GXP, E-RAW DATA AND E-ARCHIVE QA PERSPECTIVE

Transcription

1 GXP, E-RAW DATA AND E-ARCHIVE QA PERSPECTIVE GIQAR Feedback of GxP & Electronic Archive Round Table (March 21 st 2016) Dott.ssa Ilaria Enrietto RBM SpA Merck Biopharma Parma - May 18th

2 HOW THE PROGRESS TOUCHED OUR TECHNOLOGIES AND ABOVE ALL OUR MINDSET 2 2

3 HOW THE PROGRESS TOUCHED OUR TECHNOLOGIES AND ABOVE ALL OUR MINDSET From theory to practice: our experience in using an HPLC-UV/VIS system Moving from paper-based to electronic data The Ivrea Test Facility paperless project 3 3

4 ELECTRONIC DATA DEFINITIONS MHRA GUIDELINE AGIT GUIDELINES PIC/S GUIDELINE 4 4

5 ELECTRONIC DATA DEFINITIONS OECD GLP Advisory Document n. 15 Establishment and Control of Archives that Operate in Compliance with the Principles of GLP Electronic record: All original laboratory records and documentation, including data directly entered into a computer through an instrument interface, which are the results of original observations and activities in a study and which are necessary for the reconstruction and evaluation of the report of that study. Metadata: Data that describe the attributes of other data. Most commonly these are data that describe the structure, data elements, inter-relationships and other characteristics of electronic records. 5 5

6 ELECTRONIC DATA MANAGEMENT What is new in the GLP OECD Advisory Doc n.17? 6 Life cycle approach to validation/operation of CS Risk Management as central element on validation process Data integrity concept and physical/logical security Fit for purpose intent of usage of CS Differentiation within qualification and validation concepts Defined roles and responsibilities (e.g. TFM, SD, QA) Access privilegies and corresponding training SLA regulating the agreements between suppliers and Test Facilities COTS validation depending on risk and complexity of customisation Change control procedures and configuration control Data migration concept (data conversion upgrades migration to other medium) Interfaces and corresponding tests Accuracy checks on data entered manually into electronic systems Audit trail incident management Periodic review Electronic signatures E-Archiving GLP OECD Advisory Doc. N.15 Business Continuity and Disaster Recovery 6

7 COMPLIANCE FRAMEWORK AGIT GLP GUIDELINES GAMP 5 GLP OECD Advisory Document n.17 CS Annex 11 PIC/S GUIDELINE 21 CFR Part 11 FDA MHRA 7 7

8 2010: HPLC used in the Formulation Department in order to perform test item concentration analysis, formulation stability and homogeneity studies, validation of analytical methods for quantitative and qualitative analyses 2016: the scope is the same as in the past WHAT HAS BEEN CHANGED? We will not underline technologic changes in the system, but we will focus on main changes of its usage and data definition/management 8 8

9 2010: The system we are referring to is an HPLC system with a ChemStation management software which allows data acquisition and basic data evaluations using modules for method and run controls, data analysis module for elaborating acquired data and report layout module. The HPLC system has 2 different accesses for operator (access for performing the analysis) and manager (access for performing, reviewing, elaborating and reporting results) according to the different required privilegies. Raw-data and metadata are all locally and temporally stored in the systems itself. There is NO electronic archive in place, the capability of the internal memory is low. All raw-data considering chromatograms, metadata related to set up/calibration/audit trail, derived data from peack integrations or elaborations performed in excel file sheets are printed and inserted in the paper study folder 9 9

10 2016: The system we are reffering to is OpenLAB CDS ChemStation Edition which provides tools for HPLC data acquisition, analysis and interpretation monitoring instrument parameters, creating the defined methods, generating and printing (if needed) reports and exporting data to the archived system. As in workstation or networked workstation configurations, the instrument configuration dialog runs on the local PC. A central data storage system can hold all kinds of electronic data independent of any proprietary data formats

11 2016:WHAT HAS BEEN CHANGED THANKS TO THE ADVANCED TECHNOLOGIES Raw data are stored together in the OpenLAB Data Store (centralized data management) partition with also all metadata including sample information, data analysis method, chromatographic signals, instrument conditions and above all the audit trail. All ChemStation methods, sequence templates, report templates, and data files (sequences and single runs) are uploaded to the file share partition of the virtual server which is identified as GxP Archive. Data can later downloaded back into the ChemStation if required. With Secure Workstation for OpenLAB CDS ChemStation Edition ChemStation and Data Store are installed together on a single workstation computer. AUDIT TRAIL The transactions that occur during the analysis, including accesses, changes, any errors and the instrument conditions (such as flow, temperature, pressure and solvent composition for liquid chromatographs) from the start to the end of the analysis are always recorded and then extracted with every data file. The file includes a review scheme that indicates if data has been reprocessed. This is an uneditable binary format that ensures the originality of the results

