Topic insight: Good (and bad) Data Integrity Practices: 3rd party auditor experiences

Written by: Octavi Colomina President, Asociacion Forum Auditorias (AFA)

Despite being nothing new in terms of regulatory compliance expectation, it has not been until quite recently that, as a consequence of FDA Warning Letters issued in recent years to some companies, regulatory authorities worldwide and pharmaceutical companies are re-assessing their current policies and procedures for managing documents and records, especially raw data, in order to ensure full compliance to GMP principles and its interpretation.

When considering the impact of this issue in the strategies and approaches applied to supplier audits, one realises that the always delicate balance of times dedicated to the different key areas included in the audit agenda planning the always limited available time, is seriously affected since potential data integrity problems usually require to focus on very detailed, and sometimes technically complex, aspects of data management processes.

However, as in many other aspects in audits, the experience and the observation of 'signs' in the auditee can provide valuable information and give a preliminary idea on the consideration of data integrity, its importance for the different representatives of the staff, the 'culture' around the concept and where can we start digging to identify weaknesses in the robustness and reliability of data.

QC processes and data flows, in particular in HPLC are the traditional source of data integrity problems, even after several years of similar problems raised in FDA inspections which resulted in unsatisfactory explanations and eventually in Warning Letters. Unexplained data deletion, renaming, lack of audit trail, poor users management, etc. are, unfortunately, still sources of deviations, sometimes critical due to the relevance of the data compromised.

Other areas and processes typically included in the ordinary flow of supplier audits should now be seen from a different angle: ten years ago it was the risk approach, now it is the integrity of the relevant data or records related to that GMP principle that applies in each case. Manufacturing operations including computerised systems, documentation practices, cleaning operations do all include some records, some actions that need the application of the 'Data Integrity Eye' to identify potential risks for the data reliability.

Data Integrity introduces new challenges and lead us one step beyond, not only to pharmaceutical companies, but also extend these challenges to our supply chain, which obviously requires readapting traditional audit practices.

A wide perspective, regarding the application of data integrity principles, should be applied in order to include all kinds and nature of data and records: electronic records, paper records, etc. and analyse in a case by case basis the relevance of the data, the current compliance condition and the effect that the current interpretation on the integrity and traceability has on those data.

Recent initiatives of regulatory authorities: US FDA training activities in some countries, United Kingdom MHRA guideline are driving companies to initiate projects for improving their practices on data recording, copying, validation of computerised systems, 21CFR Part 11 and EU Annex 11 compliance, etc. In many cases the implementation of such improvements will entail economic consequences, since many of the current computerised systems, used so far under reasonable compliance conditions are now seen under a stricter standpoint and deemed as non-compliant and, consequently, will need to be replaced by ‘compliant’ systems.


Explore our event