Dr Chris Burgess, Chairman of the ECA Analytical Quality Control Group
Dr Markus Dathe, F. Hoffmann-La Roche AG, Basel, Switzerland
Dr Bob McDowall, Member of the ECA IT Compliance Interest Group
The involvement of Quality Assurance in ensuring data integrity in GMP regulated laboratories is discussed in both the PIC/S and WHO guidance documents. However, turning guidance document recommendations into practice can be difficult, especially if members of QA are not familiar with the topics covered in these guides. This two day, interactive workshop-based course is intended to fill this gap in the training spectrum. After an introduction covering the scope and regulatory requirements of quality oversight for GMP regulated laboratories there are presentations, discussions and workshops on the main topics of the course:
Understanding process and record risk by using
data process mapping
Controlling master templates and blank forms
Raising and handling data integrity concerns
Data integrity audits
Data integrity investigations
The workshop material is based on case studies so that attendees can work with real world examples and gain experience that they can take back to their own organisations.
Data integrity is a major topic in the pharmaceutical industry and organisations supporting it such as contrast research and manufacturing organisations. The regulatory focus has been in Quality Control and Analytical Development laboratories working to GMP especially since 2012 with the updated FDA Compliance Programme Guide 7346.832 for Pre-Approval Inspections. This guide has as objective 3 the data integrity audit. Therefore, it is important that Quality Assurance be aware of the FDA approach as well as ensuring that laboratory activities are under control, compliant and ensure data integrity.
- Managers and staff from Quality Control and Analytical Development Laboratories of pharmaceutical companies
- Contract Research Organisation and Contract
- Manufacturing Organisation laboratory personnel
- Quality Assurance staff involved in reviewing
- laboratory data or performing data integrity audits
- Auditors (internal and external) responsible for
- performing self-inspections or external audits and needing to understand and assess data integrity
Introduction to the Course
Regulatory Guidance for Data Integrity Quality Oversight
- What will be covered in the course
- Introduction to the teaching team
- Roles of Quality Assurance and Quality Control defined and discussed
Knowing and Managing Data Integrity Risk
- Review of data integrity guidances: PIC/S, WHO, EMA, MHRA, GAMP Guide for quality assurance role in data integrity and data governance
- Building a framework for quality oversight for DI in a GMP analytical laboratory within the QMS
- How culture can impact data integrity
- Identifying key QA roles in the Data Integrity programme
Role of Quality Assurance in Control of Master Templates and Blank Forms
- Data Process Mapping for Paper and Computerised Processes
- Identifying risk to records and mitigating them
- Overview of regulatory guidance for blank forms – 1993 to date
- Process flows for master templates and blank form use
- Identifying the QA role in the process
- Look at alternative options from paper
Data Process Mapping
Raising Data Integrity Concerns
- Review of data process maps for paper and hybrid process
- Identification of record and data integrity risks
- Proposals for risk mitigation
- Course feedback and discussion
- Process for handling concerns outlined
- Confidentiality of the people and process
- How to handle whistle blowers
Handling Data Integrity Concerns; a Case Study
- How should a concern be raised and to whom?
- How will the matter be kept confidential?
- Generating a high-level scope and action plan
Recap of Day 1 and Introduction to Day 2
Overview of Data Integrity Audits and Investigations
- Regulatory guidance
- Approaches for DI audits – computer system
- inventories, paper processes and critical data identified
- Preventing overlap with computer system periodic reviews
- Dealing with data integrity violations: the DI investigation
From a list of processes and systems attendees will identify the priority order of processes and systems to be audited
From the priority, the audit schedule will be developed
Frequency of DI audit of critical systems and paper processes
- Identifying Data Integrity Audit Priority and Frequency
Developing the Data Integrity Audit Coverage
- Scope of the data integrity audit
- What will you audit?
- How will you audit a computerised system v a paper process?
A data integrity violation has been found during a data integrity audit and an investigation is to be launched
In a facilitated discussion, the course will define the scope and boundaries of the investigation
- Data Integrity Investigation – Determining the Scope
Data Integrity Investigation – Findings, Root Cause and CAPAs
- A list of findings from the investigation will be given and attendees must determine if they are poor data management errors or falsification
- Identification of the root cause
- What are the CAPAs: immediate fixes and long-term remediation actions?
Key Learning Points
Post Conference Workshop Audit Trail Review for Laboratory Systems
Why Is An Audit Trail and Its Review Important?
When is an Audit Trail not an Audit Trail?
- Part 11 and Annex 11 / Chapter 4 requirements for audit trail
- Regulatory requirements for audit trail review
- Guidance documents for audit trail review
- Do I really need an audit trail?
- Static data and dynamic data impacts on audit trail functionality
Workshop 1: Which Audit Trail to Review?
- What do we look for in an application for auditing?
- Pros and cons for event logs and audit logs?
- Audit trail(s)?
- Part 11 compliant system – does this help data integrity?
Attendees will be presented with an overview of the audit trails within an application and the content of each one. Which audit trails should be reviewed and when in the
context of the work performed by the laboratory data system?
What are GMP-relevant Data?
Workshop 2: Identifying GMP-relevant Data
- Annex 11 requires that audit trails monitor GMP-relevant data – what are GMP relevant data?
- What are critical data?
Attendees will be presented with a list of records to identify if they are GMP records and how critical they are to help focus the second person review of audit trail data.
Review of Audit Trail Entries
Workshop 3: Reviewing Audit Trail Entries
- What are we looking for in an audit trail review?
- Process versus system: avoiding missing data integrity issues
- Regulatory requirement is “frequent review” of audit trails
- What do we need to validate and what to check?
- Suspected data integrity violation - What do we need to do?
Attendees will be provided with the output of an audit trail to review and see if any potential issues are identified for further investigation.
Controls to Aid Second Person Review of Audit Trails
- Procedural controls for data review
- Technical considerations for audit trail review e.g.
- Identifying data that has been changed or modified – how the system can help
- Documenting the audit trail review has occurred
- Review by exception – how technical controls can help
- Have you specified and validated these functions?