Transcription
Data Integrity and ComplianceWith CGMPGuidance for IndustryKaren TakahashiUSFDA, CDER, OPQOffice of Policy for Pharmaceutical Qualitykaren.takahashi@fda.hhs.gov1
Why write a guidance?FDA has increasingly observed CGMPviolations involving data integrityEnsuring data integrity is an importantcomponent of industry’s responsibility toensure the safety, efficacy, and quality ofdrugs, and of FDA’s ability to protect thepublic health2
especially the health of the mostvulnerable3
What is the guidance? It is a summary of current problems andhow they relate to the CGMPs in 21 CFR210, 211, and 212 Clarification of several terms in FDA’sregulations It is not a comprehensive list of datacontrols or a “how to” guidance4
Data integrity requirements in21 CFR 211 and 212 211.68 “backup data are exact andcomplete” and “secure from alteration,inadvertent erasures, or loss;” 212.110(b) “stored to prevent deteriorationor loss;” 211.100 and 211.160 certain activities be“documented at the time of performance”and laboratory controls be “scientifically5sound;”
continued 211.180 records be retained as “originalrecords,” “true copies,” or other “accuratereproductions of the original records;” 211.188, 211.194, and 212.60(g)“complete information,” “complete dataderived from all tests,” “complete record ofall data,” and “complete records of all testsperformed.”6
What is “data integrity”? Complete, consistent, and accurate datashould be attributable, legible,contemporaneously recorded, original or atrue copy, and accurate (ALCOA)7
What is “metadata”? Contextual information required to understanddata Structured information that describes, explains,or otherwise makes it easier to retrieve, use ormanage data For example: date/time stamp, user ID,instrument ID, audit trails, etc. Relationships between data and their metadatashould be preserved in a secure and traceablemanner8
What is an “audit trail”? Secure, computer-generated, time-stampedelectronic record that allows for reconstruction ofevents relating to the creation, modification, ordeletion of an electronic record Chronology: who, what, when, and why of arecord Track actions at the record or system level CGMP-compliant record-keeping practicesprevent data from being lost or obscured9
Audit trails capture OverwritingAborting runsTesting into complianceDeletingBackdatingAltering data(not an all-inclusive list)10
Use of “static” and “dynamic” inrelation to record format Static: fixed data document such as apaper record or an electronic image Dynamic: record format allows interactionbetween the user and the record contentsuch as a chromatogram where theintegration parameters can be modified11
How does FDA use the term“backup” in 211.68(b)? True copy of the original data that ismaintained securely throughout therecords retention period Should include associated metadata Not backup copies that may be createdduring normal computer use andtemporarily maintained for disasterrecovery12
What are “systems” in“computer or related systems”in 211.68? Computer hardware, software, peripheraldevices, networks, cloud infrastructure,operators, and associated documents(e.g., user manuals and standardoperating procedures).13
When is it permissible to excludeCGMP data from decision making? Data created as part of a CGMP record must beevaluated by the quality unit as part of releasecriteria and maintained for CGMP purposes Electronic CGMP data should include relevantmetadata To exclude data from the release criteriadecision-making process, there must be a valid,documented, scientific justification for itsexclusion14
Does each workflow on our computersystem need to be validated? Yes, a workflow, such as creation of anelectronic MPCR, is an intended use of acomputer system to be checked throughvalidation If you validate the computer system, butyou do not validate it for its intended use,you cannot know if your workflow runscorrectly15
Federal Register January 199516
How should access to CGMPcomputer systems be restricted? Appropriate controls to assure onlyauthorized personnel change computerized:– MPCRs– Input of laboratory data into records– Other records Recommend restricting the ability to alter:– Specifications– Process parameters– Manufacturing or testing methods17
Continued Recommend system administrator role,including any rights to alter files and settings, beassigned to personnel independent from thoseresponsible for the record content Recommend maintaining a list of authorizedindividuals and their access privileges for eachCGMP computer system in use May not be practical for small operations withfew employees18
Why is FDA concerned with the useof shared login accounts for computersystems? A firm must– exercise appropriate controls to assure thatonly authorized personnel make changes tocomputerized records– ensure actions are attributable to a specificindividual19
Paper Record Comparison If actions are not attributable to a specificindividual, a BPCR would look like all thevalues were entered but the people whoperformed and reviewed every step wouldbe empty. Firm would not know if the unidentifiedindividuals are authorized to perform theactivity20
How should blank forms becontrolled? Blank forms (e.g., worksheets, laboratorynotebooks, and MPCRs) should becontrolled by the quality unit or by anotherdocument control method Numbered sets of blank forms may beissued and should be reconciled uponcompletion of the activity21
Continued Incomplete or erroneous forms should bekept as part of the permanent record alongwith written justification for theirreplacement22
Paper Record Comparison Bound paginated notebooks, stamped forofficial use by a document control group,allow detection of unofficial notebooks aswell as of any gaps in notebook pages Or, an electronic document managementsystem could have the capability toreconcile and document the number ofcopies printed23
