Data Integrity and the ICH Q7 Guidance - Part I

The ICH Q7 guideline [1] has been existing since 2000 and was amended in 2015 with a Questions and Answers document [2] supporting a clear interpretation and modernizing the guideline. ICH Q7 was unique at its time because it included in a holistic and comprehensive way the modern elements of quality assurance and quality management: for example risk control, computer system validation and integrated quality approaches. The Q&A document officially adapted the ICH Q9 [3] and Q10 [4] risk-based approaches and clearly integrated Q7 in the ICH Pharma Quality System (PQS). ICH Q7 anticipates major elements of Data Integrity (DI), even though it was created just before Data Integrity became a major topic in the pharmaceutical industry.

The question we want to explore is whether Data Integrity is a completely new approach or just a different perspective on already existing GMP requirements as those arising from ICH Q7.

Data Integrity can be described as "the opposite of data corruption, which is a form of data loss. … In short, data integrity aims to prevent unintentional changes to information." And "Data integrity refers to maintaining and assuring the accuracy and consistency of data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes, or retrieves data." [5]

In general, Data Integrity elements are categorized by

• Physical Integrity (e.g. safety, security, durability) 
• Logical Integrity (e.g. context, plausibility)
• Scientific Integrity (e.g. correctness, accuracy)

It is important to understand that Data Integrity is not Data Quality, even though it is one of the elements and a prerequisite to it. Using data, we collect information which is aggregated to knowledge; if we use wrong data, we may use wrong information to conclude wrong things. This can be a threat to patients at the end.

Data Integrity requirements and measures can be divided into the following facts: 

• Organizational 
• Technical 
• Records/Documents/Data

If you compare these Data Integrity elements with Q7, represented by the chapters where organizational elements are marked yellow, system and process relevant green, and the records/documents/data are labelled blue:

It is quite interesting, how much alignment between Data Integrity and the Q7 elements are to be found. Furthermore, ICH Q7 is one of the first examples for a systematic quality risk management. In particular, it can be seen as an application of pragmatic risk categorization determined by the distance to the patient and the influence on the quality of the (medicinal) product. A principle, which is nowadays the standard for many DI guidelines (compared to e.g. FDA's and MHRA's guidelines) which are using the concepts of direct and indirect data (direct influence on patient safety and product quality or not), adding complexity as a risk criterium via the static and dynamic (interactive) data.

References:

[1] ICH Q7 Good manufacturing practice for active pharmaceutical ingredients - Scientific guideline, 200
[2] ICH guideline Q7 on good manufacturing practice for active pharmaceutical ingredients - questions and answers, 2015
[3] ICH guideline Q9 on quality risk management, 2005
[4] ICH guideline Q10 on pharmaceutical quality system, 2008
[5] Wikipedia: Data Integrity, https://en.wikipedia.org/wiki/Data_integrity, called on 10-Oct-2023