Managing Data Integrity and Compliance Guidelines
One of the major concerns of biopharmaceutical R&D executives is maintaining data integrity throughout the entire drug discovery lifecycle. Maintaining high-quality data that complies with regulatory authorities regulations is a must for any industrial laboratory and is crucial for shortening drugs time to market and avoiding unexpected expenses and delays due to violations of data integrity regulations. The ability to store all the data in one place, create contingencies, retrieve data and store all relevant communication within context, can save time and money, and assure data integrity.
Data integrity related issues are a huge headache for compliance officers and are the main reason for FDA warning letters and regulatory actions. According to the FDA, data integrity is an important component of the industry’s responsibility to ensure the safety, efficacy, and quality of drugs, and of FDA’s ability to protect the public health. FDA has increasingly observed CGMP violations involving data integrity during CGMP inspections. For example, In 2017 the FDA issued a total of 5155 warning letters, out of which 694 were issued in the drug industry. When looking at the main observation made in the warning letters, it is clear that data integrity related issues are in the top 5. This number of warning letters related to data integrity keeps growing year after year. The FDA has devoted major efforts to track data integrity discrepancies and it seems it will be growing in the next years. Companies should invest in keeping their data in order to avoid such warning letters which can result in heavy financial consequences. The MHRA (Medical & Healthcare products Regulatory Agency, UK) published an updated ‘GXP’ Data Integrity Guidance and Definitions on March 2018. This document contains many updates and revisions to the previous guidance document from 2015. The MHRA said that “It is designed to facilitate compliance through education, whilst clarifying the MHRA’s position on data integrity and the minimum expectation to achieve compliance.”
What is Data Integrity – ALCOA+
According to the FDA, Data Integrity and Compliance With CGMP Guidance document for Industry, published in April 2016, Data integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA). The ALCOA principles, which are now known as ALCOA+, and are used by the FDA, MHRA, GAMP, WHO and PIC/S, should be implemented in every lab, industrial or academic, to ensure the lab is meeting the regulation authorities minimum CGMP requirements for data integrity.
Who & When – Every recorded document in the laboratory information system should be signed and dated and attributed to an identifiable person. Signing on behalf of someone else is considered fraud. Keep a signature log with examples of all personnel signatures, initials etc. to ensure identity.
All Data and metadata should be perpetual and easily read. The data should be kept accessible throughout the data lifecycle.
In order to assure data credibility, all data, including results and measurements, should be recorded at the time they were performed and according to the order they were executed. It is completely forbidden to backdate data. Also, when data is recorded by two people, both should sign the results.
Original or a true copy
The actual primary data from the source the data was originally generated from.
Editing the original data should always be documented. Annotate amendments and make sure your data is complete, truthful and all changes are marked as such. Data that was altered without annotations is considered inadequate and might be deemed inaccurate.
In addition to the traditional ALCOA principles, in the past few years, additional principles (known as +) have been added to the list to which data integrity should adhere::
Data should include all the results, including repeated results and analysis performed. Don’t forget to include all the metadata on which your data is based on. It is best to link between the data and metadata, to keep the metadata in context This also helps in maintaining availability as well.
Data must be kept in the sequence it occurred, traceable (date/time stamped) and created in a repeatable and comparative form
Data should be durable throughout the lifecycle and recorded on an acceptable media – paper or electronic.
Access to Data should always be easily available for review or audit throughout the data lifecycle.
Having an understanding of the data integrity principles above is the first step in protecting your company from potential GXP irregularities that may result in regulatory authorities inspection and potentially warning letters. In order to prevent problems before they occur it is important to take internal actions to comply with regulations.
Management Accountability for Data Integrity
According to the guidance documents issued by the FDA and MHRA, it is clear that biopharmaceutical senior management is responsible and accountable for the implementation of systems and procedures to minimize the potential risk to data integrity, and for identifying the residual risk, using risk management techniques. Laboratory management is advised to:
- Endorse clear data governance policy in which responsibilities and processes are clear throughout the organization. Data governance should address data ownership and accountability throughout the lifecycle, and consider the design, operation, and monitoring of processes/systems to comply with the principles of data integrity including control over intentional and unintentional changes to data.
- Initiate Data integrity training – Every employee in the company should be trained and made aware of the importance of data integrity principles and the company regulations associated with it
- Perform Data Integrity Risk Assessment (DIRA) on a regular basis – Implement, design and operate a documented system that provides an acceptable state of control based on the data integrity risk with supporting rationale. Make sure that the processes that produce data or where data is obtained are mapped out and each of the formats and their controls are identified and the data criticality and inherent risks documented
- Take responsibility for the systems used and the data they generate
- Motivate employees to follow the guidelines and create a work environment that enables effective data integrity controls – actively encourage reporting of errors, omissions, and undesirable results.
- Notify regulatory authorities when significant data integrity incidents have been identified.
Deploying a web and cloud-based Electronic Lab Notebook in industrial labs fosters greater adoption of Good Laboratory Practices (GLP) and can reduce the likelihood of data loss or corruption.
Contact us to learn how Labguru can help you meet data integrity requirements.
Read More blog posts: