Leveraging ALCOA+ Principles to Establish a Data Lifecycle Approach for the Validation and Remediation of Data Integrity. Bradford Allen Genentech

Transcription

1 Leveraging ALCOA+ Principles to Establish a Data Lifecycle Approach for the Validation and Remediation of Data Integrity Bradford Allen Genentech 1

2 Agenda Introduction Data Integrity 101 Review What is Data True copies Regulatory Requirements ALCOA+ CSV / Data Life Cycle Basic DI Requirements Data Integrity Validation Validation FOR Intended Use 2

3 What is Data? Raw Data Original records and documentation, retained In the format in which they were originally generated (i.e. paper or electronic), Or as a true copy. Data Information derived or obtained from raw data (e.g. a reported analytical result). 3

4 What is Data? MetaData - Data about the data. Structured information that describes, explains, or otherwise makes it easier to retrieve, use or manage data. Metadata describes the attributes of the data, and provides the context and meaning. Relationships between data and their metadata should be preserved in a secure and traceable manner. The value 1.2 ; What does it mean? Weight? (Lbs. or Grams?) Distance? (meters or inches) ph? or voltage? 4

5 What is Metadata? Metadata helps you understand the data! For example: (1.2) Instrument: HPLC -1 Date / Time: 21JUL16/17:48 Comment: Run 1 was stopped because of retention time shift Audit trail: old value: flow rate1.2 changed to new value 1.0 By: Stef Curry Reason: wrong method per SOP

6 Original Record / True Copy True copy: Must preserve the integrity of the data (accuracy, completeness, content and meaning), and must include the metadata. Data retention processes must be shown to include: Original or True copies of all data, (audit trails, result files, software / system configuration settings ) and metadata, necessary for reconstruction of a given raw data set. 6

7 Types of Data Static vs dynamic Static: fixed data document such as a paper record or an electronic image. Dynamic: record format that allows interaction between the user and the record content, such as a chromatogram where the integration parameters can be modified. 7

8 True Copy 21 CFR requires that laboratory records contain "complete data For example, a ph meter or spectrophotometer may create a paper printout as the original record as a static record; either paper or electronic. 8

9 True Copy Dynamic data: 9

10 True Copy? 21 CFR requires that laboratory records contain "complete data Per FDA: The printed paper copy of a chromatogram cannot be considered a "true copy" of the electronic raw data used to create that chromatogram, as required by (d). Also cannot be considered an "exact and complete" copy of the electronic raw data used to create the chromatogram, as required by The chromatogram does not include, for example, the injection sequence, instrument method, integration method, or the audit trail, of which all were used to create the chromatogram or are associated with its validity and to be used to reconstruct the data. 10

11 Data Integrity Regulatory Requirements b, ; Instruments must be qualified and fit for purpose (a)(8); Original records have been reviewed by a second individual to ensure accuracy, completeness and compliance ; the authority to review production records to assure that no errors have occurred (b); data must be stored to prevent deterioration or loss ; records be retained as original records or as true copies ; records shall be prepared for each batch of drug product produced and shall include complete information (a) Laboratory records shall include complete data derived from all tests necessary to assure compliance (b); Input to and output from the computer or related system of formulas or other records or data shall be checked for accuracy. 21 CFR Part 11 EudraLex Vol 4; Annex ; Laboratory records shall include complete data derived from all tests necessary to assure compliance (b); backup file of data entered into the computer or related system shall be maintained. to assure that backup data are exact and complete and that it is secure from alteration, inadvertent erasures, or loss ; ; there must be a documented, scientific justification for its exclusion ; ; activities must be documented at the time of performance ; An accurate reproduction of the appropriate master production or control record, checked for accuracy, dated, and signed; (a)(4); complete record of all data secured in the course of each test, including all graphs, charts, and spectra from laboratory instrumentation, 11

12 ALCOA+ No! Defined by FDA in 1990s and added to by EMA (+) 12

13 ALCOA+ Enduring Who performed? Attributable Legible Can the data be read and understood? Available (for the lifetime of the record) ALCOA Does the record accurately reflect the event? Accurate Contempora neous When was the data created? Original Consistent Is it the original record? Not copy, printout Complete (All data including meta data) 13

14 Attribute ALCOA Good Documentation Practices Paper Electronic Data Attributable Legible Contemporaneous Original Accurate Signature/ Initials/ date Data must be recorded permanently in a durable medium and be readable Record data at time it happens Indelible ink, no whiteout/tipp-ex No errors or editing performed without documented amendments User login/ e-signature Human readable Time stamp; audit trail Audit Trail; no annotation tools allowed; Read Only rights Audit trail ALCOA is Good Documentation Practices for both paper and e-records! 14

