Data Integrity. Developments, updates, and deficiencies. Paul Moody, GMP Inspector. GMP Conference. 7 February 2017 Dublin

Transcription

1 Data Integrity Developments, updates, and deficiencies Paul Moody, GMP Inspector GMP Conference 7 February 2017 Dublin

2 Agenda Data Integrity Regulatory Guidance Data Governance: What is it? The Data Lifecycle: Looking for Gaps Data Integrity: Electronic Systems Data Integrity: Paper Systems Data Integrity: Outsourced Activities Responding to a Data Integrity Failure 07/02/2017 2

3 Data Integrity Guidance: At the GMP Conference 2014 Defined data integrity and provided some considerations for the laboratory and production environment along with some deficiencies from the field Focus was primarily computerised systems and electronic records No real regulatory guidance published at the time 07/02/2017 3

4 What has happened since 2014? 2015 MHRA GMP Definitions and Guidance for Industry 2016 FDA Data Integrity and Compliance With CGMP Guidance for Industry (Draft) (2016) 2016 WHO Technical Report Series 996, Annex 5: Guidance on good data and record management practices Aug 2016 EMA GMP Q&A on Data Integrity Aug 2016 PIC/S PI Draft 2: Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments 07/02/2017 4

5 PIC/S PI Draft 2: Good Practices for Data Management Pharmaceutical Inspection Co-Operation Scheme The international development, implementation and maintenance of harmonised GMP standards and quality systems of inspectorates in the field of medicinal products Provides guidance for inspectorates in the interpretation of GMP/GDP requirements in relation to data integrity and the conduct of inspections HPRA are trialling the draft document in the field Link to the guide is provided at the back of the presentation 07/02/2017 5

6 What does Data Integrity mean? The maintenance, and the assurance of the accuracy and consistency of, data over its entire lifecycle The degree to which data are complete, consistent, accurate, trustworthy and reliable and that these characteristics of the data are maintained throughout the data lifecycle.such that they are attributable, legible, contemporaneously recorded, original or a true copy and accurate (ALCOA). The completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA). The extent to which all data are complete, consistent and accurate, throughout the data lifecycle 07/02/2017 6

7 Data Integrity Principles: ALCOA Attribute Attributable Legible Contemporaneous Original Accurate Requirement Identify who performed the task Must be readable by eye or electronically and retained in a permanent format Record of actions or decisions at the time they take place Data in the same format it was originally generated or verified copy which retains content and meaning. Data is true/reflective of the activity or measurement performed Can apply to both paper and electronic data/records 07/02/2017 7

8 PIC/S Data Integrity Principles: ALCOA+ Attribute Attributable Legible Contemporaneous Original Accurate Complete Consistent Enduring Available Requirement Identify who performed the task Must be readable by eye or electronically and retained in a permanent format Record of actions or decisions as they take place Data in the same format it was originally generated or verified copy which retains content and meaning Data is true/reflective of the activity or measurement performed Information critical to recreating the event Good Documentation Practices including capturing changes made Record exists for the entire period needed Records can be reviewed at any time during period 07/02/2017 8

9 Metadata. Data that gives you information about other data Recording a weight Require 1 kg Weight recorded = 1 Was enough weighed? Units (metadata) Cleaning is required prior to a next batch manufacture Record shows: Cleaning was complete kg by: A. Person Next batch was started on 31 st January 2017 Was the cleaning performed before or after the next batch started? Timestamp required (metadata) 07/02/2017 9

10 Where is Data Integrity in the GMPs? Attributable It is not a new requirement Chapter 4 (and 6) Annex 11 [4.20, c & f], [4.21, c & i], [4.29, e] Legible [4.1], [4.2], [4.7], [4.8], [4.9], [4.10] [2], [12.4], [15] [7.1], [9], [10], [17] Contemporaneous [4.8] [12.4], [14] Original [4.9], [4.27], [Paragraph Record ] [8.2], [9] Accurate [4.1], [6.7] [Paragraph Principles ], [5], [6], [10], [11] 07/02/