How often should audit trails bereviewed? FDA recommends that audit trailscapturing changes to critical data bereviewed with each record and before finalapproval of the record Audit trails subject to regular reviewshould include, for example, changes to:finished product test results, sample runsequences, sample identification, criticalprocess parameters24
Continued FDA recommends routine scheduled audittrail review based on the complexity of thesystem and its intended use.25
Who should review audit trails? Audit trails are considered part of theassociated records Personnel responsible for record reviewunder CGMP should review the audit trailsthat capture changes to critical data asthey review the rest of the record26
Paper Record ComparisonSimilar to review by: Person directly supervising or checkingeach significant step in BPCR Second person showing that the originallab records are reviewed for accuracy,completeness, and compliance withestablished standards27
Can electronic copies be used asaccurate reproductions of paper orelectronic records? Yes Provided copies preserve the content andmeaning of the original data, whichincludes associated metadata and thestatic or dynamic nature of the originalrecords28
Paper Record Comparison True copy of a paper record could be aphotocopy that is verified to preserve thecontent and meaning29
Can you retain paper printouts/staticrecords instead of original electronicrecords from computerized laboratoryinstruments? If it is a complete copy of the originalrecord e.g., pH meters and balances may createa paper printout or static image duringdata acquisition as the original record30
Continued Electronic records from certain types oflaboratory instruments are dynamicrecords, and a printout or a static recorddoes not preserve the dynamic formatwhich is part of the complete originalrecord e.g., spectral file created by FT-IR31
Can electronic signatures be usedinstead of handwritten signatures formaster production/control records? Yes Part of the intent of the full signaturerequirement is to be able to clearly identifythe individual signing the record Appropriate controls to securely link thesignature and associated record32
Federal Register September 197833
When does electronic databecome a CGMP record? When it is generated to satisfy a CGMPrequirement You must document, or save, the data atthe time of performance Not acceptable to store data in temporarymemory; this allows for manipulation,before creating a permanent record34
Continued You may employ a combination oftechnical and procedural controls to meetCGMP documentation practices Computer systems, such as LIMS or EBRsystems, can be designed to save afterseparate entries35
Paper Record Comparison This is similar to recording each entrycontemporaneously on a paper batchrecord36
What is wrong with the using samplesduring “system suitability” or test,prep, or equilibration runs? FDA prohibits sampling and testing withthe goal of achieving a specific result or toovercome an unacceptable result– e.g., using test, prep, or equilibration runs asa means of disguising testing into compliance37
Continued If a sample is used for system suitability:– Should be a properly characterized secondarystandard– Written procedures should be established andfollowed– Sample should be from a different batch thanthe sample(s) being tested38
Continued All data should be included in recordsretained and subject to review unlessthere is documented scientific justificationfor its exclusion39
Is it acceptable to only save the finalresults from reprocessed laboratorychromatography? No Analytical methods should be capable andstable If reprocessed, written procedures must beestablished and followed FDA requires laboratory records includecomplete data derived from all tests40
Paper Record Comparison When laboratory notebook mistakes or rerunning tests are documented, theseshould be notated with a single line crossout, initialed and dated Analyst should not tear a page out of anotebook and discard it41
Can internal quality tips, e.g.,suspected data falsification, behandled outside the quality system? No Determine the effect of the event on:– patient safety– product quality– data reliability– root cause– ensure the necessary corrective actions42
ContinuedReport suspected data integrity problems:FDA: DrugInfo@fda.hhs.gov“CGMP data integrity” should be included in thesubject lineMHRA: whistleblower@mhra.gsi.gov.uk43
Should personnel be trained indetecting data integrity issues as partof a routine CGMP training program? Yes, detecting data integrity issues isconsistent with the CGMP requirementsfor personnel qualifications Personnel must have the education,training, and experience, or anycombination thereof, to perform theirassigned duties44
Is the FDA investigator allowed tolook at my electronic records? Yes All records required under CGMP aresubject to FDA inspection45
How does FDA recommend dataintegrity problems identified duringinspections be addressed? Demonstrate effective remediation by:– Hiring third party auditor– Determining scope of the problem– Implementing corrective action plan (globally)– Removing individuals responsible forproblems from CGMP positions FDA may re-inspect46
Guidance 5891.pdfAcknowledgement:Sarah Barkowguidance co-authorFDA CDER Office of Manufacturing Quality47
Data integrity requirements in 21 CFR 211 and 212 211.68 “backup data are exact and complete” and “secure from alteration, inadvertent erasures, or loss;” 212.110(b) “stored to prevent deterioration or loss;” 211.100 and 211.160 certain activities be “documented at the time of performance” and laboratory controls be “scientifically sound;” 5. continued 211.180 r
