Data Integrity

Paul Moody, GMP Inspector

GMP Conference

7 February 2017

Dublin

Developments, updates, and deficiencies

Agenda

07/02/2017 2

Data Integrity Regulatory Guidance

Data Governance: What is it?

The Data Lifecycle: Looking for Gaps

Data Integrity: Electronic Systems

Data Integrity: Paper Systems

Data Integrity: Outsourced Activities

Responding to a Data Integrity Failure

Data Integrity Guidance: 2014-2017

• At the GMP Conference 2014…

• Defined data integrity and provided some considerations for the laboratory and production environment along with some deficiencies from the field

• Focus was primarily computerised systems and electronic records

• No real regulatory guidance published at the time

07/02/2017 3

What has happened since 2014?

407/02/2017

2015• MHRA GMP Definitions and Guidance for Industry

2016• FDA Data Integrity and Compliance With CGMP Guidance for Industry (Draft) (2016)

2016

• WHO Technical Report Series 996, Annex 5: Guidance on good data and record management

practices

Aug 2016• EMA GMP Q&A on Data Integrity

Aug 2016

• PIC/S PI 041-1 Draft 2: Good Practices for Data Management and Integrity in Regulated

GMP/GDP Environments

PIC/S PI 041-1 Draft 2: Good Practices for Data Management…

07/02/2017 5

Pharmaceutical Inspection Co-Operation Scheme

The international development, implementation and maintenance of harmonised GMP

standards and quality systems of inspectorates in the field of medicinal products

Provides guidance for inspectorates in the interpretation of GMP/GDP requirements in relation

to data integrity and the conduct of inspections

HPRA are trialling the draft document in the field

Link to the guide is provided at the back of the presentation

What does Data Integrity mean?

607/02/2017

The maintenance, and the assurance of the accuracy and consistency of, data over its

entire lifecycle

The degree to which data are complete, consistent, accurate, trustworthy and reliable and that

these characteristics of the data are maintained throughout the data lifecycle….such that they are

attributable, legible, contemporaneously recorded, original or a true copy and accurate (ALCOA).

The completeness, consistency, and accuracy of data. Complete, consistent, and accurate data

should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate

(ALCOA).

The extent to which all data are complete, consistent and accurate, throughout the data lifecycle

• Can apply to both paper and electronic data/records

Data Integrity Principles: ALCOA

Attribute Requirement

Attributable Identify who performed the task

Legible Must be readable by eye or electronically and retained in a

permanent format

Contemporaneous Record of actions or decisions at the time they take place

Original Data in the same format it was originally generated or ‘verified

copy’ which retains content and meaning.

Accurate Data is true/reflective of the activity or measurement performed

07/02/2017 7

PIC/S Data Integrity Principles: ALCOA+

Attribute Requirement

Attributable Identify who performed the task

Legible Must be readable by eye or electronically and retained in a permanent

format

Contemporaneous Record of actions or decisions as they take place

Original Data in the same format it was originally generated or ‘verified copy’ which

retains content and meaning

Accurate Data is true/reflective of the activity or measurement performed

Complete Information critical to recreating the event

Consistent Good Documentation Practices including capturing changes made

Enduring Record exists for the entire period needed

Available Records can be reviewed at any time during period

07/02/2017 8

Metadata….

• Data that gives you information about other data

07/02/2017 9

kg

Recording a weight

• Require 1 kg

Weight recorded = 1

• Was enough weighed?

• Units (metadata)

Cleaning is required prior to a next batch manufacture

• Record shows:

Cleaning was complete by: A. Person

Next batch was started on 31st January 2017

• Was the cleaning performed before or after the next batch

started?

• Timestamp required (metadata)

Where is Data Integrity in the GMPs?

• It is not a new requirement

07/02/2017 10

Chapter 4 (and 6) Annex 11

Attributable [4.20, c & f], [4.21, c & i],

[4.29, e]

[2], [12.4], [15]

Legible [4.1], [4.2], [4.7], [4.8], [4.9],

[4.10]

[7.1], [9], [10], [17]

Contemporaneous [4.8] [12.4], [14]

Original [4.9], [4.27],

[Paragraph “Record”]

[8.2], [9]

Accurate [4.1], [6.7] [Paragraph “Principles”], [5], [6],

[10], [11]

Data Governance: What is it?

Data Governance?

