SOP ON DATA INTEGRITY AND DATA RELIABILITY
PURPOSE : To describe the procedure for data integrity applies equally to manual (paper) and electronic data in all departments.
SCOPE : This Standard Operating Procedure (SOP) shall be applicable for all activity performed either manually / electronic data entry in all departments of General Formulation Facility.
REFERENCES
MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015
GMP standards published in Eudralex volume 4.
CROSS REFERENCE DOCUMENTS
Documents and data control
Training Programmed And Management
Preparation, Review, Approval, issuance & Retrieval of standard operating procedure (SOPs).
Attachment Title
Data Integrity Compliance Checklist
Ethics and agreement by individuals.
DEFINITIONS
Data: Information derived or obtained from raw data (e.g. a reported analytical result) i.e. Data must be attributable to the person generating the data, legible and permanent, contemporaneous, original record (or ‘true copy’) and accurate.
Raw data: Original records and documentation, retained in the format in which they were originally generated (i.e. paper or electronic’), or as a ‘true copy’. Raw data must be contemporaneously and accurately recorded by permanent means. In the case of basic electronic equipment which does not store electronic data, or provides only a printed data output (e.g. balance or pH meter), the printout constitutes the raw data. Raw data must permit the full reconstruction of the activities resulting in the generation of the data.
Metadata: Metadata is data that describe the attributes of other data, and provide context and meaning. Typically, these are data that describe the structure, data elements, interrelationships and other characteristics of data. It also permits data to be attributable to an individual i.e Example: data (bold text)16 and metadata, giving context and meaning, (italic text) are: Levonorgestrel Tablet IP batch No. xxxxx001, 1.5mg.
Metadata forms an integral part of the original record. Without metadata, the data has no meaning.
Data Integrity: The extent to which all data are complete, consistent and accurate throughout the data lifecycle. Data integrity arrangements must ensure that the accuracy, completeness, content and meaning of data is retained throughout the data lifecycle.
Data governance: The sum total of arrangements to ensure that data, irrespective of the format in which it is generated, is recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle.
Data governance should address data ownership throughout the lifecycle, and consider the design, operation and monitoring of processes / systems in order to comply with the principles of data integrity including control over intentional and unintentional changes to information.
Data Governance systems should include staff training in the importance of data integrity principles and the creation of a working environment that encourages an open reporting culture for errors, omissions and aberrant results.
Senior management is responsible for the implementation of systems and procedures to minimize the potential risk to data integrity, and for identifying the residual risk, using the principles of quality risk management. Contract givers should perform a similar review as part of their vendor assurance programme.
Data Lifecycle: All phases in the life of the data (including raw data) from initial generation and recording through processing (including transformation or migration), use, data retention, archive / retrieval and destruction.
The procedures for destruction of data should consider data criticality and legislative retention requirements. Archival arrangements should be in place for long term retention mention in SOP on Document and Data Control Procedure.
Primary Record: The record which takes primacy in cases where data that are collected and retained concurrently by more than one method fail to concur. The ‘primary record’ attribute explain in SOP on document and data control, and should not be changed in any case. All data should be considered when performing a risk based investigation into data anomalies (e.g. out of specification results).
Original record / True Copy:
Original record: Data as the file or format in which it was originally generated, preserving the integrity (accuracy, completeness, content and meaning) of the record, e.g. original paper record of manual observation, or electronic raw data file from a computerized system.
True Copy: An exact verified copy of an original record.
Original records and true copies must preserve the integrity (accuracy, completeness, content and meaning) of the record. Exact (true) copies of original records may be retained in place of the original record (e.g. scan of a paper record), provided that a documented system is in place to verify and record the integrity of the copy.
Data may be static (e.g. a ‘fixed’ record such as paper or pdf) or dynamic (e.g. an electronic record which the user/ reviewer can interact with).
Example: once printed or converted to static .pdfs, chromatography records lose the capability of being reprocessed and do not enable more detailed viewing of baselines or any hidden fields. By comparison, the same dynamic electronic records in database format provides the ability to track, trend, and query data, allowing the reviewer (with proper access permissions) to reprocess, view hidden fields, and expand the baseline to view the integration more clearly.
