On April, 15th, the FDA issued a new draft guidance in response to rising concerns around data integrity at drug manufacturing sites both inside and outside the U.S. Data Integrity and Compliance with CGMP outlines the FDA’s initial recommendations for creating and managing data in accordance with the Current Good Manufacturing Practices (CGMP) laid out in 21 CFR Part 210, 211, and 212.
The new draft guidance answers a number of common questions concerning the “completeness, consistency and accuracy of data,” asserting that “[c]omplete, consistent and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA).”
Much of the 13-page draft guidance goes on to explain how regulators expect companies to adhere to these new rules. To save you time during your review, we’ve summarized the eight key takeaways below:
1. Excluding data
Any and all data that fulfills CGMP requirements become a CGMP record. As a result, all of this data must be evaluated.
In addition, it can only be excluded from the release criteria decision-making process if there is, what the draft guidance calls a “valid, documented, scientific justification” for excluding it.
2. Including metadata with electronic data
All electronic data that fulfills CGMP requirements must include metadata, which the draft guidance describes as “structured information that describes, explains, or otherwise makes it easier to retrieve, use or manage data.”
Regulators will expect companies to store and preserve electronic data and metadata to ensure the relationship between the two is both “secure” and “traceable” throughout the CGMP record retention period.
3. Validating workflows
The FDA recommends manufacturers implement “appropriate controls to manage risks associated with each element of a computer system” in order to validate that workflows are working correctly.
Going one step further, regulators are advising manufacturers that the controls used to validate computer systems for intended use will address software, hardware, personnel and documentation.
4. Access restriction controls
The FDA recommends companies implement controls to “restrict the ability to alter specifications, process parameters, or manufacturing or testing methods by technical means (for example, by limiting permissions to change settings or data.)”
Independent officials within the organization should be assigned to administrate these systems and monitor access to them.
5. Audit trail reviews
The draft guidance suggests all audit trails should be reviewed regularly and include a history of changes to finished product test results, changes to sample run sequences, changes to sample identification and changes to “critical process parameters.”
In this case, audit trails are defined as a “secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification or deletion of an electronic record.” These should be present in production and control records, which means they’ll need to be reviewed and approved by quality personnel.
6. System suitability testing
Under these new guidelines, using actual samples in a test, prep or equilibration run is a violation. Instead, these tests should be conducted with standard prep or another standard solution to determine if “requirements for precision are satisfied.”
In situations where actual samples are being used, they should be “properly characterized secondary standard” and from a different batch than the sample(s) being tested.
7. Quality issue reporting
Any falsification or alteration of records—known or suspected—must be investigated under the documented CGMP quality system. More specifically, the goal should be to “determine the effect of the event on patient safety, product quality, and data reliability; determine the root cause; and to ensure the necessary corrective actions are taken.”
Additionally, it's suggested staff should be trained to identify data integrity problems as a part of the CGMP training program.
8. Remediating data integrity issues
When compliance problems arise, the FDA classifies “effective remediation” of data integrity problems identified during inspections and other regulatory actions as the “hiring a third party auditor [to] determine the scope of the problem, implement a corrective action plan (globally), and remove at all levels individuals responsible for problems from CGMP positions.”
Further, the FDA warns that it may conduct additional inspections to gauge the effectiveness of remediation initiatives.
The Draft Guidance was published for industry comments and recommendations and is nonbinding in its current form. Electronic or written public comments can be submitted until June 14th, 2016.
Interested in learning more about planning and executing an effective remediation project? Grab our free whitepaper: The Complete Guide to Remediation Projects or contact our experts today for a consultation.