Print this page" /> Print this page" />
The FDA links data integrity to the CGMP data life cycle, including creation, modification, processing, maintenance, archival, retrieval, transmission and disposition of data after the record’s retention period ends. The FDA recommends the use of system design and controls to simplify the detection of errors, omissions and aberrant results.
The term metadata has a broader meaning to encompass even nonelectronic data. The FDA defines metadata as “the contextual information required to understand data.” Therefore, metadata includes units (such as milligram), a date/time stamp, user ID, instrument ID, material status data, the material identification number and audit trails.
The term audit trail is defined as a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification or deletion of an electronic record. The Final Guidance states that if the review frequency for the data is specified in CGMP regulations, then the frequency for the audit trail review should be the same. For example, since 211.188(b) requires review after each significant step in manufacture, processing, packing or holding, and 211.22 requires data review before batch release, the audit trails must be reviewed for each batch before that batch can be released for distribution.
Regarding invalidation of CGMP results and exclusion, the Final Guidance states, as expected, that invalidating test results to exclude them from quality unit decisions about conformance to a specification requires a valid, documented, scientifically sound justification. However, even if test results are legitimately invalidated on the basis of a scientifically sound investigation, the full CGMP batch record provided to the quality unit must include the original (invalidated) data, along with the investigation report that justifies invalidating the result. Similarly, it is not acceptable to only save the final results from reprocessed laboratory chromatography.
The Final Guidance states that access to CGMP computer systems should be restricted to authorized personnel, and that the system administrator role, including any rights to alter files and settings, should be assigned to personnel independent from those responsible for the record content. Likewise, shared login accounts for computer systems are not recommended, because shared logins make it hard to attribute data to a specific individual.
Regarding the use of blank forms, the Final Guidance states document controls must be in place to ensure quality. As such, the quality unit or other document control method should control the blank forms. Further, numbered sets of blank forms may be issued as appropriate, but all forms should be reconciled upon completion of all issued forms. Incomplete or erroneous forms should be kept as part of the permanent record along with written justification for their replacement.
The Final Guidance provides that records become a CGMP record when they are generated to satisfy a CGMP requirement. Therefore, the pieces of paper on which data are recorded cannot be discarded after the data are transcribed to a permanent laboratory. Similarly, storing electronic records in a manner that allows for manipulation without creating a permanent record is not acceptable.
The Final Guidance makes clear that the FDA prohibits manufacturers from sampling and testing with the goal of achieving a specific result or to overcome an unacceptable result (e.g., testing different samples until the desired passing result is obtained). If an actual sample is to be used for system suitability testing, it should be a properly characterized secondary standard, written procedures should be established and followed, and the sample should be from a different batch than the sample(s) being tested.
The Final Guidance stresses the training of personnel in preventing and detecting data integrity issues as part of a routine CGMP training program. Should an employee provide an internal tip or information regarding a quality issue, such as potential data falsification, a company should not handle it informally outside of the documented CGMP quality system. Instead, any data integrity problems should be remediated by formal investigation to determine the scope and root causes, conducting a scientifically sound risk assessment of the potential effects, and implementing a management strategy, including a global corrective action plan that addresses the root causes. Finally, FDA invites individuals to reach out to the FDA to report suspected data integrity issues that may affect the safety, identity, strength, quality or purity of drug products.
If you have any questions about this Alert, please contact Frederick R. Ball, Carolyn A. Alenci, Moreshwar (Moru) B. Vaze, Ph.D, any of the attorneys in our Life Sciences Industry Group or the attorney in the firm with whom you are regularly in contact.
Disclaimer: This Alert has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm's full disclaimer.
