The technical elements that insure data integrity are not difficult – the harder part is ensuring the company culture is set up to support them. Data integrity failures have led to companies losing their manufacturing licenses, consent decrees, warning letters, import alerts, invocation of the application integrity policy, bad publicity when issues become newsworthy, and more. Integrated software solutions for a variety of industries. Checking personnel qualification - what evidence exists of their ability to perform the task correctly? When lack of integrity is evident beneath the surface of conversations, it is a sign of imminent disaster. No definitions of integrity will be emphasized in these reasons that you can find valuable and painting. To ensure the integrity of the data they generate, review and approve, they must have the appropriate knowledge and skills to operate in a GMP environment and live up to the data integrity expectations, including: Company code of conduct, ethics & fraud policies – which should define a ZERO tolerance policy for compliance fraud, Deviations, investigations and root cause analysis, Data integrity, including the Barr Decision, OOS and data integrity guidance documents, Task training, includes background (scientific theory, where the task fits in the process) and rationale for the task, and an assessment of competence. Quality agreements (with suppliers, contract labs or contract manufacturing organizations) should be in place and should: Define communication process for issues, problems and/or changes, Define responsibilities and authorities for reviews, changes and oversight of activities, Specify the product owner’s authority to audit the supplier’s operation – to verify that the training, procedural and equipment/system controls listed above are in place at the supplier’s site. Using the US FDA as evidence, searching warning letters for the phrase “. We are growing fast and look for people to join the team. Noncompliance to FDA Quality Standards: What's the Risk to Executives? ), Resource areas and tasks appropriately, or be realistic about expectations. Process Validation: What You Need to Know, Avoiding a Time Traveler’s Mindset With Effectiveness Checks, Leveraging GAMP Compliance for Risk-Based Computer Validation, Quality Agreements With Contract Manufacturing Organizations (CMOs), Using Connected Quality to Track Down Problems, An Expert Explains Data Integrity and Organizational Excellence – Part Two, 2018’s Top Clinical Pharma/Bio Trends to Date, Australia Offers Wave of Potential for Pharma, Medical Device Manufacturers, Biosimilars: A Safe and Effective Option for Patients. The report concludes with a summary of This political weed is a harvest killer. Worse, I ask my webinar attendees to gauge their level of confidence in the integrity of their data and data handling practices – and the most common response is that people are only somewhat confident in their company’s practices. Lack of integrity. 996, 2016, http://www.who.int/medicines/publications/pharmprep/WHO_TRS_996_annex05.pdf, Eudralex Volume 4, Part 1, Chapter 6 “Quality Control”. Evaluating at least the elements presented in these 5 major areas in the process will help identify where any potential data integrity issues may exist, as well as providing ideas for improvements: People – our analysts, operators and management staff – are the most critical element in our processes. Assess procedures against requirements and expectations provided in relevant regulations and guidance documents (See Figure 1), and fill in any gaps that are identified in these assessments. duplicate copies of paper records, multiple copies of databases/spreadsheets, etc.) Preventing Data Integrity Issues. Integrity in the workplace means honor, trust and honesty by definition where examples reveal importance. Regular data integrity audits should be performed and identify potential issues or questionable practices by: Looking for anything questionable in data & records, and where data is generated (in recycle/trash bins, in drawers in the lab, around equipment, etc. that at least the following security controls are in place: Appropriate levels of security & user roles are defined and have been verified to function as expected, Audit/crosscheck accounts, permissions & credentials, Set password controls (expiration dates, lockouts after a set number of failed attempts, secure reset processes, etc. Accurately define the validated process, as it should be performed, in clear, unambiguous language, Are executed correctly and consistently by all personnel performing the task/process, each time it’s executed. Given how critical integrity is to a business, developing it among employees should be a priority. The integrity and trustworthiness of the data provides a baseline for the regulators opinion of the personnel and the company as a whole. Expectations have been communicated from the regulatory agencies in a variety of forms, including regulations and guidance documents from the US FDA, MHRA, EMA, PIC/S and WHO. Verify that the elements that ensure accuracy and control of equipment and systems are in