PIC/S Draft Guidance on Data Integrity

On 30-Nov-2018 PIC/S published the third draft of guidance PI 041-1 “Good Practices for Data Management and Data Integrity in regulated GMP/GDP Environments“. The first draft was published back in 2016, and the third draft is subject to a focused stakeholder consultation seeking substantive comments from trade and professional associations on specific questions relating to the proportionality, clarity and implementation of the guidance requirements. In parallel to this stakeholder consultation, the new draft is applied by PIC/S Participating Authorities on a trial basis for a new implementation trial period (3 months).

In short, you can expect inspectors to have reviewed and be reviewing against this. Do your gap analysis now and have plans in place to address the gaps. Yes, there will be a little while before this is finally published, but at this point this guidance neatly triangulates with other guidances on data integrity and we can expect most of this to be in the final version.

This document is a great place to start and can be used to develop whole sections of the quality management system. I find it very actionable. For example this table from 9.5 “Data capture/entry for computerised systems”:

pics data capture part 1pics data capture part 2

 

 

Building relationships is critical for tackling complexity

If we want to address the complex problem situations that the world is facing, being a smart systems thinker and innovator is not enough. We need to engage in new ways of collaborating that promote continuous, productive and collective learning and innovation. These collaborations require us to learn social skills, build social structures, and adopt attitudes of openness to learning, trust and responsibility, however hard it is to let go of the behaviours and structures that hold us back.

Mieke van der Bijl “Why being smart is not enough — the social skills and structures of tackling complexity

Good article on problem-solving and complexity that is very sympathetic with Donella Meadows Leverage Points. This article and my recent post on creativity are both coming from similar points by stressing many of the same solutions to solving problems.

I liked the discussion on creating the right organization structures to allow problem-solving to happen. As someone who is very worried that can contribute to laying the bricks in Kafka’s castle and the bars in Weber’s Iron Cage, I am always striving to push for better ways of working, of creating structures that both amplify freedom and responsibility, that drive for innovation. Applying basic principles is pretty important to ensure we build for now and the future.

Prominent Doctors Aren’t Disclosing Their Industry Ties in Medical Journal Studies. And Journals Are Doing Little to Enforce Their Rules

Prominent Doctors Aren’t Disclosing Their Industry Ties in Medical Journal Studies. And Journals Are Doing Little to Enforce Their Rules
— Read on www.propublica.org/article/prominent-doctors-industry-ties-disclosures-medical-journal-studies/amp

People need to realize the only way to truly build trust is through transparency. If there is nothing to hide, don’t hide it.

Creative teams

The secret to unlocking creativity is not to look for more creative people, but to unlock more creativity from the people who already work for you. The same body of creativity research that finds no distinct “creative personality” is incredibly consistent about what leads to creative work, and they are all things you can implement within your team. Here’s what you need to do:

Greg Satell “Set the Conditions for Anyone on Your Team to Be Creative”  05Dec2018 Harvard Business Review

In this great article Greg Satell lays out what an organization that drives creativity looks like. Facilitating creativity is crucial for continuous improvement and thus a fundamental part of a culture of quality. So let’s break it down.

Cultivate Expertise

In order to build expertise our organizations need to be apply to provide deliberate practice: identify the components of a skill, offer coaching, and encourage employees to work on weak areas.

Bring knowledge management to bear to ensure the knowledge behind a skill has been appropriately captured and published. To do this you need to identify who the expert performers currently are.

It is crucial when thinking about deliberate practice to recognize that this is not shallow work, those tasks we can do in our sleep. Unlike chess or weight-lifting you really do not get anything from the 100th validation protocol or batch record reviewed. For work to be of value for deliberate practice it needs to stretch us, to go a little further than before, and give the opportunity for reflection.

Geoff Colvin in Talent is Overrated gave six traits for deliberate practice:

  • It’s designed to improve performance. “The essence of deliberate practice is continually stretching an individual just beyond his or her current abilities. That may sound obvious, but most of us don’t do it in the activities we think of as practice.”
  • It’s repeated a lot. “High repetition is the most important difference between deliberate practice of a task and performing the task for real, when it counts.”
  • Feedback on results is continuously available. “You may think that your rehearsal of a job interview was flawless, but your opinion isn’t what counts.”
  • It’s highly demanding mentally. “Deliberate practice is above all an effort of focus and concentration. That is what makes it ‘deliberate,’ as distinct from the mindless playing of scales or hitting of tennis balls that most people engage in.”
  • It’s hard. “Doing things we know how to do well is enjoyable, and that’s exactly the opposite of what deliberate practice demands.”
  • It requires (good) goals. “The best performers set goals that are not about the outcome but rather about the process of reaching the outcome.”

