FDA Data Integrity Issues - DMS hot fixes

Vidyasagar Independent Consultant sagaredoc@gmail.com

Causes – Consequences – DMS related Hot Fixes

Vidyasagar Independent Consultant sagaredoc@gmail.com

What is data integrity?

Data integrity – Popular causes, Consequences & DMS

related hot fixes

Data integrity – GAP assessment

Regulatory requirements 21 CFR Part 11

Application Integrity Policy

Data integrity – Conclusion

Table of Contents

Vidyasagar Independent Consultant sagaredoc@gmail.com

Integrity as being the quality or condition of being whole or undivided

completeness.

In the context of laboratory data integrity within a GMP environment, this

can be defined as:

“Generating, transforming, maintaining and assuring the accuracy,

completeness and consistency of data over its entire life cycle in

compliance with applicable”

What is Data Integrity?

Vidyasagar Independent Consultant sagaredoc@gmail.com

Data integrity and the lack of complete data over the record retention period can be compromised in a number of ways, such as:

Human errors

when data is entered by mistake (an uncorrected fat finger moment),

stupidity (not being aware of regulatory requirements or poor training) or

willfully (falsification or fraud with the intent to deceive)

Unauthorized changes to data made post-acquisition

Errors that occur when data is transmitted from one computer to another

Changes to data through software bugs or malware of which the user is not aware

Hardware malfunctions, such as disk crashes

Changes in technology, where one item is replaced when it becomes obsolete or no longer supported, making old records unreadable or inaccessible.

Data Integrity – Popular Causes

Vidyasagar Independent Consultant sagaredoc@gmail.com

Loss of Trust

Recalls

Form – 483

Warning or Untitled Letter

Import Alert

Injunction

Seizure

Application Integrity Policy Invocation

Non-compliance Report

Notice of Concern

Data Integrity – Consequences Loss of job

Loss of business

Loss of money

Vidyasagar Independent Consultant sagaredoc@gmail.com

Implement DMS application (as per US FDA 21 CFR Part 11 guidance)

Product dossiers, plant records etc must be digitized

Provide electronic traceability to all forms of records (digitized & physical)

Audit trail functions must be enabled at all times

Controls to prohibit unauthorized changes to electronic data

Critical business records are to be saved in DMS (not to be saved on personal

computers)

No sharing passwords / unauthorized access

Provide high security to DMS

Maintain DMS and electronic data backups

Have a policy to review software and data migration every 3 years

Data Integrity – DMS related Hot Fixes

Vidyasagar Independent Consultant sagaredoc@gmail.com

Conduct an inventory of current DMS applications

Determine if the systems complies with Part 11 guidelines

Identify their weaknesses and strengths

Conduct the assessment using a checklist or spreadsheet

Provide documented justification if certain systems are exempt from Part 11

Implement and execute a remediation plan

Have a plan for legacy records & data migration to DMS

Conduct the required follow-up as warranted

Data Integrity – GAP Assessment

Vidyasagar Independent Consultant sagaredoc@gmail.com

Regulatory Requirements

Vidyasagar Independent Consultant sagaredoc@gmail.com

Vidyasagar Independent Consultant sagaredoc@gmail.com

Doc Management software

21 CFR Part 11 compliance

Vidyasagar Independent Consultant sagaredoc@gmail.com

US FDA Regulatory Requirements for Data Integrity?

Vidyasagar Independent Consultant sagaredoc@gmail.com

..contd..

Vidyasagar Independent Consultant sagaredoc@gmail.com

Extract: 21 CFR Part 11 – Human Readable Format!

Vidyasagar Independent Consultant sagaredoc@gmail.com

Extract: 21 CFR Part 11 – Hybrid Situation!

Vidyasagar Independent Consultant sagaredoc@gmail.com

21 CFR Part 11 – Summary

1. FDA will consider electronic record to be equivalent to paper record

2. Electronic signatures will be deemed equivalent to traditional and written signatures

3. Provision of controls for closed system

4. Provision of controls for open system

5. Production of records in human readable format for inspection:

a) Copies of product dossiers & plant records are acceptable, subject to;

b) Maintenance of hybrid situation consisting of paper, converted electronic record & signature components for retention & traceability

Vidyasagar Independent Consultant sagaredoc@gmail.com

The Application Integrity Policy is what FDA pulls up when it has questions

about a manufacturer’s electronic data.

Electronic information includes everything, such as batch records, quality

control records, research lab records, emails, adverse events reports,

complaints—everything that’s stored electronically.

Application Integrity Policy (AIP)

Vidyasagar Independent Consultant sagaredoc@gmail.com

Attributable — digitized records has authenticity, retention & traceability

Legible — can read all the data without ambiguity

Contemporaneous — documented at the time of the activity

Original — traceability to original prints or observation or a certified copy thereof

Accurate — no errors or editing without documented amendments

Complete — all printed records from manual and simple software tests

Available — for review and audit or inspection over the lifetime of the record

Policy — have a clear policy / procedure on various activities (e.g. Password, Digital Signature policy)

Administration — have clear procedure and controls over the electronic data /software administration

Responsibilities — have a well defined cross check Privileges Vs. Job responsibilities

Auditable — period checks of the adequacy of the procedures

Application Integrity Policy (AIP) – Regulatory checks

Vidyasagar Independent Consultant sagaredoc@gmail.com

The integrity of data generated by any regulated laboratory is a prime factor in determining the credibility of that laboratory

The finding of a single instance where data integrity is compromised casts a shadow over the whole of the data generated

Remember that inspections and audits can only sample, finding one instance of falsification raises the question of how many more instances of non-compliances exist?

Therefore, ensuring data integrity is of major importance to analytical scientists, managers and quality assurance of any organization, as the consequences of getting it wrong are very costly and it will take a long time to rebuild regulatory trust

Data Integrity – Conclusion

Vidyasagar Independent Consultant sagaredoc@gmail.com

The extended FDA regulation and draft guidance now also impact the laboratory data integrity issue, as failure to provide complete records means that any drugs are now classified as adulterated under the new extension of the Food Drug and Cosmetic Act as amended in 2012.

Data integrity issue is prevalent globally and not merely India centric. If the pharmaceutical industry in the country is engaged in the production of life-saving drugs then it cannot afford to be negligent.

The industry needs to be careful and it is absolutely fair by global regulators to keep tabs on this.

Data Integrity – Conclusion

Vidyasagar Independent Consultant sagaredoc@gmail.com

Vidyasagar

Bangalore

INDIA

sagaredoc@gmail.com

Contact:

http://www.pdfa.org http://www.aiim.org