In April 2016, the FDA released draft guidance for clarifying the data integrity role in current good manufacturing practice (CGMP) as a reaction to the large number of data integrity violations that have been cited with increasing frequency by the FDA. This guidance defines data integrity as the “completeness, consistency, and accuracy of data”, and states that maintaining data integrity requires that data be attributable, legible, contemporaneous, original, and accurate (ALCOA). This guidance is arranged in a question and answer format and helps to clarify terms and requirements found in other FDA guidances.
First, this guidance defines commonly used terminology. Metadata, most simply defined as “data about data”, is what gives data the context it needs in order to reconstruct the entire CGMP activity. It must be maintained throughout the entirety of the retention period along with associated data and must be secure and traceable. Metadata includes system audit trails, defined for the sake of this guidance as “a secure, computer-generated time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record”. Audit trails can either track changes to data (such as testing results) or track actions taken at the record or system level (such as accessing the system). “Backup” is used to refer to data copies maintained securely throughout the record retention period with all associated metadata in a form identical with or compatible with the original format. It does not refer to temporarily created backup copies.
Computer systems must have controls in place to attribute data to a specific user. If it is not possible for each operator to have their own login account, then other controls and documentation must be implemented to ensure traceability to an individual. Electronic signatures satisfying Part 11 requirements must have the appropriate controls to link the signature with the individual and the record. System administrators should be independent from record generators and should maintain a list of all authorized system personnel and their security privileges. If this is not possible, there should be a second reviewer for settings and content. Controls should be in place to restrict who can change a record or enter data and who has the ability to edit specifications, testing methods, and parameters. All workflows for a CGMP system must be validated for their intended use. Audit trails should be routinely reviewed based on the risk of the system, whenever the rest of the record is reviewed, and before final approval. All data should be reviewed if it is used in the CGMP decision-making process unless there is a justified, valid reason for excluding it.
Static records are defined as fixed-data documents, while dynamic records are defined as allowing user interaction with the record. It is acceptable to retain static records or printouts of original electronic records if they are complete copies and they are not from a dynamic record. CGMP records must be saved at the time of performance. Upon completion of the record they must be sent to storage or controlled in such a way that they cannot be modified. Do not store electronic data in a temporary manner that allows for data manipulation before the permanent record is created. Instead, consider a Laboratory Information Management System (LIMS) or Electronic Batch Record (EBR) system to automatically save data after each individual entry. When storing results, all parts of the results must be saved including original data before it is reprocessed, all raw data, graphs, charts, and spectra.
Testing into compliance, usually defined as testing different samples until a desired passing outcome is obtained, is prohibited. This includes scenarios such as using actual samples during a “test” run to make sure they will pass in the “actual” run. Instead, a system suitability test should be performed for determining system precision or an actual sample selected from a different batch than the samples being tested. The chosen test sample should be rationalized and tested according to written procedures. To prevent data integrity issues, personnel must be trained in detecting data integrity issues as part of routine CGMP training programs. If personnel ever suspect data integrity issues, reports should be submitted to the FDA at DrugInfo@fda.hhs.gov with “CGMP data integrity” in the subject line. Any internal investigations taken to inspect potential quality issues must include determining the root cause and the effects on patient safety, product quality, data reliability as well as ensuring the corrective actions to be taken.
When the FDA performs an investigation, all records, even electronic, must be allowably inspected, reviewed, and copied by FDA inspectors. If the FDA identifies any data integrity problems, it is recommended that companies hire a third party auditor, determine the scope of the identified problem, determine and implement a corrective action plan, and remove individuals responsible for the problems from CGMP positions. They FDA may also conduct an inspection to determine whether or not CGMP data integrity violations have been remedied.
Written based off FDA’s Data Integrity and Compliance With CGMP Guidance for Industry