Temperature Data Integrity and Security along the Pharmaceutical Supply Chain

• Eli Lilly and Company
• TEVA Pharmaceutical Industries Ltd.

Summary

Temperature is a critical process parameter for many pharmaceutical products as it impacts one of more critical quality attributes like label claim and formation of degradation products. As a result, it must be monitored and controlled in the end-to-end pharma supply chain during manufacturing, storage and transportation to ensure that products comply with the critical quality attributes to the end of shelf life. The measured temperature data and supporting meta data should be stored and compliant to all relevant regulatory requirements towards security and data integrity, which ensures that all collected and recorded data is complete, consistent, and accurate throughout the data lifecycle.

Keywords

Temperature, data integrity, meta data, security, storage, transport, distribution, pharmaceutical products, critical quality attribute, critical process parameter

Introduction

Quality of a pharmaceutical product is determined by its Critical Quality Attributes (CQA’s). A CQA is a physical, chemical, biological, or microbiological property or characteristic that should be within an appropriate limit, range, or distribution to ensure the desired product quality.1 CQA’s may include physical attributes, identification, assay, content uniformity, dissolution and drug release, degradation products, residual solvents, moisture, microbial limits, etc. A CQA can be impacted by the variability of a Critical Process Parameter (CPP), which therefore should be monitored or controlled to ensure the process produces the desired quality.1 An example of a CPP is temperature. At elevated temperatures the formation of degradation products is accelerated in many pharmaceutical products and may impact CQA’s like assay and degradation products. On the other hand, subzero temperatures may cause aggregation of proteins in, for example, vaccine formulations leading to ineffective products. Therefore, temperature monitoring and control are important along the supply chain to ensure product quality, efficacy and safety to the end of their shelf life.

After a pharmaceutical product is released by the manufacturer to the market, it is transported through the supply chain via various modes of transport (e.g. road, air, ocean) and warehouses to the point of dispensing (e.g. pharmacy, hospital etc.), where it is provided to the patient. Each stakeholder in this supply chain should know, maintain and respect the allowable temperature range of this product as indicated by the manufacturer. The allowable temperature range determined by the manufacturer is developed using long term and accelerated stability studies and it is provided on the marketed packaging for the patient and/or provided by the manufacturer to its supply chain partner (e.g. Logistic Service Provider (LSP), wholesaler, etc.).2-4 Any temperature deviation should be investigated and assessed as substandard product may impact patient health and safety.

Temperature Data Integrity

Inspection observations related to data integrity have been rising in recent years due to the elevated focus by regulatory agencies like FDA, EMA and MHRA. To secure temperature control of pharmaceutical products in the supply chain, five basic principles5 should be applied by each supply chain stakeholder:

1. Temperature specifications are set for products, processes and systems.
2. Temperature is controlled in an environment within the intended range using qualified active and/or passive system(s).
3. Temperature is measured by calibrated sensors at hot/cold spot location(s) based on temperature mapping studies.
4. Temperature data is collected and securely stored in readable and retrievable electronic and/or paper format6 according to data integrity ALCOA principles.A
5. Temperature excursions are investigated and product dispositions are executed according to current Good Distribution Practices (GDP7,8) and Good Pharmacy Practices (GPP9).

As temperature is a CPP for many pharmaceutical products, recorded temperature data should comply to the data integrity ALCOA principles. In addition, EU GDP6 provides guidance in paragraph 3.3.1 how to manage data:

• Data should only be entered into the computerized system or amended by persons authorized to do so.
• Data should be secured by physical or electronic means and protected against accidental or unauthorized modifications.
• Stored data should be checked periodically for accessibility.
• Data should be protected by backing up at regular intervals. Back up data should be retained for the period stated in national legislation but at least five years at a separate and secure location.
• Procedures to be followed if the system fails or breaks down should be defined. This should include systems for the restoration of data.

Note that WHO guidance10 slightly differs from the EU GDP and indicates that “all monitoring records should be kept for a minimum of the shelf-life of the product distributed plus one year, or as required by the national legislation.”

Since 2015 regulatory bodies like MHRA, FDA, WHO and EMA have had an enhanced interest in data integrity during inspections. They also published many data integrity guides to force the pharmaceutical industry to transform to an elevated data integrity level.7,11-13 The main focus was initially on testing laboratories and the manufacturing shop floor, but this is currently moving to distribution as well as the product quality, efficacy and safety should be maintained to the end of shelf life.

