Trends changed from Non compliance to RR --> Gap to RR --> Data Integrity --> DIB --> Smart Audit & Smart Data.
RR = Regulatory Requirements
DIB = Data Integrity Breach
Take a serious Note for Data Integrity whether you are small or big organization. Your Data is the Heart of your business. Regulatory bodies are highly conscious about such issues. For beginners in this path, my small note can help you a lot.
4. Some of the Observations
4
Equipment Operator Share password of Admin/Supervisor to change the recipe
parameters for operating equipment.
Person doing calibration of weighing balance without placing actual weight and fill
the record.
Analyst generate the testing record for stability without testing the samples at
defined interval.
Aseptic operation performed using aseptic gowning although gowning sterilization
cycle not executed.
If you do not have documents, You have not done it.
If you have documents, It should not have DIB
10. 10
Metadata
Metadata is the contextual information required to understand data.
A data value is by itself meaningless without additional information about the data.
Metadata is structured information that describes, explains, or otherwise makes it
easier to retrieve, use, or manage data.
For example, the number “23” is meaningless without metadata, such as an
indication of the unit “mg.” Among other things, metadata for a particular piece of
data could include a date/time stamp for when the data were acquired, a user ID of
the person who conducted the test or analysis that generated the data, the
instrument ID used to acquire the data, audit trails, etc.
11. Why Data Integrity is Important ?
11
Undermines the safety and efficacy and/or assurance of quality of the drugs that
consumers will take.
Data integrity problems break trust.
We rely largely on trusting the firm to do the right thing when no one is seeing.
Data Integrity Issues Means Fraudulence
‘Veterinary Social Business Division’.
Hester shall further embark on similar financially sustainable models
through this new division, to serve the backyard and small animal holder
farming in rural India.
12. 12
Paper requirements = Electronic requirements
The requirement for retention and review do not differ
Depending on data format. Paper format and Electronic data format
Are subjected to same requirement
13. 13
Consequences of Data Integrity
BIG LOSS
Loss of Trust
Recalls
Form -483
Warning or Untitled Letter
Import Alert
Injection
Seizure
Application Integrity Policy Invocation
Non Compliance Report
Notice of Concern
Loss of job
Loss of Business
Loss of Money
17. “Firms should implement meaningful and effective strategies
to manage their data integrity risks based upon their process
understanding and knowledge management of technologies
and business models.”
17
www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/default.htm
USFDA : 21 CFR 211 GMP regulations
19. “Data integrity is fundamental in a pharmaceutical quality system which
ensures that medicines are of the required quality. This document provides
MHRA guidance on GMP data integrity expectations for the pharmaceutical
industry. This guidance is intended to complement existing EU GMP, and
should be read in conjunction with national medicines legislation and the
GMP standards published in Eudralex volume 4.“
19
MHRA GMP Data Integrity
Definitions and Guidance for Industry January 2015
20. 20
Data
Raw Data
Metadata
Data integrity
Data Governance
Data lifecycle
Primary Record
Original Record
Computer System Transaction
MHRA Guideline Data Integrity
Audit Trail
Data Review
Computerized System
User Access/Admin role
Data retention
Data Archival
Data Back Up
Relational Database
Validation
21. 21
EU GMP : Eudralex
The rules Governing Medicinal Products in the European Union
Volume 4 : Annexure 11 : Computerized Systems
27. Not recording activities contemporaneously
Backdating
Fabricating data
Copying existing data as new data
Re-running samples
Discarding data
Releasing failing product
Testing into compliance
Not saving electronic or hard copy data
27
What Auditor Look for DI
Data Integrity for SISPQ
Safety
Integrity
Strength
Purity
Quality
28. Attributable — who acquired the data or performed an action and when?
Legible — can you read the data and any laboratory notebook entries?
Contemporaneous — documented at the time of the activity
Original — written printout or observation or a certified copy thereof
Accurate — no errors or editing without documented amendments
Complete — all data including any repeat or reanalysis performed on the
sample
Consistent — all elements of the analysis, such as the sequence of events,
follow on and are dated or time stamped in expected sequence
Enduring — not recorded on the back of envelopes, packets, Post-it notes or
the sleeves of a laboratory coat, but in laboratory note books and / or
electronic media in the CDS or LIMS
Available — for review and audit or inspection over the lifetime of the
record
28
Criteria for Integrity of data
ALCOA + - GDP
29. 29
Barriers to Complete Data
Biggest Barrier : Working Culture
However data integrity and the lack of complete data over the record retention period
compromised in a number of ways such as :
• Human Errors
When data is entered by mistake (an uncorrected fat finger moment)
Stupidity (not being aware of regulatory requirements or poor training) or
Willfully (falsification or fraud with intent to deceive)
• Selection of good or passing results to the exclusion of those that are poor failing
• Unauthorized changes to data made post-acquisition
• Errors that occur when data is transmitted form one computer to another
• Changes to data through software bugs or malware of which the user is not aware
• Hardware malfunctions, such as disk crashes
• Changes in technology where one item is replace when it becomes obsolete or no
longer supported, making old records unreadable or inaccessible
30. 30
Barriers to Complete Data
According to the FDA, the following are possible data integrity problems in the
laboratory that have been observed in the past :
Alteration of raw, original data and records (e.g., the use of correction fluid)
Multiple analyses of assay with the same sample without adequate
justification
Manipulation or a poorly defined analytical procedure and associated data
analysis in order to obtain passing results.
