Data integrity. Those in the pharmaceutical industry have been hearing that phrase a lot as of late. (In fact, I fully expect the phrase to be added to the Webster’s English Dictionary next to a cartoon of a quizzical- looking scientist in the very near future!) Entire conferences and seminars are devoted to delving deep into the meaning, the application, and the support of this topic. We in the industry understand that the various regulatory bodies throughout the world are requiring it and we even understand that our organizations may not have the best practices. However, one thing that many are struggling with is building that bridge between what the regulations say, and how best to implement a solid, compliant data integrity governance program.
The first step is to understand what exactly that five syllable word truly means. Good data integrity ensures that you are able to tell the whole story of your product: from those first feasibility/proof of concept batches, through the rough development and clinical years, all the way through to post-approval. That means when in that situation that we all love to hate, you can answer the who, what, where, when, how questions any good inspector or auditor is going to ask and you can demonstrate with ease that your data is attributable, legible, contemporaneous, original, and accurate (ALCOA).1 The pharmaceutical industry is in a period of excitement and discovery, and many organizations are experiencing growing pains with regards to data integrity. This is especially prevalent when moving from paper-based to electronic systems. Whether it is a LIMS system or electronic notebook, new software that calculates the projected shelf-life of your product with the click of a button, or a program that will track every aspect of your product inventory - every bit of this data is up for scrutiny. The old pharma adage goes that if you didn’t write something down, it didn’t happen. The same holds true with electronic systems, only strokes of a pen can be replaced with clicks on a keyboard.
Now that we have answered the question of “what is data integrity,” let us venture into the realm of action.
Rome wasn’t built in a day; anything worth doing takes time; if it was easy everyone would already be doing it; pick your cliché. Long story short, a good data integrity program will take time, excellent organizational skills, and the ability to see more than the road that lies before you. The key is to go about implementation with a phased approach and to also understand that it is a process and a journey, not necessarily a final destination. Figure 1 is a simple illustration to show the overall lifecycle of program implementation from initial system review all the way through to periodic assessments of your systems.
System Analysis
The first step in the implementation process is to assemble a list of systems within your stability laboratory. Assess each system for the current validation status, maintenance schedule, user profiles and associated training, presence of standard operating procedures, and the current level of data integrity compliance.
Validation Status
Evaluation of this attribute goes beyond just answering the question “Is system XYZ validated?” but how was the system validated. Were the appropriate tests executed to ensure that the data held within the system is secure, inalterable, and accurate? Is there a master validation plan in place? Additionally, executed protocols and final reports detailing the qualification and validation of the system need to be written, reviewed, and approved by personnel at the appropriate levels.
Maintenance Schedule
Once your system is validated and in use, routine maintenance needs to be performed. Yes, even electronic systems need routine maintenance, although not with a wrench or screw-driver. This can be done either through an in-house team (i.e. system administrators) or through vendor technical support.
User Profiles and Training
A review of user profiles and training records also needs to be completed as part of the system assessment. Each user needs to have the appropriate level of access and adequate training to perform essential job functions within the system. Profiles also need to be scrutinized to ensure that users do not have both administrator and user level access. One caveat to this is within small organizations where it is necessary for system users to employ both administrator rights and user level access. In this case it is imperative that those with both account levels be limited to performing the functions specific to that level of account. In addition to user profiles and training, how users access the system needs to be assessed (i.e. unique usernames, passwords, etc.).
Standard Operating Procedures
Standard Operating Procedures or SOPs need to be in place which outline the system requirements, use, and workflow for each laboratory system. SOPs ensure that each user is using the system, and generating data, in a consistent manner.
Level of Data Integrity
All the aforementioned review parameters build into the overall assessment of your system’s data integrity compliance. Performing this initial assessment is the building blocks for identifying gaps within the laboratory systems.
Gap Identification
The next phase in the process is to identify gaps with regards to how your system stacks up against the expectations in the various regulations and guidance documents. When reviewing these gaps, assess each attribute or element with a level of criticality (e.g. Minor, Moderate, Major, Critical) and compile the assessments to assign an overall criticality rating for each aspect of the system. This approach helps not only when determining the overall deficiency of the system, but also is helpful when forming your game plan for corrective actions or remediation.
Cross Functional Review and Reporting
Formalizing the results from the system review into a report helps create accountability for the changes that need to be made. A well-written, concise document should contain the following: the scope of the review (i.e. the system name, function, and in the case of organizations which multiple locations, the site at which the analysis was performed); any system-specific definitions; the guidance documents or regulations against which the system was evaluated; the aspects or elements of each system; any gaps identified; and a plan for remediation or corrective/preventive action (CAPA).
Departments responsible for the overall use of the system (information technology, quality control/assurance) should be included as reviewers and/or approvers on the document. Acknowledgement. Accountability. Action. These will help to ensure that gaps or deficiencies are addressed as quickly and efficiently as possible.
Remediation and CAPA
Remediation activities and Corrective/Preventative Actions can have a wide range. It can be as simple as turning the ability to collect and store an audit trail, to the purchase of new laboratory software or instruments. Regardless of the magnitude, all activities should be tracked either through routine meetings and follow-ups or a formal CAPA tracking system or database. In addition to tracking, it is very important to assign action items to those familiar with the system. Subject Matter Experts (SMEs) are integral to the overall compliance of the system and ensuring that any items are addressed in the most appropriate manner. Each item should also have a due date. As with CAPA in other functional areas, due dates are key in making sure items do not get missed and are completed in a timely fashion.
CAPA items…check. SME…check. Due date…check. Now how to get all of these moving parts to work together? Having a remediation plan is at the top of the importance pyramid. Rome was not built in a day, and the same goes for a robust data integrity program. Many changes may take time, or in some cases, may take additional budget capital to implement. Establishing a project plan will help keep individual items in perspective and in check with the overall objective: Good Stability Data Integrity.
Continuous System Review
Just like tabulating on-going stability data for a regulatory filing or following a company’s records retention policy, electronic systems need regular review. Establishing a company or site-wide procedure for data integrity will facilitate the periodic review of electronic systems. Whether it be annually, or after significant system upgrades or changes, proceduralize the review period… and stick to it! Periodic review of the system ensures that all the pieces and parts of your system continue to work together in a reliable, integral way. And if something within your system as gone awry, having a pathway for addressing any issues. However, as with the initial system assessment, any corrective actions which arise from the periodic review need to be assessed for possible product impact and addressed expediently.
Patient Focused
Working in the pharmaceutical industry, the end goal is to ensure that we are making a difference for patients all over the world. Good data integrity is paramount in order to ensure that the products that we make every day, that help people everywhere, meet the standards that are set for them. The data generated and analyzed within our laboratories are used to make decisions at every step throughout the lifecycle. Implementing a robust data integrity program within your organization solidifies the commitment we make to the people we help on a daily basis.
References
- Guidance for Industry: Data Integrity and Compliance With CGMP, U.S. Food and Drug Administration, April 2016
Emily Trubee is a pharmaceutical professional with 14 years of experience in Quality Control, and Stability Testing and Management, with a focus on regulations-compliant stability programs for sterile injectables, solid oral dosage forms, and biological products. In her current role as Stability Manager, Research and Development at Adare Pharmaceuticals, she is responsible for managing the stability lifecycle of all products from pre-clinical through commercialization. Emily earned her Bachelor of Science degree in Chemistry from Wilmington College in Wilmington, OH and her Master of Science degree in Quality Assurance and Regulatory Affairs from Temple University School of Pharmacy.