Data Integrity Guidance
Good data management practices influence the integrity of all data generated and recorded by a manufacturer and these practices should ensure that data is accurate, complete and reliable.
The organisational culture should ensure data is complete, consistent and accurate in all its forms, i.e. paper and electronic
Organisations are not expected to implement a forensic approach to data checking on a routine basis. Systems should maintain appropriate levels of control whilst wider data governance measures should ensure that periodic audits can detect opportunities for data integrity failures within the organisation’s systems.
Where data integrity weaknesses are identified, companies should ensure that appropriate corrective and preventive actions are implemented across all relevant activities and systems and not in isolation.
Appropriate notification to regulatory authorities should be made where significant data integrity incidents have been identified.
The risks to data are determined by the potential to be deleted, amended or excluded without authorisation and the opportunity for detection of those activities and events.
DATA GOVERNANCE SYSTEM
Data governance is the sum total of arrangements which provide assurance of data integrity and data, irrespective of the process, format or technology in which it is generated, recorded, processed, retained, retrieved and used will ensure a complete, consistent and accurate record throughout the data lifecycle.
The data lifecycle refers to how data is generated, processed, reported, checked,used for decision-making, stored and finally discarded at the end of the retention period.
Data governance systems
Data governance systems should be integral to the pharmaceutical quality system. It should address data ownership throughout the lifecycle, and consider the design, operation and monitoring of processes / systems in order to comply with the principles of data integrity, including control over intentional and unintentional changes to, and deletion of information.
These controls may be:
- Procedures,e.g. instructions for completion of records and retention of completed paper records.
- Training of staff and documented authorisation for data.
- Generation and approval.
- Data governance system design, considering how data is generated recorded, processed retained and used, and risks or vulnerabilities are controlled effectively.
- Routine data verification.
- Periodic surveillance, e.g. self-inspection processes seek to verifiy the effectiveness of the data governance policy.
- Computerised system control
An effective data governance system will demonstrate Management’s understanding and commitment to effective data governance practices including the necessity for a combination of appropriate organisational culture and
behaviors and an understanding of data criticality, data risk and data lifecycle. This reduces the incentive to falsify, alter or delete data.
The organisation’s arrangements for data governance should be documented within their Quality Management System and regularly reviewed.
Risk management approach to data governance
Senior management is responsible for the implementation of systems and procedures to minimise the potential risk to data integrity, and for identifying the residual risk, using the principles of ICH Q9.
Manufacturers and analytical laboratories should design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale.
Where long term measures are identified in order to achieve the desired state of control, interim measures should be implemented to mitigate risk, and should be monitored for effectiveness. The interim measures should be communicated to senior management, and kept under review.
The decision that data influences may differ in importance, and the impact of the data to a decision may also vary. Points to consider regarding data criticality include:
- Which decision does the data influence?
For example: when making a batch release decision, data which determines compliance with critical quality attributes is of greater importance than warehouse cleaning records.
- What is the impact of the data to product quality or safety?
For example: for an oral tablet, active substance assay data is of generally greater impact to product quality and safety than tablet friability data.
Data risk assessment should consider the vulnerability of data to involuntary or deliberate alteration, falsification, deletion, loss or re-creation, and the likelihood of detection of such actions and to ensuring complete data recovery in the event of a disaster.
Factors to consider include:
- Process complexity.
- Methods of generating, storing and retiring data and their ability to ensure data accuracy, legibility, indelibility.
- Process consistency and degree of automation / human interaction.
- Subjectivity of outcome / result (i.e. is the process open-ended or well defined?.
- The outcome of a comparison between of electronic system data and manually recorded events could be indicative for malpractices (e.g. apparent discrepancies between analytical reports and raw-data
- For computerised systems, manual interfaces with IT systems should be considered in the risk assessment process. Computerised system validation in isolation may not result in low data integrity risk, in particular when the user is able to influence the reporting of data from the validated system.
- Critical thinking skills should be used by inspectors to determine whether control and review procedures effectively achieve their desired outcomes. An indicator of data governance maturity is an organisational understanding and acceptance of residual risk, which prioritises actions. An organisation which believes that there is ‘no risk’ of data integrity failure is unlikely to have made an adequate assessment of inherent risks in the data lifecycle.
- The approach to assessment of data lifecycle,criticality and risk should therefore be examined in detail. This may indicate potential failure modes which can be investigated during an inspection.
Data governance system review
The effectiveness of data integrity control measures should be assessed periodically as part of self-inspection (internal audit) or other periodic review processes and to ensure the controls over the data lifecycle are operating as intended.