15 Computer System Validation 15

16 Data Life Cycle Data Integrity: The extent to which data is complete, accurate, consistent throughout the data life cycle Generation Processing Reporting Backup/ Archiving Retrieval Destruction MHRA-All phases in the life of the data (including raw) from initial generation and recording, processing, transformation, use, retention, archive, retrieval 21CFR Part 11.1(b)- creation, modification, maintain, archive, retrieve and transmit 16

17 Data Life Cycle Data Generation Regulation Description ALCOA (d) (b) (a) Documented at time of performance Contemporaneous, attributable (b) Instruments must be qualified and fit for purpose Consistent 17

18 Data Life Cycle Data Processing Regulation Description ALCOA (a) (a) (g) (b) (a) Complete data derived from all tests Input/output from the computer or related system of formulas or other records or data shall be checked for accuracy; Calculations must be verified Data generated must meet criterion of scientific soundness; Data generated and transformed must meet the criterion of scientific soundness Accurate, Complete Accurate, Consistent Accurate, Consistent 18

19 Data Life Cycle Data Reporting / / (b) (a)(8) (e) / / Release testing requires complete information; complete records of all tests There must be valid, documented scientific justification for exclusion of data Checked by 2 nd person to ensure accuracy, completeness and conformance Any GMP data created must be evaluated by quality unit Complete Accurate, Complete, Consistent Legible, Accurate, Complete 19

20 Data Life Cycle Data Backup Archiving (e) (b) Retained as original records, or as true copies Stored to prevent deterioration or loss Original, enduring, available Enduring (b) Data must be backed up (exact and complete and free secure form alteration, inadvertent erasures, or loss Enduring, available 20

21 Computer System Validation 21

22 Data Integrity Validation Perspective Data Integrity Core Principles User access & security Segregation of duties Protection of data Reviewing / Reporting of data Backup / Restore/ Archive of data i.e. Basic GMP 22

23 User Access Security Roles / permissions Roles in Computerized Systems should be tailored (where technical feasible) to ensure access only for functionality which is necessary for the respective job role. Make sure you understand the privileges applied to each user profile and be prepared to justify them. Validation (functional testing) to verify assigned roles and their intended use. Periodic review of users. Generic accounts are not allowed All data lifecycle steps must be traceable to an specific person. What to do about vendor service accounts? 23

24 User Roles Permissions 24

25 Segregation of Duties Systems must be configured in a way that system operators who work with the system cannot delete or change data or system settings (e.g. inactivate audit trails, delete data, delete files, change configuration,etc.). System Administrator rights (permitting activities such as data deletion, database changes or system configuration changes) should not be assigned to individuals with a direct interest in the data (data generation, data processing, data review or approval). Administration control should be independent of data life cycle function to eliminate conflict of interest. 25

26 Protection of Data No deletion rights Once data is acquired, it cannot be deleted or moved. Auto saving of data Electronic data must be auto saved before it can be reviewed (or printed to hard copy). Testing into compliance (pre-screening) 26

27 Auto saving of data Protection of Data Pre-screening data No Save or save as functions Testing into compliance Ignoring failing injections and recalculating without saving Performing trial standard or sample analysis prior to official analysis Re-integrations without valid procedure 27

28 Protection of Data Files/ folders must be protected from user access No data saved on local drives No USB access Recycle bin Internet access 28

29 Data Review Written procedures on data review must define the frequency, roles and responsibilities. Data review procedures must evaluate the integrity of data sets before the final approval of the record. Data on which decisions are based should therefore follow the concept of ALCOA (Accurate, Legible, Contemporaneous, Original and Attributable). Traceability must be given to raw data for all changes to data, and that the changes shall be traceable to analysis results, method and processing parameters, etc. 29

30 Data Review The data review should be executed on original data or a true copy. This means that the data review should be executed electronically (not on paper) for computerized systems; within the software to ensure that the reviewer has access to original source data. All data should be reviewed. Raw, processed, invalids Methods, setups, parameters, etc. Audit trails Time frame? What happened before and after official assay? 30

31 Data Review Audit trails must be reviewed with the associated data/ record(s) for modifications and deletions to critical data. If modifications or deletions were identified, verify the changes were appropriate and comments are included as required per approved procedure. Therefore, respective data review procedures must include data audit trail review activities, including (but not limited to): Overwriting files/ data Aborted / invalid runs Testing into compliance Deleted data Altered data 31

32 Back up Restore / Archive Regular back-ups of all relevant data should be done Not to be confused with backup created for disaster recovery. Backup (FDA) refers to a true copy of the original data maintained securely throughout the records retention period. Preferably real time backups, automatically If not, risk based assessment and justification The integrity and accuracy of backup data and the ability to restore the data should be verified during validation and monitored periodically. Archived data should be checked for accessibility, readability and integrity. If changes are to be made to the system, then the ability to retrieve the data should be ensured and tested. 32

