{ DOWNLOAD AS PDF }
ABOUT AUHTORS
Suleman S. khoja * 1, Sohil S khoja 1,Parthkumar H chauhan 2,Farhad S Khoja 3 ,Shamim S Khoja3.
1) Resource person in Pharmaceutical Quality Assurance, Audit and Compliance, Vapi -396191.
2) Resource person in Quality Assurance, Navsari
3) Registered Pharmacist ,Gujarat State Pharmacy council, Vapi -396191
*premukhoja@gmail.com
ABSTRACT:
Data integrity is fundamental in a pharmaceutical quality system which ensures the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA), Arrangements shall be in place within an organisation with respect to people, systems and facilities that shall be designed, operated and where appropriate adapted to support a working environment and organisational culture that ensures data is complete consistent and accurate in all its forms, i.e. paper and electronic record .When taken collectively these arrangements fulfil the concept of data governance. Regulatory bodies expect that data shall be reliable and accurate. CGMP regulations and guidance allow for flexible and risk-based strategies to detect and prevent data integrity issues. Industry should implement meaningful and effective strategies to manage their data integrity risks based upon their process understanding and knowledge management of technologies and best business models. In recent year Regulatory observation has increasingly observed GMP violations involving data integrity risks during CGMP inspections. This is troublesome because ensuring data integrity is an important component of industry’s responsibility to ensure the safety, efficacy, and quality of drugs, Regulatory is concern with ability to protect the public health.
REFERENCE ID: PHARMATUTOR-ART-2493
PharmaTutor (Print-ISSN: 2394 - 6679; e-ISSN: 2347 - 7881) Volume 5, Issue 5 Received On: 13/02/2017; Accepted On: 21/02/2017; Published On: 01/05/2017 How to cite this article: Khoja SS, Khoja S, Chauhan PH, Khoja FS, Khoja S;A Review on Creation and handling of data in accordance with cGMP requirements in Pharmaceuticals; PharmaTutor; 2017; 5(5);64-69 |
INTRODUCTION:
Data integrity is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality, Arrangements shall be place within an organisation with respect to people, systems and facilities that shall be designed, operated and where appropriate adapted to support a working environment and organisational culture that ensures data is complete consistent and accurate in all its forms, i.e. paper and electronic record .When taken collectively these arrangements fulfil the concept of data governance. Organisations are not expected to implement a forensic approach to data checking on a routine basis, but instead design and operate a fully documented system that provides an acceptable state of control based on the data integrity risk with supporting rationale. It should be noted that data integrity requirements apply equally to manual (paper) and electronic data. Organisations should be aware that reverting from automated / computerized to manual / paper- based systems will not in itself remove the need for appropriate data integrity controls. Where data integrity weaknesses are identified, either as a result of audit or regulatory inspection, companies with multiple sites should ensure that appropriate corrective and preventive actions are implemented at all sites.
Definition:
Data: Information derived or obtained from raw data (e.g. a reported analytical result)
Data should be:
A - Attributable to the person generating the data
L – Legible and permanent
C – Contemporaneous
O – Original record (or true copy)
A - Accurate
Metadata: Metadata is data that describe the attributes of other data, and provide context and meaning. Typically, these are data that describe the structure, data elements, interrelationships and other characteristics of data. It also permits data to be attributable to an individual.
Example: data (bold text) 5.5 and metadata, giving context and meaning, (italic text) are: sodium chloride batch 1234, 5.5mg. J Smith 01/07/14 Metadata forms an integral part of the original record. Without metadata, the data has no meaning.
Data Integrity (FDA): Means to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA).
Data Integrity (MHRA): The extent to which all data are complete, consistent and accurate throughout the data lifecycle, Data integrity arrangements must ensure that the accuracy, completeness, content and meaning of data is retained throughout the data lifecycle.