11 Data Governance: What is it?

12 Data Governance? Sum of total arrangements which provide assurance of data integrity May be beneficial to provide a summary document which outlines organisations total approach to data governance Should be essential to the Pharmaceutical Quality System QRM approach considering data risk and criticality at each stage of the Data Lifecycle Iterative approach to identification, mitigation, review and communication Ensures controls over data lifecycle commensurate to QRM 07/02/

13 Looking at the Data Governance System Integrated into Pharmaceutical Quality System Address data ownership throughout the data lifecycle Consider the design, operation and monitoring of processes/systems Control over (un)intentional changes to, and deletion of, information 07/02/

14 Data Governance Should Describe And Assess Organisational Procedures and instructions for completion and retention of completed paper data Training of employees and documented authorisation for data generation and approval Regular verification of data Periodic surveillance of the data governance policy Technical Computerised System Control Automation 07/02/

15 Data Governance System Should Demonstrate management commitment Include evidence of communication of expectations to all personnel Empowerment to report failures and opportunities for improvement Demonstrate an understanding of data criticality, risk and the data lifecycle Undergo regular review 07/02/

16 Risk Based Approach to Governance Minimise potential risk to data integrity Effort and resource ~ Product Quality Risk Not all data have the same importance to product quality and patient safety Data criticality Data risk Data criticality What decision does the data influence? CQAs for batch certification What is the impact to product quality or safety? API assay > tablet dimension 07/02/

17 Data Risk Should Assess and mitigate the vulnerability to (in)voluntary amendment throughout the data lifecycle Include Business Process Focus not just IT system Process complexity Process consistency (human/automation interfaces) Subjectivity of outcome/result e.g. a number or visual assessment Outcome of comparison between e-system and manual records 07/02/

18 The Data Lifecycle: Looking for Gaps

19 What is the Data Lifecycle? Assess each stage of the lifecycle Generation Processing Reporting Checking Decision making Storage Retiring Discarding Lifecycle includes both electronic and paper based data 07/02/

20 Data Lifecycle Categories May Be Organisational Internal Production - QA QC interfaces External Contract Giver and Acceptor Cloud based applications and storage 07/02/

21 Data Lifecycle Assessments Should Cover Quality System Applications Production Systems and Processes Analytical Systems and Processes Inventory Systems and Processes Data Storage (Archival and Back Up) 07/02/

22 Considerations for Data Lifecycle Review Data Lifecycle crosses both paper and electronic records Computerised Systems Business Process Owner with IT (understand system architecture) Apply critical thinking skills Identifies gaps in data governance Challenges procedural and system controls Segregation of duty between lifecycle stages reduces opportunity for data alteration without detection 07/02/

23 Data Generation and Recording How/where is original data recorded On a display true copy verification? Balance printout? What metadata is associated with the data To ensure completeness and accuracy of data Can the event be reconstructed from the record? Where are the data and metadata located In the batch record or logbook or form or all three Is the data in permanent memory or held in buffer/temp storage at the time of recording? Limited audit trail Data integrity risk Remove/reduce temporary storage 07/02/

24 Data Generation and Recording Is it possible to recreate, amend or delete original data or metadata? Includes ability of IT help desk or DBAs What about users at sister sites? Changes should be procedurally controlled and visible within quality system Can another form be obtained? How is data transferred to other locations or systems for processing or storage Protected from (un)intentional loss/amendment/substitution Paper protected from amendment/substitution Electronic interfaces validated? 07/02/

25 Data Processing to Useable Information How is data processed Approved revision controlled methods? If an analytical method is validated why are the integration controls not locked? How do you control manual integration How is data processing recorded Method should be recorded Where multiple times Each iteration (inc method and result)should be available to checker for verification Does the person processing the data have the ability to influence what data is reported or how it is presented? Does the user choose what is printed, reported or transferred for processing? Can the activity be performed multiple times as separate events and desired outcomes only reported? 07/02/