ORGANISATIONAL INFLUENCES ON SUCCESSFUL DATA INTEGRITY MANAGEMENT
- organisational behaviour
- Code of ethics and policies
- Quality culture
- Modernising the Pharmaceutical Quality Management System
- Regular management review of quality metrics
- Resource allocation
- Dealing with data integrity issues found internally
An understanding of how behaviour influences (i) the incentive to amend, delete or falsify data and (ii) the effectiveness of procedural controls designed to ensure data integrity.
Depending on culture, an organisation’s control measures may be:
- ‘open’ (where hierarchy can be challenged by subordinates, and full reporting of a systemic or individual failure is a business expectation).
- ‘closed’ (where reporting failure or challenging a hierarchy is culturally more difficult)
Code of ethics and policies
A Code of Values & Ethics should reflect Management’s philosophy on quality,achieved through policies (ie. a Code of Conduct) that are aligned to the quality culture and develop an environment of trust, where all individuals are responsible and accountable for ensuring patient safety and product quality.
Management should aim to create a work environment (ie. quality culture) that is transparent and open, one in which personnel are encouraged to freely communicate failures and mistakes, including potential data reliability issues, so that corrective and preventative actions can be taken. Organisational reporting structure should permit the information flow between personnel at all levels.
Management can foster quality culture:
- Ensure awareness and understanding of expectations (eg. Code of Ethics and Code of Conduct)
- Lead by example, management should demonstrate the behaviours they expect to see.
- Ensure accountability for actions and decisions.
- Stay continuously and actively involved
- Set realistic expectations, consider the limitations that place pressures on employees.
- Allocate resources to meet expectations.
- Implement fair and just consequences and rewards.
- Be aware of regulatory trends to apply lessons learned to your organisation.
Modernising the Pharmaceutical Quality Management System
The modern quality risk management principles and good data management practices to the current pharmaceutical quality management system .serves to modernize the System to meet the challenges that come with the generation of complex data.
Specifically, such control and procedural changes may be in the following areas:
- Risk assessment and management.
- Investigation programs.
- Data review practices
- Computer software validation
- Vendor/contractor management
- Training program to include company’s data integrity policy and data integrity SOPs.
- Self-inspection program to include data integrity, and
- Quality metrics and reporting to senior management
Regular management review of quality metrics
Regular management reviews of quality metrics, including those related to data integrity, such that significant issues are identified, escalated and addressed in a timely manner. Caution should be taken when key performance indicators are selected so as not to inadvertently result in a culture in which data integrity is lower in priority.
Management should allocate appropriate resources to support and sustain good data integrity management such that the workload and pressures on those responsible for data generation and record keeping do not increase the likelihood of errors or the opportunity to deliberately compromise data integrity.
Dealing with data integrity issues found internally
In the event that data integrity lapses are found, they should be handled as any deviation would be according to the Quality Management System. It is important to determine the extent of the problem as well as its root cause, then correcting the issue to its full extent and implement preventative measures. This may include the use of a third party for additional expertise or perspective, which may involve a gap assessment to identify weaknesses in the system.
Classification of deficiencies
Deficiencies relating to data integrity failure may have varying impact to product quality. Prevalence of the failure may also vary between the action of a single employee to an endemic failure throughout the inspected organisation.
Definition of deficiencies
“A critical deficiency is a practice or process that has produced, or leads to a significant risk of producing either a product which is harmful to the human or veterinary patient or a product which could result in a harmful residue in a food producing animal. A critical deficiency also occurs when it is observed that the manufacturer has engaged in fraud, misrepresentation or falsification of products or data”.
The “critical” classification of deficiencies relating to fraud,misrepresentation or falsification, it is understood that data integrity deficiencies can also relate to:
- Data integrity failure resulting from bad practice
- Opportunity for failure (without evidence of actual failure) due to absence of the required data control measures.
11.2.4 In these cases, it may be appropriate to assign classification of deficiencies by
taking into account the following (indicative list only):
Critical deficiency:Impact to product with risk to patient health
- Product failing to meet specification at release or within shelf life.
- Reporting of a ‘desired’ result rather than an actual out of specification result when reporting of QC tests, critical product or process parameters.
Major deficiency:Impact to product with no risk to patient health.
- Data being miss-reported, e.g. original results ‘in specification’, but altered to give a more favourable trend.
