FDA. Even an innocent mistake can be perceived as an intentional fraud. This article guides FDA regulated companies through the data integrity compliance process.
The regulatory requirements for data integrity
- 21 CFR 211 and 212 : Requirements with respect to data integrity include, among other things:
- "Backup data are exact and complete", and "secure from alteration, inadvertent erasures, or loss"
- Data be "stored to prevent deterioration or loss"
- Certain activities be "documented at the time of performance" and that laboratory controls be "scientifically sound"
- records be retained as "original records", "true copies", or other "accurate reproductions of the original records"
- "complete information", "complete data derived from all tests", "complete record of all data", and "complete records of all tests performed"
- Electronic signature and record-keeping requirements
- FDA Draft Guidance, Data Integrity and Compliance with cGMP - April 2016: This guidance provides the Agency's current thinking on the creation and handling of data in accordance with CGMP requirements.
- MHRA GMP Data Integrity Definitions and Guidance for Industry - March 2015
- PDA code of Conduct
Causes of Data Integrity Violations and Challenges
Despite the many guidance documents and public statements that explain what is expected of the manufacturers, many companies struggle with data integrity deficiencies due to the following reasons:
The Pharmaceutical industry data is largely collected manually. There are multiple data transfer points such as data from notebooks/worksheets to calculators and back, data from worksheets/notebooks to LIMS, worksheets/notebooks to reports etc. Errors can occur during data transfer as frequently observed during audits.
An important step on the path to data integrity compliance is to understand associated definitions and implement the best practices given in the guidance documents.
Data Integrity Associated Definitions and Best Practices
Data Integrity
'Data integrity refers to the completeness, consistency, and accuracy of data. Such data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA).'
ALCOA Best practice in data integrity
Metadata
- Metadata is the contextual information required to understand data.
- It is described as data about data.
- It is the structured information that describes, explains, or otherwise makes it easier to retrieve, use, or manage data.
- Among other things, metadata for a particular piece of data could include
- Date/time stamp for when the data were acquired
- User ID of the person who conducted the test or analysis that generated the data
- Instrument ID used to acquire data
- Audit trials
Audit Trial
- A secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record.
- An audit trail is a chronology of the "who, what, when, and why" of a record.
Static and Dynamic data:
- Static Data: Data record that does not change such as a paper record or an electronic image
- Dynamic Data: Data record that allows interaction between user and the record. For example, a chromatographic record which allows user to change the baseline and reprocess.
Backup
A true copy of the original data that is maintained securely throughout the records retention period. The backup file should contain the data (which includes associated metadata) and should be in the original format or in a format compatible with the original format.
Best Practices for Achieving Data Integrity
Impart Training, create awareness
Personnel in every process on the manufacturing floor must be trained in proper data management. The training must go beyond good document practices. It should cover why the process are conducted the way they are. To enhance the training, include:
- Consequences of poor handling for any given process
- How the smallest of mistakes evolve into serious problems
- Why validations are important
- Why protocols should be followed
Set Controls on Human errors Procedures, and technology
- Have SOPs that are well-defined, clear, and simple. Train staff adequately on them.
- Keep audit trials in order to clearly show who accesses a given system, which login credentials were used and the date and time it was accessed. This will help investigate issues and address root cause.
- Regularly review audit trials
- Keep records of audits at handy to show investigators that reviews are being conducted routinely by trained professionals
- Ensure your SOPS offer a process for escalating issues to management should they be discovered
- Simplify SOPs, train staff on all directives, and monitor the effectiveness of these efforts
Set Procedural controls
- Embed procedural and administrative controls in your core business activity. It should consist of a suit of documents that include written directives, training programs, record and review management, audits and self-inspections of governing processes.
Set Technical controls
- Set controls to protect information systems such as passwords, access controls for operating systems or application software programs, network protocols, firewalls and intrusion detection systems, encryption technology, network traffic flow regulators, etc.
- Set appropriate technical controls into products for all three stages namely a) data at rest b) data in motion c) data in use.
- Create a culture of integrity
- Recognize the contributions of employees and encourage them to be critical, and divergent thinkers.
Set Document controls
Data must not be recorded in unofficial forms, writing pads, and uncontrolled media. This policy must be stated in the SOPs for good documentation practices.
(see B'B' 211.100, 213 211.160(a), 211.186, 212.20(d), and 212.60(g))
- Lab notebooks, worksheets should be issued by the quality unit.
- System user accounts especially those with data alteration abilities should not be shared
- Limit duplication risks such as duplicate copies of paper records, multiple copies of databases/spreadsheets and so on by maintaining a centralized library
- Audit electronic systems, ensure verifying controls are in place and functioning
- Ensure that archiving processes maintain and protect data loss
- Backup electronic data regularly, maintain as per procedural GMP requirements.
- Draw a single line through the erroneous entry. Record correct entry, initial and date providing reason for the correction. Justify and document any data discarding. B'B' 211.192, 211.194, 212.50(a), and 212.70(f)(1)(vi))
- Perform data entry accurately, truthfully and completely
- Store data, documents and backups securely during their retention periods. Limit access and use fireproof storage as necessary
To understand the best practices with regard to generation, review, and archiving of data, and the evolving requirements for edata, and to have a meaningful grasp into the support systems for data integrity, attend the webinar 'Ten Steps to Data Integrity in Pharmaceutical and Biotech Labs' The instructor Dr. Nanda Subbarao holds a Ph.D. in Bio-organic Chemistry. Her hands-on industrial experience covers stability and laboratory cGMP systems for both biologics and conventional drugs.