Encourage Exploration

The Innovators DNA by Dyer, Gregersen, and Christensen state that creativity is a function of five key behaviours

  • Associating: drawing connections between questions, problems, or ideas from unrelated fields
  • Questioning: posing queries that challenge common wisdom
  • Observing: scrutinizing the behavior of customers, suppliers, and competitors to identify new ways of doing things
  • Networking: meeting people with different ideas and perspectives
  • Experimenting: constructing interactive experiences and provoking unorthodox responses to see what insights emerge

Exploration can be seen as observing outside your sphere of knowledge, networking and experimenting.

Empower with Technology

Sure, I guess. Call me a luddite but I still think a big wall, lots of post-its, markers and some string work fine for me.

Reward Persistance

Remember this, we are always in this for the long haul. I think remembering the twelve levers can help give perspective.

A list of Pharmaceutical Regulatory Requirements for Data Integrity

A compilation of regulatory requirements in pharmaceuticals for data requirements.

SourceReferenceContent
EMAEMA Guideline on GCP compliance in relation to trial master fileA certified copy is a paper or electronic copy of the original record that has been verified (e.g. by a dated signature) or has been generated through a validated process to produce a copy having the exact content and meaning of the original.
EMA/CHMP/ICH Tripartite GCPGuideline for good clinical practice E6(R2)Source Data: All information in original records and certified copies of original records of clinical findings, observations, or other activities in a clinical trial necessary for the reconstruction and evaluation of the trial. Source data are contained in source documents (original records or certified copies).
EMA/CHMP/ICH Tripartite GCPGuideline for good clinical practice E6(R2)Source Documents: Original documents, data, and records (e.g. hospital records, clinical and office charts, laboratory notes, memoranda, subjects’ diaries or evaluation checklists, pharmacy dispensing records, recorded data from automated instruments, copies or transcriptions certified after verification as being accurate copies, microfiches, photographic negatives, microfilm or magnetic media, x-rays, subject files, and records kept at the pharmacy, at the laboratories and at medico-technical departments involved in the clinical trial).

Certified Copy: A copy (irrespective of the type of media used) of the original record that has been verified (i.e., by a dated signature or by generation through a validated process) to have the same information, including data that describe the context, content, and structure, as the original.

When a copy is used to replace an original document (e.g., source documents, CRF), the copy should fulfill the requirements for certified copies.

EudraLexAnnex 11Audit Trails

Consideration should be given, based on a risk assessment, to building into the system the creation of a record of all GMP-relevant changes and deletions (a system generated “audit trail”). For change or deletion of GMP-relevant data the reason should be documented. Audit trails need to be available and convertible to a generally intelligible form and regularly reviewed.

EudraLexChapter 4Generation and Control of Documentation

All types of document should be defined and adhered to. The requirements apply equally to all forms of document media types. Complex systems need to be understood, well documented, validated, and adequate controls should be in place. Many documents (instructions and/or records) may exist in hybrid forms, i.e. some elements as electronic and others as paper based.

EudraLexChapter 4Records: Provide evidence of various actions taken to demonstrate compliance with instructions, e.g. activities, events, investigations, and in the case of manufactured batches a history of each batch of product, including its distribution. Records include the raw data which is used to generate other records. For electronic records regulated users should define which data are to be used as raw data. At least, all data on which quality decisions are based should be defined as raw data
OECDGLP No 1Section 2.3 item 7. Raw data means all original test facility records and documentation, or verified copies thereof, which are the result of the original observations and activities in a study. Raw data also may include, for example, photographs, microfilm or microfiche copies, computer readable media, dictated observations, recorded data from automated instruments, or any other data storage medium that has been recognized as capable of providing secure storage of information for a time period as stated in section 10, below. (Section 10 not reproduced here.)
OECDGLP No 17Data (raw data): Data (raw data) may be defined as measurable or descriptive attribute of a physical entity, process or event. The GLP Principles define

raw data as all laboratory records and documentation, including data directly entered into a computer through an automatic instrument interface, which are the results of primary observations and activities in a study and which are necessary for the reconstruction and evaluation of the report of that study.

