One of the primary regulatory bodies that today has become almost a standard for Data Integrity issues in the pharmaceutical industry is the US Food & Drug Administration (FDA) which, in recent years, has made a significant number of observations on non-compliance with Good Manufacturing Practices (GMP) related to Data Integrity and Data Governance.
Milestones related to these observations included the constant inspections carried out from 2013 to 2014. These served as a fundamental component for the development, in 2016, of the first draft of the FDA guidance "Data Integrity and Compliance with cGMP," which was followed by the WHO "Guidance on Good Data and Record Management Practices," and the MHRA draft "MHRA GxP Data Integrity Definitions and Guidance for Industry." The latter proposed a revision of data integrity from a more global perspective with the inclusion of all Good Practice Standards (Laboratory, Distribution, Clinical and Pharmacovigilance). Following in the timeline is the publication of the GAMP Guide "Records and Data Integrity Guidance" by ISPE (International Society for Pharmaceutical Engineering, 2017), as well as the FDA's definitive guidance in 2018 "Data Integrity and Compliance with Drug cGMP. Questions and Answers. Guidance for Industry," which remains a reference to this day.
The constant updating of regulations and the lack of knowledge of the activities that guarantee data integrity is a constant problem in the pharmaceutical industry in all countries, giving rise to regulatory gaps such as:
- Poor documentation practices.
- Compromising the maintenance and availability of records throughout the data life cycle.
- Falsification of test data.
- Repeating execution of tests until the expected compliance is achieved by omitting out-of-specification data.
Knowing the guidelines and regulations applicable to Data Integrity, as well as a correct interpretation to meet the requirements of the leading Ministries of Health on these issues, has become a constant challenge for all countries, especially for countries in Central and South America (Mexico, Colombia, Chile, Ecuador, Peru, Argentina, Paraguay, among others), who have been forced to gradually adopt the guidelines and international publications related to Data Governance and Data Integrity to achieve maximum compliance and thus ensure product quality, data integrity, and above all patient safety.
One of the key points for the generation/evolution of a Document System towards Data Governance is to understand what Data Integrity is.
According to the FDA, Data Integrity is defined as the security of data (paper or electronic) from a regulatory and best practices point of view. One might ask, “But how do I ensure that my data are secure?” The answer is, by complying with the ALCOA+ attributes, which are:
- Attributable: To be uniquely identified through the questions "Who? When? What? And Why?
- Legible: Readable and clearly traceable, as well as ensuring their permanence.
- Contemporary: That they are recorded during their creation.
- Original: That there is traceability between the first generation and subsequent data.
- Accurate: That the data are correct, valid, truthful and reliable.
While the "plus" or "+" refers to the following principles:
- Complete: That data and metadata are included to recreate any event.
- Consistent: That the data are in the correct sequence of the executed process.
- Durable: That they remain intact during the entire retention period.
- Accessible: That they are available for consulting.
In other words, Data Integrity is a necessity within the Quality System to be implemented under the concept of Data Governance, which allows the establishment of a series of processes based on activities of Continuous Monitoring, System Validation, ALCOA+ Metrics, Data Life Cycle and Data Integrity Fundamentals.
One of the areas of greatest interest is the Quality Control Laboratory, since this is where analytical and microbiological controls are performed on samples taken during the manufacturing process, as well as on the inputs used for the final product before its release. This is reflected in a constant request for information generated based on Data Integrity compliance.
But what does Data Integrity compliance look like in the lab? How do I identify that a record (paper and electronic) is ALCOA+ compliant? Some key points are described below:
a. In particular, laboratory data is attributable when the laboratory technician manually records his/her signature, initials and date in the record (paper), or electronically, when the laboratory technician enters his/her ID and password and the computer system records the activities performed within its logs, thus tracing the user ID, date and electronic signature (if applicable) to the generated record.
b. The data is legible, in paper format, when the records are made based on the Good Documentation Practices thus ensuring the durability of the data, for example, when a correction is made in which the original data is visible even after canceling, signing and dating it and even justifying the correction and writing the correct data. On the other hand, in electronic format, the data will be readable when the man-data interface is easy to interpret, it is impossible to delete the data, and the system generates some kind of versioning for each change made or when there is a complete Audit Trail that traces all the modifications to the data.
c. The paper data is contemporaneous when the laboratories record it manually at the moment it is generated, while, in electronic form, the computerized system stores the history (metadata) of the data in real time.
d. The data is original when, after the manual recording of some data, there is a second verification by another person or when the corrections are made according to good documentation practices. In a computerized system, the originality of the record is given when the versioning or Audit Trail is active or complete and a backup copy is created automatically or manually, as well as its verification.
e. Finally, the data will be accurate when the printing or writing of the output records is performed and through the safeguarding of original documents that support the information.
What about the "+"?
f. The data will be complete, for example, when we have all the digital backups generated by the system when decommissioning a computerized system. It will be consistent when it follows a logical sequence of operations, for example, drafting, review and approval. The data will be durable and accessible when, during the time of validity and once archived, it is easy to consult and complies with its retention time.
Whether the records are in paper or electronic form, it is of utmost importance to comply with ALCOA+ requirements, thereby ensuring Data Governance and Data Integrity as required by regulatory agencies. Complying with these requirements represents a great challenge for the pharmaceutical industry since, in most cases, there is no clear approach to implement a Quality System focused on Data Governance. Understanding and applying the guidelines related to these topics is a constant undertaking for the pharmaceutical industry, as well as for experts (SMEs) inside and outside organizations, which will undoubtedly put companies that manage to adopt them at the forefront.