Data Integrity - etouches · Data Integrity Guidance: 2014-2017 • At the GMP Conference 2014…...
Transcript of Data Integrity - etouches · Data Integrity Guidance: 2014-2017 • At the GMP Conference 2014…...
Data Integrity
Paul Moody, GMP Inspector
GMP Conference
7 February 2017
Dublin
Developments, updates, and deficiencies
Agenda
07/02/2017 2
Data Integrity Regulatory Guidance
Data Governance: What is it?
The Data Lifecycle: Looking for Gaps
Data Integrity: Electronic Systems
Data Integrity: Paper Systems
Data Integrity: Outsourced Activities
Responding to a Data Integrity Failure
Data Integrity Guidance: 2014-2017
• At the GMP Conference 2014…
• Defined data integrity and provided some considerations for the laboratory and production environment along with some deficiencies from the field
• Focus was primarily computerised systems and electronic records
• No real regulatory guidance published at the time
07/02/2017 3
What has happened since 2014?
407/02/2017
2015• MHRA GMP Definitions and Guidance for Industry
2016• FDA Data Integrity and Compliance With CGMP Guidance for Industry (Draft) (2016)
2016
• WHO Technical Report Series 996, Annex 5: Guidance on good data and record management
practices
Aug 2016• EMA GMP Q&A on Data Integrity
Aug 2016
• PIC/S PI 041-1 Draft 2: Good Practices for Data Management and Integrity in Regulated
GMP/GDP Environments
PIC/S PI 041-1 Draft 2: Good Practices for Data Management…
07/02/2017 5
Pharmaceutical Inspection Co-Operation Scheme
The international development, implementation and maintenance of harmonised GMP
standards and quality systems of inspectorates in the field of medicinal products
Provides guidance for inspectorates in the interpretation of GMP/GDP requirements in relation
to data integrity and the conduct of inspections
HPRA are trialling the draft document in the field
Link to the guide is provided at the back of the presentation
What does Data Integrity mean?
607/02/2017
The maintenance, and the assurance of the accuracy and consistency of, data over its
entire lifecycle
The degree to which data are complete, consistent, accurate, trustworthy and reliable and that
these characteristics of the data are maintained throughout the data lifecycle….such that they are
attributable, legible, contemporaneously recorded, original or a true copy and accurate (ALCOA).
The completeness, consistency, and accuracy of data. Complete, consistent, and accurate data
should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate
(ALCOA).
The extent to which all data are complete, consistent and accurate, throughout the data lifecycle
• Can apply to both paper and electronic data/records
Data Integrity Principles: ALCOA
Attribute Requirement
Attributable Identify who performed the task
Legible Must be readable by eye or electronically and retained in a
permanent format
Contemporaneous Record of actions or decisions at the time they take place
Original Data in the same format it was originally generated or ‘verified
copy’ which retains content and meaning.
Accurate Data is true/reflective of the activity or measurement performed
07/02/2017 7
PIC/S Data Integrity Principles: ALCOA+
Attribute Requirement
Attributable Identify who performed the task
Legible Must be readable by eye or electronically and retained in a permanent
format
Contemporaneous Record of actions or decisions as they take place
Original Data in the same format it was originally generated or ‘verified copy’ which
retains content and meaning
Accurate Data is true/reflective of the activity or measurement performed
Complete Information critical to recreating the event
Consistent Good Documentation Practices including capturing changes made
Enduring Record exists for the entire period needed
Available Records can be reviewed at any time during period
07/02/2017 8
Metadata….
• Data that gives you information about other data
07/02/2017 9
kg
Recording a weight
• Require 1 kg
Weight recorded = 1
• Was enough weighed?
• Units (metadata)
Cleaning is required prior to a next batch manufacture
• Record shows:
Cleaning was complete by: A. Person
Next batch was started on 31st January 2017
• Was the cleaning performed before or after the next batch
started?
• Timestamp required (metadata)
Where is Data Integrity in the GMPs?
• It is not a new requirement
07/02/2017 10
Chapter 4 (and 6) Annex 11
Attributable [4.20, c & f], [4.21, c & i],
[4.29, e]
[2], [12.4], [15]
Legible [4.1], [4.2], [4.7], [4.8], [4.9],
[4.10]
[7.1], [9], [10], [17]
Contemporaneous [4.8] [12.4], [14]
Original [4.9], [4.27],
[Paragraph “Record”]
[8.2], [9]
Accurate [4.1], [6.7] [Paragraph “Principles”], [5], [6],
[10], [11]
Data Governance: What is it?
Data Governance?