In recent years, temperature monitoring and control have been significantly improved and enlarged across the world for both cold chain and room temperature products. For example, the IATA CEIV program14 is being rolled out at airports around the world since 2015, temperature controlled drone shipments are being introduced, wholesalers are introducing temperature controlled small vehicles, thermal packouts are being further developed, ocean reefer containers and temperature controlled trailers are increasingly being monitored 24/7 by control towers. All these activities generate many bytes of temperature data that should be managed in a meaningful way. Temperature data can only be meaningful if it is linked to meta data including but not limited to:

• date and time of the temperature
• location, ID and alarm settings of the calibrated temperature sensor
• location, ID and allowable temperature range of the product

These meta data are of vital importance to link the CPP temperature to the product. The date and time of the temperature should be accurate and linked to the time-zone where the sensor is located. Seasonal daylight time saving changes impact the temperature time stamp and should be managed as well.

The location of the temperature sensor should be representative for the product temperature, which should be established during qualification studies of the active/passive temperature protection system or area. Thermal mapping should be considered to identify the proper zone(s) for storage and monitoring.15 The alarm setting of the calibrated temperature sensor should reflect the process parameters for the most temperature sensitive products. This may cause false positive alarms for some products that have a wider allowable temperature range, if mixed products are simultaneously stored or transported in the same environment.

In case of temperature excursions, the duration and minimum/maximum temperature data should be documented in a product impact assessment followed with the product disposition using the product (stability) requirements (CQA’s) and characteristics, temperature data and critical thinking. Here the temperature data and meta data should have been generated according to GxP regulations and comply to the ALCOA data integrity principles. Table 1 provide examples of temperature recording methods against ALCOA principles.

Temperature Data Security

Each temperature paper and/or electronic record should be secured against modifications and/or deletions to the end of the retention time as defined by the regulations.6,7,10 Therefore, a paper record should be traceable and stored in a secured environment (e.g. locked, fire cabinet etc.), whereas an electronic record should be secured in a computerized system by system access (segregation of duties), vulnerability scanning, security firewalls, anti-virus applications, and security patches. In addition, risk assessment of the computerized system should provide requirements toward data business continuity management and recovery plan, data integrity, system weaknesses against human interactions, data manipulation, confidentiality, data privacy, and so on. This will also lead to a computer system validation approach that secures the data by training for employees, risk assessment for outsourced activities (if applicable) such as use of cloud, system maintenance, backup system features and data retirement.

Discussion

Temperature can be measured with sensors or dataloggers at stationary locations in a store or vehicle and/or attached to the product. The full data set provides insight in the environmental conditions during manufacturing, storage and/or transportation. The owner of the product (e.g. manufacturer, wholesaler) should ensure that the temperature measurement equipment and data collection system fully comply to the data integrity requirements and computer system validation requirements as the data are used to determine compliance to the set product temperature requirements. Other supply chain stakeholders may apply a different level of compliance towards data integrity and security. For example, a ground handling agent at an airport with operating temperature-controlled storage facilities could have a different level of compliance towards data integrity or computer system validation (CSV) than the wholesaler. Systems used to produce certain logistics data such as transport booking systems do not carry GxP critical data that would require CSV. If using such as system, temperature records related to a specific shipment and are added through the system in question, thus data integrity compliance becomes important.

Temperature data can be recorded through stationary or dynamic temperature devices and systems. At storage and cross docks, temperature data are typically collected by static monitoring systems at fixed locations whereas during loading, transport and unloading, temperature data are often collected by dynamic temperature monitoring devices embedded with the products to ensure temperature integrity is recorded during those stages of a distribution process. Here GxP requirements on static temperature monitoring does not necessarily apply, like at airport storage facilities.

To determine the root cause of a temperature excursion, more (meta) data than temperature, date and time may be required including, but not limited to geographic location, light, humidity, shock and vibration, track and trace data from the logistic service provider (LSP), environmental conditions from weather stations, qualifications studies of used active/passive temperature protection system, checklists of shipper/LSP/receiver, SOP’s, and temperature data from other systems (for example truck temperature sensors15 in addition to temperature dataloggers attached to the payload). The additional (meta) data for the root cause analysis (RCA) may not be generated according to GxP regulations and/or ALCOA data integrity principles, but they may be important for the business to understand the circumstances that led to the temperature excursion and to determine corrective and/or preventative actions (CAPAs) for continuous improvement. Therefore, it is important to clearly define the data sources in the RCA and how the data was generated to make justifiable conclusions.

