Classification of data integrity deficiencies
To aid consistency in reporting and classification of data integrity deficiencies
Deficiencies relating to data integrity failure may have varying impact to product quality. Prevalence of the failure may also vary between the actions of a single employee to an endemic failure throughout the inspected organisation.
The PIC/S guidance on classification of deficiencies states:
“A critical deficiency is a practice or process that has produced, or leads to a significant risk of producing either a product which is harmful to the human or veterinary patient or a product which could result in a harmful residue in a food producing animal.
A critical deficiency also occurs when it is observed that the manufacturer has engaged in fraud, misrepresentation or falsification of products or data”.
“critical” classification of deficiencies relating to fraud, misrepresentation or falsification, it is understood that data integrity deficiencies can also relate to:
- Data integrity failure resulting from bad practice.
- Opportunity for failure (without evidence of actual failure) due to absence of the required data control measures.
It may be appropriate to assign classification of deficiencies by considering the following point-
Critical deficiency: Impact to product with actual or potential risk to patient health.
- Product failing to meet Marketing Authorisation specification at release or within shelf life.
- Reporting of a ‘desired’ result rather than an actual out of specification result when reporting of QC tests, critical product or process parameters.
- Wide-ranging misrepresentation or falsification of data, with or without the knowledge and assistance of senior management, the extent of which critically undermines the reliability of the Pharmaceutical Quality System and erodes all confidence in the quality and safety of medicines manufactured or handled by the site.
Major deficiency: Impact to product with no risk to patient health.
- Data being misreported, e.g. original results ‘in specification’, but altered to give a more favourable trend.
- Reporting of a ‘desired’ result rather than an actual out of specification result when reporting of data which does not relate to QC tests, critical product or process parameters.
- Failures arising from poorly designed data capture systems (e.g. using scraps of paper to record info for later transcription).
Major deficiency: No impact to product; evidence of moderate failure.
Bad practices and poorly designed systems which may result in opportunities for data integrity issues or loss of traceability across a limited number of functional areas (QA, production, QC etc.). Each in its own right has no direct impact to product quality.
Other deficiency: No impact to product limited evidence of failure.
- Bad practice or poorly designed system which result in opportunities for data integrity issues or loss of traceability in a discrete area.
- Limited failure in an otherwise acceptable system, e.g. manipulation of non-critical data by an individual.
It is important to build an overall picture of the adequacy of the key elements to make a robust assessment as to whether there is a company-wide failure, or a deficiency of limited scope/ impact.
- Data governance process.
- Design of systems to facilitate compliant data recording
- Use and verification of audit trails and
- IT user access etc.
Individual circumstances (exacerbating / mitigating factors) may also affect final classification or regulatory action.