07/02/2017 12
Sum of total arrangements which provide assurance of data integrity
May be beneficial to provide a summary document which outlines organisations’ total
approach to data governance
Should be essential to the Pharmaceutical Quality System
QRM approach considering data risk and criticality at each stage of the Data Lifecycle
Iterative approach to identification, mitigation, review and communication
Ensures controls over data lifecycle commensurate to QRM
Looking at the Data Governance System
07/02/2017 13
Integrated into Pharmaceutical Quality System
Address data ownership throughout the data lifecycle
Consider the design, operation and monitoring of processes/systems
Control over (un)intentional changes to, and deletion of, information
Data Governance Should Describe And Assess…
07/02/2017 14
• Procedures and instructions for completion and retention of completed paper
data
• Training of employees and documented authorisation for data generation
and approval
• Regular verification of data
• Periodic surveillance of the data governance policy
Organisational
• Computerised System Control
• Automation
Technical
Data Governance System Should…
• Demonstrate management commitment
• Include evidence of communication of expectations to all
personnel
– Empowerment to report failures and opportunities for
improvement
• Demonstrate an understanding of data criticality, risk and
the data lifecycle
• Undergo regular review
07/02/2017 15
Risk Based Approach to Governance
07/02/2017 16
• Effort and resource ~ Product Quality RiskMinimise potential risk to
data integrity
• Data criticality
• Data risk
Not all data have the same
importance to product
quality and patient safety
• What decision does the data influence?
CQAs for batch certification
• What is the impact to product quality or safety?
API assay > tablet dimension
Data criticality
Data Risk Should…
07/02/2017 17
Assess and mitigate the vulnerability to (in)voluntary amendment throughout
the data lifecycle
Include Business Process Focus not just IT system
Process complexity
Process consistency
(human/automation
interfaces)
Subjectivity of
outcome/result e.g.
a number or visual
assessment
Outcome of
comparison
between e-system
and manual records
The Data Lifecycle: Looking for Gaps
What is the Data Lifecycle?
07/02/2017 19
Generation Processing Reporting CheckingDecision
makingStorage
Retiring
Discarding
Assess each stage of the lifecycle
Lifecycle includes both electronic and paper based data
Data Lifecycle Categories May Be…
07/02/2017 20
Organisational
• Production - QA – QC interfaces
Internal
• Contract Giver and Acceptor
• Cloud based applications and storage
External
Data Lifecycle Assessments Should Cover
07/02/2017 21
Quality System Applications
Production Systems and Processes
Analytical Systems and Processes
Inventory Systems and Processes
Data Storage (Archival and Back Up)
Considerations for Data Lifecycle Review
07/02/2017 22
Data Lifecycle crosses both paper and electronic records
Computerised Systems
• Business Process Owner with IT (understand system architecture)
Apply critical thinking skills
• Identifies gaps in data governance
• Challenges procedural and system controls
Segregation of duty between lifecycle stages reduces
opportunity for data alteration without detection
Data Generation and Recording
07/02/2017 23
• On a display – true copy verification?
• Balance printout?How/where is original data
recorded
• To ensure completeness and accuracy of data
• Can the event be reconstructed from the record?
What metadata is associated with
the data
• In the batch record or logbook or form or all threeWhere are the data and metadata
located
• Limited audit trail
• Data integrity risk
• Remove/reduce temporary storage
Is the data in permanent memory
or held in buffer/temp storage at
the time of recording?
Data Generation and Recording
07/02/2017 24
• Includes ability of IT help desk or DBAs
• What about users at sister sites?
• Changes should be procedurally controlled and visible
within quality system
• Can another form be obtained?
Is it possible to
recreate, amend or
delete original data or
metadata?
• Protected from (un)intentional
loss/amendment/substitution
• Paper protected from amendment/substitution
• Electronic interfaces validated?
How is data transferred
to other locations or
systems for processing
or storage
Data Processing to Useable Information
07/02/2017 25
• Approved revision controlled methods?
• If an analytical method is validated why are the integration
controls not locked?
• How do you control manual integration
How is data processed
• Method should be recorded
• Where multiple times
• Each iteration (inc method and result)should be available to
checker for verification
How is data processing
recorded
• Does the user choose what is printed, reported or transferred
for processing?
• Can the activity be performed multiple times as separate
events and desired outcomes only reported?
Does the person processing the
data have the ability to
influence what data is reported
or how it is presented?
Checking Completeness and Accuracy
07/02/2017 26
• Format (electronic or paper)
• Permit interaction with the data (search/query)
• Risk based review e.g. exception reporting
Is original data (format) available
for checking?
