Data Integrity - Requirements for a GMP-compliant Data Life Cycle

Programme

• Summary of falsification observed by FDA and EU inspectors 2005 – to date
• FDAISA act 2012 and October 2014 Guidance for Industry and the impact on inspections
• Inspection of computerised systems is changing: from paper to on-line
• MHRA expectation for data governance; data Integrity guidance documents 2016
• FDA Level 2 guidance on data integrity: 2010 and 2014 postings
• Impact of WHO guidance for data integrity

• The ALCOA+ criteria for data Integrity
• Data life cycle in the process workflow – Managing controls
• Paper versus hybrid versus electronic Systems
• Validation of computerised systems for data Integrity controls
• Scope: production information versus laboratory data: why are laboratory data higher risk?

• Recording results on paper
• Configuration of software applications
• Unique user identities for all users
• Unauthorised Access
• Appropriate access privileges for each user role
• Is my chromatographic system ready? Role of “test” injections
• Audit trails – options for older Systems
• Manual chromatographic Integration
• Standalone versus network Systems
• Protecting electronic records of standalone systems

• EU GMP Chapter 4 – documentation
• EU GMP Annex 11 computerised Systems
• Data integrity definitions
• Difference between paper and electronic Systems

• Working in teams, attendees will analyse an FDA warning letters to propose controls to prevent them from occurring
• Group discussion of regulatory concerns identified

• Lab System
• QA System
• Manufacturing System

• Why complete data and raw data are important for understanding data Integrity
• EU GMP Chapter 4 requirements for raw data
• 21 CFR 211 requirements for laboratory records: complete data
• FDA Level 2 guidance: paper versus e-records
• Complete data & raw data example

• Within a PQS, what is the scope of a data governance system?
• Who are involved?
• What are their roles?

• Scope of data integrity Training
• What cover in the training?
• Checking training effectiveness
• Integrating data integrity training with GMP training

• Role of Senior, Production and Department Management in ensuring data integrity within an organisation and ist suppliers
• Data governance within a Quality System
• Failures to address poor data integrity practices and no training

• Access Control
• Archiving
• Technology constraints

• GMP requirements for good documentation practice
• Application to paper documents
• Common problems from FDA 483 observations and warning letters and how to avoid them

• Using a checklist based on the data integrity criteria, attendees will assess a system for data integrity

• Problems with spreadsheets
• Good Practice for using spreadsheets in a regulatedenvironment
• Building data integrity features into a spreadsheet

• Separation of roles and responsibilities between IT and the Business
• Documentation of the configuration of an application e.g. audit trail, user types and access privileges
• User account management: the dos and don’ts
• User identities must be unique
• Regular review of each system users and privileges

• Regulatory requirements for software systems: procedural and technical
• Role of software suppliers
• Regulations push v market needs pull
• Implementing technical requirements for software: architecture, database and application
• Marketing literature versus marketing bullshit

• IT facilities, environmental controls and physical security
• Qualified IT infrastructure and validated IT Systems
• Backup and recovery / Change Control
• IT support including database Administration
• Impact of IT infrastructure on data integrity

• Approaches to ensuring data integrity of your suppliers
• Role of technical agreements and audits

• Summary of Data Integrity Requirements and Key Learning Points
• Final Discussions and close of the course