Trends changed from Non compliance to RR --> Gap to RR --> Data Integrity --> DIB --> Smart Audit & Smart Data. RR = Regulatory Requirements DIB = Data Integrity Breach Take a serious Note for Data Integrity whether you are small or big organization. Your Data is the Heart of your business. Regulatory bodies are highly conscious about such issues. For beginners in this path, my small note can help you a lot.

1. Hardik Mistry
Quality Assurance
Date : 21/04/2018
1

2. Most frequently asked question by
GMP Auditors ?
2
Do you have Data Integrity policy
at your organization?

3. CONTAINER CLOSURE
INTEGRITY
3
FILTER INTEGRITY
DATA INTEGRITY

4. Some of the Observations
4
 Equipment Operator Share password of Admin/Supervisor to change the recipe
parameters for operating equipment.
 Person doing calibration of weighing balance without placing actual weight and fill
the record.
 Analyst generate the testing record for stability without testing the samples at
defined interval.
 Aseptic operation performed using aseptic gowning although gowning sterilization
cycle not executed.
If you do not have documents, You have not done it.
If you have documents, It should not have DIB

5. 5

6. Do Your Data have Data integrity ?
6
Answer : Yes

7. 7
What is Data ?
Information derived or obtained from raw data
recorded in any media like Paper, electronic file,
Floppy etc….
Information

8. 8
What is Data Integrity ?

9. 9
What is Metadata ?
Data about Data

10. 10
Metadata
 Metadata is the contextual information required to understand data.
 A data value is by itself meaningless without additional information about the data.
 Metadata is structured information that describes, explains, or otherwise makes it
easier to retrieve, use, or manage data.
 For example, the number “23” is meaningless without metadata, such as an
indication of the unit “mg.” Among other things, metadata for a particular piece of
data could include a date/time stamp for when the data were acquired, a user ID of
the person who conducted the test or analysis that generated the data, the
instrument ID used to acquire the data, audit trails, etc.

11. Why Data Integrity is Important ?
11
 Undermines the safety and efficacy and/or assurance of quality of the drugs that
consumers will take.
 Data integrity problems break trust.
 We rely largely on trusting the firm to do the right thing when no one is seeing.
Data Integrity Issues Means Fraudulence
‘Veterinary Social Business Division’.
Hester shall further embark on similar financially sustainable models
through this new division, to serve the backyard and small animal holder
farming in rural India.

12. 12
Paper requirements = Electronic requirements
The requirement for retention and review do not differ
Depending on data format. Paper format and Electronic data format
Are subjected to same requirement

13. 13
Consequences of Data Integrity
BIG LOSS
 Loss of Trust
 Recalls
 Form -483
 Warning or Untitled Letter
 Import Alert
 Injection
 Seizure
 Application Integrity Policy Invocation
 Non Compliance Report
 Notice of Concern
 Loss of job
 Loss of Business
 Loss of Money

14. Regulatory Requirements
14

15. @Hester
15

16. 16

17.  “Firms should implement meaningful and effective strategies
to manage their data integrity risks based upon their process
understanding and knowledge management of technologies
and business models.”
17
www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/default.htm
USFDA : 21 CFR 211 GMP regulations

18. 18
USFDA : 21 CFR part 11 Subpart B

19. “Data integrity is fundamental in a pharmaceutical quality system which
ensures that medicines are of the required quality. This document provides
MHRA guidance on GMP data integrity expectations for the pharmaceutical
industry. This guidance is intended to complement existing EU GMP, and
should be read in conjunction with national medicines legislation and the
GMP standards published in Eudralex volume 4.“
19
MHRA GMP Data Integrity
Definitions and Guidance for Industry January 2015

20. 20
 Data
 Raw Data
 Metadata
 Data integrity
 Data Governance
 Data lifecycle
 Primary Record
 Original Record
 Computer System Transaction
MHRA Guideline Data Integrity
 Audit Trail
 Data Review
 Computerized System
 User Access/Admin role
 Data retention
 Data Archival
 Data Back Up
 Relational Database
 Validation

21. 21
EU GMP : Eudralex
The rules Governing Medicinal Products in the European Union
Volume 4 : Annexure 11 : Computerized Systems

22. 22
Health Canada February 2017 : Good Manufacturing Practices

23. 23
Regulatory Warning Letters &
Observations

24. 24

25. 25

26. 26
WHO : NOTICE OF CONCERN

27.  Not recording activities contemporaneously
 Backdating
 Fabricating data
 Copying existing data as new data
 Re-running samples
 Discarding data
 Releasing failing product
 Testing into compliance
 Not saving electronic or hard copy data
27
What Auditor Look for DI
Data Integrity for SISPQ
Safety
Integrity
Strength
Purity
Quality

28.  Attributable — who acquired the data or performed an action and when?
 Legible — can you read the data and any laboratory notebook entries?
 Contemporaneous — documented at the time of the activity
 Original — written printout or observation or a certified copy thereof
 Accurate — no errors or editing without documented amendments
 Complete — all data including any repeat or reanalysis performed on the
sample
 Consistent — all elements of the analysis, such as the sequence of events,
follow on and are dated or time stamped in expected sequence
 Enduring — not recorded on the back of envelopes, packets, Post-it notes or
the sleeves of a laboratory coat, but in laboratory note books and / or
electronic media in the CDS or LIMS
 Available — for review and audit or inspection over the lifetime of the
record
28
Criteria for Integrity of data
ALCOA + - GDP

