DATA INTEGRITY
DEFINITION: "data integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA)" - FDA Guidance Data Integrity and Compliance With Drug CGMP
In recent years, FDA has increasingly observed cGMP violations involving data integrity during cGMP inspections. This is troubling because ensuring data integrity is an important component of industry’s responsibility to ensure the safety, efficacy, and quality of drugs, and of FDA’s ability to protect the public health. These data integrity-related cGMP violations have led to numerous regulatory actions, including warning letters, import alerts, and consent decrees. The underlying premise in §§ 210.1 and 212.2 is that cGMP sets forth minimum requirements to assure that drugs meet the standards of the FD&C Act regarding safety, identity, strength, quality, and purity. Requirements with respect to data integrity in parts 211 and 212 include, among other things:
When considering how to meet many of these regulatory requirements, it may be useful to ask the following questions:
What is ALCOA? The five data integrity attributes as defined by the FDA:
MEDVACON delivers leading Data Integrity and Computer System Validation services that are designed to help reduce the overall cost of compliance for Life Sciences organizations. We offer our clients comprehensive services, including leadership and a range of strategic solutions and tactical services that provide cost-effective and comprehensive compliance and validation. The MEDVACON team of highly-qualified consultants can deliver a broad suite of solutions in areas of computer systems validation, infrastructure qualification, IT Quality Management, and process improvement.
In recent years, FDA has increasingly observed cGMP violations involving data integrity during cGMP inspections. This is troubling because ensuring data integrity is an important component of industry’s responsibility to ensure the safety, efficacy, and quality of drugs, and of FDA’s ability to protect the public health. These data integrity-related cGMP violations have led to numerous regulatory actions, including warning letters, import alerts, and consent decrees. The underlying premise in §§ 210.1 and 212.2 is that cGMP sets forth minimum requirements to assure that drugs meet the standards of the FD&C Act regarding safety, identity, strength, quality, and purity. Requirements with respect to data integrity in parts 211 and 212 include, among other things:
- § 211.68 (requiring that “backup data are exact and complete” and “secure from alteration, inadvertent erasures, or loss” and that “output from the computer… be checked for accuracy”).
- § 212.110(b) (requiring that data be “stored to prevent deterioration or loss”).
- §§ 211.100 and 211.160 (requiring that certain activities be “documented at the time of performance” and that laboratory controls be “scientifically sound”).
- § 211.180 (requiring that records be retained as “original records,” or “true copies,” or other “accurate reproductions of the original records”).
- §§ 211.188, 211.194, and 212.60(g) (requiring “complete information,” “complete data derived from all tests,” “complete record of all data,” and “complete records of all tests performed”).
- §§ 211.22, 211.192, and 211.194(a) (requiring that production and control records be “reviewed” and that laboratory records be “reviewed for accuracy, completeness, and compliance with established standards”).
- §§ 211.182, 211.186(a), 211.188(b)(11), and 211.194(a)(8) (requiring that records be “checked,” “verified,” or “reviewed”).
When considering how to meet many of these regulatory requirements, it may be useful to ask the following questions:
- Are controls in place to ensure that data is complete?
- Are activities documented at the time of performance?
- Are activities attributable to a specific individual?
- Can only authorized individuals make changes to records?
- Is there a record of changes to data?
- Are records reviewed for accuracy, completeness, and compliance with established standards?
- Are data maintained securely from data creation through disposition after the record’s retention period?
What is ALCOA? The five data integrity attributes as defined by the FDA:
- Attributable. Data must be stored so that it can be connected to the individual who produced it. Every piece of data entered into the record must be fully traceable in time.
- Legible. Data must be traceable, permanent, readable, and understandable by anyone using the record. This also applies to any metadata attached to the record.
- Contemporaneous. Data must be fully documented at the time they are generated or acquired.
- Original. Data must be the original record or in a certified copy. The data record should include the first data entered and all successive data entries required to fully understand the data.
- Accurate. Data must be correct, truthful, complete, valid and reliable.
