FDA Guidance

Dissecting the FDA Guideline for Data Integrity – Article #1

Republished with permission from Roque A. Redondo


Dissecting the FDA Guideline for Data Integrity – Article #1


Author: Roque A. Redondo

VP Automation and Business Development USA Operations – mirus Consulting Group


In this article, I will try to dissect the latest FDA Guideline related to Data Integrity, titled “Data Integrity and Compliance with Drug cGMP Questions and Answers Guidance for Industry” which was published in December 2018. This first article will cover the Introduction and Background sections of the guideline. During the next few weeks, I will publish 3-4 additional articles to fully discuss the questions in the guideline.

Data is everywhere and it comes in different forms.....

I will like to provide a very short information about myself before starting discussing the guideline. So far, I have been working in the FDA-regulated industry during close to 30 years. I have supported and participated in remediation projects related to FD483, Warning Letters and Consent Decrees. As part of my professional experience, I have had the opportunity to work with many amazing professionals who are considered experts in topics like Validation, Automation, CSV, Compliance and so on. I have been responsible for implementing CSV practices in different companies as well as implementing 21 CFR Part 11 practices. Additionally, I have managed couple of Consulting Firms related to both Automation and Validation. My career has been mainly related to those two areas (Automation & Validation) which have allowed me to work in all type of projects (small, medium or large) in over 300 different projects and initiatives.


Those incredible experiences have allowed me to learn and implement most of the regulations related to those areas. My professional career has also permitted me to work in both sides of the fences, inside the industry as an employee as well as a consultant. Additionally, I have been able to work in USA, South America, Europe, Dominican Republic and Puerto Rico. Therefore, I understand that I have been exposed to so many and enrichment experiences allowing me to have a nice understanding of CSV, Compliance and Data Integrity as well as other topics without losing sight that every day you are exposed to new experiences and opportunities that help your knowledge continue to grow and expand.


For those who have been working in the FDA-regulated industry during the time I have been so far, we can clearly establish that many of the specific items included in this guideline are not really new ones. This guideline is an evolution of many of the CSV basis and practices in the industry. It additionally demonstrates that the importance the industry has been given to CSV practices are correct and adequate. It really shows that the emphasis placed in implementing a Life Cycle Approach for all systems is a need and is crucial to comply with Data Integrity. During my early years in this career, I remember putting a lot of efforts to demonstrate that the security of the automated systems was in place and it was unbreakable; we tested the alarms, we tested the reports, we tested how data was acquired and how it was transferred, everything to always assure that the data obtained from the systems were safe and reliable. However, Data Integrity is not only a topic to remember when we are working with automated systems but it is something that we need to have in mind when we also work with data coming from paper, from printed reports, from handwritten batch records and so on. Therefore, this guideline also applies to those systems.


We can have data coming from different companies and in different formats

Let’s start talking about the guideline. As part of the Introduction, the FDA establishes that this guideline applies to sections 210, 211 and 212 of the 21 Code of Federal Regulations (21 CFR). The most important items presented in the introduction are:


•      Clarify the role of data integrity in cGMP environment


•      FDA expects that all data will be reliable & accurate.


•      Firms should establish their data integrity strategies based on their knowledge of the processes, management of technologies and business models.


•      Meaningful and effective strategies should consider the design, operation, and monitoring of systems and controls based on risk to patient, process, and product.


•      Management’s involvement in and influence on these strategies is essential in preventing and correcting conditions that can lead to data integrity problems.


•      It is the role of management with executive responsibility to create a quality culture where employees understand that data integrity is an organizational core value and employees are encouraged to identify and promptly report data integrity issues.


•      In the absence of management support of a quality culture, quality systems can break down and lead to cGMP noncompliance.


Are we considering the human factor in our Data Integrity Programs?

After the Introduction, the FDA presents a Background Section to establish the need to develop this guideline. After evaluating the latest findings cited in different FD483, Warning Letters and other documents, they feel concerned about the increase in Data Integrity Violations which jeopardize safety, identity, strength, quality, and purity, of the products as well as FDA’s ability to protect the public health. They identify the following requirements for Data Integrity included in Part 211 & 212.


•      backup data are exact and complete and secure from alteration, inadvertent erasures, or loss and that output from the computer can be checked for accuracy


•      data be “stored to prevent deterioration or loss”


•      certain activities be “documented at the time of performance” and that laboratory controls be “scientifically sound”


•      records be retained as “original records,” or “true copies,” or other “accurate reproductions of the original records”


•      requiring “complete information,” “complete data derived from all tests,” “complete record of all data,” and “complete records of all tests performed”


•      requiring that production and control records be “reviewed” and that laboratory records be “reviewed for accuracy, completeness, and compliance with established standards”


•      (requiring that records be “checked,” “verified,” or “reviewed”


In addition, this Background Sections is used to set the basis of the guideline discussion establishing the following important questions:


•      Are controls in place to ensure that data is complete?


•      Are activities documented at the time of performance?


•      Are activities attributable to a specific individual?


•      Can only authorized individuals make changes to records?


•      Is there a record of changes to data?


•      Are records reviewed for accuracy, completeness, and compliance with established standards?


•      Are data maintained securely from data creation through disposition after the record’s retention period?


All these questions related to data in the FDA-Regulated Industry also apply to paper. Therefore, the intention of the FDA is to include all type of data as part of the interpretation of the guideline. So, any Data Integrity Program needs to address the management of data that is printed or in handwritten format as well. Finally, we need to understand that creating a Data Integrity environment is not only achieved by developing and approving marvelous Standard Operating Procedures (SOP’s) but mainly by creating a culture of compliance around Data Integrity. Therefore, the human factor MUST always be part of the Data Integrity Equation.


Data Integrity Compliance Equation:

Data Integrity Compliance = Human Factor + SOP’s + Technology Solutions

My next article will start discussing the specific questions included in the guideline.

Disclosure Note: The use of logos is merely to represent all sources of data in a company site.