Backdating stability test results to meet the required commitments
Creating acceptable test results without performing the test
Using test results form previous batches to substitute testing for another
batch
Raw Data Manipulation
31. 31
Data Integrity – Rebuilding Trust
Know the Regulations & Intensity of Data Integrity
Perform a GAP Analysis
Determine the scope of the problem / Detect the integrity
Implement a corrective action plan (global) & Prevent the Integrity
Remove Individuals responsible for problems from CGMP positions
Complete a satisfactory inspection
32. 32
Detecting & Preventing Data Integrity Issues
Increase the frequency of review.
Do surprise / spot checks.
Have a procedures & Check list for review mechanism.
Compare hand writing styles / signatures.
Verify attendance / presence of the person.
Verify the traceability & log book entries.
Internal / External audits.
Trend the observations & provide the training
33. 33
Policies Procedures
Define a clear policy / procedure on various activities (e.g. Password policy)
Have clear procedure and controls over the electronic data / software
administration
Cross check Privileges Vs. Job responsibilities
Check the adequacy of the procedures.
34. 34
Strategic Planning
Determine the level of compliance that we are seeking
Identity the weakness and strengths in our computerized systems.
Conduct an inventory of our systems
Determine if the system must comply with part 11
Conduct the assessment using a checklist or spreadsheet
Provide documented Justification if certain system are exempt from Part 11
Implement and execute a remediation plan
Conduct the required follow-up as warranted
35. Quality Culture
Data Integrity issues
occur and are identified
by auditors as a direct
result of poor quality
culture within
organizations.
Quality Culture needs to
be promoted throughout
the whole organization.
35
37. 37
New Approach to Audit
Focus – Potential for fraudulent activity within your quality systems.
Assumptions : Will assume fraudulent activity is taking place if they identity
weaknesses in your quality systems.
“Guilty until proven innocent” approach to auditing! ‘
“Data to good to be true!”
38. 38
New Approach to Audit
Electronic data (Meta data) is preferred choice for regulatory authorities as this is
the original (“official”) data.
Mete data = data about data
Meta data is dynamic and can be queried / searched / trended.
There is a much higher probability of identifying fraudulent activity within an
organization if meta data is reviewed.
Hard copy (Flat data – printed, pdf, photocopy) is no longer considered to be
acceptable by regulatory authorities as this data is not complete and not original
If you state that paper is your raw data in your internal procedures this will alert an
auditor that you are probably not managing and reviewing electronic (meta) data
39. New Approach to Audit
5 key Data Integrity (DI) questions
Is electronic data available
Is electronic data reviewed
Is meta data (audit trails) reviewed regularly
Are there clear segregation of duties.
Has the system been validated for its intended use
The answers to the above questions will determine whether companies are
in compline with 21 CFR part 11 (Electronic records and signatures)
Leave the Original Meta data in the CDS and review / approval
electronically to avoid increased Data Integrity risk (the paperless lab)
39
40. 40
• The auditor will expect a suite of SOP’s to be in place to support Data
Integrity and minimize risk within your company
• Examples of typical SOP’s include
IT policies
System administration (CDS access, roles and privileges)
Data management and storage
Data acquisition and processing
Data review and approval
Data archiving and back-up
Anti-Fraud monitoring
41. IT : Password, Backup, Disaster Recovery, Date & Time
Administration : Levels of Access, No sharing password policy, Password change
frequency, Audit trail
Data Management : Data Archiving, Data Storage, Data protection
Data Processing : Avoidance of Multiple Processing, Save all the changes
Internal & External Data review : Review Checklist & Methodology
Anti Fraud Monitoring : Anti fraud or DI Officers, Anti fraud Audit
41
FDA Inspectors have been trained by Data Integrity and CDS experts!
They have detailed knowledge of your CDS and know
where to find the meta data to identify if fraudulent activity has taken place!
42. SHORT & SWEET LESSION
42
UNDERSTAND
REGULATORY
REQUIREMENT
DO
THE
GAP ANALYSIS
FILL THE GAP
OR
JUSTIFICATION