Draft Guidance Looks to Set Record Straight on Basics of Data Integrity

In response to a slew of warning letters regarding data integrity issues, the FDA is addressing questions on the matter that have come up in recent inspections.

The 18 questions and their answers come in the form of draft guidance unveiled April 14 that covers a range of topics, including access to computers holding GMP data, how the validation process works, how often audits should be conducted and what data FDA inspectors are allowed to access.

After outlining some basic concepts, such as the gold standard for data integrity — that is, complete, consistent and accurate data that is attributable and certifiable — the document touches on the basic parameters of data preservation. It notes that companies should not mistake GMP data backup for normal computer system backups.

It also stresses that the backup should be “maintained securely,” include associated metadata and either be in the original file format or in a compatible one to ensure investigator access.

The draft also emphasized the importance of controlling access to GMP data, to ensure unauthorized personnel don’t alter the record — for example, limiting system permissions to the system administrator or an equivalent position. The agency also suggests that companies maintain a list of those able to alter GMP data.

Avoiding shared log-in usernames/passwords can also go a long way in protecting data and ensuring that the person responsible for altering the data can be identified easily, which the regulations require.

For blank forms and other hard-copy records, the agency recommends that companies employ document control methods to ensure accuracy and completeness. As an example, it notes that bound notebooks stamped for official use would visibly show evidence of tampering or missing pages. Similarly, the FDA notes that recording data on paper only to be discarded after transcription is unacceptable.

Audit Trails

When it comes to establishing a digital record of all interactions with data — referred to as an “audit trail” — the guidance says that the agency expects those records to be secure, computer-generated and time-stamped to permit “reconstruction of the course of events relating to the creation, modification or deletion of an electronic record.”

Additionally, the guidance recommends that audit trails logging changes to critical data “be reviewed with each record and before final approval of the record.”

Another issue the document raised was testing into compliance, wherein companies test to achieve a specific result or overcome negative results. The agency emphasized that such conduct is prohibited, and warned that the use of actual samples in testing, prep or equilibration as a means of disguising the practice would be treated as a violation.

The agency also noted that any reports of data tampering “must be fully investigated” under the GMP quality regime, rather than handled informally outside the documented system.

Lastly, the document suggests that companies validate the workflow for systems — not just the systems themselves, to ensure compliance.”

The draft guidance applies to manufacturers of products overseen by both CDER and CBER.

Read the draft here: www.fdanews.com/04-14-16-DataIntegrity.pdf. — Cameron Ayers

$1,045 $845


Subscribe to Drug GMP Report NOW and save $200 off the regular one-year price of $1,045 — plus receive a FREE copy of our webinar CD, GAMP Classification for Pharma Equipment and Software Systems — a $287 value!

Key Benefits

LINKS TO KEY DOCUMENTS — You get links to key documents that support DGR's articles such as draft and final guidances, Form 483s, warning letters, proposed rules, closeout letters and much more.

FDANEWS DRUG DAILY BULLETIN — This daily email alert brings you targeted FDA regulatory, legislative and business news briefs in the pharmaceutical and biologics industries.

ONLINE ACCESS — Consider our newsletter archive your personal library! Search your current issue — and hundreds of past issues — by keyword and relevancy.