Facilities Must Prep for FDA’s Data Integrity Questions

With the FDA stepping up scrutiny of data integrity during facility inspections, drugmakers must be ready to answer tough questions about their electronic record system, an inspections expert said.

The agency’s new focus in this area stems from a recent surge in findings of multiple data integrity violations at international manufacturers and suppliers. Common questions the FDA will ask about data integrity during an inspection include:

• Where are the current and historical lists of who is authorized to access the system and enter/change data?
• Are there written procedures for system and software validation, data collection and backups?
• How are system and software changes controlled and does the company keep consistent records of any changes?
• How are scans of paper records treated?
• Is original data entered directly into an electronic record at the time of collection or are data transcribed from paper records into an electronic record?
• How is data transmitted from the manufacturer to its suppliers?

These are no detailed IT-type questions, but manufacturers need to have records that show the investigator how it is done, John Avellanet, managing director and principal at the consulting firm Cerulean Associates, told a recent FDAnews webinar on the topic.

For example, the standard operating procedure should explicitly point out if the data is transcribed or entered directly into the electronic record, Avellanet said. In addition, an SOP needs to lay out what controls are in place to ensure that the data is accurately entered or transmitted to a supplier or business partner.

Examples of controls include whether the data is in an encrypted format or the company verifies the record to ensure it is the correct size. All of those controls need to be documented and updated on an annual basis, Avellanet said.

If a company keeps electronic records, the investigator will also determine if it is in compliance with 21 CFR Part 11, which lays out the federal regulations for electronic records and signatures.

At a minimum, the investigator will look to see if a company has a plan for achieving full compliance with Part 11 and is making progress on that plan, Avellanet said. Any electronic records must be readable, suitable for review and made available to the investigator.

FDA officials have also urged manufacturers to include data integrity when they audit suppliers. Poor data integrity controls are a sure-fire trigger for Form 483s, Avellanet said

Stay up to date with data integrity stories like this one by subscribing to Drug GMP Report.For over 20 years, drug manufacturers have relied on DGR for the latest on FDA’s interpretation and enforcement of cGMPs and the Quality Systems Regulation — information you need to stay in compliance.