• Opportunity for data amendmentIs there any period of time
where data is not audit trailled?
• Inclusive of data from failed or aborted activitiesDoes the data reviewer have
access to all data generated?
• Manages data exclusion
• Undisclosed processing into compliance
Does the reviewer have access
to all processing of data?
When Data Used For A Decision
07/02/2017 27
• When is the pass/fail decision taken?
– If before record is saved to permanent memory it may be
manipulated prior to checks by reviewer
• Some LIMS systems alert of an OOS entry prior to completion of the entry
process (pressing the ‘enter’ key)
• Review and assessment of live chromatographic injections
Data Retrieval
07/02/2017 28
How / where is it stored
What are the measures protecting against loss/unauthorised
amendment
• Measures as per earlier (IT Helpdesk, DBA etc)
Is data backed up in a manner that permits reconstruction of
the activity?
• Validated process
What are ownership/retrieval arrangements, particularly considering
outsourced activities or data storage
• Chapter 7 requirements
Retiring or Disposing of Paper/Electronic Data...
07/02/2017 29
• Regulatory requirements and data
criticality
(validation vs routine batch)
Data
Retention
Period
• Procedurised and approval within
quality system
Data Disposal
Authorisation
Data Integrity: Electronic Systems
Design and Control of Electronic Data
Original data cannot be deleted
Audit trails are retained
Computerised System design should ensure compliance with data integrity
• Evidence from the field suggests this is poorly understood
• In general sub-system approach is taken when qualifying
• Equipment
• Application module
• Historian module
• Reporting module
• Archival/Back up
• Does not consider entire data lifecycle over entire business process in terms of data integrity i.e.
generation to retiring
• Inspection of an electronic system can include tracing data through the data lifecycle
07/02/2017 31
Review of e-data as the Original Record
07/02/2017 32
• e.g. uninvestigated OOS or other data anomalies
Risk of associated paper review
may not include all relevant
records
• Deletion, amendment, duplication, reuse, fabricationEnables detection of data
manipulation
• QRM principles applied
• Scientifically justified
Risk based review is acceptable
when
• Allows focus of review to critical areas
• Depth of review
• Must be appropriately validated
Exception reports
Sample Deficiencies: Data Transfer
The approach taken
to the configuration
and validation of the
Manufacturing
Execution System
(MES) was not
considered to have
the appropriate
built in checks for
the correct and
secure entry and
processing of data
in order to minimise
the risks in that:
Data utilised for batch related GMP decisions was pushed from certain
Instruments to the MES Historian. The Electronic Batch Record selected its data
from MES Historian based on Historian timestamp.
It was noted that in some cases it was possible to re-send ‘old’ tests from an
instrument log to the Historian and these were assigned a Historian timestamp
related to the “resent” date and not the original test execution date
The test result and historian timestamp (not the instrument timestamp) were
displayed to the Electronic Batch Record review screen
The <backup> of <test> results saved on Nov 4th 2015 15:07 (local) were
observed to have been imported to <backup location> at 17:24 (UTC) i.e. two
hours later, despite the stated one minute sweep frequency
07/02/2017 33
Sample Deficiencies: Data Processing
Processed test injections for <lot> were not approved on <CDS> until October
23rd 2015. It was noted that the “bright stock” batch was released by the
laboratory on 23rd July 2015 and the packaged product was certified in August
2015. During the associated analysis on 18th May 2015, system suitability criteria
were met however retention time had drifted during the run and this was not
commented on or investigated
While electronic record review was performed, there was no process to ensure
that all injections performed were reconciled and reviewed. Further to this it was
not clearly defined what personnel were reviewing for
07/02/2017 34
Sample Deficiencies: Data Processing
Unplanned system maintenance was logged in a <shadow system>. This process was
not within the quality system nor was it periodically reviewed. It was noted that the
system was silent with respect to <issues> stated within <some> investigation reports
The company’s use of test injections with respect to system suitability was not clear. In
those cases reviewed it appeared that tests were abbreviated system suitability
assessments and the impact of these on assay invalidation rates, suitability, and
ultimately the validation status of the analytical method and/or qualification of the
instrument was not clear
Invalid assays were not formally assessed or trended within the pharmaceutical quality
system and this was not justified
07/02/2017 35
Sample Deficiencies: Data Processing
There was no
justification
for the test
injections of
samples
including
stability and
samples being
run prior to
system
suitability, e.g.