26 Checking Completeness and Accuracy Is original data (format) available for checking? Format (electronic or paper) Permit interaction with the data (search/query) Risk based review e.g. exception reporting Is there any period of time where data is not audit trailled? Opportunity for data amendment Does the data reviewer have access to all data generated? Inclusive of data from failed or aborted activities Does the reviewer have access to all processing of data? Manages data exclusion Undisclosed processing into compliance 07/02/

27 When Data Used For A Decision When is the pass/fail decision taken? If before record is saved to permanent memory it may be manipulated prior to checks by reviewer Some LIMS systems alert of an OOS entry prior to completion of the entry process (pressing the enter key) Review and assessment of live chromatographic injections 07/02/

28 Data Retrieval How / where is it stored What are the measures protecting against loss/unauthorised amendment Measures as per earlier (IT Helpdesk, DBA etc) Is data backed up in a manner that permits reconstruction of the activity? Validated process What are ownership/retrieval arrangements, particularly considering outsourced activities or data storage Chapter 7 requirements 07/02/

29 Retiring or Disposing of Paper/Electronic Data... Data Retention Period Regulatory requirements and data criticality (validation vs routine batch) Data Disposal Authorisation Procedurised and approval within quality system 07/02/

30 Data Integrity: Electronic Systems

31 Design and Control of Electronic Data Original data cannot be deleted Audit trails are retained Computerised System design should ensure compliance with data integrity Evidence from the field suggests this is poorly understood In general sub-system approach is taken when qualifying Equipment Application module Historian module Reporting module Archival/Back up Does not consider entire data lifecycle over entire business process in terms of data integrity i.e. generation to retiring Inspection of an electronic system can include tracing data through the data lifecycle 07/02/

32 Review of e-data as the Original Record Risk of associated paper review may not include all relevant records e.g. uninvestigated OOS or other data anomalies Enables detection of data manipulation Deletion, amendment, duplication, reuse, fabrication Risk based review is acceptable when QRM principles applied Scientifically justified Exception reports Allows focus of review to critical areas Depth of review Must be appropriately validated 07/02/

33 Sample Deficiencies: Data Transfer The approach taken to the configuration and validation of the Manufacturing Execution System (MES) was not considered to have the appropriate built in checks for the correct and secure entry and processing of data in order to minimise the risks in that: Data utilised for batch related GMP decisions was pushed from certain Instruments to the MES Historian. The Electronic Batch Record selected its data from MES Historian based on Historian timestamp. It was noted that in some cases it was possible to re-send old tests from an instrument log to the Historian and these were assigned a Historian timestamp related to the resent date and not the original test execution date The test result and historian timestamp (not the instrument timestamp) were displayed to the Electronic Batch Record review screen The <backup> of <test> results saved on Nov 4 th :07 (local) were observed to have been imported to <backup location> at 17:24 (UTC) i.e. two hours later, despite the stated one minute sweep frequency 07/02/

34 Sample Deficiencies: Data Processing Processed test injections for <lot> were not approved on <CDS> until October 23 rd It was noted that the bright stock batch was released by the laboratory on 23 rd July 2015 and the packaged product was certified in August During the associated analysis on 18 th May 2015, system suitability criteria were met however retention time had drifted during the run and this was not commented on or investigated While electronic record review was performed, there was no process to ensure that all injections performed were reconciled and reviewed. Further to this it was not clearly defined what personnel were reviewing for 07/02/

35 Sample Deficiencies: Data Processing Unplanned system maintenance was logged in a <shadow system>. This process was not within the quality system nor was it periodically reviewed. It was noted that the system was silent with respect to <issues> stated within <some> investigation reports The company s use of test injections with respect to system suitability was not clear. In those cases reviewed it appeared that tests were abbreviated system suitability assessments and the impact of these on assay invalidation rates, suitability, and ultimately the validation status of the analytical method and/or qualification of the instrument was not clear Invalid assays were not formally assessed or trended within the pharmaceutical quality system and this was not justified 07/02/