Audit trails:
Means a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. An audit trail is a chronology of the “who, what, when, and why” of a record. (As Per FDA)
For example, the audit trail for a high performance liquid chromatography (HPLC) run could include the user name, date/time of the run, the integration parameters used, and details of a reprocessing, if any, including change justification for the reprocessing.
Means audit trails (GMP) are metadata that are a record of GMP critical information (for example the change or deletion of GMP relevant data), which permit the reconstruction of GMP activities (As per MHRA)
Format:
Static Format: static is used to indicate a fixed-data document such as a paper record or an electronic image.
Dynamic Format: dynamic means that the record format allows interaction between the user and the record content.
Data Retention :Raw data (or a true copy thereof) generated in paper format may be retained for example by scanning, provided that there is a process in place to ensure that the copy is verified to ensure its completeness may be classified as archive or backup.
Archive: Long term, permanent retention of completed data and relevant metadata in its final form for the purposes of reconstruction of the process or activity.Archive records should be locked such that they cannot be altered or deleted without detection and audit trail.
Backup: A copy of current (editable) data, metadata and system configuration settings (variable settings which relate to an analytical run) maintained for the purpose of disaster recovery. Backup and recovery processes must be validated.
Flat Files: A 'flat file' is an individual record which may not carry with it all relevant metadata (e.g. pdf, dat, doc ).Flat files may carry basic metadata relating to file creation and date of last amendment, but may not audit trail the type and sequence of amendments. When creating flat file reports from electronic data, the metadata and audit trails relating to the generation of the raw data may be lost, unless these are retained as a ‘true copy’. There is an inherently greater data integrity risk with flat files (e.g. when compared to data contained within a relational database), in that these are easier to manipulate and delete as a single file.
“Systems” in “computer or related systems:
The American National Standards Institute (ANSI) defines systems as people, machines, and methods organized to accomplish a set of specific functions. Computer or related systems can refer to computer hardware, software, peripheral devices, networks, cloud infrastructure, operators, and associated documents (e.g., user manuals and standard operating procedures).
Establishing data criticality and inherent integrity risk:
The degree of effort and resource applied to the organisational and technical control of data lifecycle elements should be commensurate with its criticality in terms of impact to quality attributes. Data may be generated by
(i) Manual means - a paper-based record of a manual observation. - Manually recorded data requires stringent oversight; consideration should be given to risk- reducing supervisory measures. Examples include contemporaneous second person verification of data entry, or cross checks of related information sources (e.g. equipment log books).
(ii) Electronic means - in terms of equipment, a spectrum of simple machines through to complex highly configurable computerised systems.
Different data has varying importance to quality, safety and efficacy decisions. Data criticality may be determined by considering the type of decision influenced by the data. Data risk reflects its vulnerability to unauthorised deletion or amendment, and the opportunity for detection during routine review. Data risk is typically increased by complex, inconsistent processes, with open ended and subjective outcomes compared to simple tasks that are consistent, well defined and objective in terms of data integrity if the validated system is considered in isolation of the relevant business process (trial subject data entry, analytical sample preparation). Where there is human intervention, particularly influencing how or what data is recorded or reported, there may be increased risk from poor organisational controls or data verification due to overreliance on the system’s validated state. Companies should balance data risk with other quality and compliance.
Designing systems to assure data quality and integrity throughout Data Life cycle:
Systems and processes should be designed in a way that encourages compliance with the principles of data integrity. Consideration should be given to ease of access, usability and location while ensuring appropriate control of the activity guided by the criticality of the data.
NOW YOU CAN ALSO PUBLISH YOUR ARTICLE ONLINE.