<Product>, i.e. test injections, Test 1 and Test 2, prior to the running of
<Product> assay for batch numbers <A> and <B>
There was no explanation for why areas changed for test injections,
Test 1 and Test 2, prior to running the sample set
It was noted that when the assay for Test 1 was calculated that this
resulted in an OOS result, whereas the result for Test 2 was within
specification
07/02/2017 36
Sample Deficiencies: User Access Levels
User access levels were not considered to segregate duties appropriately e.g. MES
System Admin had access to all functionality of the MES system
Generic usernames and passwords were utilised to access certain laboratory systems.
These generic accounts could be utilised on other clients and this had not been
assessed by the company. Examples included, but were not limited to, generic
accounts for EBR workstations and certain laboratory instrument workstations
The use of generic accounts can indicate that that everyone has access to certain
data or locations on the network where it may be possible to delete and modify
data in an uncontrolled manne.
07/02/2017 37
Sample Deficiencies User Access Levels
It was observed that superusers and/or administrators of multiple
systems had access to transactions which were not considered justified.
For example, superusers and administrators of the LIMS system had full
access to all transactions, such as, lot disposition or result modification
In relation to Process Manufacturing System, area managers requested
access based on other user profiles and as such there were no
documented defined access levels relating to each role. In addition,
user profiles were not adequately segregated e.g. personnel in financial
roles had been given production level access and this was not justified
07/02/2017 38
Sample Deficiencies User Access Levels
In relation
to the
integrity
controls
for
laboratory
data the
following
was noted:
The administrators audit trail review was performed by
administrators
Administrators had full system access and this was not
justified
User accounts did not adequately restrict personnel from
data e.g. contractor’s personnel vs product data
Audit trails did not adequately detailed the reason for
change e.g. change control or deviation reference number
07/02/2017 39
What is an Administrator?
System Admin, SuperUser, Business Admin, Site Admin, Corporate Admin, Lab
Admin?
Should be defined within the QMS
When setting up access levels consider who should have access to what
• Access levels should be justified…. ask why do I need access to this?
• Segregation of duties – admins should have no interest in the output of the system
• True system administrators, in general, should not have a need to
manipulate/process/approve….. the data generated by the system
07/02/2017 40
Sample Deficiency: Instruments
In
relation
to the
FTIR
system
and
software:
All personnel had Administrator access which enabled the analyst to change
parameter settings and edit spectra
Audit trails were not identified and there was no requirement to review audit
trails on the system
It was possible to copy, delete, and modify FTIR records
There was no requirement to review the raw data on the system when reviewing
and approving laboratory results
Print outs were treated as original records with no requirement to verify these
as true copies
There was no naming convention for samples and results and thus it was not
clear from the directory what were samples or standards or background spectra
07/02/2017 41
Data Integrity: Paper Based Systems
Design and Control of Paper System
07/02/2017 43
• Requirements of Chapter 4
• Records need to maintain ALCOA+ throughout data lifecycle
Good Documentation
Practices
• Unique reference and revision control
• Linked to associated procedure
• Secure electronic signature
Templates or Blank
Forms
• Distribution Date & Sequence Issuing number
• Number and location of copies distributed
• Designed to avoid photocopying
Loose Form
Distribution
• Ensures the risk of inappropriate use and/or falsifying by
ordinary means is reduced to an acceptable levelPurpose of Controls
Deficiencies: Paper Based Systems
Training records for the last visual inspection requalification of <Personnel> on a filling line
indicated that nine operators had undergone visual inspection qualification between
<timeframe> on <date>
The training records also showed that the nine operators underwent classroom training for
visual inspection on the <date>
The electronic batch record for <Batch>, filled on the same filling line on the <date>,
recorded various batch filling activities as being in progress on the line during the time
period
These activities were incompatible with performing the visual inspection requalification
exercises which were documented as having been performed for the same time period
07/02/2017 44
Deficiencies: Paper Based Systems
Integrity of data with respect to the documented checks for volume and
witnessing for <process> manual additions was considered deficient in that:
On two separate occasions (as captured through <some investigations>) personnel had signed to indicate
that they had confirmed a volume check and witnessed manual additions when those activities subsequently
were confirmed to have not taken place
On further investigation it was determined that personnel did not fully understand the expectations and the
significance of such signatures and checks
No action was taken by the company to address these ambiguities related to the checks performed for the
manual additions and no strategy put in place to prevent recurrence
It was further considered that given the recurrence of the issues associated with such additions, there was
significant questions over the validity and acceptability of the controls in place to accept such signatures as
the only confirmation of such manual additions being made
07/02/2017 45
Deficiencies: Paper Based Systems
Training records performed on <date>, were completed on forms where the defect types to be identified
had been pre-populated. Records of the original training were not maintained and training was not
documented contemporaneously
The loose forms for cold-chain management were not adequately controlled in that the system could not
identify when a form was lost
There was no verification check in place for instrument readings where there was no printout available. For
example, Verification of weights for analytical preparations or recording and verification of actual readings
observed during calibration exercises
There was no system in place to ensure that all titrations performed were recorded in the logbook
A number of aborted and failed filter integrity tests were omitted from the instrument logbook. (instrument
logbook did not correlate with the electronic log)
07/02/2017 46
Deficiencies: Paper Based Systems
There was no verification check for to ensure that the UF/DF
pressure reading was correctly transcribed to the batch record.
