Dr Wolfgang Schumacher, formerly F. Hoffmann-La Roche Ltd.
Dr Arno Terhechte, Bezirksregierung Münster
Data Integrity Master Class
EU GMP Requirements: Chapter 4, Annex 11
Guidance Documents Overview (state of the art): GMDP Inspectors WG, Data Integrity Q&A, (PIC/S Good Practices for Data Management and Integrity in regulated GMP/GDP Environments), WHO, Annex 5 Guidance on Good Data and Record Management Practices, MHRA GxP Data Integrity Definitions and Guidance for Industry
FDA, Data Integrity and Compliance with cGMP
“These Guides are not intended to impose additional regulatory burden upon regulated entities”. Is This correct?: Data Governance, Dynamic Data
Data Integrity in the pharmaceutical quality system
Which PQS elements need to be added or updated?
The Data Integrity Program: Priorities (immediate/short/mid-term), Capacity, Timing
Data Integrity in paper documentation
GMP requirements for good documentation practice
Application to paper documents
Common problems from FDA 483 observations and warning letters and how to avoid them
Data flow analysis
Objective and purpose
Electronic data flow
Complete data flow
Identification of possible weaknesses
Metrics for Data Integrity
Metrics in the context of a corporate data integrity programme
Suggested metrics in the assessment phase
Suggested metrics in the operational phase
Preparing your company for an Data Integrity inspection
How to present the DI status and future approach?
Training program coverage
Experience from FDA inspections – Hot Buttons
Basis for Inspections: “PIC/S Good Practices for Data Management and Integrity in regulated GMP/GDP Environments”
Data Integrity Assessment during Inspection: Quality Control, Manufacturing
Second Person Review
Regulatory and guidance document requirements for the second person review
Role of the second person review
Scope of the second person review
Documenting the review for paper, hybrid and electronic systems
Facilitated discussion on Second Person review
Purpose and requirements
TAI, UTC, time zone, legal time, local time, system time
ntp - network time protocol
Time management concept
Software Suppliers Responsibility for Data Integrity Compliance
Regulatory requirements for software systems:
procedural and technical
Role of software suppliers
Regulations push vs market needs pull
Implementing technical requirements for software: architecture, database and application
Marketing literature versus marketing bullshit
Control of Master Templates and Blank Forms
Why is control of master templates and blank forms important?
Regulatory requirements from FDA, MHRA, WHO, EMA and PIC/S
Devising and controlling the master template
Operational use of the blank forms
Do you really want to work this way?
Risk-based approach for manufacturing and laboratory audit trail review
Regulatory requirements and expectations for audit trail review
Is the application adequate for audit trail review?
Application of a risk based approach to audit trail review
Workshop on Audit Trail Review Vulnerability of Records
What is record vulnerability?
Protection and security of electronic records requirements
What can go wrong? Scope of misfortunes that can impact records
Assessment of record vulnerability and implementation of control measures
Workshop on Vulnerability of Records
QA oversight for data integrity
Data integrity training
Enforce data flows
Audit of external organisations
Cyber security measures to assure data integrity
Cyber security reality and concerns
Possible security weaknesses
Designing robust IT and automation infrastructures
Data governance vs. IT governance
Elements of a data governance
Embedding data governance into the PQS
Data integrity audit results of a contract laboratory
Case study Data Migration - Production
Migration of complex data collections
Migration of a large collection of similar data
Design of the migration process
Risk-based elaboration of the verification strategy
Options for Long Term Data Retention of Laboratory Data
Proprietary v open standards for laboratory data
Options for long term retention:
Keep original system
Data Integrity Investigations
What are data integrity investigations?
Human and technical triggers for DI investigations
Who should investigate the problem?
Process description and how to document a DI investigation
Should we inform regulatory authorities?
Workshop on Data Integrity Investigations
Key Learning Points and Final Discussion
Audit Trail Review
Why Is An Audit Trail and Its Review Important?
Part 11 and Annex 11 / Chapter 4 requirements for audit trail
Regulatory requirements for audit trail review
Guidance documents for audit trail review
Do I really need an audit trail?
What is in a Name?
What do we look for in an application for auditing?
Pros and cons for event logs and audit logs?
Which audit trail(s) should I review?
Workshop 1: Which Audit Trail to Review?
What are GMP-Relevant Data?
Annex 11 requires that audit trails monitor GMP-relevant data – what are GMP relevant data?
Workshop 2: Identifying GMP Relevant Data
Review of Audit Trail Entries
Guidance for frequent is “frequent review” of audit trails
Process versus system: avoiding missing data integrity issues when only focussing on a per system review
What are we looking for in an audit review?
Suspected data integrity violation - What do we need to do?
Workshop 3: Reviewing Audit Trail Entries
Technical Controls to Aid Second Person Review of Audit Trails
Technical considerations for audit trail review e.g.
Identifying data that has been changed or modified – how the system can help
Documenting the audit trail review has occurred
Review by exception – how technical controls can help