- Reporting of a ‘desired’ result rather than an actual out of specification result when reporting of data which does not relate to QC tests, critical product or process parameters.
- Failures arising from poorly designed data capture systems (e.g. using scraps of paper to record info for later transcription).
Major deficiency:No impact to product; evidence of widespread failure.
- Bad practices and poorly designed systems which may result in opportunities for data integrity issues or loss of traceability across a number of functional areas (QA, production, QC etc). Each in its own right has no direct impact to product quality.
Other deficiency:No impact to product; limited evidence of failure:
- Bad practice or poorly designed system which result in opportunities for data integrity issues or loss of traceability in a discrete area.
- Limited failure in an otherwise acceptable system
The risks to data may be increased by complex, inconsistent processes with openended and subjective outcomes, compared to simple tasks that are undertaken consistently, are well defined and have a clear objective.
Data may be generated by:
(i) Recording on paper, a paper-based record of a manual observation or of an activity.
(ii) electronically, using equipment that range from simple machines through to complex highly configurable computerised systems.
(iii) By using a hybrid system where both paper-based and electronic records constitute the original record.
(iv) By other means such as photography, imagery, chromatography plates, etc
Manually data generation on paper may be required independent verification to ensure the data integrity risk assessment or by another requirement and also consider in risk-reducing supervisory measures
The inherent risks to data integrity relating to equipment and computerised systems may differ depending upon the degree to which the system generating or using the data can be configured, and the potential for manipulation of data during transfer between computerised systems during the data life-cycle.
The use of available technology, suitably configured to reduce data integrity risk,should be considered.
Simple electronic systems with no configurable software and no electronic data retention (e.g. pH meters, balances and thermometers) may only require calibration and complex electronic systems require ‘validation for intended purpose’.
Validation effort increases with complexity and risk (determined by software functionality, configuration, the opportunity for user intervention and data life-cycle considerations). It is important not to overlook systems of apparent lower complexity.
Within these systems, it may be possible to manipulate data or repeat testing to achieve the desired outcome with limited opportunity for detection (e.g. stand-alone systems with a user-configurable output such as FTIR, UV spectrophotometers).
Hybrid systems should be clearly documented what constitutes the whole data set and all records that are defined by the data set should be reviewed and retained. Hybrid systems should be designed to ensure they meet the desired objective.
Where the data generated is captured by a photograph or imagery (or other media),it required to storage of that format throughout its life-cycle should follow the same considerations as for the other formats, considering any additional controls required for that format.
Where the original format cannot be retained due to degradation issues, alternative mechanisms for recording (e.g. photography or digitisation) and subsequent storage may be considered and the selection rationale documented (e.g. thin layer chromatography).
Frequency of control measures may be justified for data that has a lesser impact to product, patient or the environment if those data are obtained from a process that does not provide the opportunity for amendment without high-level system access or specialist software/knowledge.
Risk assessments for data integrity should be consider to follow a process or perform a function,this is not limited only a computerised system but also the supporting people, guidance, training and quality systems. Automation or the use of a ‘validated system’ (e.g. e-CRF; analytical equipment) may lower but not eliminate data integrity risk
Where there is human intervention, particularly influencing how or what data is recorded, reported or retained, an increased risk may exist from poor organisational controls or data verification due to an over reliance on the system’s validated state.
Finding of data integrity risk assessment for remediation,prioritisation of actions (including acceptance of an appropriate level of residual risk) should be documented, communicated to management, and subject to review. In situations where long-term remediation actions are identified, risk-reducing short-term measures should be implemented to provide acceptable data governance in the interim.
Systems and processes should be designed in a way that facilitates compliance with the principles of data integrity. Enablers of the desired behaviour include but are not limited to:
• At the point of use, having access to appropriately controlled/synchronised clocks for recording timed events to ensure reconstruction and traceability, knowing and specifying the time zone where this data is used across multiple sites.
• Accessibility of records at locations where activities take place so that informal data recording and later transcription to official records does not occur.
• Access to blank paper proformas for raw/source data recording should be appropriately controlled. Reconciliation, or the use of controlled books with numbered pages, may be necessary to prevent recreation of a record. There may
be exceptions such as medical records (GCP) where this is not practical.
• User access rights that prevent (or audit trail, if prevention is not possible) unauthorised data amendments. Use of external devices or system interfacing methods that eliminate manual data entries and human interaction with the
computerised system, such as barcode scanners, ID card readers, or printers.
• A work environment (such as adequate space, sufficient time for tasks, and properly functioning equipment) that permit performance of tasks and recording of data as required.
