Data Integrity – Topmost Priority for the Pharmaceutical Industry

Data integrity has become a hot topic in the pharmaceutical industry and rightly so. Our industry needs to adhere to ethics of the highest order, and we deal with a lot of data being generated every day.

Data integrity is a concept which has been prevalent right from the time when the requirements of Good Manufacturing Practices (GMP) and the pharmaceutical quality system came into existence. So, it is not a new concept or a new requirement. In fact, GMP compliance cannot happen unless data integrity is ensured at all levels in an organization. In the last few years, it has become more relevant than ever before due to the findings during audit and inspections conducted by the FDA and EU. The latest trend indicates that data integrity is one of the major concerns of GMP violations in many firms in different geographies.

Why is data integrity so important? Simply because all these data are the basis of maintaining the quality, safety and, efficacy of a product, as many critical decisions are taken based on the data generated in real-time.

Let me share some situations for better understanding:

1)    A person has the authority to review and then approve a document electronically and the person is on leave. Someone else has access to his account and logs in through his account to approve the document.

2)    A duplicate copy of a signed certificate of analysis of an API is found as scrap in a dust bin of a quality control lab.

3)    Date, time and signature of the person recording the endpoint of a unit operation, while manufacturing of a batch is missing in the BMR and there has been overwriting of date and time at many places.

4)    There is a mismatch between the data recorded in the logbook and results reported in the computer system.

All the above examples will lead to cGMP violations concerning data integrity. The data integrity violations may occur due to systemic, cultural or operational issues. Hence it is paramount for any firm to first introspectively identify the risk within an organisation and then design a robust system to mitigate it. In my view, data integrity primarily demands cultural alignment to two of the most important requirements – 1) being truthful and transparent 2) tracking and capturing details in real time, as and when it happened. 

There are many guidelines concerning data integrity issued by different health authorities. Most of these guidelines requires firms to develop a robust quality system that ensures that any breach or deliberate attempt to manipulate data is recorded and reported. The guidelines state that all data should be legible, attributable, complete, consistent, contemporaneously recorded, accurate and, original (ALCOA+). Huge emphasis is on security and reliability of data. Another important aspect is that it must be stored properly for the desired period so that it is easily retrieved during audits or inspections. 

Data can be in the form of hard copy such as paper-based or electronic form. Sometimes a hybrid system exists where data is managed in both paper-based and electronic form.  Various guidelines are in place to ensure the data integrity of both the above forms. For example, an audit trail for managing all electronic data is a must as per the US rules outlined in the Code of Federal Register (21 CFR part 11). Electronic signatures and record-keeping requirements have also been highlighted in the rule. So, a defined system for entry, access, retrieval and storage of data is of utmost importance. 

Some suggested measures to design a quality system to achieve the required goals and objectives are listed below. It is not an all-inclusive list but captures critical aspects.

1)    Developing an open and transparent culture that is driven by quality with the direct involvement of top management executives. Quality should be everyone’s business. The culture of any firm should encourage the reporting of deviations rather than hiding it. For any reported deviations, corrective and preventive actions should be documented transparently.

2)    Writing the SOPs or manuals effectively to ensure correct understanding by the end-user.

3)    Training is extremely essential and periodic evaluations are must to check the validity that the imparted training is purposeful and useful. Similarly, conducting appropriate validation of process or electronic systems, wherever applicable, is mandate.

4)    Ensuring good security measures such that different levels of authorization are well-defined for handling electronic or paper-based data. For example, having a system of an access control to an authorized person for entry and review of data, including authorization of changes to data. Regular reviews of IT systems and transaction logs by authorized person is required.

5)    Having a defined system for retention of data during life cycle management till the specified retention time and then the disposition of data at the end of the retention period. A good archival or back up system without any duplication of data and protection of data from accidental damage are important aspects to be considered while designing a system.

6)    Having a self-inspection team with a clear understanding of data integrity requirements to conduct internal audits is essentially required.

In current times, when a firm has many partners like contract clinical site, contract manufacturers or contract laboratories, it is the outsourcing firm’s responsibility to design the quality system in a manner that will ensure the controls for ensuring data integrity. Quality agreements or service level agreements should capture relevant aspects with defined responsibility of all partners involved. Thorough due diligence and constant monitoring of partner site activities will ensure that the data generated are valid and reliable.

To the best of my knowledge, many firms have taken data integrity issues seriously and have already sprung into action. Specialized internal investigation teams, who are primarily responsible for a detailed review of data concerning research, analytical, manufacturing, root cause analysis, deviations, CAPAs, logbooks, raw data, system SOPs, computer data and other such critical data generated throughout the lifecycle of a product, have been formed. Many opt for inviting external auditors (third-party) to get unbiased feedback since this is highly recommended and appreciated by regulators and health authorities. Many large firms are working towards having electronic quality management system (EQMS) to ensure control at enterprise level to maintain quality compliance as per requirements of FDA, EMEA and other health authorities.

The pharmaceutical industry has realized that compliance to data integrity not only ensures a good reputation but at the same time also makes good business sense since it saves on the extensive cost of remediation for being compliant.

I would conclude my blog by suggesting a simple work ethic - “Do as you say and say as you do”.

That’s the least we can do as pharma professionals working in an industry that demands a high adherence to ethical principles. See you soon with my next blog on continuous manufacturing!!