33 Validation Validation must consider the intended use of the data throughout its life cycle. You must define the requirements for data integrity and verify that both system and procedural controls for data integrity are in place. Processes should be based on the data life cycle Generation Processing Reporting Backup/ Archiving Retrieval Destruction 33

34 Validation Validated for INTENDED use: Is the system Validated for INTENDED use? 21 CFR Part 11.10(a): Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. (i.e. audit trail) 34

35 Data Integrity requirements 1 Preparation Cat. B Cat. C 1.1 Sample identifier, sequence names and file names, as applicable, must be unique. If possible the respective identifiers/names should be generated automatically by the software. If automatic generation is not possible, a procedure must be in place to define identification/naming conventions and implemented. - X 1.2 Where technically feasible, equipment/systems must automatically serialize or track every analytical test (= unique identifier). X X 35

36 Data Integrity requirements 2 Data Generation Cat. B Cat. C 2.1 Audit trails must allow reconstruction of critical data lifecycle activities (where feasible). - X 2.2 All measurement/analysis results generated by paper-based/hybrid systems must be printed (preferably automated directly after data generation) on durable medium or transferred to a superior computerized system. When printing/data transfer is not feasible then implementation of data verification using the four eyes principle is required for critical process steps. Details about what critical process steps are is defined by the Internal Category B Data Integrity Guidance document. X X 2.3 Reprocessing of data (if applicable) must be traceable with change justification in audit trails. - X 36

37 Data Integrity requirements 3 Data Review Cat. B Cat. C 3.1 Written procedures on data review must define the frequency, roles and responsibilities. These procedures must also describe how aberrant data is handled if found during the review. Data review procedures must evaluate the integrity of data sets before the final approval of the record. Data on which these decisions are based must therefore be complete as well as follow the concept of ALCOA (Accurate, Legible, Contemporaneous, Original and Attributable). Traceability must be given to raw data for all changes to data, and that the changes shall be traceable to analysis results, method and processing parameters. X X 37

38 Data Is the data/ record(s) defined? Is criticality assessed? Is there a description of the process/ data flow? 38

39 Data Flow Map UV-VIS 39

40 Data Flow Risk Assessment 40

41 Data Flow Risk Assessment 41

42 Is the System Validated for INTENDED use For data integrity (data life cycle approach), have you included in your Validation Protocol: 21CFR Part 11 (11.10 (a); )- ability to discern invalid or altered records Configuration; paths, folder rights, tools Sys Admin Segregation of Duties, Security/ Access and their definition and configuration Description of data flow, definition what is the critical data, risk Data Review SOP based on ALCOA (Accurate, Legible, Contemporaneous, Original and Attributable) Complete set of data reviewed What to look for; What to do if anomaly Audit Trail Review Procedure Backup Restore; Regularly tested and SOP in place Archive /Retrieval (if required); Testing of restore 42

43 Validation Intended Use - Example Validation of Computerized System Audit Trail Functional Testing: Test case to make sure audit trail is turned on, captures correct information, can be viewed, printed, not deleted, etc. Validation for intended Use (ability to discern invalid, altered records) : Should include testing to confirm that the required audit trail not only correctly captured (functional testing), but is aligned with the data review process described in a system SOP. System SOP should describe the process for audit trail review, including the definition of the data to be reviewed. What do to if issue found, how to document review 43

44 Validation Configuration Verify that the system has adequate technical controls to prevent unauthorized changes to configuration Verify the configuration is locked and only authorized admin has access Define the configuration in a approved document. Verify items affecting data integrity are considered and justified 44

45 Validation Configuration 45

46 Validation User Access Verify that procedures are in place to oversee user access management Verify a role/ permissions matrix exists listing users and their role and associated permissions No user should more rights than needed to perform job function Review and challenge system permission settings 46

47 Validation User Access 47

48 Backup/ Restore Backup Restore Regularly tested Original electronic data capture of data, metadata and all subsequent data required to fully reconstruct the conduct of the GMP activity SOP in place An approved document, either local, global which describes what data is backed up and to what location Verification should be enabled to ensure that the backed up data is identically to the original data. 48

49 Archiving Ensure that the archived data are complete and readable. A procedure in place, to test on a regular basis that the archived data are available and readable during entire retention period. Plan for obsolescence A secure storage location for archived data protected from manipulation. 49

50 Training Confirm that a training program addresses: Only qualified users have access Correct usage of the system Aware of consequences and potential harm from data integrity issues 50

51 Questions 51