When it comes to data integrity: What are the current regulatory expectations? How do you ensure the reliability of your suppliers? Do you understand the impact of culture on your organisation? Today I shall provide you with insights into the discussions on data integrity from the recent ISPE European Annual Meeting. More than 600 industry experts and 30 regulators met for discussions from 19 – 21 March 2018 in Rome.
Over the last few weeks I have summed up the highlights from the Pharma 4.0 (LOGFILE 16/2018) and Annex 1 sessions (LOGFILE 18/2018). This text (and many more) was also published in my live reporting from the conference on Linkedin (#gmppublishing).
Hopefully you shall have done your homework when the inspector knocks on your door. Ib Alstrup from the Danish Medicine Agency gave an overview of agency requirements for data integrity. This is also a hot topic for many participants at this event.
Batch recording without validated record systems is a critical point for Ib Alstrup. These days, hand-written batch records are history and are only used at small companies (see Figure 1).
Figure 1: Batch record – paper record versus prints from computer systems
Password, access control, authentication were further topics of the presentation. Especially the use, strength and confidentiality of passwords were discussed.
Some criteria for audit trails are: recorded in true time, non-deactivatable, non-editable, printing possibility, availability of electronic copies, readable, understandable, reviewable, review procedure should exist, ...
Alstrup demonstrated vast knowledge of the topic of data integrity and did not focus solely on electronic aspects. He also showed that hand-pritten documentation is a great source for data integrity failures and observations in inspections.
And no, he has no problems with cloud solutions if they fulfil all the requirements.
This is the credo of Danilo Neri, PQE Group. As a supplier for the pharma industry he is part of the system, he stated. Is the question behind that statement: Are suppliers also part of the increasing problems?
Neri began his presentation with the needs for data integrity and the clarification need for regulators. The requirements have already been in the GMP regulations - nothing really new. Nevertheless, regulators published a significant number of documents on the data integrity topic.
There is a “huge amount of different suppliers acting within the various stages of the pharmaceutical life cycle”. The goals are patient safety and product quality, but the basis is a reliable GxP compliance and also reliable records. If this is not the case we will miss the fundamental principles.
Figure 2: Key measures to meet regulatory expectations for service providers
In conclusion, Neri saw the need for implementing a strict data governance system with reviews and monitoring (see Figure 2). The supplier management and auditing procedures have to address this data integrity coverage. Did you already include this in your supplier audits?
“Do you understand the impact of culture on your organisation?” asked Nuala Calan, Lachman Consultant Services. ”Culture and behaviour have a great impact in reducing your data integrity risks.”
The MHRA states in its regulation: ”The impact of organisational culture, the behaviour driven by performance indicators, objectives and senior management behaviour on the success of data governance measures shouldn’t be underestimated.”
A Deloitte study says that 82% of the respondents believe that culture is a potential competitive advantage, but only 19% of them believe they have the right culture! Heavy pressure on the employees leads to data falsification!
The Cultural Excellence Report from ISPE includes a toolset to get more commitment to this topic. Quality is everybody’s business. Nala Calan referenced to Deming, Juran, etc. - and compliance is the minimum.
MHRA inspections show a huge amount of improvement when focusing on data integrity (DI) findings in the pharmaceutical industry. David Churchward made a great update on DI aspects from a regulatory view.
DI effectively covers all GMP aspects and compliance. And compliance is affected by whether the organisation is willing and whether the organisation is able to comply!
Churchward sees three types of non-compliance:
He described the set of regulatory strategies to react to these types, e.g., increase of penalties, or likelihood of detection (see Figure 3). And one of the reactions is the publication of the MHRA GxP Data Integrity Guide.
Figure 3: Regulatory strategies for ensuring DI compliance
This presentation was filled with a wealth of information, tips and recommendations for the attendees. Well done! I like regulators with tremendous expertise.
The integrity of records and data was the focus of the presentation of the GAMP® Records and Data Integrity Guide. Sion Wyn, Conformity Ltd., showed the structure and some insights into the guide. He pointed out that the guide is an independent document, but that it is aligned to the GAMP® guide.
The document includes practical approaches to key data integrity concepts. Wyn selected some interesting points such as culture and leadership, interfaces, tools, checklists, and examples. A move away from the traditional “culture of compliance” towards a “culture of excellence” is crucial for him.
Interfaces were also a topic he pointed out. Interfaces are a well-known area for data integrity deficiencies. Data cross various boundaries and interfaces throughout their lifetime. The group integrated the identified potential risk. Readers can learn from their experience. One important question is, for example, the ownership of interfaces - who is the owner, including when it comes to inconsistencies?
Tools, checklists, and examples will be greatly beneficial; some examples are DI Gemba checklist, process and data mapping checklist, DI requirement checklist, requirements issues/defects checklist, example of a data classification system, data integrity verification questions for system assessment.
The short presentation gave a rough overview and did not focus on details. It would have been good to see the content of such a ”checklist”. You must buy the document to find out, if it is worth the money.
“Data integrity is a major and global concern!” said Lorella Chiappinelli, AIFA, from the PIC/S Data Integrity Working Group. Data integrity has always been a topic in inspections, but it was not so common to bring all this together to form a bigger picture as “data integrity deficiency”. Now regulators are responding to this development.
PIC/S plays a strong role in harmonising the global regulatory authorities. For this reason PIC/S will publish a Data Integrity Guide and an Aide Memoire to support the regulatory initiatives. Also, training materials will be developed and inspector training shall support the implementation.
The PIC/S Draft Guidance PI 041-1 (draft version 2) was published in August 2016. Chiappinelli reported that the draft version 3 will be published hopefully in April and will open for public consultation (comment: to date, 4 June 2018, the draft 3 has not yet been published). An aide memoire for inspectors has been completed, but the document will only be available for regulators.
At the end Chiappinelli emphasised the importance of senior management commitment and behaviour. We are looking forward to reading the new draft soon. We shall keep you informed.
Ib Alstrup, Danish Medicines Agency: Data Integrity - Regulatory Expectations, ISPE European Annual Meeting 2018, Rome
Danilo Neri, PQE Group: Ensuring Data Integrity for Your GxP Suppliers, ISPE European Annual Meeting 2018, Rome
Nuala Calnan, Lachman Consultant Services: Implementing an Effective Data Integrity Maturity Model, ISPE European Annual Meeting 2018, Rome
David Churchward, MHRA: Data Integrity: Regulatory Update, ISPE European Annual Meeting 2018, Rome
Lorella Chiappinelli, AIFA: PIC/S Data Integrity Working Group Update, ISPE European Annual Meeting 2018, Rome
Thomas Peither, Live reporting from the conference on Linkedin (#gmppublishing)
Maas & Peither AG - GMP Publishing