07/02/2017 12

Sum of total arrangements which provide assurance of data integrity

May be beneficial to provide a summary document which outlines organisations’ total

approach to data governance

Should be essential to the Pharmaceutical Quality System

QRM approach considering data risk and criticality at each stage of the Data Lifecycle

Iterative approach to identification, mitigation, review and communication

Ensures controls over data lifecycle commensurate to QRM

Looking at the Data Governance System

07/02/2017 13

Integrated into Pharmaceutical Quality System

Address data ownership throughout the data lifecycle

Consider the design, operation and monitoring of processes/systems

Control over (un)intentional changes to, and deletion of, information

Data Governance Should Describe And Assess…

07/02/2017 14

• Procedures and instructions for completion and retention of completed paper

data

• Training of employees and documented authorisation for data generation

and approval

• Regular verification of data

• Periodic surveillance of the data governance policy

Organisational

• Computerised System Control

• Automation

Technical

Data Governance System Should…

• Demonstrate management commitment

• Include evidence of communication of expectations to all

personnel

– Empowerment to report failures and opportunities for

improvement

• Demonstrate an understanding of data criticality, risk and

the data lifecycle

• Undergo regular review

07/02/2017 15

Risk Based Approach to Governance

07/02/2017 16

• Effort and resource ~ Product Quality RiskMinimise potential risk to

data integrity

• Data criticality

• Data risk

Not all data have the same

importance to product

quality and patient safety

• What decision does the data influence?

CQAs for batch certification

• What is the impact to product quality or safety?

API assay > tablet dimension

Data criticality

Data Risk Should…

07/02/2017 17

Assess and mitigate the vulnerability to (in)voluntary amendment throughout

the data lifecycle

Include Business Process Focus not just IT system

Process complexity

Process consistency

(human/automation

interfaces)

Subjectivity of

outcome/result e.g.

a number or visual

assessment

Outcome of

comparison

between e-system

and manual records

The Data Lifecycle: Looking for Gaps

What is the Data Lifecycle?

07/02/2017 19

Generation Processing Reporting CheckingDecision

makingStorage

Retiring

Discarding

Assess each stage of the lifecycle

Lifecycle includes both electronic and paper based data

Data Lifecycle Categories May Be…

07/02/2017 20

Organisational

• Production - QA – QC interfaces

Internal

• Contract Giver and Acceptor

• Cloud based applications and storage

External

Data Lifecycle Assessments Should Cover

07/02/2017 21

Quality System Applications

Production Systems and Processes

Analytical Systems and Processes

Inventory Systems and Processes

Data Storage (Archival and Back Up)

Considerations for Data Lifecycle Review

07/02/2017 22

Data Lifecycle crosses both paper and electronic records

Computerised Systems

• Business Process Owner with IT (understand system architecture)

Apply critical thinking skills

• Identifies gaps in data governance

• Challenges procedural and system controls

Segregation of duty between lifecycle stages reduces

opportunity for data alteration without detection

Data Generation and Recording

07/02/2017 23

• On a display – true copy verification?

• Balance printout?How/where is original data

recorded

• To ensure completeness and accuracy of data

• Can the event be reconstructed from the record?

What metadata is associated with

the data

• In the batch record or logbook or form or all threeWhere are the data and metadata

located

• Limited audit trail

• Data integrity risk

• Remove/reduce temporary storage

Is the data in permanent memory

or held in buffer/temp storage at

the time of recording?

Data Generation and Recording

07/02/2017 24

• Includes ability of IT help desk or DBAs

• What about users at sister sites?

• Changes should be procedurally controlled and visible

within quality system

• Can another form be obtained?

Is it possible to

recreate, amend or

delete original data or

metadata?

• Protected from (un)intentional

loss/amendment/substitution

• Paper protected from amendment/substitution

• Electronic interfaces validated?

How is data transferred

to other locations or

systems for processing

or storage

Data Processing to Useable Information

07/02/2017 25

• Approved revision controlled methods?

• If an analytical method is validated why are the integration

controls not locked?

• How do you control manual integration

How is data processed

• Method should be recorded

• Where multiple times

• Each iteration (inc method and result)should be available to

checker for verification

How is data processing

recorded

• Does the user choose what is printed, reported or transferred

for processing?

• Can the activity be performed multiple times as separate

events and desired outcomes only reported?

Does the person processing the

data have the ability to

influence what data is reported

or how it is presented?

Checking Completeness and Accuracy

07/02/2017 26

• Format (electronic or paper)

• Permit interaction with the data (search/query)

• Risk based review e.g. exception reporting

Is original data (format) available

for checking?

• Opportunity for data amendmentIs there any period of time

where data is not audit trailled?

• Inclusive of data from failed or aborted activitiesDoes the data reviewer have

access to all data generated?

