Expert Details How to Prepare for Data Integrity Portion of Inspection
With the FDA stepping up scrutiny of data integrity during facility inspections, drugmakers must be ready to answer tough questions about their electronic record system, an inspections expert said.
The agency’s new focus in this area stems from a recent surge in findings of multiple data integrity violations at international manufacturers and suppliers. Common questions the FDA will ask on data integrity during an inspection include:
- Where are the current and historical lists of who is authorized to access the system and enter/change data?
- Are there written procedures for system and software validation, data collection and backups?
- How are system and software changes controlled and does the company keep consistent records of any changes?
- How are scans of paper records treated?
- Is original data entered directly into an electronic record at the time of collection or are data transcribed from paper records into an electronic record? and
- How is data transmitted from the manufacturer to its suppliers?
These aren’t detailed IT-type questions, but manufacturers need to have records that show the investigator how it is done, John Avellanet, managing director and principal at the consulting firm Cerulean Associates, told a recent FDAnews webinar on the topic.
For example, the standard operating procedure (SOP) should explicitly point out if the data is transcribed or entered directly into the electronic record, Avellanet said. In addition, an SOP needs to lay out what controls are in place to ensure that the data is accurately entered or transmitted to a supplier or business partner.
Examples of controls include whether the data is in an encrypted format, or the company verifies the record to ensure it is the correct size. All of those controls need to be documented and updated on an annual basis, Avellanet said.
An investigator will also determine if the company is in compliance with 21 CFR Part 11 if it keeps electronic records. Part 11 lays out the federal regulations for electronic records and signatures.
The investigator will at a minimum look to see if a company has a plan for achieving full compliance with Part 11 and is making progress on that plan, Avellanet said. Any electronic records must be readable, suitable for review and made available to the investigator.
Agency officials have also urged manufacturers to include data integrity when they audit suppliers. Poor data integrity controls are a sure-fire trigger for Form 483s, Avellanet added.
Stay up to date with the latest FDA news regarding inspections by subscribing to FDAnews Inspection Insider today!