28/29 January 2020
Data integrity has always been an issue during inspections. However, it wasn't customary to caption every deficiency in relation to data integrity as such. EU GMP contain many requirements related to data integrity. Therefore, it can be said initially that this issue isn't a new one, but more of an "old wine in a new bottle".
In Europe, the topic became a new cult object due to the MHRA guideline "GMP Data Integrity Definitions and Guidance for Industry". In March 2015, a final version without annotation by other agencies or the industry was published. While the guideline provides useful information in some areas, it is severely lacking in others. Various other guidelines surfaced within very short time, and some of them still have draft status. Most notably amongst them are:
In the long run, the document PIC/S PI041 for inspectors especially is of crucial importance and could be used for inspections focused on data integrity.
Taking a look at the lists of deficiencies in inspection reports, a good 70-80% of the deficiencies could be put under the headline data integrity. Insofar it should be stated that there is no new group of deficiencies, however the subject hadn't been captioned with data integrity until recently.
There is no legal definition for the term data integrity in the GMP environment so far, nor in the EU-GMP guideline, resp. Annex 11. Annex 11 mentions the term at some points, but it does not define it. However, the meaning of the term can be read solely from the reference in Annex 11: "Risk management should be performed throughout the whole life cycle of a computerised system in consideration of patient safety, data integrity and product quality." This names data integrity in in close relation to patient safety and product quality.
Meanwhile, the published guidelines partially contain definitions that are quite useful for the GMP environment. In die MHRA Guidance, for example: "The extent to which all data are complete, consistent and accurate throughout the data lifecycle"
This definition was adapted in other guidelines like the document draft PIC/S PI 041 or ISPE/GAMP Guide Records and Data integrity and hits the core of the meaning pretty well.
Looking at some crucial points that ensure data integrity, it quickly becomes clear that this is not a new element of inspection. This includes the following inspection tools:
These points have always been part of the inspection's agenda.
Taking a look at inspections and inspection results by GMP agencies outside of Germany, especially the US FDA, for example, it can frequently be seen that in inspections of third countries, the deficiencies relating to data integrity especially were the ones leading to GMP Non-Compliance. May it be through deliberate or undeliberate procedures at the company in question.
Subsequently in can be said that data integrity is not only an IT topic; it includes all areas of the documentation. The requirement that every change to a document has to be initialled and dated and that the original information has to stay legible despite all changes, is of essential importance for paper documentation as well as electronic documentation. For electronic documents, this should basically be implemented through validated audit trail functionality. Many companies are still struggling with this, particularly as there aren't any acceptable systems available, sometimes.
Source: Klaus Feuerhelm, Local Authority Baden-Württemberg, Germany