The document discusses FDA guidance on data integrity and compliance with cGMP regulations from April 2016 and December 2018, noting that data should be complete, consistent, accurate, attributable, contemporaneously recorded, original, and accurate according to the ALCOA principles. It addresses topics like definitions of data integrity, audit trails, backups, and electronic records as well as FDA expectations around controls for computer systems and ensuring data is not improperly altered.
The document discusses FDA guidance on data integrity and compliance with cGMP regulations from April 2016 and December 2018, noting that data should be complete, consistent, accurate, attributable, contemporaneously recorded, original, and accurate according to the ALCOA principles. It addresses topics like definitions of data integrity, audit trails, backups, and electronic records as well as FDA expectations around controls for computer systems and ensuring data is not improperly altered.
The document discusses FDA guidance on data integrity and compliance with cGMP regulations from April 2016 and December 2018, noting that data should be complete, consistent, accurate, attributable, contemporaneously recorded, original, and accurate according to the ALCOA principles. It addresses topics like definitions of data integrity, audit trails, backups, and electronic records as well as FDA expectations around controls for computer systems and ensuring data is not improperly altered.
Table of Content (1) 1. Definition and purpose 2. EU vs FDA requirements 3. FDA April 2016 and 2018 Guidance document 4. Data Integrity during development 5. Why Data Integrity Guidance from FDA? 6. FDA definition of Audit Trail 7. FDA definition of Back up 8. Computer and related system 9. FDA is concerned with the use of shared login accounts for computer systems 10. When does electronic data become a CGMP record? 11. How should blank forms be controlled? 12. Can electronic signatures be used instead of handwritten signatures for master production and control record 13. The practice, also referred to as testing into compliance, is not consistent with CGMP
L.C.Clauss Hisut Ltd 2 06/12/2023
Table of Content (2) 14. Typical issues with Password 15. Is it acceptable to only save the final results from reprocessed laboratory chromatography? 16. Can an internal tip regarding a quality issue, such as potential data falsification, be handled informally outside of the documented CGMP quality system? 17. FDA request that personnel should be trained in detecting data integrity issues as part of a routine CGMP training program 18. FDA Warning letter Form 483
L.C.Clauss Hisut Ltd 3 06/12/2023
1.)Definition from FDA guidance
For the purposes of this guidance, data integrity
refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be Attributable, Legible, Contemporaneously Recorded, Original or a true copy, and Accurate (ALCOA).
L.C.Clauss Hisut Ltd 4 06/12/2023
Data Integrity Definition
Data integrity is the accuracy and consistency of stored
data, indicated by an absence of any alteration in data between two updates of a data record. Data integrity is imposed within a system at its design stage through the use of standard rules and procedures, and is maintained through the use of error checking and validation routines.
L.C.Clauss Hisut Ltd 5 06/12/2023
What is Metadata
L.C.Clauss Hisut Ltd 6 06/12/2023
European Regulations
Records retention requirements state that if the records are
supporting a Marketing Authorization (MA), then the records have to be maintained, including the data integrity for as long as the MA is in force. The recently published EU GMP Annex for computerized systems 11, effective 30 June 2011, has several sections dealing with data integrity. 5/15/2014 22Drug Regulations : Online Resource for Latest Information
L.C.Clauss Hisut Ltd 7 06/12/2023
Data Integrity during development FDA and other global regulatory agencies now oversee the pharmaceutical product lifecycle from early development to final product release more thoroughly Therefore R & D laboratories have come under increased scrutiny within recent years Regulations have been in place since the 1970s, However historically, FDA has concentrated its review process on the manufacturing aspect of pharmaceutical products. This has changed with the added scrutiny on data integrity 5/15/2014 31Drug Regulation
L.C.Clauss Hisut Ltd 8 06/12/2023
Why Data Integrity Guidance from FDA? “The purpose of this guidance is to clarify the role of data integrity in current good manufacturing practice (CGMP) for drugs, as required in. Current Good Manufacturing Practice in Manufacturing, Processing, Packing, or Holding of Drugs; General; and Finished Pharmaceuticals (21 CFR/210/211/212). FDA expects that data be reliable and accurate, cGMP regulations and guidance allow for flexible and risk based strategies to prevent and detect integrity issues”
L.C.Clauss Hisut Ltd 9 06/12/2023
FDA expectations
L.C.Clauss Hisut Ltd 10 06/12/2023
FDA definition of Audit Trail “For purposes of this guidance, audit trail means a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. An audit trail is a chronology of the “who, what, when, and why” of a record. For example, the audit trail for a high performance liquid chromatography (HPLC) run includes the user name, date/time of the run, the integration parameters used, and details of a reprocessing, if any, including change justification for the reprocessing.”