Data (derived data): Derived data depend on raw data and can be reconstructed from raw data (e.g., final concentrations as calculated by a spreadsheet relying on raw data, result tables as summarized by a LIMS, etc.).

OECDGLP No 173.4. Audit trails

An audit trail provides documentary evidence of activities that have affected the content or meaning of a record at a specific time point. Audit trails need to be available and convertible to a human readable form. Depending on the system, log files may be considered (or may be considered in addition, to an audit trailing system) to meet this requirement. Any change to electronic records must not obscure the original entry and be time and date stamped and traceable to the person who made the change.

Audit trail for a computerised system should be enabled, appropriately configured and reflect the roles and responsibilities of study personnel. The ability to make modifications to the audit trail settings should be restricted to authorised personnel. Any personnel involved in a study (e.g. study directors, heads of analytical departments, analysts, etc.) should not be authorised to change audit trail settings.

PIC/SPI 041-1 (Draft

2)

Complete: All information that would be critical to recreating an event is important when trying to understand the event. The level of detail required for an information set to be considered complete would depend on the criticality of the information…A complete record of data generated electronically includes relevant metadata.
PIC/SPI 041-1 (Draft

2)

Many electronic records are important to retain in their dynamic (electronic) format, to enable interaction with the data. Data must be retained in a dynamic form where this is critical to its integrity or later verification.
PIC/SPI 041-1 (Draft

2)

The original record can be described as the first-capture of information, whether recorded on paper (static) or electronically (usually dynamic, depending on the complexity of the system).

Information that is originally captured in a dynamic state should remain available in that state.

UK MHRA‘GXP’ Data Integrity Guidance and Definitions6.2. Raw data (synonymous with “source data” which is defined in ICH GCP)

Raw data is defined as the original record (data) which can be described as the first-capture of information, whether recorded on paper or electronically. Information that is originally captured in a dynamic state should remain available in that state.

Raw data must permit full reconstruction of the activities. Where this has been captured in a dynamic state and generated electronically, paper copies cannot be considered as ‘raw data’…. In all definitions, the term ‘data’ includes raw data.

UK MHRA‘GXP’ Data Integrity Guidance and DefinitionsA static record format, such as a paper or electronic record, is one that is fixed and allows little or no interaction between the user and the record content. For example, once printed or converted to static electronic format chromatography records lose the capability of being reprocessed or enabling more detailed viewing of baselines.

Records in dynamic format, such as electronic records, allow an interactive relationship between the user and the record content. For example, electronic records in database formats allow the user to track, trend and query data; chromatography records maintained as electronic records allow the user or reviewer (with appropriate access permissions) to reprocess the data and expand the baseline to view the integration more clearly.

Where it is not practical or feasibly possible to retain the original copy of source data, (e.g. MRI scans, where the source machine is not under the study sponsor’s control and the operator can only provide summary statistics) the risks and mitigation should be documented.

UK MHRA‘GXP’ Data Integrity Guidance and Definitions6.11.1      Original record

The first or source capture of data or information e.g. original paper record of manual observation or electronic raw data file from a computerised system, and all subsequent data required to fully reconstruct the conduct of the GXP activity. Original records can be Static or Dynamic.

6.11.2      True copy

A copy (irrespective of the type of media used) of the original record that has been verified (i.e. by a dated signature or by generation through a validated process) to have the same information, including data that describe the context, content, and structure, as the original.

A true copy may be stored in a different electronic file format to the original record if required, but must retain the metadata and audit trail required to ensure that the full meaning of the data are kept and its history may be reconstructed.

Original records and true copies must preserve the integrity of the record. True copies of original records may be retained in place of the original record (e.g. scan of a paper record), if a documented system is in place to verify and record the integrity of the copy. Organisations should consider any risk associated with the destruction of original records.

It should be possible to create a true copy of electronic data, including relevant metadata, for the purposes of review, backup and archival. Accurate and complete copies for certification of the copy should include the meaning of the data (e.g. date formats, context, layout, electronic signatures and authorisations) and the full GXP audit trail. Consideration should be given to the dynamic functionality of a ‘true copy’ throughout the retention period (see ‘archive’).