Computer System Transactions: A computer system transaction is a single operation or sequence of operations performed as a single logical ‘unit of work’. The operation(s) that make up a transaction may not be saved as a permanent record on durable storage until the user commits the transaction through a deliberate act (e.g. pressing a save button), or until the system forces the saving of data.
Computer systems should be designed to ensure that the execution of critical operations are recorded contemporaneously by the user and are not combined into a single computer system transaction with other operations. A critical processing step is a parameter that must be within an appropriate limit, range, or distribution to ensure the desired product quality. These should be reflected in the process control strategy.
Audit Trail: GMP audit trails are metadata that are a record of GMP critical information
(for example the change or deletion of GMP relevant data), which permit the reconstruction of GMP activities.
RESPONSIBILITY:
Originating department shall be responsible :
To provide accountability for the quality and integrity data.
To properly document the data produced and the data they represent are of known quality.
To ensure that all technical employees are made familiar with the tools and information necessary for the performance of their assigned duties.
Head of Originating department shall be responsible for:
To review the accuracy and integrity of input data and to sign with date wherever necessary.
To check the data error in case of wrong data input found and take necessary corrective action with proper scientific justification and possible impact analysis, same shall be documented with sign and date.
To maintain and improve technical knowledge and professional competence by conducting training from time to time on technical subjects of all working staff.
Quality Assurance department shall be responsible for:
To review the accuracy and integrity of data criticality in terms of impact to product quality attributes.
To conduct training on data integrity on quarterly basis to all departments.
To review data and if issue found in data integrity then inform to reviewer team, originating department Head and Head QA.
To investigate the issue of data integrity and maintain the record.
Reviewer team shall be responsible for:
To check the accuracy, consistency and integrity of data.
To assess the impact of data to product quality attributes.
Reviewer team shall jointly investigate with Head QA if integrity issue of data found, data shall be corrected with proper scientific justification and the same shall be recorded.
Data integrity shall be check as per checklist attached.
Head – Quality Assurance shall be responsible for:
To check and identify the possible impact, in case of integrity issue.
To approve the investigation report of integrity issue and to inform the management and competent regulatory authorities with proper scientific justification.
PROCEDURE:
Data integrity:
Data Integrity training shall be imparted to all new joining, while introduction training by Head-QA/ Designee.
Training of Data Integrity shall be imparted to all staff members, twice in a year.
Data integrity shall be applicable to entire plant activity. ALCOA tool shall be applicable to all the departments in company, but not limited to.
ALCOA Plus details mentioned below.
A denotes to Attributable: Attributable means traceability of the document,
For example: Why did the activity?
Who did the activity?
When did the activity? but not limited to.
L denotes to Legible: Legible means, third person should understand and read the documents adequately.
C denotes to Contemporaneous: Contemporaneous means recording of analysis/process activity shall be recorded online.
For example: Person should record the activity before leaving the place or before start another activity. Based on memory, No recording of activity shall be accepted.
O denotes to Original: First time generated copy/ documents called as original copy/ document. Second copy/ Duplicate copy/ Xerox copy shall not be considered as original. In case, original copy/ documents is faded, second copy/print shall be authored along with original copy.
A denotes to Accurate: All type of activities shall be executed as per written procedure.
For example: In case of sample preparation is 100mg material to be dissolved in 100ml with water. Same shall be followed not a 50mg material to be dissolved in 50ml with water. However dilution factor is similar in both the cases.
Complete: All the data including any repeat analysis/ Re-processing/ Re-working on the product/ material, nothing has been deleted.
Consistence: Documentation practices should be applied throughout any process for consistency in documentation. Available should be in a sequential manner with a sign and date. Date and time should be in a correct sequence to show the reliability and consistency in the process and activity performed. (i.e. Data in sequential manner with a sign and date. Follow GDP for consistency in documentation.)
Enduring: Records should exist for the entire period and readable condition.
Available: Data should be available for review at any time until the defined storage of document. Available at the time of audit or whenever required for review.
Breach of data integrity can be identified by using ALCOA, but not limit to.
If, Breach of data integrity noticed at any time by any one, same shall be informed to immediate supervisor/ head of the department for further course of action.
