Data Integrity

Data integrity is one of the most talked in the pharmaceutical industries in the recent past as regulators have issued  multiple FDA Warning Letters and EU GMP Noncompliance Reports about the failures of  integrity of key electronic records.

Good practices like documentation, record keeping and data integrity are the  essential components  of the quality system in a GMP environment to protect and ensure the quality of the product and hence  safety of the patient.

FDA has focused intensely on  data integrity issues since 2010 and issued  many warning letters to pharmaceutical companies  related to poor electronic data integrity. The warning letters issued  to drug manufacturers related to data integrity were 2 in 2010, 8 in 2013, 12 in 2014, 13 in 2015, 16 in 2016 etc and is increasing continuously.


The deficiencies found in recent cases of electronic data integrity are


1. Disabling of software audit trail functions

2. Inadequate user privileges to users in computerized systems

3. Enabling of  delete function to users

4. Sharing of user login IDs and passwords

5. Lacking procedures of electronic data backup and archives.

6. Unauthorized changes to data

7. Unauthorized access to computer systems

Data integrity refers to the accuracy, completeness and consistency of GxP data over its entire life cycle.


The steps involved  in data integrity starts from 


1. Data generation  and recording - sop's for collecting data, meta data, set parameters etc.

2. Transform  - controls the correct data, prevention of false data

3. Collate - verification of electronic data by chemist, verification of validated spreadsheet calculations

4. Review and report - verification by second person, verification of audit trail

5. Archive - electronic data, archival path and instant retrieval


21 CFR Part 11 Regulations

First publication on cGMP requirements are introduced by Regulatory authorities in 1963 as the Code of Federal Regulations (CFR) Part 211.2(b)  This provides guidance on the importance of backups and good documentation practices like   master formulas, specifications, test records, master production records and batch production records.

In 2018, FDA has published guidelines on data integrity.

21 CFR rules provides guidance on management of electronic records in pharmaceutical industries. 21 CFR Part 11 compliance however discusses on  managing electronic data as well as electronic signatures.

21 CFR Part 11 regulation is important as huge  electronic data is generated in the manufacturing and analytical laboratories.

21 CFR Part 11 compliance ensures that the electronic data generated are accurate, valid, reliable, confidential and is equivalent to paper documents.

One of the most importance of data integrity and security is that the electronic data generated must be accurate and consistent and will be maintained throughout its life-cycle.


In order to meet the integrity, the data must have 5 qualities based on ALCOA principle


1. Attributes - Who and When the data is generated

2. Legible - Readable and Durable data

3. Contemporary - Online data generation

4. Original - True form of the data

5. Accurate - Complete, Error free


21 CFR Part 11 Requirements related to  computer usages  are


1. Retention of electronic records securely and easy retrievals.

2. Use of secure electronic signatures

3. Use of validated computerized systems

4. Limited authorized access to systems and records

5. Time stamped audit trails

6. Use of device / operation checks

7. Training and qualification of users


The advanced data integrity features are


1. Documentation of instrument configuration and software

2. Automated instrument qualification

3. Secure metadata and ensure data integrity

4. Enhanced audit trail functions

5. Compliance control for unattended operations


Implementation of 21 CFR Part 11 


Form a team comprising  members of  IT department, QA personnel and Laboratory staff

Create awareness for 21 CFR Part 11 among the users the accountability of electronic signatures

Make  a master plan and SOP for risk assessment

Determine the risk category for each system as low, medium or high.

Define a priority schedule to bring all computer systems into Part 11 compliance

Prepare  a procedure on  Part 11 controls and requirements for each system in the laboratory

Develop an implementation plan to bring systems  into Part 11 compliance

Develop procedures for limited system access to authorized people which includes a password policy

Prepare procedures for implementation of  audit trails, data integrity, archiving plan 




Comments

Popular posts from this blog

Analytical Quality by Design (AQbD)

Elemental Impurities

Polymorph in Drugs