• Manages data exclusion

• Undisclosed processing into compliance

Does the reviewer have access

to all processing of data?

When Data Used For A Decision

07/02/2017 27

• When is the pass/fail decision taken?

– If before record is saved to permanent memory it may be

manipulated prior to checks by reviewer

• Some LIMS systems alert of an OOS entry prior to completion of the entry

process (pressing the ‘enter’ key)

• Review and assessment of live chromatographic injections

Data Retrieval

07/02/2017 28

How / where is it stored

What are the measures protecting against loss/unauthorised

amendment

• Measures as per earlier (IT Helpdesk, DBA etc)

Is data backed up in a manner that permits reconstruction of

the activity?

• Validated process

What are ownership/retrieval arrangements, particularly considering

outsourced activities or data storage

• Chapter 7 requirements

Retiring or Disposing of Paper/Electronic Data...

07/02/2017 29

• Regulatory requirements and data

criticality

(validation vs routine batch)

Data

Retention

Period

• Procedurised and approval within

quality system

Data Disposal

Authorisation

Data Integrity: Electronic Systems

Design and Control of Electronic Data

Original data cannot be deleted

Audit trails are retained

Computerised System design should ensure compliance with data integrity

• Evidence from the field suggests this is poorly understood

• In general sub-system approach is taken when qualifying

• Equipment

• Application module

• Historian module

• Reporting module

• Archival/Back up

• Does not consider entire data lifecycle over entire business process in terms of data integrity i.e.

generation to retiring

• Inspection of an electronic system can include tracing data through the data lifecycle

07/02/2017 31

Review of e-data as the Original Record

07/02/2017 32

• e.g. uninvestigated OOS or other data anomalies

Risk of associated paper review

may not include all relevant

records

• Deletion, amendment, duplication, reuse, fabricationEnables detection of data

manipulation

• QRM principles applied

• Scientifically justified

Risk based review is acceptable

when

• Allows focus of review to critical areas

• Depth of review

• Must be appropriately validated

Exception reports

Sample Deficiencies: Data Transfer

The approach taken

to the configuration

and validation of the

Manufacturing

Execution System

(MES) was not

considered to have

the appropriate

built in checks for

the correct and

secure entry and

processing of data

in order to minimise

the risks in that:

Data utilised for batch related GMP decisions was pushed from certain

Instruments to the MES Historian. The Electronic Batch Record selected its data

from MES Historian based on Historian timestamp.

It was noted that in some cases it was possible to re-send ‘old’ tests from an

instrument log to the Historian and these were assigned a Historian timestamp

related to the “resent” date and not the original test execution date

The test result and historian timestamp (not the instrument timestamp) were

displayed to the Electronic Batch Record review screen

The <backup> of <test> results saved on Nov 4th 2015 15:07 (local) were

observed to have been imported to <backup location> at 17:24 (UTC) i.e. two

hours later, despite the stated one minute sweep frequency

07/02/2017 33

Sample Deficiencies: Data Processing

Processed test injections for <lot> were not approved on <CDS> until October

23rd 2015. It was noted that the “bright stock” batch was released by the

laboratory on 23rd July 2015 and the packaged product was certified in August

2015. During the associated analysis on 18th May 2015, system suitability criteria

were met however retention time had drifted during the run and this was not

commented on or investigated

While electronic record review was performed, there was no process to ensure

that all injections performed were reconciled and reviewed. Further to this it was

not clearly defined what personnel were reviewing for

07/02/2017 34

Sample Deficiencies: Data Processing

Unplanned system maintenance was logged in a <shadow system>. This process was

not within the quality system nor was it periodically reviewed. It was noted that the

system was silent with respect to <issues> stated within <some> investigation reports

The company’s use of test injections with respect to system suitability was not clear. In

those cases reviewed it appeared that tests were abbreviated system suitability

assessments and the impact of these on assay invalidation rates, suitability, and

ultimately the validation status of the analytical method and/or qualification of the

instrument was not clear

Invalid assays were not formally assessed or trended within the pharmaceutical quality

system and this was not justified

07/02/2017 35

Sample Deficiencies: Data Processing

There was no

justification

for the test

injections of

samples

including

stability and

samples being

run prior to

system

suitability, e.g.

