Data integrity has recently been in the agency spotlight. In part because of the draft data integrity guidance issued April 2016, but primarily due to an increased number of inspection findings involving the reliability and trustworthiness of data. Expectations for ensuring data integrity are evolving and increasing. The rise in 483 observation citations and warning letter rates issued for relating to data integrity is direct evidence of this trend.
Currently, FDA is focusing primarily on data integrity issues in the laboratory, Chromatographic acquisitions systems in particular. This is because analytical equipment is a primary source of creating raw data. Many analytical instruments and computerized systems have inherent limitations or gaps that may allow for accidental or intentional data integrity issues. Validation alone is not sufficient to close the gaps. Also, FDA has a better understanding of laboratory systems; inspectors receive specific training in the understanding, use, and capability of these systems to help identify possible data errors or fraud.
As a result of the increased awareness of data integrity issues across industry, FDA issued the draft guidance for industry Data Integrity and Compliance with CGMP for comment. This draft guidance provides the agency’s current thinking and expectations on the creation and handling of data in accordance with cGMP requirements.
It applies to processing, packing, and/or holding of drugs and provides risk-based strategies to prevent and detect data integrity issues. It stipulates that data integrity of both paper and electronic data should be complete, consistent, and accurate. In the draft guidance, the ALCOA (Attributable, Legible, Contemporaneously recorded, Original, and Accurate) concept is discussed for the handling of raw data. This concept may be taken a step further to “ALCOA+CACE” (Complete, Available, Consistent, and Enduring) and incorporates the collection of data.
In other words, it is the ability to trust and rely on data to be accurate, complete, and enduring.
Remember, data is what GMP quality decisions are based upon and is the foundation for recreating events and justifying decisions.
When it comes to data, the FDA expects that your company’s quality system assures that records comply with regulatory requirements, results are accurate and complete, results are supported by the source data, there is no selective reporting, and that there is no altered, omitted, or fraudulent data. Can your quality system assure this?
Many of the data integrity guidance elements draw from and build upon requirements outlined in 21 CFR Part 11. The following table illustrates ways that these principles apply to both paper records and electronic data, this concept aligns well with your company’s Computer System Validation (CSV) program:
Don’t forget that good documentation practices, audit trails, and metadata are elements that are reviewed and scrutinized by the FDA to help demonstrate that data is supported and meets these expectations.
Incorporating a data integrity program may require a change in a way things are done at your company. This concept should be integrated into the foundation of quality processes and procedures. But, data integrity requires more than just well written SOPs. Data integrity requires a mature quality culture from management down. Is your management team enforcing a culture that continually improves and takes issues such as data integrity seriously? If a manager or supervisor makes statements like “I don’t care what you need to do, just get the testing done by end of the day!” then perhaps they haven’t.
Strong leadership support, realistic time expectations, employee awareness of data review, and routine system data audits are all things to consider to help detect and prevent accidental or intentional data integrity issues.
Have you found a data integrity issue or aren’t sure where to look? I find it works well to conduct gap assessments to determine if any site action plans are necessary and use risk based approaches to address any data integrity problems identified. Don’t be complacent and think that data integrity issues cannot occur at your firm, be on the lookout for them and be ready when they occur.