36 Sample Deficiencies: Data Processing There was no justification for the test injections of samples including stability and samples being run prior to system suitability, e.g. <Product>, i.e. test injections, Test 1 and Test 2, prior to the running of <Product> assay for batch numbers <A> and <B> There was no explanation for why areas changed for test injections, Test 1 and Test 2, prior to running the sample set It was noted that when the assay for Test 1 was calculated that this resulted in an OOS result, whereas the result for Test 2 was within specification 07/02/

37 Sample Deficiencies: User Access Levels User access levels were not considered to segregate duties appropriately e.g. MES System Admin had access to all functionality of the MES system Generic usernames and passwords were utilised to access certain laboratory systems. These generic accounts could be utilised on other clients and this had not been assessed by the company. Examples included, but were not limited to, generic accounts for EBR workstations and certain laboratory instrument workstations The use of generic accounts can indicate that that everyone has access to certain data or locations on the network where it may be possible to delete and modify data in an uncontrolled manne. 07/02/

38 Sample Deficiencies User Access Levels It was observed that superusers and/or administrators of multiple systems had access to transactions which were not considered justified. For example, superusers and administrators of the LIMS system had full access to all transactions, such as, lot disposition or result modification In relation to Process Manufacturing System, area managers requested access based on other user profiles and as such there were no documented defined access levels relating to each role. In addition, user profiles were not adequately segregated e.g. personnel in financial roles had been given production level access and this was not justified 07/02/

39 Sample Deficiencies User Access Levels In relation to the integrity controls for laboratory data the following was noted: The administrators audit trail review was performed by administrators Administrators had full system access and this was not justified User accounts did not adequately restrict personnel from data e.g. contractor s personnel vs product data Audit trails did not adequately detailed the reason for change e.g. change control or deviation reference number 07/02/

40 What is an Administrator? System Admin, SuperUser, Business Admin, Site Admin, Corporate Admin, Lab Admin? Should be defined within the QMS When setting up access levels consider who should have access to what Access levels should be justified. ask why do I need access to this? Segregation of duties admins should have no interest in the output of the system True system administrators, in general, should not have a need to manipulate/process/approve.. the data generated by the system 07/02/

41 Sample Deficiency: Instruments In relation to the FTIR system and software: All personnel had Administrator access which enabled the analyst to change parameter settings and edit spectra Audit trails were not identified and there was no requirement to review audit trails on the system It was possible to copy, delete, and modify FTIR records There was no requirement to review the raw data on the system when reviewing and approving laboratory results Print outs were treated as original records with no requirement to verify these as true copies There was no naming convention for samples and results and thus it was not clear from the directory what were samples or standards or background spectra 07/02/

42 Data Integrity: Paper Based Systems

43 Design and Control of Paper System Good Documentation Practices Templates or Blank Forms Loose Form Distribution Requirements of Chapter 4 Records need to maintain ALCOA+ throughout data lifecycle Unique reference and revision control Linked to associated procedure Secure electronic signature Distribution Date & Sequence Issuing number Number and location of copies distributed Designed to avoid photocopying Purpose of Controls Ensures the risk of inappropriate use and/or falsifying by ordinary means is reduced to an acceptable level 07/02/

44 Deficiencies: Paper Based Systems Training records for the last visual inspection requalification of <Personnel> on a filling line indicated that nine operators had undergone visual inspection qualification between <timeframe> on <date> The training records also showed that the nine operators underwent classroom training for visual inspection on the <date> The electronic batch record for <Batch>, filled on the same filling line on the <date>, recorded various batch filling activities as being in progress on the line during the time period These activities were incompatible with performing the visual inspection requalification exercises which were documented as having been performed for the same time period 07/02/

45 Deficiencies: Paper Based Systems Integrity of data with respect to the documented checks for volume and witnessing for <process> manual additions was considered deficient in that: On two separate occasions (as captured through <some investigations>) personnel had signed to indicate that they had confirmed a volume check and witnessed manual additions when those activities subsequently were confirmed to have not taken place On further investigation it was determined that personnel did not fully understand the expectations and the significance of such signatures and checks No action was taken by the company to address these ambiguities related to the checks performed for the manual additions and no strategy put in place to prevent recurrence It was further considered that given the recurrence of the issues associated with such additions, there was significant questions over the validity and acceptability of the controls in place to accept such signatures as the only confirmation of such manual additions being made 07/02/

