18 Jun Dissecting the FDA Guideline for Data Integrity – Article #2
Republished with permission from Roque A. Redondo
Dissecting the FDA Guideline for Data Integrity – Article #2
Author: Roque A. Redondo
VP Automation and Business Development USA Operations – mirus Consulting Group
In this article, I will continue with the discussion of the latest FDA Guideline related to Data Integrity, titled “Data Integrity and Compliance with Drug cGMP Questions and Answers Guidance for Industry” which was published in December 2018. This first article covered the Introduction and Background sections of the guideline. In this article #2, I will discuss question 1.
Question #1 Please clarify the following terms as they relate to cGMP records.
The first term that the guideline defines is Data Integrity (DI). DI refers to the completeness, consistency and accuracy of the data. It also establishes that to have data which is complete, consistent and accurate, it has to be attributable, legible, contemporaneously recorded, original of a true copy and accurate. These characteristics create the acronym ALCOA. As time has passed and this definition has evolved, the acronym was modified as ALCOA+ to include that the data has to be complete, consistent, enduring and available.These traits are applicable to both paper or electronic records. The next figure can provide a comparison between types of records.
These traits are applicable to both paper or electronic records. The next figure can provide a comparison between types of records.
The second term that the guideline defines is metadata. The guideline defines metadata as the contextual information required to understand the data. A short description will be that metadata is the data about the data. Therefore, metadata is the information that makes data having a meaning. If the metadata does not exist, the data would not be meaningful. A very short example will be the number “500”. This number without the metadata just means that: a number. Once the metadata is added, it can be 500 kilograms, 500 tablets, 500 vials, etc.
The importance of the metadata is that it has to be retained during the same retention period as the data it describes. The relationship between data and their respective metadata must be preserved in a secure and traceable manner.
The third term defined by the guideline is the audit trail. The guideline defines audit trailas a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. Therefore, an audit trail is more than what the change is, who did the change, when the change was done and why the change was done. It needs to provide all the necessary information to rebuild the original electronic record. As an example, the audit trail of a HPLC must have the user name, date/time of the run, the integration parameters used and the details of a reprocessing is any. As conclusion, the audit trail needs to provide all the information so the history of the electronic record can be traced and reconstructed.
The guideline talks about two types of audit trails. The first one tracks the creation, modification or deletion of data (processing parameters and results). The second type of audit trail is the one that tracks actions at the record or system (attempts to access the system or rename or delete a file). Let us see an example of audit trails.
The next terms that the guidelines define are Static and Dynamic as they relate to record formats. A static data is the one which is fixed and cannot be modified by normal means. Examples of static data are a paper record or an electronic image. The dynamic data is used when the system allows interaction between the user and the record content. Any system that allows users to reprocess runs are producers of dynamic data. A Validation Protocol can be considered dynamic data record while it is being executed since the user of the protocol can modify the record as he/she is entering results of all the testing. Once the protocol is executed and cannot be modified it becomes static data.
The next term defined by the guideline is Backup. A backup is a true copy of the original record that is maintained securely throughout the record retention period. It is extremely important to understand that the data in a backup file or record MUST be exact, complete, and secure from alteration or inadvertent erasures or losses. In addition, the data in the backup record MUST have the data itself as well as the metadata in its original format or in a format compatible with the original format. Companies MUST have designated secured places to keep the backup files so they will be available when needed to be evaluated. We need to provide the correct conditions so the backup files are not affected by conditions like dust, temperature, humidity, etc.
The last term explained in the guideline is the concept of what are the systems which compose a Computer or Related System. A system is defined as the people, the machines and the methods organized to accomplish a set of specific functions. So, basically it includes everything that is needed to properly manufacture the product(s). Then, Computer or Related Systems will be or will include:
- Computer Hardware
- Peripheral Devices
- Networks and their components
- Cloud Infrastructure
- People using all the systems
- Associated Documents (SOPs, User Manuals, Drawings, Batch Records, etc.)