Contracted manufacturers, suppliers and logistics service provider approval processes should be comprised of verification of regulatory requirements related to data integrity and security.13 Audits both internal and those of third party suppliers should routinely include good practices related to data integrity and security. Data integrity Gemba walkthroughs should be part of these verifications to ensure all levels of data (raw and meta data) are compliantly handled throughout the process.

Conclusion

Temperature is a critical process parameter that must be monitored and controlled in the supply chain during manufacturing, storage and transportation to ensure that pharmaceutical products comply with the critical quality attributes to the end of shelf life. The ALCOA data integrity principles and data security measures should be applied when generating and storing the temperature data and meta data. In case of temperature excursions, the product impact assessment and product disposition should be based on the data generated according to GxP and ALCOA data integrity principles. However, additional non-GxP (meta) data can be used by the business to get better understanding of the circumstances of the temperature excursion and to determine CAPAs for continuous improvement. At the end temperature data storage regardless if in paper or third party client user cloud solution, needs to be compliant to all relevant regulatory requirements towards security and data integrity, which ensures that all collected and recorded data is complete, consistent, and accurate throughout the data lifecycle.

Disclaimer

The content and the view expressed in this document are the result of a consensus achieved by the authors and are not necessarily views of the organizations they present or represented.

The mention of a product or service provider does not mean it is the sole product or service that is available for use.

References

1. International Conference on Harmonization ICH Q8(R2), "ICH Harmonised Tripartite Guideline Pharmaceutical Development," Current Step 4 version, dated August 2009.
2. International Conference on Harmonization ICH Q1A(R2), "ICH Harmonised Tripartite Guideline Stability Testing of New Drug Substances and Products," Current Step 4 version, dated 6 February 2003.
3. E.J. van Asselt and R.H. Bishara, "Establishing and Managing the Drug Product Stability Budget," Journal of Pharmaceutical Outsourcing, vol. 16, no. 4, July/August, pp. 20-27, 2015.
4. European Medicine Agency (EMA) CPMP/QWP/609/96/Rev 2, "Guideline on Declaration of Storage Conditions," 2007.
5. E.J. van Asselt, L. Schütte and R.H. Bishara, "Last Mile Shipping Conditions and Temperature Excursion Handling for Room Temperature Pharma Products in Europe," Journal of Pharmaceutical Outsourcing, vol. 19, no. 4, July/August, pp. 12-17, 2018.
6. EudraLex, "Good Manufacturing Practice, Medicinal Products for Human and Veterinary Use, Annex 11: Computerised Systems," vol. 4.
7. European Commission, "Guidelines of 5 November 2013 on Good Distribution Practice of medicinal products for human use (2013/C 343/01)," Official Journal of the European Union, 2013.
8. PDA Technical Report 58, "Risk Management for Temperature-Controlled Distribution," 2012.
9. World Health Organization (WHO), "Good Pharmacy Practices. Annex 8. Joint FIP/WHO Guidelines on GPP. Standards for quality of pharmacy services," WHO Technical Report Series, No. 961, pp. 310-323, 2011.
10. World Health Organization (WHO), "WHO Expert Committee on Specifications for Pharmaceutical Preparations," WHO Technical Report Series, No. 957, p. 252, 2010.
11. Food & Drug Agency (FDA) Guidance Document, "Data Integrity and Compliance With Drug CGMP Questions and Answers Guidance for Industry," December 2018.
12. Medicines & Healthcare products Regulatory Agency (MHRA), "‘GXP’ Data Integrity Guidance and Definitions," March 2018.
13. World Health Organization (WHO), "Annex 5 Guidance on good data and record management practices," Technical Report Series No. 996, 2016.
14. IATA CEIV Pharma, "https://www.iata.org/whatwedo/cargo/pharma/Pages/ceiv-pharma.aspx," 30 Apr 2019. [Online].
15. E.J. van Asselt, R.H. Bishara et. al., "Pharma requirements for temperature controlled trailers," Journal of Pharmaceutical Outsourcing, vol. 18, no. 4, Jul/Aug, pp. 12-19, 2017.

A. Data should comply to Data Integrity ALCOA principles: Attributable to the person generating the data, Legible and permanent, Contemporaneous, Original record or true copy, and Accurate.

 Author Biographies

Erik J. van Asselt, PhD, MSD, Leader of Parenteral Drug Association (PDA) Pharmaceutical Cold Chain Interest Group (PCCIG), EU Branch.

Rafik H. Bishara, PhD, Technical Advisor, retired, Director, Quality Knowledge Management and Technical Support, Eli Lilly and Company.

Zvonimir Majic, PhD, Director Global Quality Logistics, TEVA Pharmaceutical Industries Ltd.