46 Deficiencies: Paper Based Systems Training records performed on <date>, were completed on forms where the defect types to be identified had been pre-populated. Records of the original training were not maintained and training was not documented contemporaneously The loose forms for cold-chain management were not adequately controlled in that the system could not identify when a form was lost There was no verification check in place for instrument readings where there was no printout available. For example, Verification of weights for analytical preparations or recording and verification of actual readings observed during calibration exercises There was no system in place to ensure that all titrations performed were recorded in the logbook A number of aborted and failed filter integrity tests were omitted from the instrument logbook. (instrument logbook did not correlate with the electronic log) 07/02/

47 Deficiencies: Paper Based Systems There was no verification check for to ensure that the UF/DF pressure reading was correctly transcribed to the batch record. Initial Normalised Water Permeability (NWP) values were utilized in the calculation of UF/DF cartridge performance. There was no verification of the transcription of the initial NWP values from the installation batch record to the logbook. 07/02/

48 Data Integrity: Outsourced Activities

49 General Supply Chain Considerations Understand the limitations of summary records, copies, printouts etc. Cannot verify all raw data and meta data Incorporate Data Integrity requirements and verification into Supplier Management program Quality Agreements Supplier Audits Supplier Review Look for the requirements and governance in the contract acceptor that you have to in your facility 07/02/

50 Assessing Outsourced Activities Verify adequacy of comparable systems at contract acceptor inclusive of equivalent levels of control Formal assessment on initial qualification Verified periodically at an appropriate frequency based on risk Output of Data Governance element of site audits Review data submitted in routine reports e.g. Comparison of COA result with in-house result Data governance from starting materials through to delivery of medicinal product 07/02/

51 Sample Deficiency: Outsourced Activities Data integrity considerations were not clearly identified within the agreement for the utilisation of cloud based services. For example: Ownership of data Retrieval of data should the service provider cease operation These aspects had not been risk assessed by the company 07/02/

52 Responding to a Data Integrity Failure

53 Data Integrity Issue is Identified. Investigation: Detailed protocol and methodology Assessment of the extent Omissions Alterations Deletions Record destruction Non-contemporaneous record completion Etc Determination of the scope and extent What data, products, processes, batches are implicated? Justification for boundaries Description of all parts of the operations where data integrity lapses occur Consideration for global corrective actions Risk assessment on the potential effects of failures on the quality of drugs involved Patient Ongoing operations Any impact on data submitted to regulatory agencies 07/02/

54 Corrective Actions to ensure data integrity Interim HPRA Notification Customer Notification Recalling product Additional testing Placing lots on stability Drug application actions Enhanced complaint monitoring Long Term Process Methods Controls Systems Management oversight Training 07/02/

55 HPRA Notification Contact: Develop Remediation Strategy Document including CAPA plan describing how company will ensure reliability and completeness of all of the data generated inclusive of global CAPAs (where appropriate) Comprehensive root cause including evidence that the scope and depth of CAPA plan is commensurate with the investigation findings and risk assessment. If applicable, indication whether the individuals responsible for the lapse remain able to influence GxP related data. 07/02/

56 To Summarise

57 In Summary Data integrity is not a new requirement (ALCOA+) Regulatory guidance and expectations are in place and should be referenced Data governance should be in place Understand and assess the Data Lifecycle for systems and processes Data integrity may include both paper and electronic records Notify HPRA where significant data integrity issue is identified 07/02/

58 Appendix: References

59 Data Integrity Regulatory References PIC/S PI Draft 2 (August 2016) EMA GMP Q&A on data integrity (August 2016) 18 WHO Technical Report Series 996, Annex 5 (2016) Guidance on good data and record management practices FDA Data Integrity and Compliance With CGMP Guidance for Industry (Draft) (2016) MHRA GMP Definitions and Guidance for Industry March tions_and_guidance_v2.pdf 07/02/

60 Thank you