• Access to original records for staff performing data review activities.
• Reconciliation of controlled print-outs.
• Sufficient training in data integrity principles provided to all Concern personnel (including senior management).
• Developed the subject matter experts and allocate SME in the risk assessment process.
• Management oversight of quality metrics relevant to data governance
The use of scribes to record activity on behalf of another operator can be considered where justified
• Recording of sterile operators activity may be compromises e.g. documenting line interventions by sterile operators.
• To accommodate cultural or literacy/language limitations, for instance where an activity is performed by an operator but witnessed and recorded by a second person.
In the case of scribes the recording by the second person should be contemporaneous with the task being performed, and the records should identify both the person performing the task and the person completing the record. The person performing the task should countersign the record wherever possible, although it is accepted that this countersigning step will be retrospective. The process for supervisory (scribe) documentation completion should be
described in an approved procedure that specifies the activities to which the process applies.
REMEDIATION OF DATA INTEGRITY FAILURES
- Responding to Significant Data Integrity issues
- Consideration should be primarily given to resolving the immediate issues identified and assessing the risks associated with the data integrity issues. The response by the company in question should outline the actions taken. Responses should include:
A comprehensive investigation into the extent of the inaccuracies in data records and reporting, to include:
- A detailed investigation protocol and methodology; a summary of all laboratories, manufacturing operations, and systems to be covered by the assessment; and a justification for any part of the operation that the
regulated user proposes to exclude
- Interviews of current and former employees to identify the nature, scope, and root cause of data inaccuracies. These interviews may be conducted by a qualified third party.
- An assessment of the extent of data integrity deficiencies at the facility.Identify omissions, alterations, deletions, record destruction, non-contemporaneous record completion, and other deficiencies
- determination of the scope and extent and time-frame for the incident,with justification for the time-boundaries applied.
- data, products, processes and specific batches implicated in any investigations
- A description of all parts of the operations in which data integrity lapses occur, additional consideration should be given to global corrective actions for multinational companies or those that operate across multiple
- A comprehensive retrospective evaluation of the nature of the testing and manufacturing data integrity deficiencies, and the potential root causes.
- A risk assessment of the potential effects of the observed failures on the quality of the drugs involved. The assessment should include analyses of the risks to patients caused by the release of drugs affected by a lapse of
data integrity, risks posed by ongoing operations, and any impact on the veracity of data submitted to registration dossiers.
- Corrective and preventative actions taken to address the data integrity vulnerabilities and timeframe for implementation, and including:
- Interim measures describing the actions to protect patients and to ensure the quality of the medicinal products, such as notifying customers,recalling product, conducting additional testing, adding lots to the stability
program to assure stability, drug application actions, and enhanced complaint monitoring.
- Long-term measures describing any remediation efforts and enhancements to procedures, processes, methods, controls, systems,.management oversight, and human resources (e.g., training, staffing improvements) designed to ensure the data integrity.
- A detailed corrective action plan that describes how the regulated user intends to ensure the reliability and completeness of all of the data generated, including analytical data, manufacturing records, and all data
submitted to the Competent Authority.
- A comprehensive description of the root causes of your data integrity lapses, including evidence that the scope and depth of the current action plan is commensurate with the findings of the investigation and risk assessment. This must indicate if individuals responsible for data integrity lapses remain able to influence GMP/GDP-related or drug application data.
Indicators of improvement
An on-site inspection is required to verify the effectiveness of actions taken to address data integrity issues. Some indicators of improvement are:
- Evidence of a thorough and open evaluation of the identified issue and timely implementation of effective corrective and preventative actions.
- Evidence of open communication of issues with clients and other regulators.Transparent communication should be maintained throughout the investigation and .remediation stages. Regulators should be aware that further data integrity failures may be reported as a result of the detailed investigation. Any additional reaction to .these notifications should be proportionate to public health risks, to encourage continued reporting.
- Evidence of communication of data integrity expectations across the organisation,incorporating processes for open reporting of potential issues and opportunities for improvement without repercussions.
- The regulated user should ensure that an appropriate evaluation of the vulnerability of any sophisticated electronic systems to data manipulation takes place to ensure that follow-up actions have fully resolved all the violations, third party expertise may be required.
- Implementation of data integrity policies in line with the principles of this guide.
- Implementation of routine data verification practices.
- Good Practices for data Management and Integrity in Regulated GMP/GDP Environments(PIC/S).
- GXP’ Data Integrity Guidance and Definitions (MHRA)