12 2016: LOOKING CAREFULLY AT THE AUDIT TRAIL «Audit Trails need to be availabe and convertible to a human readable form and regularly reviewed. Any change to e-records must not obscure the original entry and be time and date stamped and traceable to the person who made the change. Audit trail for a CS should be enabled, appropriately configured and reflect the roles and responsibilities of study personnel. The ability to make modifications to the audit trail settings should be restricted to authorised personnel. Any personnel involved in a study (GLP SD, head of department, analysts) should not be authorised to change audit trail settings. A system should be in place that ensures a riskbased review of the audit trail functions, its settings and recorded info GLP QA personnel should be involved». 12 OECD GLP Advisory Document Application of the GLP Principles to Computerised Systems n.17 12

13 ACCESSES AND PRIVILEGIES IN THE WORKSTATION Auto log-ff and 3 tentatives max UNIQUE COMBINATION BETWEEN USERNAME AND PASSWORD FOR EACH EMPLOYEE Expiry timeframe Administrator Defined rules for psw complexity Supervisor Analyst 13 13

14 DISASTER RECOVERY PLAN AND BUSINESS CONTINUITY PLAN All data (primary data derived data metadata audit trail in the original form and in PDF) which have been automatically saved after every step on the Workstation itself, are backupped automatically everyday on a dedicated partition of the GxP file share automatically, used as backup folder. The file shares are controlled accesses partitions where ONLY authorized personnel can have defined permissions (read or write permission). All permissions list can be checked immediatly by the applications or on the server logbooks. If necessary, data can be retrieved by the backup folder

15 DATA MANAGEMENT Using a dedicated copy script, after every acquisition the result set containing all data (primary data, derived data, metadata, audit trail in the original form and in PDF) is automatically saved on the server (GxP file share Archive) in the dedicated Data Management folder. Each folder is identified as «Name of the server / Data / Instrument ID / QUALITY STANDARD / Study Number». All elaborations (integration, quantification, review, recalculation, elaborations performed on validated Excel files) are also trackable and saved on the server. «Raw data: Measurable or descriptive attribute of a physical entity, process or event. The GLP Principles define raw-data as all laboratory records and documentation, including data directly entered into a computer through an GLP OECD Advisory automatic instrument interface, which are the results of primary Doc. Application of observations and activities in a study and which are necessary for the GLP Principles to CS reconstruct and evaluation of the report of that study. n.17 Derived data: They depend on raw-data and can be reconstructed from rawdata (e.g., final concentrations as calculated by a spreadsheet relying on 15 raw-data, result tables as summarised by a LIMS, etc). 15

16 DATA APPROVAL AND QA AUDIT Final draft data (primary data derived data metadata audit trail in the original form and in PDF) after having been consolidated and approved on Chemstation by the Administrator, are completely «frozen» in the system and then they are manually saved by e-archivist on a dedicated subfolder on the server partition for QA audit related to the draft study report and corresponding data. AUDIT TRAIL INFO WHO WHEN WHAT WHY QA 16 16

17 DATA ARCHIVING After QA audit and study report signature, the Study Director is responsible of granting the archive of the study considering either paper and electronic data. Both processes are managed in parallel by the Archivist and e-archivist. Final data (primary data derived data metadata audit trail in the original form and in PDF) are archived by e-archivist on a dedicated folder on the server partition which is identified according to the following folder path: «Name of the server ARCHIVE Instrument ID QUALITY STANDARD Study Number» E- ARCHIVIST is the only one with writing access to the folder, just for the time of trasferring the data in the archived folder. When the study has been electronically archived, the e-archivist signs a dedicated paper Archive History report that has to be sent to Study Director for confirmation and then sent to the GxP paper-archive for tracking all types of documents/data/specimens archived for that study. Every change on the archived folder is detectable by the internal audit trail of the folder itself, where all entries/changes are recorded. All other approved accesses can only have «read» permission. The study can be de-archived ONLY if the requests comes from TFM (e.g. For HA Inspectors requests) and only having recorded TFM de-archiviation approval on a dedicated form sent via mail

18 REQUIREMENTS FOR THE ARCHIVING OF ELECTRONIC RAW DATA INTEGRITY OF ARCHIVED ELECTRONIC RAW DATA AVAILABILITY OF ELECTRONIC RAW DATA LONG TERM ARCHIVING 18 18

