The 2016 publication of FDA draft guidance document (“Data Integrity and Compliance with CGMP”) along with increased warning letters / 483s have generated an increased attention toward data integrity issues among FDA regulated industries. As a result, companies in the affected industries have begun instituting or updating their data integrity policies and best practices. A major manufacturing facility for a large pharmaceutical corporation initiated a comprehensive effort to proactively identify and address any potential concerns with data integrity. This effort entailed the assessment of hundreds of their data systems, involving both paper-based and electronic records, to ensure that their data systems were in compliance with their own data integrity procedures and that their procedures aligned with industry best practices.
This manufacturing facility had two physical sites that needed to be assessed for data integrity gaps. Both sites needed to comply with the corporate policy on data integrity and needed objective evidence of compliance. Having relied on Performance Validation (PV) for many years to provide onsite validation and verification support for multiple sites, this client contacted PV for assistance in their data integrity assessment project.
The data integrity assessment project planning process determined what systems would need to be assessed and how to assess them. Clearly, the individual assessment of hundreds of systems would not be an efficient or necessary use of project resources. Rather, the company categorized the systems. Three categories of systems were identified based on data type: paper records (e.g. forms, logbooks), equipment (e.g. instruments, devices), and computerized systems (e.g. ERP, LIMS, SCADA). Paper records and equipment would receive the same “ALCOA” assessment (see next paragraph). Computerized systems would receive the paper/equipment assessment along with an additional 21 CFR Part 11 compliance assessment. Redundant systems would be addressed under one common assessment.
The assessment criteria were prescribed based upon the principles of “ALCOA”. ALCOA, is at the cornerstone of data integrity principles, which states that data must be Attributable, Legible, Contemporaneous, Original, and Accurate. The company also adopted the “ALOCA +” concept which adds Complete, Consistent, Enduring, and Available. A questionnaire was constructed, organized according to each component of ALCOA. Questions addressing the legibility of data were grouped together, for example. Each question was worded to elicit a Boolean response (yes/no), and provided a field for detailing gaps (if a “no” was answered), gap mitigations (including emergency actions if needed), and deadlines. A weighting value was attached to each yes or no answer which was used to tabulate a final score resulting in a quantitative pass or fail result.
Subject matter experts (SMEs) for each system were assigned to help PV with the assessment process. PV staff conducted the assessments and managed the process. This involved scheduling and holding meetings with the SMEs to answer the questions on the assessments. PV staff delivered expertise gained through years of training and experience in data integrity and 21 CFR Part 11 to offer guidance for answering the questions and to provide consultation on gap remediation. The assessments were documented by PV and concerns were communicated to the stakeholders including Quality Assurance and the business process owners.
All data integrity assessments were completed on time and under the project budget. PV performed the assessments and aided in the stakeholder approval process.
The company now has a clear picture of the types of data integrity gaps and concerns they have relating to the systems that were assessed. They were able to obtain objective information on their compliance status from a data integrity standpoint and make this valuable information available to key decision-makers in the company. More importantly, they gained a conclusive list of specific action items to be completed. Some action items were specific and unique. For example, some systems did not employ audit trail retention practices, or if they did, their practices were vague and lacked accountability. Some action items targeted broader, site-wide quality system issues. For example, the organization had a procedure stating that they intended to perform risk analysis in support of a risk-based approach to compliance, but did not document the process or show objective evidence of risk in practice. With this project complete, they now have the ability to effectively address data integrity in their organization.
The PV Advantage
The PV staff provided the expertise and knowledge needed to ensure an efficient high-quality data integrity assessment of the systems. They knew how to ask the right questions and delve into the nuances of a system to make sure no stone went unturned when looking at data integrity. Project and document management was also handled by PV, relieving the client of concerns over the compilation, construction, and routing of documentation. Moreover, PV provided knowledgeable guidance on how to resolve the gaps discovered by the data integrity assessments, and will continue to aide in the remediation process for this client.
For more information please schedule a call with one of our subject matter experts.
CSV Services Manager