Posted on Lab Compliance. 8 May, 2018
Data integrity provides assurance that data records are reliable and accurate. Regulations meant to ensure data integrity in pharmaceutical laboratories are found in several parts of 21 CFR governing GxP areas and have been enforced by the FDA for decades. While many of these regulations were initially developed for paper-based processes, 21 CFR Part 11 was published in 1997 to extend data integrity regulations into the modern era with electronic records and electronic signatures.
All of the data integrity principles that were developed for the paper and ink era still apply to electronic systems and data capture. However, there are several trends in the pharmaceutical industry that make data integrity compliance especially challenging for today’s laboratories:
Regulatory agencies worldwide are increasingly focusing their efforts on data integrity in GxP laboratories. This increased focus has led to a number of guidance documents being published recently on data integrity, including:
With the spotlight of global regulatory inspections shining on data integrity in Manufacturing and GMP areas, you need to know what’s new and what the impact is on data integrity in GxP. Astrix Technology Group recently sponsored a webinar conducted by Joseph Franchetti, FDA Regulatory Compliance Specialist, that highlighted the current thinking of regulatory agencies on data integrity. In this blog, we will provide a summary of some of the most important points made by Mr. Franchetti in this webinar for your review.
Data Integrity Regulations
Important GMP regulatory requirements were described in 21 CFR Part 211:
In this last point, “complete data” refers to raw data/observations generated in the course of an analysis, the associated metadata which helps to provide the proper context, and the audit trail when using computerized systems that shows how and why the data has been modified and who it has been modified by.
Recent Guidance Documents on Data Integrity
While companies in the United States typically look to the FDA for guidance on data integrity regulations, it can also be valuable to stay up to date with regulatory guidance published by agencies in other parts of the world, as regulatory agencies worldwide are all moving in the same direction with respect to thinking on data integrity. Towards that end, the Medicines and Heathcare products Regulatory Agency (MHRA) in the United Kingdom published a guidance document in March 2015 entitled GMP Data Integrity Definitions and Guidance for Industry.
This guidance document made a number of helpful suggestions for systems (both electronic and paper-based) designed to ensure data integrity. These systems should include:
This guidance document also defined an acronym ALCOA+ which helps to define important characteristics the principles necessary for data integrity:
Attributable – Data must contain information about who performed an action and when? If a record is changed, who did it and why? This information should be linked to the source data.
Legible – Data must be recorded permanently in a durable medium and be readable.
Contemporaneous – The data should be recorded at the time the work is performed and the date/time stamps should follow in order
Original – Recorded data records should be the original record or a certified true copy.
Accurate – Any data errors or editing of data are recorded with documented amendments.
Complete – Data records should contain all data including repeat or reanalysis performed on the sample (21 CFR 211.194)
Consistent – There should be consistent application of data time stamps in the expected sequence.
Enduring – Data should be recorded in a permanent, maintainable form for the useful life.
Available – Data should be available/accessible for review/audit for the life-time of the record.
This document also sets the expectation that pharmaceutical companies, importers and contract labs will review the effectiveness of their data governance systems to ensure data integrity, and that companies outsourcing activities should verify the adequacy of comparable systems at the contract acceptor.
Two other recent guidance documents that contain valuable information and are worth going through are MHRA’s ‘GXP’ Data Integrity Guidance and Definitions published in March 2018 and the FDA’s Data Integrity and Compliance With cGMP published in April 2016.
Meeting Regulatory Expectations
Data integrity issues happen for a number of reasons. Some of the more common include:
It is important to develop a data integrity strategy to mitigate risks across the full data lifecycle. This strategy should contain the following elements:
Most companies are not proactive with regard to data integrity (predict, prevent, detect) and are thus mostly responding to data integrity violations.
With respect to data governance, the PIC/S 2016 draft guidance document sets the expectation that organizations will design systems that “ensure that data, irrespective of the process, format or technology in which it is generated, recorded, processed, retained, retrieved and used will ensure a complete, consistent and accurate record throughout the data lifecycle.” Pharmaceutical companies should consider the design, operation and monitoring of each of the following processes to comply with the principles of data integrity:
The PIC/S document recommends a risk-based approach to data governance, where “Manufacturers and analytical laboratories should design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale.”
Finally, there are a number steps that are important for organizations to take in order to ensure compliance with data integrity regulations:
Astrix Technology Group is a laboratory informatics consulting, regulatory advisory, and professional services firm focused on serving the scientific community since 1995. Astrix professionals have the skills and expertise necessary to architect, implement, integrate and support best in class solutions for your organization’s laboratory environment.
Our professionals can also help to ensure that your laboratory systems and staff comply with the FDA’s data integrity mandates. We provide experienced professionals knowledgeable about FDA regulations to conduct a thorough data integrity assessment of your laboratory informatics environment to identify data integrity risks. Working with an external consultant that has expertise in data integrity evaluations to audit your laboratory environment is best practice, as an expert with fresh eyes will be able to effectively locate data integrity issues you missed.
Regardless of the regulatory authority, all guidance documents have the same flavor around the foundational terminology and information on technology controls. Compliance with electronic data integrity requires a fairly complex design that not all out-of-the-box systems have in place. All organizations utilizing electronic systems must implement risk-based controls for data integrity, as these controls serve to both prevent and detect data integrity issues.
Data integrity is maintained through processes and procedures, training and vigilance:
If you would like to have Astrix conduct a data integrity assessment in your laboratory, or if you would like to have a free, no-obligations consultation with an Astrix data integrity specialist during your project planning and budgeting phase, please complete the form at the bottom of this page: Astrix Data Integrity Assessment
About the Author
|Dale Curtis Jr. is the President of Astrix Technology Group. For over 18 years, Mr. Curtis has built an impressive track record of leadership and success in delivering high quality technology and laboratory informatics solutions to scientific organizations involved in research, development, quality and manufacturing. He has a proven talent for helping these organizations deploy innovative solutions that provide a step change in business intelligence, turn data into knowledge, increase organizational and operational efficiency, improve quality and facilitate regulatory compliance.|
Copyright (C) 2019