(published in Dec 2018)

Background :

The purpose of this guidance is to clarify the role of data integrity in current good manufacturing practice (cGMP) for drugs, as required in 21 CFR parts 210, 211, and 212. In recent years, FDA has been increasingly observed cGMP violations involving data integrity during cGMP inspections. This is troubling because ensuring data integrity is an important component of industry’s responsibility to ensure the safety, efficacy, and quality of drugs, and of FDA’s ability to protect the public health. These data integrity-related CGMP violations have led to numerous regulatory actions, including warning letters, import alerts, and consent decrees.

In December 2018, FDA has published new data Integrity Guideline which contains guidance on different data integrity issues as per below points.

  1. Terms related to cGMP records
  • Metadata: The data that describes the attributes of other data and provides context and meaning.
  • Audit Trail: A secure, computer generated, time stamped electronic record that allows for reconstruction of the course of events relating to the creation, or deletion of an electronic records. An audit trail is the arrangement of events of the who, what, when & why of a record.
  • Static is used to indicate a fixed-data record such as a paper record or an electronic image.
  • Dynamic means that the record format allows interaction between the user and the record content.
  • Back up refers to a true copy of the original record that is maintained securely throughout the record retention period.
  • Computer or related systems refers to computer hardware, software, peripheral devices, networks, cloud infrastructure, personnel, and associated documents

2. Before release of the product to the market, the same must be evaluated and maintained by the quality unit. Invalidated test results should be recorded with supporting data. Invalid test results must be documented & justified on the basis of a scientifically investigation. The data in the Paper-based and electronic format should be reviewed & kept (achieved).

3. The computer system should be validated. Use of invalidated system may impact on the product quality of the product. So controls should be designed to validate a system for its intended use like software, hardware, and documentation.

4. Computer system must be used & records can be made only by authorized personnel who are competent for that activity. The system administrator role, including any rights to alter files and settings, should be assigned to personnel independent from those responsible for the record content. Computer system access privileges should be given based upon the persons experience & skill. A list of Authorized persons should be defined & displayed in the work place.

5. When login credentials are shared, a unique individual cannot be identified & FDA does not allow to share login information between the users. User can share ‘read only’ user account to view data in computer system by which user cannot modify or create or delete data.

6. The cGMP documents or records generated in the form of Binding Logbooks & loose formats must be controlled & all these records should have issuance records. Reconciliation should be made for each issued documents or records.

7. Audit trail review is similar to assessing cross-outs on paper when reviewing data. Personnel responsible for record review under cGMP should review the audit trails that capture changes to data associated with the record as they review the rest of the record. The person supervising or checking the information can also review the Audit Trial data.

8. Audit trail should be reviewed after each significant steps like manufacturing, processing, packing, or holding, and required data should be review before batch release. The review frequency can be decided based upon the evaluation of data criticality, control mechanisms, and impact on product quality.

9. Electronic copies can be used as true copies of paper or electronic records, provided the copies preserve the content and meaning of the original record, which includes all metadata required to reconstruct the cGMP activity and the static or dynamic nature of the original records. True copies of dynamic electronic records may be made and maintained in the format of the original records.

10. pH meters, Conductivity meter and balances may create a paper printout as the original record & in this case, the paper printout or a true copy must be retained. The original laboratory records, including paper and electronic records, are subject to second-person review  to make certain that all test results and associated information are appropriately reported.

11. Electronic signatures with the appropriate controls can be used instead of handwritten signatures or initials in any CGMP required record. Firms using electronic signatures should document the controls used to ensure that they are able to identify the specific person who signed the records electronically.

12. FDA expects processes to be designed so that data required to be created and maintained & cannot be modified without a record of the modification. For Example HPLC analysis data should be saved upon completion of each step or injection instead of at the end of an injection set, and changes to the data or injection sequence should be documented in an audit trail.

13. System suitability tests should be performed according to the firm’s established written procedures which should include the identity of the preparation to be injected and the rationale for its selection. If an actual sample is to be used for system suitability testing, it should be a properly characterized secondary standard.

14. Written procedures must be established and followed for chromatography analysis.FDA required complete data in laboratory records, which includes but is not limited to notebooks, worksheets, graphs, charts, spectra, and other types of data from laboratory instruments.

15. Any falsification or alteration of data or records must be fully investigated under the cGMP quality system to determine the effect of the event on patient safety, product quality, and data reliability & necessary corrective actions to be taken to determine the root cause. FDA invites individuals to report suspected data integrity issues that may affect the safety, identity, strength, quality, or purity of drug products

16. Personnel involved in the Processing, testing & performing the activity must have the education, training, and experience, to perform their assigned duties & to prevent and detect data integrity issues.

17. All the records or data whether it is generated through computerized systems or electronic form or paper are subject to FDA inspection. For Example, an email to authorize batch release is a cGMP record that FDA may review & firm must allow to review such type of documents.

18. In order to identify data integrity lapses which can influence cGMP-related or drug application data or can affect the quality of the drug product the firm may appoint third-party auditor. Firm also may include improvements in quality oversight, enhanced computer systems, and creation of mechanisms to prevent recurrences and address data integrity lapses.

Reference Link: www.fda.gov