What is data integrity?
“Data integrity” is a long-standing concept, first introduced in 1938 in the “Federal Food, Drug, and Cosmetic (FDC) Act.” However, in the digital age, its importance has greatly increased. By 2018, more than 65% of FDA warning letters featured data integrity issues, a sign of rising regulatory attention1,2. As this can be seen with the US example, data integrity remains a central issue for any organization that interacts with regulators because of its cross-departmental nature.
Data must be recorded exactly as intended and must remain the same as when it was originally recorded. The accuracy and validity of data must be maintained during its entire life cycle.
What is data management?
Bioprocessing customers have rigid requirements to manage and export data electronically in a computerized system. Data management encompasses data integrity, data collection and retention, saving of the data into a network, paperless lab procedures, and the use of active directory servers.
For whom is data integrity important?
Data integrity is critical for any organization that interacts with regulators like the FDA, MHRA or EMA. This includes healthcare firms, bioprocessing companies, medical device organizations, clinical research organizations, and several other FDA-regulated industries such as food and beverage manufacturers, as these organizations need to be compliant with data integrity regulations.
Why is data integrity important?
Data integrity helps ensure reliability of instrument usage, data accuracy, traceability, and compliance as per regulatory requirements. Compliance with data integrity helps to ensure the trustworthiness and reliability of electronic records. Even during process development, compliance to data integrity policies offers great benefits for a company by making technology transfer and scale-up to GMP easier. “For our customers, it is critical to know that their results are reliable, can be easily accessed, and cannot be altered,” explains Shweta Nair, Senior Product Manager at Advanced Instruments. “In addition to data integrity, what is important is data management, namely the ability to acquire the data, store it and retrieve that data easily when needed. This is the flexibility we provide with Advanced Instruments’ products.”
What are the consequences of missing compliance with data integrity policies?
Collecting inaccurate or “bad” data could have serious consequences for a company, such as the loss of an entire batch, delays in product development cycles, major auditing issues, and even fines. “The whole life cycle can be delayed,” says Nair. “This means loss of time and money.” The highest risks, when not working in a compliant manner, lie in import bans, product recalls, or even the closing of production plants.
Which are the most important regulatory policies?
In the US, the underlying premise in §§ 210.1 and 212.2 is that CGMP sets forth minimum requirements to assure that drugs meet the standards of the Federal Food, Drug, and Cosmetic Act (FD&C Act) regarding safety, identity, strength, quality, and purity. The requirements with respect to data integrity in 21 CFR part 211 and 21 CFR part 212 include, among other things:
- §§ 211.68 (requiring that “backup data are exact and complete,” and “secure from 49 alteration, inadvertent erasures, or loss”);
- §§ 212.110 (requiring that data be “stored to prevent deterioration or loss”);
- §§ 211.100 and 211.160 (requiring that certain activities be “documented at the time of performance” and that laboratory controls be “scientifically sound”);
- §§ 211.180 (requiring that records be retained as “original records,” “true copies,” or other “accurate reproductions of the original records”); and
- §§ 211.188, 211.194, and 212.60(g) (requiring “complete information,” “complete data derived from all tests,” “complete record of all data,” and “complete records of all tests performed”).
Electronic signature and record-keeping requirements are laid out in 21 CFR part 11 and apply to certain records subject to records requirements set forth in Agency regulations, including parts 21 CFR part 210, 21 CFR part 211, and 21 CFR part 212. For more information, see guidance for industry 21 CFR Part 11, Electronic Records; Electronic Signatures — Scope and Application3. The guidance outlines the FDA’s current thinking regarding the narrow scope and application of 21 CFR part 11 pending FDA’s reexamination of 21 CFR part 11 as it applies to all FDA-regulated products.
EudraLex Vol. 4 Annex 11 (EudraLex rules governing medicinal products in the EU, Volume 4, GMP, medicinal products for human and veterinary use) offers a detailed guide to the areas of compliance that need documentation.
Both documents cover the same topic: the use of computerized systems in regulated activities. However, the approach of 21 CFR Part 11 is to make clear the requirements to be met in order to conform to regulations. In contrast, the approach of EudraLex Vol. 4 Annex 11 is to make clear how to conform to its rules.
Another significant difference is the approach to risk management. EudraLex Vol. 4 Annex 11 points to risk assessment as the start of compliance activities. 21 CFR Part 11 differentiates security for open and closed systems, with extra security measures for open systems but without reference to risk or criticality.
Labs are also often asked to comply with various Pharmacopeia guidelines, such as USP chapter 785, European Pharmacopeia, and others. These guidelines regulate the qualifications of osmometers (Installation Qualification/Operational Qualification), operation and calibration of osmometers, the types of osmolality instruments, and the results reporting.
Why is it important for osmometers to have data management and data integrity features?
Osmolality testing is a key process parameter in the pharma and bioprocessing industries. Therefore, the reliability, consistency, and accuracy of osmolality data is crucial throughout the bioprocessing workflow. When using technology in a GMP environment it is important to maintain data integrity using the following characteristics4:
- Attributability of data to a specific subject and identification of the users of the device
- Legibility of data and inability to alter actual osmolality values/results
- Real-time recording of data with indication of date and time
- Original, retrievable, and identifiable data
- Accuracy of data, documented amendments and audit trails identifying who altered the data, why it was altered, and when
- Data Security
Are Advanced Instruments osmometers compliant with 21 CFR part 11 and EudraLex Vol 4. Annex 11?
Advanced Instruments osmometers could help customers meet the strict data integrity requirements as they include features such as:
- Electronic signature
- Data protection
- Flexible data import/export from Network and USB
- Requirement of user login for testing and system configuration
- Management of user access with active directory (LDAP) with the option to track user log in and log out on the audit trail
- Use of bi-directional control to remotely lock and unlock the instrument to further strengthen user security
- Three levels of user access
- Comprehensive audit trail of all instrument events (no users can delete data)
These data features are flexible to meet the growing needs of organizations and also help GMP organizations meet these restrictions and regulations. Moreover, the data management features support integration into a company’s system and allow the company to optimize the review of their data as they streamline their processes.
The OsmoTECH® PRO and OsmoTECH® XT are compliant with 21 CFR Part 11, EudraLex Vol. 4 Annex 11, and Pharmacopeia requirements. However, it is the responsibility of the end-user to implement the necessary controls in their laboratory to effectively achieve the compliance requirements. “From the data integrity perspective, Advanced Instruments is constantly on top of changes to the regulatory requirements. Our engineers work closely with our customers to ensure that any software capabilities or features that are required are quickly implemented and rolled out. Our customers truly appreciate how engaged and proactive we are about data integrity. In addition, the close connection we maintain with our customers through our service engineers and salespeople helps us collect and quickly respond to customer feedback,” says Nair.