29. 29
Barriers to Complete Data
Biggest Barrier : Working Culture
However data integrity and the lack of complete data over the record retention period
compromised in a number of ways such as :
• Human Errors
 When data is entered by mistake (an uncorrected fat finger moment)
 Stupidity (not being aware of regulatory requirements or poor training) or
 Willfully (falsification or fraud with intent to deceive)
• Selection of good or passing results to the exclusion of those that are poor failing
• Unauthorized changes to data made post-acquisition
• Errors that occur when data is transmitted form one computer to another
• Changes to data through software bugs or malware of which the user is not aware
• Hardware malfunctions, such as disk crashes
• Changes in technology where one item is replace when it becomes obsolete or no
longer supported, making old records unreadable or inaccessible

30. 30
Barriers to Complete Data
According to the FDA, the following are possible data integrity problems in the
laboratory that have been observed in the past :
 Alteration of raw, original data and records (e.g., the use of correction fluid)
 Multiple analyses of assay with the same sample without adequate
justification
 Manipulation or a poorly defined analytical procedure and associated data
analysis in order to obtain passing results.
 Backdating stability test results to meet the required commitments
 Creating acceptable test results without performing the test
 Using test results form previous batches to substitute testing for another
batch
Raw Data Manipulation

31. 31
Data Integrity – Rebuilding Trust
 Know the Regulations & Intensity of Data Integrity
 Perform a GAP Analysis
 Determine the scope of the problem / Detect the integrity
 Implement a corrective action plan (global) & Prevent the Integrity
 Remove Individuals responsible for problems from CGMP positions
 Complete a satisfactory inspection

32. 32
Detecting & Preventing Data Integrity Issues
 Increase the frequency of review.
 Do surprise / spot checks.
 Have a procedures & Check list for review mechanism.
 Compare hand writing styles / signatures.
 Verify attendance / presence of the person.
 Verify the traceability & log book entries.
 Internal / External audits.
 Trend the observations & provide the training

33. 33
Policies Procedures
 Define a clear policy / procedure on various activities (e.g. Password policy)
 Have clear procedure and controls over the electronic data / software
administration
 Cross check Privileges Vs. Job responsibilities
 Check the adequacy of the procedures.

34. 34
Strategic Planning
 Determine the level of compliance that we are seeking
 Identity the weakness and strengths in our computerized systems.
 Conduct an inventory of our systems
 Determine if the system must comply with part 11
 Conduct the assessment using a checklist or spreadsheet
 Provide documented Justification if certain system are exempt from Part 11
 Implement and execute a remediation plan
 Conduct the required follow-up as warranted

35. Quality Culture
 Data Integrity issues
occur and are identified
by auditors as a direct
result of poor quality
culture within
organizations.
 Quality Culture needs to
be promoted throughout
the whole organization.
35

36. 36

37. 37
New Approach to Audit
 Focus – Potential for fraudulent activity within your quality systems.
 Assumptions : Will assume fraudulent activity is taking place if they identity
weaknesses in your quality systems.
 “Guilty until proven innocent” approach to auditing! ‘
 “Data to good to be true!”

38. 38
New Approach to Audit
 Electronic data (Meta data) is preferred choice for regulatory authorities as this is
the original (“official”) data.
 Mete data = data about data
 Meta data is dynamic and can be queried / searched / trended.
 There is a much higher probability of identifying fraudulent activity within an
organization if meta data is reviewed.
 Hard copy (Flat data – printed, pdf, photocopy) is no longer considered to be
acceptable by regulatory authorities as this data is not complete and not original
 If you state that paper is your raw data in your internal procedures this will alert an
auditor that you are probably not managing and reviewing electronic (meta) data

39. New Approach to Audit
 5 key Data Integrity (DI) questions
 Is electronic data available
 Is electronic data reviewed
 Is meta data (audit trails) reviewed regularly
 Are there clear segregation of duties.
 Has the system been validated for its intended use
 The answers to the above questions will determine whether companies are
in compline with 21 CFR part 11 (Electronic records and signatures)
 Leave the Original Meta data in the CDS and review / approval
electronically to avoid increased Data Integrity risk (the paperless lab)
39

40. 40
• The auditor will expect a suite of SOP’s to be in place to support Data
Integrity and minimize risk within your company
• Examples of typical SOP’s include
 IT policies
 System administration (CDS access, roles and privileges)
 Data management and storage
 Data acquisition and processing
 Data review and approval
 Data archiving and back-up
 Anti-Fraud monitoring

41.  IT : Password, Backup, Disaster Recovery, Date & Time
 Administration : Levels of Access, No sharing password policy, Password change
frequency, Audit trail
 Data Management : Data Archiving, Data Storage, Data protection
 Data Processing : Avoidance of Multiple Processing, Save all the changes
 Internal & External Data review : Review Checklist & Methodology
 Anti Fraud Monitoring : Anti fraud or DI Officers, Anti fraud Audit
41
FDA Inspectors have been trained by Data Integrity and CDS experts!
They have detailed knowledge of your CDS and know
where to find the meta data to identify if fraudulent activity has taken place!

42. SHORT & SWEET LESSION
42
UNDERSTAND
REGULATORY
REQUIREMENT
DO
THE
GAP ANALYSIS
FILL THE GAP
OR
JUSTIFICATION

43. 43