Initial Normalised Water Permeability (NWP) values were
utilized in the calculation of UF/DF cartridge performance.
There was no verification of the transcription of the initial NWP
values from the installation batch record to the logbook.
07/02/2017 47
Data Integrity: Outsourced Activities
General Supply Chain Considerations
• Cannot verify all raw data and meta dataUnderstand the limitations of
summary records, copies, printouts etc.
• Quality Agreements
• Supplier Audits
• Supplier Review
Incorporate Data Integrity requirements and verification into Supplier Management
program
Look for the requirements and governance in the contract acceptor that you have to in your facility
07/02/2017 49
Assessing Outsourced Activities
07/02/2017 50
Data governance from starting materials through to delivery of medicinal product
Review data submitted in routine reports
e.g. Comparison of COA result with in-house result
Verify adequacy of comparable systems at contract acceptor inclusive of equivalent levels of control
Formal assessment on initial
qualification
Verified periodically at an appropriate
frequency based on risk
Output of Data Governance element of
site audits
Sample Deficiency: Outsourced Activities
Data integrity considerations were not clearly identified within the agreement for the utilisation of cloud based services. For example:
Ownership of data
Retrieval of data should the service provider cease operation
These aspects had not been risk assessed by the company
07/02/2017 51
Responding to a Data Integrity Failure
Data Integrity Issue is Identified….
07/02/2017 53
• Investigation: Detailed protocol and methodology
Assessment of the extent
• Omissions
• Alterations
• Deletions
• Record destruction
• Non-contemporaneous
record completion
• Etc
Determination of the scope
and extent
• What data, products,
processes, batches are
implicated?
• Justification for boundaries
• Description of all parts of
the operations where data
integrity lapses occur
• Consideration for global
corrective actions
Risk assessment on the
potential effects of failures
on the quality of drugs
involved
• Patient
• Ongoing operations
• Any impact on data
submitted to regulatory
agencies
Corrective Actions to ensure data integrity
07/02/2017 54
Interim
• HPRA Notification
• Customer Notification
• Recalling product
• Additional testing
• Placing lots on stability
• Drug application actions
• Enhanced complaint
monitoring
Long Term
• Process
• Methods
• Controls
• Systems
• Management oversight
• Training
HPRA Notification
• Contact: [email protected]
• Develop Remediation Strategy Document including
– CAPA plan describing how company will ensure reliability and completeness of all of the data generated inclusive of global CAPAs (where appropriate)
– Comprehensive root cause including evidence that the scope and depth of CAPA plan is commensurate with the investigation findings and risk assessment.
– If applicable, indication whether the individuals responsible for the lapse remain able to influence GxP related data.
07/02/2017 55
To Summarise
In Summary
07/02/2017 57
Data integrity is not a new requirement (ALCOA+)
Regulatory guidance and expectations are in place and should be referenced
Data governance should be in place
Understand and assess the Data Lifecycle for systems and processes
Data integrity may include both paper and electronic records
Notify HPRA where significant data integrity issue is identified
Appendix: References
Data Integrity Regulatory References
PIC/S PI 041-1 Draft 2 (August 2016)
https://picscheme.org/layout/document.php?id=715
EMA GMP Q&A on data integrity (August 2016)
http://www.ema.europa.eu/ema/index.jsp?curl=pages/regulation/q_and_a/q_and_a_detail_000027.jsp#section18
WHO Technical Report Series 996, Annex 5 (2016) Guidance on good data and record management practices
http://www.who.int/medicines/publications/pharmprep/WHO_TRS_996_annex05.pdf?ua=1
FDA Data Integrity and Compliance With CGMP Guidance for Industry (Draft) (2016)
http://www.fda.gov/downloads/drugs/guidancecomplianceregulatoryinformation/guidances/ucm495891.pdf
MHRA GMP Definitions and Guidance for Industry March 2015
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/412735/Data_integrity_definitions_and_guidance_v2.pdf
07/02/2017 59
Thank you