MEDVACON delivers leading Data Integrity and Computer System Validation services that are designed to help reduce the overall cost of compliance for Life Sciences organizations. We offer our clients comprehensive services, including leadership and a range of strategic solutions and tactical services that provide cost-effective and comprehensive compliance and validation. The MEDVACON team of highly-qualified consultants can deliver a broad suite of solutions in areas of computer systems validation, infrastructure qualification, IT Quality Management, and process improvement.
|
|
|
Computer Software Validation is a formalized, documented process for testing computer software and systems, required by 21 CFR 11.10(a) and Annex 11, Section 4. The FDA and other regulatory bodies require validation to demonstrate that computer systems are in compliance with all regulations for electronic data management systems. Failure to validate systems is one of the leading reasons a business is issued a 483. MEDVACON can validate all of your software, databases, spreadsheets, and computer systems, and develop the appropriate documentation for all phases of the software life cycle. We have written and executed validation packages for systems of all sizes. We can provide any level of service required, from executing test scripts generated from your existing specifications to writing the entire validation package. MEDVACON will follow your existing validation procedures or provide your company with validation standards. Our validation methodology ensures validation deliverables that are in line with industry standards & best practices, focus resources towards the most critical system functions, and complete the validation projects efficiently.
Example Projects
|
Lab Systems Software Implementation& Val
MEDVACON's Pharmaceutical client planned on deploying Waters Empower 3 Chromatography software in their facilities for use with approximately 30-35 HPLCs. To ensure compliance with current Good Manufacturing Procedures Pharmaceutical Company engaged MEDVACON to perform Computer System Validation activities for the implementation. MEDVACON’s activities included the following scope of work: Prepare the User and Functional Requirements (URS/FRS) and the Traceability Matrix (TM); Review Waters vendor software testing documentation per Detailed Design Specifications (DDS) including software modules, graphics, HMI components and batch reports; Review Configuration Specification/DDS documents against requirements; Author IOQ leveraging the vendor IOQs for the Waters Empower 3 Chromatography Data Software; Execute IOQ and prepare the IOQ summary report; Author PQ for the live environment; Execute PQ for the live environment; prepare PQ for summary report; Author data transfer and integrity testing protocol for transfer of data from Empower 2 to Empower 3; Execute data transfer and integrity testing protocol, prepare Summary Report; Prepare Validation Summary Report and final Traceability Matrix; Support deviation closure; Support developing SOP’s; Generation of VSR; documentation; Provide Project Oversight and Management (PM)
|
21 CFR Part 11 & CSV Methodology Assessment
MEDVACON was engaged in a multifaceted compliance consulting initiative. MEDVACON provided professional consulting services in the area of 21 CFR Part 11 compliance as well as requisite requirements such as System Development Life Cycle (SDLC) and Validation. MEDVACON specifically provided: written 21 CFR Part 11 compliance assessment reports for the five types of computer controlled test equipment at cliet; written assessment report of the client site IT Policies & Procedures to ensure 21 CFR Part 11 compliance controls; written assessment report of site IT Policies & Procedures governing their System Development Life Cycle (SDLC) methodology required for developing software used in a GxP environment; Validation and 21 CFR Part 11 compliance consulting services specific to client's in-house developed MS Access based test-data collection and reporting system.
FDA LIMS Validation and SOP Consulting
MEDVACON was engaged by our partner to assist FDA lab staff by identifying where in their SOPs updates for LIMS need to be made far in advance of the lab implementation. MEDVACON ensured that the LIMS-relevant SOPs from the labs and QMS staff were available. This included instrument qualification, operational qualification, and performance qualification (IQ/OQ/PQ).
|
QMS Software Quality Assurance & Validation
An industry leader in Quality Management Software has engaged MEDVACON in a multitude of ongoing CSV, SQA and PM activities. MEDVACON has a dedicated team that prepares and executes PQ's for QMS providers' client implementations. MEDVACON has another dedicated team that conducts full SQA and validation of QMS providers' quarterly software releases.
PDMA Sample System Validation
MEDVACON's client that provides Prescription Drug Marketing Act (PDMA) sample compliance services engaged MEDVACON to validate their acknowledgement of delivery tracking system. MEDVACON developed the project plan, Validation Plan, reviewed the URS and FRS, developed the IQ/OQ and PQ. MEDVACON executed the protocols and developed the validation final report.
Pharmaceutical IT Policies & Procedures Development
A Pharmaceutical company focused on developing small-molecule anti-cancer therapeutics engaged MEDVACON to evaluate their existing IT Policies and Procedures and develop an overarching IT Quality System, along with development of requisite documents. MEDVACON developed sixty-four IT Polices, Procedures and Work Instructions which form the basis of their IT Quality System.
|