SUBMIT YOUR ARTICLE/PROJECT AT editor-in-chief@pharmatutor.org
Subscribe to Pharmatutor Alerts by Email
FIND OUT MORE ARTICLES AT OUR DATABASE
Sr. No |
Activities |
Compliance can be done by |
---|---|---|
1 |
Access to appropriately controlled / synchronised clocks for recording timed events. |
Calibration and checking of Clock.
|
2 |
Accessibility of records at locations where activities take place so that ad hoc data recording and later transcription to official records is not necessary |
Hard copy shall be available /Easily Available |
3 |
‘Free access’ to blank paper format for raw/source data recording should be controlled where this is appropriate. Reconciliation may be necessary to prevent recreation of a record. |
Can be controlled by Quality Assurance check point Issuance and Hard bound log books.
|
4 |
User access rights that prevent (or audit trail) unauthorised data amendments. |
Can be Controlled by Role wise Privileges assigned and system full Audit trailed. |
5 |
Automated data capture or printers attached to equipment such as balances.
|
Individual Printer System shall be attached at each system. |
6 |
Control of physical parameters (time, space, equipment that permit performance of tasks and recording of data as required |
A programmable logic controller ( PLC based Equipment.) |
7 |
Access to raw data for staff performing data checking activities. |
Can be done by Process flow include Supervisor /Reviewer /Data Management Team. |
8 |
Man power assigned based on knowledge of activity to be performed. |
Employing Skilled staff. |
9 |
Escalation of issues to Senior Management |
Adequate Training for Taking issues to Priority where Quality /Safety of product involved. |
10 |
Training Staff |
-Where necessary local language Standard operating procedure must be prepared for training staff. -Audio visual training must be imparted where necessary to certain points |
11 |
Current guidelines and aspects of cGMP /GxP |
Must Update Process/Procedure in Organization |
12 |
Operator silence during Audit |
To provide adequate skill and knowledge to operator to be able to speak or make understand the auditor /Inspector/Investigator What he does and with which reference SOP he Perform work .This will build confidence to Auditor that your training is Effective and Implementation on Regular Routine Work |
General Aspects.
1. Design a Policy that inherent Quality First rather than Production.
2. To develop a system which keep higher management informed about Activity, Process ,Progress ,Deviation , and other major issues which required attention for quality parameter and issues related to it can be solved with Scientific Justification with help of Consultant ,expert.
3. When an unplanned event take place , than proceed that with Relevant Standard documented procedure not based on forensic approach ,Example change Control ,Deviation , Incident ,Risk Assessment ,FDA Points /Observation/Suggestion.
4.Quality Review Meeting (QRM) Purpose bimonthly with senior management, Quality person, Regulatory affairs department, subject matter Experts and other relevant staff.
5. As a part of Voluntary Quality Metrics submission Senior Management shall encourage senior Staff, Expert to Supervise and Monitor process, procedure with SOPs/step as per Designed and to make Risk based Gap Analysis if any required.
6.Skilled based Knowledge to Analyst for product Related issues and Outmost care while performing analysis.
7. Sampling plan should be designed such that appropriate sample are taken for control sample, stability sample and other parameter testing (Suggested take more justified sample so it can help in investigation.)
Data Integrity Issues Cited in Most Warning Letter and GMP inspection by Regulatory.
1) Shared Password
2) Distribution of Uncontrolled Paper/Format
3) Blank Format in Quality Control laboratory
4) Post Activity filling or maintaining record after manipulation.
5) Re-sampling without proper justification.
6) When observed Out of Specification /Out of Trends /Out of Calibration /Event closure of it without scientific justification.
7) Conclusion citing Cause unidentified.
8) Mostly observed Human Error in closure of Event, Which create firm lacks trained staff and can cause Data Integrity issues
9) System was not validated but was used in GMP relevant data which was used for release of batches /product.
10) GMP Document destruction at time of Audit/Inspection without proper justification for reason of destruction.
11) Release without testing and COA states PASS Result.
12) Copy pasting Vendor Data without any test by assumption.
13) Manipulation of reported market complains and reverting Customer/pharmacist/Patient with some excuse or immediate answer without Investigation at Manufacturing Site for complain.
14) Diverting /Stopping Auditor from inspection of GMP area is concern of Data Integrity
15) Intentional change in integration parameter to show passable result without procedure, Unauthorised Manual Integration.