L.C.Clauss Hisut Ltd 11 06/12/2023
Who should review audit Trails ?
L.C.Clauss Hisut Ltd 12 06/12/2023
How often should audit trails be reviewed?
L.C.Clauss Hisut Ltd 13 06/12/2023
How does FDA use the terms “static” and “dynamic” as they relate to record formats?
L.C.Clauss Hisut Ltd 14 06/12/2023
Is it acceptable to retain paper printouts or static records instead of original electronic records from stand-alone computerized laboratory instruments such as an FTIR Instruments? (1)
L.C.Clauss Hisut Ltd 15 06/12/2023
Is it acceptable to retain paper printouts or static records instead of original electronic records from stand-alone computerized laboratory instruments such as an FTIR Instruments? (2)
L.C.Clauss Hisut Ltd 16 06/12/2023
FDA definition of Back up
FDA uses the term backup to refer to a true copy of the
original data that is maintained securely throughout the records retention period. The backup file should contain the data (which includes associated metadata) and should be in the original format or in a format compatible with the original format. ( 21CFR§ 211.68(b) and § 211.180)
L.C.Clauss Hisut Ltd 17 06/12/2023
Computer and related system Computer or related systems can refer to: computer hardware, software, peripheral devices, networks, cloud infrastructure, operators, and associated documents (e.g., user manuals and standard operating procedures). L.C.Clauss Hisut Ltd 18 06/12/2023 FDA is concerned with the use of shared login accounts for computer systems Companies must exercise appropriate controls to assure that changes to computerized MPCRs*, or other records, or input of laboratory data into computerized records, can be made only by authorized personnel (CFR § 211.68(b)). FDA recommends to restrict the ability to alter specifications, process parameters, or manufacturing or testing methods by technical means where possible (for example, by limiting permissions to change settings or data). *MPCS= Master Production and Control Record L.C.Clauss Hisut Ltd 19 06/12/2023 Does each CGMP workflow on a computer system need to be validated?
L.C.Clauss Hisut Ltd 20 06/12/2023
MPCR Master production and control record
FDA is concerned with the use of shared login accounts for computer systems (2)
FDA suggests that the system administrator role, including any
rights to alter files and settings, be assigned to personnel independent from those responsible for the record content. To assist in controlling access, FDA recommends maintaining a list of authorized individuals and their access privileges for each CGMP computer system in use
L.C.Clauss Hisut Ltd 21 06/12/2023
When does electronic data become a CGMP record? When generated to satisfy a CGMP requirement, all data become a CGMP record. Data should be documented, or saved, at the time of performance to create a record in compliance with CGMP requirements, including, but not limited to. CFR §§ 211.100(b) and 308 211.160(a). FDA expects processes to be designed so that quality data required to be created and maintained cannot be modified. For example, chromatograms should be sent to long-term storage (archiving or a permanent record) upon run completion instead of at the end of a day’s runs. L.C.Clauss Hisut Ltd 22 06/12/2023 When is it permissible to invalidate a CGMP result and exclude it from the determination of batch conformance?
L.C.Clauss Hisut Ltd 23 06/12/2023
How should blank forms be controlled?
There must be document controls in place to assure
product quality (21CFR§§ 211.100, 212 211.160(a), 211.186, 212.20(d), and 212.60(g)) . FDA recommends that, if used, blank forms (including, but not limited to, worksheets, laboratory notebooks, and MPCRs*) be controlled by the quality unit or by another document control method. For example, numbered sets of blank forms may be issued as appropriate and should be reconciled upon completion of all issued forms. *MPCS = Master Production and Control Record 24 06/12/2023 L.C.Clauss Hisut Ltd How should blank forms be controlled? (2)
Incomplete or erroneous forms should be kept as part of the
permanent record along with written justification for their replacement bound paginated notebooks, stamped for official use by a document control group, allow detection of unofficial notebooks as well as of any gaps in notebook pages.
L.C.Clauss Hisut Ltd 25 06/12/2023
Can electronic signatures be used instead of handwritten signatures for master production and control records? Electronic signatures with the appropriate controls can be used instead of handwritten signatures or initials in any CGMP required record. Requirement is to be able to clearly identify the individual responsible for signing the record. An electronic signature with the appropriate controls to securely link the signature with the associated record fulfills this requirement.
L.C.Clauss Hisut Ltd 26 06/12/2023
The practice, also referred to as testing into compliance, is not consistent with CGMP (1) The use of actual samples to perform system suitability testing as a means of testing into compliance is not acceptable. It is considered as a violative practice to use an actual sample in test, prep, or equilibration runs as a means of disguising testing into compliance. According to the United States Pharmacopeia (USP), system suitability tests should include replicate injections of a standard preparation or other standard solutions to determine if requirements for precision are satisfied (see USP General Chapter <621> Chromatography).