19 REQUIREMENTS FOR THE ARCHIVING OF ELECTRONIC RAW DATA THE ROLE OF THE QA IN THE ARCHIVING PROCESS Audit to archiving procedure Electronic archives and IT Infrastructure QA audits all aspect of archiving Roles and responsibilities and relative personnel access Study archiving process and archived studies 19 19

20 REQUIREMENTS FOR THE ARCHIVING OF ELECTRONIC RAW DATA THE ROLE OF THE QA IN THE ARCHIVING PROCESS TRAINING Specific technical training in order to let the auditor understand CS functionalities and data management ACCESS QA with read access to all systems cointaining electronic raw data UPDATES Be always «future oriented» in order to follow innovations 20 20

21 BACKUP AND RESTORE OF THE SERVERS Server backups are managed according to local SOP everyday and automatically. QUALIFIED INFRASTRUCTURE composed either by physical servers and virtual servers. The virtualization platform is composed by a NETAPP storage system composed by 2 physical units. The first NETAPP which includes virtual servers (containing also GxP File Server defined as GxP electronic Archive) is backuped LOCALLY (SNAPVAULT) on the second NETAPP and, for Site specific disaster recovery plan and in agreement with Global Corporate Policies, the second NETAPP is replicated (SNAPMIRROR for files) to the Datacenter of the Main HUB of our Company. Accesses to the Backup systems are only ALLOWED to IT local personnel. Data restore (e.g. for local data deletion) can be asked to local IT only following a procedurized process which grant the traceability of each step, also for the restore one. Server restore test have been performed in the OQ phase of the validation process and repeated and tested during periodic review

22 QUALIFIED INFRASTRUCTURE DESIGN The RBM Infrastructure is composed by: Network (VLAN, racks and switches, routers, firewalls, Wi-Fi access points) Servers (physical and virtual) Clients (Merck Biopharma standard clients and nonstandard clients) Printers Server Room with Anti-fire system, environmental conditioning control system, access control system and intrusion prevention system with alarms IT Infrastructure software tools (e.g. Jenny Portal, LANDesk Management Suite, Push-Portal, Spectrum OneClick for Infrastructure) 22 22

23 THE PROCESS WE ARE WORKING ON, SHOULD GRANT: 23 23

24 DATA INTEGRITY CONCEPT Data Integrity means the degree to which a collection of DATA is complete, consistent and accurate: Good Documentation Practices are followed; Content of Data is trustworthy and reliable (data is valid)

25 DATA INTEGRITY CONCEPT MHRA: All phases in the life of data from initial generation and recording through processing (including transformation or migration), use, data retention, archive / retrieval and destruction (MHRA GMP Data Integrity Definitions and Guidance for Industry; March 2015) Are data (paper and electronic) created/documented following Good Documentation Practice? Are there processes/systems in place to ensure data integrity across the entire Data Life Cycle? Is there Quality Management & Governance in place to promote Data Integrity? 25 25

26 HOW TO ASSURE DATA INTEGRITY Key questions to consider when defining risk mitigation strategies (BUSINESS questions): Do I have all my data? Am I reviewing all my data? Has my data been objectively processed? Am I reporting all my data? 26 26

27 THE WORK OF QA IN DATA INTEGRITY PERSPECTIVE Do we include data integrity aspects in our audits? Do we review the right data (and metadata) when preparing for / performing audits? Are our auditors adequately trained on the electronic systems to allow an effective review of original data? Do we assess quality management systems of vendors for data integrity aspects when performing vendor audits? Are data integrity risks reflected in our risk assessment tools? Do we include data integrity aspects when preparing for inspections? Do we prepare auditees for the methodologies used in data integrity inspections? 27 27

28 WHAT IS NEXT? PAPERLESS PROJECT! 1) ELECTRONIC NOTEBOOK (ELN) Used in non-regulated environment. Project on going for extending ELN usage in GLP AIM for the ELECTRONIC NOTEBOOK Supportive documents to study management (study folders) will no more exist in paper but will be managed electronically by a centralized database where all supportive info will be documented/scanned. As soon as validation will be completely GxP compliant, ELN project will be extended to GLP environment dedicated implementation plan will be presented to HA 28 28

29 WHAT IS NEXT? PAPERLESS PROJECT! 2) DATA INTEGRITY ASSESSMENT All Computerised systems will be assessed by selected external SME. A dedicated gap analysis will be performed in order to identify main areas of improvements A dedicated checklist will be compiled with all info of each CS. The project started in GMP enviroment and on June it will be extended to GLP and GCP Functions A specific Data Integrity training will be performed by external SME for Test Facility personnel 29 29

30 FEEDBACK FROM ROUND TABLE IN ROME: DEEP DISCUSSIONS GREAT BRAINSTORMING SESSIONS 30 30

31 THANKS FOR YOUR ATTENTION! 31 31