28 Jun Dissecting the FDA Guideline for Data Integrity – Article #3
Republished with permission from Roque A. Redondo
Dissecting the FDA Guideline for Data Integrity – Article #3
Author: Roque A. Redondo
VP Automation and Business Development USA Operations – mirus Consulting Group
So far, we have discussed the Introduction Section, the Background Section and Question #1. In this article, I will continue with the discussion of Question #2 until Question #8 the new FDA Guideline on Data Integrity.
Question #2: – When is it permissible to invalidate a CGMP result and exclude it from the determination of batch conformance?
The FDA answer related to this question can be summarized in the following bullets:
-Invalidating test results to exclude them from quality unit decisions about conformance to a specification requires a valid, documented, scientifically soundjustification. Therefore, we need to assure that all decisions about invalidating data MUST be properly justified with enough background information that explains the data, the reason why it will be invalidated and how this condition/situation will be avoided in the future.
-Even if test results are legitimately invalidated on the basis of a scientifically soundinvestigation, the full CGMP batch record provided to the quality unit would include the original (invalidated) data, along with the investigation report that justifies invalidating the result. This means that no data should “disappear” from the records. This bullet is even more important because if we extrapolated this information to other areas and Quality Systems, we can conclude this applies to all type of data in the facility. So, if for example, we apply this thought to a validation/qualification protocol that has been aborted due to different situations during the execution, we can conclude that it should be maintained as part of the history of the validation process of the system.
-The requirements for record retention and review do not differ depending on the data format; paper-based and electronic data record-keeping systems are subject to the same requirements.
Question #3: Does each workflow on a computer system need to be validated?
The answer from the FDA establishes that:
-Yes, Yes & absolutely Yes.
-The extension of the validation studies should be corresponding with the risk presented by the automated system. On those system where cGMP and non-cGMP activities occurred, the non-cGMP portions that might affect the cGMP ones should be assessed and mitigated appropriately. In other words, we need to apply proper Risk Assessmentpractices to firstly determine what is the risk the system presents to the Quality of the product, to the safety of the patients and to the Data Integrity and secondly, to determine how the Non-cGMP portion might affect the cGMP portion.
-If you validate the computer system but you do not validate it for its intended use, you cannot know if your workflow runs correctly. Therefore, we need to emphasize in validating the systems to demonstrate that they can consistently do what they are supposed to do in the areas where the system will be located and used and under the conditions that the system will be normally working.
-FDA recommends to implement appropriate controls to manage the risks associated with each element of the system. Controls that are appropriately designed to validate a system for its intended use address software, hardware, personnel, and documentation. We can never forget that a Computer System as defined by the guideline, includes all the previously mentioned components including the human factor.
Question #4: How should access to cGMP Systems be restricted?
This is probably one of the most undervalued areas when we talk about Data Integrity. The FDA answer establishes that:
-You must exercise appropriate controls to assure that changes to computerized cGMP records or input of laboratory data into computerized records can be made ONLY by authorized personnel. This includes automated visual inspection records, electronic materials management system records, and automated dispensing system weighing records. The ability to alter specifications, process parameters, data, or manufacturing or testing methods MUST be restricted by technical means, where possible.
-It is important to establish and to implement a method for documenting authorized personnel’s access privileges for each CGMP computer system in use (a list of authorized individuals)
-The system administrator role, including any rights to alter files and settings, should be assigned to personnel independent from those responsible for the record content. Therefore, the system administrator role of a Computer System in the manufacturing area MUST not be performed by any person working in the manufacturing area. In other words, the wolf cannot be responsible of watching the hen house!
Question #5: Why is the FDA concerned with the use of shared login accounts for computer systems?
Again, this is probably one of the most undervalued areas when we talk about Data Integrity. We can still see a huge amount of computer systems where the username and/or passwords are shared because the system does not have different security access levels or because the system does not allow to configure individual usernames and passwords. The FDA answer establishes that:
-When employees share usernames and passwords, a unique individual cannot be identified through the login and the system would not conform to the CGMP requirements in parts 211 and 212. This is a direct violation of the letter “A” in ALCOAsince we cannot attribute an action or the acquisition or entrance of data to one specific person.
-Companies must implement documentation controls that ensure that the actions as described in question 4 are attributable to a specific individual.
-Shared, read-only user accounts that do not allow the user to modify data or settings are acceptable for viewing data, but they do not conform with the part 211 and 212 requirements for actions, such as second person review, to be attributable to a specific individual.
Question #6: How should blank forms be controlled?
Data is probably one of the most important items that can provide companies assurance that product quality is maintained and the patient safety is obtained. Data can provide all the scientific evidence that a product is good to be consumed by humans and or animals (when talking about veterinary products). However, we need to demonstrate that the data is trustful. It is imperative that we avoid trashing forms with data on it since all data MUST be part of the record where it was created. The FDA answer to Question #6 establishes that:
-There must be document controls in place to assure product quality (bound paginated notebooks, stamped for official use by a document control group. This will allow easy detection of unofficial notebooks as well as any gaps in notebook pages). This is extensive to any document that will have data on it (e.g. validation protocols, qualification protocols, investigations and other records as well).
-Blank forms (e.g., electronic worksheets, laboratory notebooks, and MPCRs) should be controlled by the quality unit or by another document control method.
-Numbered sets of blank forms may be issued and should be reconciled upon completion of all issued forms. Incomplete or erroneous forms should be kept as part of the permanent record along with written justification for their replacement. If we make this statement to other areas in the industry, we MUST avoid printing multiple copies of qualification/validation protocols just to keep the one where the best results (data) were obtained.
-All data required to recreate a cGMP activity should be maintained as part of the complete record.
Question #7: Who should review audit trails?
From the perspective of Data Integrity, an audit trail review is similar to evaluating cross-outs in a paper type data record.
-Personnel responsible for record review under CGMP should review the audit trails that capture changes to data associated with the record as they review the rest of the record.
-The regulations provide flexibility to have some activities reviewed by a person directly supervising or checking information.
-FDA recommends a quality system approach to implementing oversight and review of CGMP records.
-Again, the wolf cannot be responsible of watching the hen house!
Question #8: How often should audit trails be reviewed?
This is probably one the most interesting answers included on this guideline. As companies have been implementing 21 CFR Part 11, where having audit trails are mandatory to properly have a cGMP electronic record and signature, the need to have audit trails in sites has increased exponentially. An audit trail is typically the equivalent of a cross-out in a paper record. So, an audit trail will have:
-what change was performed on the electronic record
-who changed the electronic record
-when the change was performed on the electronic record
-why the electronic record was change
With this information in mind, let us see the answer from the FDA to this question.
-If the review frequency for the data is specified in cGMP regulations, adhere to that frequency for the audit trail review. For example, § 211.188(b) requires review after each significant step in manufacture, processing, packing, or holding, and § 211.22 requires data review before batch release. In these cases, you would apply the same review frequency for the audit trail. In other words, if the data produced while manufacturing or packaging a lot is reviewed after the completion of the lot, the respective audit trail should be also reviewed after the completion of the lot.
-If the review frequency for the data is not specified in cGMP regulations, you should determine the review frequency for the audit trail using knowledge of your processes and risk assessment tools. The risk assessment should include evaluation of data criticality, control mechanisms, and impact on product quality.
-Your approach to audit trail review and the frequency with which you conduct it should ensure that cGMP requirements are met, appropriate controls are implemented, and the reliability of the review is proven.