place and functioning, including: Alignment with GAMP 5, GAMP Good Practice Guides and/or USP expectations, as appropriate, Validating/qualifying equipment, test methods, computer processes & data calculation/information transfer mechanisms to ensure accuracy and correct performance prior to use, Testing OS updates for impact to existing systems prior to use, Limiting access to download software/applications from the internet and access to competing browsers for web-based applications. (See Figure 1) And yet, with all this guidance available, problems are still found in many companies during regulatory inspections. Document control practices should include: Issuing, tracking & reconciling worksheets, lab notebooks and obsolete procedures, Ensuring system user accounts – especially those with data alteration abilities – are not shared, Limiting the risks of duplication (i.e. Learn about the variety of partnerships available in our network. Be proactive about detecting potential data integrity issues – this is one way to develop and uphold the cultural elements supporting data integrity in the organization. Archiving practices should maintain and protect data from loss – including ensuring that: Backups for electronic data exist, are performed regularly, and are maintained per procedural/GMP requirements, and do not overwrite pre-existing data during its retention period, Documents, data and backups are stored securely during their retention periods – including limiting access, and using fireproof or offsite storage as warranted. by maintaining a centralized repository, Auditing electronic systems, including verifying controls are in place and working. Top 5 Pharmaceutical Trends to Keep on the Radar in 2018, Three Common Reasons Biologics Companies Receive FDA Form 483 Notices, The “New Normal” for FDA Enforcement of the Food Industry: What You Need to Know and How to Prepare, The Platform Advantage: Keys to Keeping Up With Pharma’s Top 4 Trends, 5 Helpful Quality Event Management Tips From a CAPA Pro, 4 Steps to Integrate Technology Into Your Pharma Supply Chain, Process Verification vs. Integrity is the foundation on which colleagues build relationships, trust, and effective interpersonal relationships. In reviewing FDA warning letters and 483s for a laboratory data integrity and OOS handling course, I compiled a summary of common inspection observations, which seemed to align into two categories: Data collection (including data capture, interpretation and review) and data maintenance/archiving. Common data maintenance and archiving citings included: Access and control issues, including password/access sharing, and individuals having the ability to edit/delete methods/data, Failing to protect data from loss, including failing to retain raw data, altering or electronically writing over failing data, incomplete records of data acquired/generated, not performing backups or allowing backups to write over earlier data, Issues with hybrid systems and the processes for management/maintenance of both paper and electronic records, Audit trails do not exist or have been disabled. Implementing adequate controls and systems to prevent manipulation of laboratory data is at the foundation of fulfilling this critical responsibility.”, “These serious CGMP deficiencies demonstrate that your quality system does not adequately ensure the accuracy and integrity of the data generated…to support the safety, effectiveness, and quality of the APIs and drug products you manufacture.”. what factors may influence business decisions to implement business integrity measures, including decisions requiring board-level consideration and approval. 21 CFR 11: Electronic Records & Signatures, https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11, 21 CFR 211.68: Automatic, Mechanical & Electronic Equipment, http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/cfrsearch.cfm?fr=211.68, https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfCFR/CFRSearch.cfm?CFRPart=211&showFR=1&subpartNode=21:4.0.1.1.11.10, http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?fr=, Guidance for Industry “Investigating Out-of-Specification (OOS) Test Results for Pharmaceutical Production”, http://www.fda.gov/downloads/Drugs/Guidances/ucm070287.pdf, Guidance for Industry “Contract Manufacturing Arrangements for Drugs: Quality Agreements” (draft). Data integrity is critically important to regulators for a variety of reasons, including patient safety, process and product quality. ://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM353925. ), Limit access to change/edit/delete data or operational parameters to only authorized roles/security levels. A Summary of Common Inspection Observations. In the case of data integrity, preventing these issues is a worthwhile investment in the company, because recovering from them, when discovered, is far worse than the costs associated with prevention. But the same holds true for any other area that generates or controls data – including IT, R&D, manufacturing – any data integrity failures from these areas can also impact patient safety, product and process quality effects.