Supervisor/ department head shall inform to Quality –Head/ Designee and evaluate the impact on product quality.
Head Quality/ Designee shall take action, based on criticality.
In case, any person shall be identified to in matter of breach of data integrity, based on criticality CAPA shall be taken, if required, respective person can be shifted from their responsibilities.
Ethics Training/ Agreement:
Ethics training shall be imparted to all employee during joining of the company by Head QA/ Designee.
Ethics agreement shall be understood by individuals and filled the same.
Monitoring:
QA person shall verify the analytical report and BMR Reports randomly selected by the QA for auditing.
QC Manager/ designee shall review at least one analytical report daily basis by considering all the techniques alternative (Like, HPLC, GC, Chemically, Dissolution, DT …etc.) and same shall be verified by QA person.
QA shall review the audit trail report, once in a week, which are already reviewed by QC person weekly basis as per respective procedure.
Documentation:
Recording of analysis shall be recorded on line.
English language shall be used for documentation to understand by third person adequately.
Recording of analysis/ process activity/ documentation shall be legible adequately and recorded by permanent ink pen.
In case any typographical error or wrong value transcribed, same shall be corrected by respective person by single cut horizontally with sign and date with remark.
Person shall not use whitener / tape / Market to correct the mistake and original value/ word must be legible.
Original records shall not be destroyed before completion of five years.
In case of validation (Analytical method validation/ Process validation/ Instrument qualification) documents will not be destroyed. Details of documents shall be referred to respective procedure.
Data shall be integral and traceable.
In case of thermal prints, photocopy of print shall be affixed along with original print.
The data shall be reviewed and approved as per regulatory /FDA/D&C Act requirement.
Signatures or initials of individuals must be unique and documented as per respective procedure.
Rounding off value shall be reported and rounding off procedure shall be applicable at final time point of results. Multiple rounding off value shall not be used to generate single results.
Date and time shall be followed as per respective procedure according to railway time.
While reviewing raw data, Reviewer shall ensure the correctness and traceability of raw data generated.
Reviewer shall ensure the correctness the raw data/ hard copy along with soft copy.
Audit Trail:
Computerized systems are used to capture, process, report or store raw data electronically, system design should always provide for the retention of full audit trails to show all changes to the data while retaining previous and original data. It should be possible to associate all changes to data with the persons making those changes, and changes should be time stamped and a reason given. Users should not have the ability to amend or switch off the audit trail.
The relevance of data retained in audit trails should be considered by the Company to permit robust data review / verification. The items included in audit trail should be those of relevance to permit reconstruction of the process or activity. It is not necessary for audit trail review to include every system activity (e.g. user log on/off, keystrokes etc.), and may be achieved by review of designed and validated system reports.
There should be evidence available to confirm that review of the relevant audit trails have taken place. When designing a system for review of audit trails, this may be limited to those with GMP relevance (e.g. relating to data creation, processing, modification and deletion etc).
QA shall review a sample of relevant audit trails, raw data and metadata as part of self-inspection to ensure ongoing compliance with the data governance policy / procedures.
Data Review procedure describe the actions to be taken if data review identifies an error or omission. This procedure should enable data corrections or clarifications to be made in a GMP compliant manner, providing visibility of the original record, and audit trailed traceability of the correction, using ALCOA principles.
QC person shall review the audit trail of HPLC and GC weekly basis and record the results as per respective procedure.
In case any observations noticed during review, CAPA shall be addressed in same format, If require separate CAPA shall be initiated as per procedure.
In case any Incident/ OOS/OOT occurred during analysis, same shall be recorded and number of investigation shall be mentioned with raw data for its traceability
Computerized system user access / system administrator roles:
QC and other user department must be able to demonstrate the access levels granted to individual staff members as per respective procedure.
Individual users must have individual unique ID and password along with authorization.
List of users along with access control shall be prepared for department wise as per respective procedure.
System administrator access shall be allocated to Head Quality/designee and Head IT. System administrator access shall not be allowed to department –Head/ designee for better control.
System administrator account shall not be used for routine activity.
All changes performed under system administrator access must be visible and approved within, the quality system.
Data archival activity shall be done by IT person as per IT procedure.
Data Backup shall be done by IT person as per respective IT procedure.