REMEDIATION OF DATA INTEGRITY FAILURES
Data Integrity issues responding – Consideration should be primarily given to resolving the immediate issues identified and assessing the risks associated with the data integrity issues. The response by the company in question should outline the actions taken as part of a remediation plan. Responses from implicated manufacturers should include:
A comprehensive investigation of Data Integrity into the extent of the inaccuracies in data records and reporting, to include:
Data integrity issues investigation protocol and methodology:
A detailed investigation protocol and methodology; a summary of all laboratories, manufacturing operations, products, and systems to be covered by the assessment; and a justification for any part of the operation that the regulated user proposes to exclude.
Interviews of current and where possible and appropriate, former employees to identify the nature, scope, and root cause of data inaccuracies. These interviews may be conducted by a qualified third party.
An assessment of the extent of data integrity deficiencies at the facility. Identify omissions, alterations, deletions, record destruction, non-contemporaneous record completion, and other deficiencies.
Determination of the scope (data, products, processes, and specific batches) and time frame for the incident, with justification for the time boundaries applied.
A description of all parts of the operations in which data integrity lapses occurred, additional consideration should be given to global corrective actions for multinational companies or those that operate across multiple sites.
A comprehensive retrospective evaluation of the nature of the data integrity deficiencies, and the identification of root cause(s) or most likely root cause that will form the basis of corrective and preventative actions, as defined in the investigation protocol. The services of a qualified third-party consultant with specific expertise in the areas where potential breaches were identified may be required.
A risk assessment of the potential effects of the observed failures on the quality of the substances, medicines, and products involved. The assessment should include analyses of the potential risks to patients caused by the release/distribution of products affected by a lapse of data integrity, risks posed by ongoing operations, and any impact on the integrity of data submitted to regulatory agencies, including data-related to product registration dossiers.
Corrective and preventive actions taken to address the data integrity vulnerabilities and time frame for implementation including:
Interim measures describe the actions to protect patients and to ensure the quality of the medicinal products, such as notifying customers, recalling products, conducting additional testing, adding lots to the stability program to assure stability, drug application actions, and enhanced complaint monitoring. Interim measures should be monitored for effectiveness and residual risks should be communicated to senior management, and kept under review.
Long-term measures describing any remediation efforts and enhancements to procedures, processes, methods, controls, systems, management oversight, and human resources (e.g. training, staffing improvements) designed to ensure the data integrity. Where long-term measures are identified interim measures should be implemented to mitigate risks.
CAPA effectiveness checks are implemented to monitor if the actions taken have eliminated the issue.
Whenever possible, Inspectorates should meet with senior representatives from the implicated companies to convey the nature of the deficiencies identified and seek written confirmation that the company commits to a comprehensive investigation and full disclosure of issues and their prompt resolution. A management strategy should be submitted to the regulatory authority that includes the details of the global corrective action and preventive action plan. The strategy should include:
- A comprehensive description of the root causes of the data integrity lapses, including evidence that the scope and depth of the current action plan is commensurate with the findings of the investigation and risk assessment. This should indicate if individuals responsible for data integrity lapses remain able to influence GMP/GDP-related or drug application data.
- A detailed corrective action plan that describes how the regulated user intends to ensure the ’ALOCA+’ attributes of all of the data generated, including analytical data, manufacturing records, and all data submitted or presented to the Competent Authority.
Inspectors should implement policies for the management of significant data integrity issues identified at the inspection to manage and contain risks associated with the data integrity breach.