<Product>, i.e. test injections, Test 1 and Test 2, prior to the running of

<Product> assay for batch numbers <A> and <B>

There was no explanation for why areas changed for test injections,

Test 1 and Test 2, prior to running the sample set

It was noted that when the assay for Test 1 was calculated that this

resulted in an OOS result, whereas the result for Test 2 was within

specification

07/02/2017 36

Sample Deficiencies: User Access Levels

User access levels were not considered to segregate duties appropriately e.g. MES

System Admin had access to all functionality of the MES system

Generic usernames and passwords were utilised to access certain laboratory systems.

These generic accounts could be utilised on other clients and this had not been

assessed by the company. Examples included, but were not limited to, generic

accounts for EBR workstations and certain laboratory instrument workstations

The use of generic accounts can indicate that that everyone has access to certain

data or locations on the network where it may be possible to delete and modify

data in an uncontrolled manne.

07/02/2017 37

Sample Deficiencies User Access Levels

It was observed that superusers and/or administrators of multiple

systems had access to transactions which were not considered justified.

For example, superusers and administrators of the LIMS system had full

access to all transactions, such as, lot disposition or result modification

In relation to Process Manufacturing System, area managers requested

access based on other user profiles and as such there were no

documented defined access levels relating to each role. In addition,

user profiles were not adequately segregated e.g. personnel in financial

roles had been given production level access and this was not justified

07/02/2017 38

Sample Deficiencies User Access Levels

In relation

to the

integrity

controls

for

laboratory

data the

following

was noted:

The administrators audit trail review was performed by

administrators

Administrators had full system access and this was not

justified

User accounts did not adequately restrict personnel from

data e.g. contractor’s personnel vs product data

Audit trails did not adequately detailed the reason for

change e.g. change control or deviation reference number

07/02/2017 39

What is an Administrator?

System Admin, SuperUser, Business Admin, Site Admin, Corporate Admin, Lab

Admin?

Should be defined within the QMS

When setting up access levels consider who should have access to what

• Access levels should be justified…. ask why do I need access to this?

• Segregation of duties – admins should have no interest in the output of the system

• True system administrators, in general, should not have a need to

manipulate/process/approve….. the data generated by the system

07/02/2017 40

Sample Deficiency: Instruments

In

relation

to the

FTIR

system

and

software:

All personnel had Administrator access which enabled the analyst to change

parameter settings and edit spectra

Audit trails were not identified and there was no requirement to review audit

trails on the system

It was possible to copy, delete, and modify FTIR records

There was no requirement to review the raw data on the system when reviewing

and approving laboratory results

Print outs were treated as original records with no requirement to verify these

as true copies

There was no naming convention for samples and results and thus it was not

clear from the directory what were samples or standards or background spectra

07/02/2017 41

Data Integrity: Paper Based Systems

Design and Control of Paper System

07/02/2017 43

• Requirements of Chapter 4

• Records need to maintain ALCOA+ throughout data lifecycle

Good Documentation

Practices

• Unique reference and revision control

• Linked to associated procedure

• Secure electronic signature

Templates or Blank

Forms

• Distribution Date & Sequence Issuing number

• Number and location of copies distributed

• Designed to avoid photocopying

Loose Form

Distribution

• Ensures the risk of inappropriate use and/or falsifying by

ordinary means is reduced to an acceptable levelPurpose of Controls

Deficiencies: Paper Based Systems

Training records for the last visual inspection requalification of <Personnel> on a filling line

indicated that nine operators had undergone visual inspection qualification between

<timeframe> on <date>

The training records also showed that the nine operators underwent classroom training for

visual inspection on the <date>

The electronic batch record for <Batch>, filled on the same filling line on the <date>,

recorded various batch filling activities as being in progress on the line during the time

period

These activities were incompatible with performing the visual inspection requalification

exercises which were documented as having been performed for the same time period

07/02/2017 44

Deficiencies: Paper Based Systems

Integrity of data with respect to the documented checks for volume and

witnessing for <process> manual additions was considered deficient in that:

On two separate occasions (as captured through <some investigations>) personnel had signed to indicate

that they had confirmed a volume check and witnessed manual additions when those activities subsequently

were confirmed to have not taken place

On further investigation it was determined that personnel did not fully understand the expectations and the

significance of such signatures and checks

No action was taken by the company to address these ambiguities related to the checks performed for the

manual additions and no strategy put in place to prevent recurrence

It was further considered that given the recurrence of the issues associated with such additions, there was

significant questions over the validity and acceptability of the controls in place to accept such signatures as

the only confirmation of such manual additions being made

07/02/2017 45

Deficiencies: Paper Based Systems

Training records performed on <date>, were completed on forms where the defect types to be identified

had been pre-populated. Records of the original training were not maintained and training was not

documented contemporaneously

The loose forms for cold-chain management were not adequately controlled in that the system could not

identify when a form was lost

There was no verification check in place for instrument readings where there was no printout available. For

example, Verification of weights for analytical preparations or recording and verification of actual readings

observed during calibration exercises

There was no system in place to ensure that all titrations performed were recorded in the logbook

A number of aborted and failed filter integrity tests were omitted from the instrument logbook. (instrument

logbook did not correlate with the electronic log)

07/02/2017 46

Deficiencies: Paper Based Systems

There was no verification check for to ensure that the UF/DF

pressure reading was correctly transcribed to the batch record.