L.C.Clauss Hisut Ltd 27 06/12/2023
The practice, also referred to as testing into compliance, is not consistent with CGMP (2)
System suitability tests, including the identity of the
preparation to be injected and the rationale for its selection, should be performed according to the firm’s established written procedures and the approved application or applicable compendial monograph (21CFR§§ 211.160 and 212.60).
L.C.Clauss Hisut Ltd 28 06/12/2023
Typical issues with Password “Common passwords Analysts share passwords, it is not possible to identify who creates or changes records. User privileges The system configuration for the software does not adequately define or segregate user levels and users have access to inappropriate software privileges such as modification of methods and integration. Computer system control Laboratories have failed to implement adequate controls over data, and unauthorized access to modify, delete, or not save electronic files is not prevented; the file, therefore, may not be original, accurate, or complete”. 5/15/2014 17Drug Regulations” 21CFR §11 L.C.Clauss Hisut Ltd 29 06/12/2023 Is it acceptable to only save the final results from reprocessed laboratory chromatography?
NO, FDA considered that Analytical methods should be capable
and stable. For most lab analyses, reprocessing data should not be regularly needed. If chromatography is reprocessed, written procedures must be established and followed and each result retained for review
FDA requires complete data in laboratory records, which
includes raw data, graphs, charts, and spectra from laboratory instruments
L.C.Clauss Hisut Ltd 30 06/12/2023
Can an internal tip regarding a quality issue, such as potential data falsification, be handled informally outside of the documented CGMP quality system?
Suspected or known falsification or alteration of records
required must be fully investigated under the CGMP quality system to determine the effect of the event on patient safety, product quality, and data reliability; to determine the under root cause; and to ensure the necessary corrective actions are taken (see 21§§ 211.22(a), 378 211.125(c), 211.192, 211.198, 211.204, and 212.100). parts 210, 375 211, and 212
L.C.Clauss Hisut Ltd 31 06/12/2023
FDA request that personnel should be trained in detecting data integrity issues as part of a routine CGMP training program Training personnel to detect data integrity issues is consistent with the personnel requirements according to cGMP, which state that personnel must have the education, training, and experience, or any combination thereof, to perform their assigned duties. ( 21CFR§§ 211.25 and 212.10) Is the FDA investigator allowed to look at my electronic records? Yes. All records required under CGMP are subject to FDA inspection. Authorized inspection should be able to review, and copying of records, which includes copying of electronic data (21CFR§§ 211.180(c) and 212.110(a) and (b)). L.C.Clauss Hisut Ltd 32 06/12/2023 FDA Warning letter Form 483
How does FDA recommend data integrity problems identified
during inspections, in warning letters, or in other regulatory actions be addressed? FDA encourages you to demonstrate that you have effectively remedied your problems by: hiring a third party auditor, determining the scope of the problem, implementing a corrective action plan (globally), and removing at all levels individuals responsible for problems from CGMP positions. FDA may conduct an inspection to decide whether CGMP violations involving data integrity have been remedied.
SUBCHAPTER C--DRUGS: GENERALPART 211 -- CURRENT GOOD
MANUFACTURING PRACTICE FOR FINISHED PHARMACEUTICALS Subpart J--Records and Reports Sec. 211.188 Batch production and control records. Batch production and control records shall be prepared for each batch of drug product produced and shall include complete information relating to the production and control of each batch. These records shall include: (a) An accurate reproduction of the appropriate master production or control record, checked for accuracy, dated, and signed; L.C.Clauss Hisut Ltd 35 06/12/2023 CFR211.188 (2) (b) Documentation that each significant step in the manufacture, processing, packing, or holding of the batch was accomplished, including: (1) Dates; (2) Identity of individual major equipment and lines used; (3) Specific identification of each batch of component or in- process material used; (4) Weights and measures of components used in the course of processing; (5) In-process and laboratory control results; (6) Inspection of the packaging and labeling area before and after use; L.C.Clauss Hisut Ltd 36 06/12/2023 CFR211.188 (3) (7) A statement of the actual yield and a statement of the percentage of theoretical yield at appropriate phases of processing; (8) Complete labeling control records, including specimens or copies of all labeling used; (9) Description of drug product containers and closures; (10) Any sampling performed; (11) Identification of the persons performing and directly supervising or checking each significant step in the operation, or if a significant step in the operation is performed by automated equipment under 211.68, the identification of the person checking the significant step performed by the automated equipment. L.C.Clauss Hisut Ltd 37 06/12/2023 CFR211.188 (5)
(12) Any investigation made according to 211.192.
(13) Results of examinations made in accordance with 211.134. [43 FR 45077, Sept. 29, 1978, as amended at 73 FR 51933, Sept. 8, 2008]