16) Back dated signature in record /approval/extension/proposed changes /or GMP document, where employee was not present physically on dated date by signed the document on very next date of joining.
17) Changes in record stored in Quality control lab.
18) Analyst intentionally abort sample run
19) Separate folder for original data and manipulated date was observe in Industry on System,
20) Stability testing not done but previous station data outsourced sample.
Brief on Audit Trails: Means a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. An audit trail is a chronology of the “who, what, when, and why” of a record. (As Per FDA)
The requirement of the audit trails in pharmaceutical instruments according to the 21 CFR part 11 and Regulatory Authority.
The purpose of an audit trail is to make the electronic data secure and traceable. Audit trail is a regulatory requirement in pharmaceutical manufacturing. Audit trail shows in record the name of persons who assessed the computer system with the date ,time and task Performed. It also helps to recover the lost data.
Audit trail assures the record integrity and security. It is a regulatory requirement and it should be started in all the instruments and equipments those record the real time data.
FDA has issued many warning letters relating to audit trails. The requirements of the audit trail impacts computer controlled systems in pharmaceutical manufacturing. All analytical equipments like HPLC, UV Spectrophotometer, IR Spectrophotometer, Gas Chromatography etc should be audit trailed.
When any computerized systems do not have audit trail should be controlled through standard operating procedures (SOPs) SOP should ensure the authorized access to the computerized system but system should audit trailed enable till End of 2017.
Audit trail data should be secured and should not have the option of edit or delete. In audit trail record following information should be recorded.
1. Date and time
2. Name of person making change
3. Original and changed value
4. Reason for change made
5. Invalid attempts to log on the system should also be recorded in audit trail.
These records should be shown during the review of system
Regulatory may subject your firm:
FDA Issue Warning letter, Import alert, detained product at custom, Revoke GMP certificate and Legal prosecution
FDA suggest in warning letter for remedial action:
Regulatory bodies Encourages demonstrating that your firm effectively remedied problem by hiring third party auditor, determining the scope of the problem, implementing a corrective action plan and removing at all individuals responsible for problem form cGMP positions
FDA may Conduct an inspection to decide whether GMP violation involving data integrity issues are remedied or not.
CONCLUSION:
Regulatory observation has increasingly observed GMP violations involving data integrity risks during CGMP inspections article help the Pharmaceutical firm ,Higher Management to get involve in process that all data are complete, consistent and accurate throughout the data lifecycle, Data integrity arrangements must ensure that the accuracy, completeness, content and meaning of data is retained throughout the data lifecycle. System shall be validated before use and upgrade system in compliance to quality data attributes.
REFERENCES:
1)https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/412735/Data_integrity_definitions_and_guidance_v2.pdf
2)https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/538871/MHRA_GxP_data_integrity_consultation.pdf
3)http://www.pharmaguideline.com/2014/06/audit-trial-requirements-in-pharmaceuticals.html?m=1
4)http://www.csv-qa.com/articles/electronic-records/audit-trail-1
5)http://pharmaceuticalvalidation.blogspot.in/2007/08/validation-of-plc-software-automation.html
6)http://www.fda.gov/downloads/drugs/guidancecomplianceregulatoryinformation/guidances/ucm495891.pdf
7)http://www.fda.gov/downloads/AboutFDA/CentersOffices/OfficeofMedicalProductsandTobacco/CDER/UCM518522.pdf
8)http://ungerconsulting.net/wp-content/uploads/2016/01/WL-TOTAL-SUMMARY-ANALYSIS.pdf
NOW YOU CAN ALSO PUBLISH YOUR ARTICLE ONLINE.
SUBMIT YOUR ARTICLE/PROJECT AT editor-in-chief@pharmatutor.org
Subscribe to Pharmatutor Alerts by Email
FIND OUT MORE ARTICLES AT OUR DATABASE