Initial Normalised Water Permeability (NWP) values were

utilized in the calculation of UF/DF cartridge performance.

There was no verification of the transcription of the initial NWP

values from the installation batch record to the logbook.

07/02/2017 47

Data Integrity: Outsourced Activities

General Supply Chain Considerations

• Cannot verify all raw data and meta dataUnderstand the limitations of

summary records, copies, printouts etc.

• Quality Agreements

• Supplier Audits

• Supplier Review

Incorporate Data Integrity requirements and verification into Supplier Management

program

Look for the requirements and governance in the contract acceptor that you have to in your facility

07/02/2017 49

Assessing Outsourced Activities

07/02/2017 50

Data governance from starting materials through to delivery of medicinal product

Review data submitted in routine reports

e.g. Comparison of COA result with in-house result

Verify adequacy of comparable systems at contract acceptor inclusive of equivalent levels of control

Formal assessment on initial

qualification

Verified periodically at an appropriate

frequency based on risk

Output of Data Governance element of

site audits

Sample Deficiency: Outsourced Activities

Data integrity considerations were not clearly identified within the agreement for the utilisation of cloud based services. For example:

Ownership of data

Retrieval of data should the service provider cease operation

These aspects had not been risk assessed by the company

07/02/2017 51

Responding to a Data Integrity Failure

Data Integrity Issue is Identified….

07/02/2017 53

• Investigation: Detailed protocol and methodology

Assessment of the extent

• Omissions

• Alterations

• Deletions

• Record destruction

• Non-contemporaneous

record completion

• Etc

Determination of the scope

and extent

• What data, products,

processes, batches are

implicated?

• Justification for boundaries

• Description of all parts of

the operations where data

integrity lapses occur

• Consideration for global

corrective actions

Risk assessment on the

potential effects of failures

on the quality of drugs

involved

• Patient

• Ongoing operations

• Any impact on data

submitted to regulatory

agencies

Corrective Actions to ensure data integrity

07/02/2017 54

Interim

• HPRA Notification

• Customer Notification

• Recalling product

• Additional testing

• Placing lots on stability

• Drug application actions

• Enhanced complaint

monitoring

Long Term

• Process

• Methods

• Controls

• Systems

• Management oversight

• Training

HPRA Notification

• Contact: Compliance@hpra.ie

• Develop Remediation Strategy Document including

– CAPA plan describing how company will ensure reliability and completeness of all of the data generated inclusive of global CAPAs (where appropriate)

– Comprehensive root cause including evidence that the scope and depth of CAPA plan is commensurate with the investigation findings and risk assessment.

– If applicable, indication whether the individuals responsible for the lapse remain able to influence GxP related data.

07/02/2017 55

To Summarise

In Summary

07/02/2017 57

Data integrity is not a new requirement (ALCOA+)

Regulatory guidance and expectations are in place and should be referenced

Data governance should be in place

Understand and assess the Data Lifecycle for systems and processes

Data integrity may include both paper and electronic records

Notify HPRA where significant data integrity issue is identified

Appendix: References

Data Integrity Regulatory References

PIC/S PI 041-1 Draft 2 (August 2016)

https://picscheme.org/layout/document.php?id=715

EMA GMP Q&A on data integrity (August 2016)

http://www.ema.europa.eu/ema/index.jsp?curl=pages/regulation/q_and_a/q_and_a_detail_000027.jsp#section18

WHO Technical Report Series 996, Annex 5 (2016) Guidance on good data and record management practices

http://www.who.int/medicines/publications/pharmprep/WHO_TRS_996_annex05.pdf?ua=1

FDA Data Integrity and Compliance With CGMP Guidance for Industry (Draft) (2016)

http://www.fda.gov/downloads/drugs/guidancecomplianceregulatoryinformation/guidances/ucm495891.pdf

MHRA GMP Definitions and Guidance for Industry March 2015

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/412735/Data_integrity_definitions_and_guidance_v2.pdf

07/02/2017 59

Thank you