Data must be retained in a dynamic form where this is critical to its integrity or later verification. If the computerized system cannot be maintained e.g., if it is no longer supported, then records should be archived according to a documented archiving strategy prior to decommissioning the computerized system. It is conceivable for some data generated by electronic means to be retained in an acceptable paper or electronic format, where it can be justified that a static record maintains the integrity of the original data. However, the data retention process must be shown to include verified copies of all raw data, metadata, relevant audit trail and result files, any variable software/system configuration settings specific to each record, and all data processing runs (including methods and audit trails) necessary for reconstruction of a given raw data set. It would also require a documented means to verify that the printed records were an accurate representation. To enable a GXP compliant record this approach is likely to be demanding in its administration.

UK MHRA‘GXP’ Data Integrity Guidance and Definitions4.3 Hybrid

Where hybrid systems are used, it should be clearly documented what constitutes the whole data set and all records that are defined by the data set should be reviewed and retained. Hybrid systems should be designed to ensure they meet the desired objective.

UK MHRA‘GXP’ Data Integrity Guidance and DefinitionsThe audit trail is a form of metadata containing information associated with actions that relate to the creation, modification or deletion of GXP records. An audit trail provides for secure recording of life-cycle details such as creation, additions, deletions or alterations of information in a record, either paper or electronic, without obscuring or overwriting the original record. An audit trail facilitates the reconstruction of the history of such events relating to the record regardless of its medium, including the “who, what, when and why” of the action.
US FDA21 CFR Part

211.194 (a)

 

Laboratory records shall include complete data derived from all tests necessary to assure compliance with established specifications and standards, including examinations and assays
US FDA21 CFR Part

211.188

Batch production and control records shall be prepared for each batch of drug product produced and shall include complete information relating to the production and control of each batch.
US FDA21 CFR Part

211.68(b)

Hard copy or alternative systems, such as duplicates, tapes, or microfilm, designed to assure that backup data are exact and complete and that it is secure from alteration, inadvertent erasures, or loss shall be maintained.
US FDA21 CFR Part

58.3(k)

Raw data means any laboratory worksheets, records, memoranda, notes, or exact copies thereof, that are the result of original observations and activities of a nonclinical laboratory study and are necessary for the reconstruction and evaluation of the report of that study.
US FDA21 CFR Part

58.3

Raw data means all original nonclinical laboratory study records and documentation or exact copies that maintain the original intent and meaning and are made according to the person’s certified copy procedures.

Raw data includes any laboratory worksheets, correspondence, notes, and other documentation (regardless of capture medium) that are the result of original observations and activities of a nonclinical laboratory study and are necessary for the reconstruction and evaluation of the report of that study.

Raw data also includes the signed and dated pathology report.

US FDA21 CFR Part 211.180(d)Records required under this part may be retained either as original records or as true copies such as photocopies, microfilm, microfiche, or other accurate reproductions of the original records. Where reduction techniques, such as microfilming, are used, suitable reader and photocopying equipment shall be readily available.
US FDAData Integrity and Compliance with CGMP Guidance for

Industry (draft)

Electronic copies can be used as true copies of paper or electronic records, provided the copies preserve the content and meaning of the original data, which includes associated metadata and the static or dynamic nature of the original records.

True copies of dynamic electronic records may be made and maintained in the format of the original records or in a compatible format, provided that the content and meaning of the original records are preserved and that a suitable reader and copying equipment (for example, software and hardware, including media readers) are readily available.

US FDAData Integrity and Compliance with CGMP Guidance for

Industry (draft)

What is an “audit trail”?

For purposes of this guidance, audit trail means a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. An audit trail is a chronology of the “who, what, when, and why” of a record.

For example, the audit trail for a high performance liquid chromatography (HPLC) run could include the user name, date/time of the run, the integration parameters used, and details of a reprocessing, if any, including change justification for the reprocessing.

Electronic audit trails include those that track creation, modification, or deletion of data (such as processing parameters and results) and those that track actions at the record or system level (such as attempts to access the system or rename or delete a file).

CGMP-compliant record-keeping practices prevent data from being lost or obscured (see §§ 211.160(a), 211.194, and 212.110(b)). Electronic record-keeping systems, which include audit trails, can fulfill these CGMP requirements.

US FDAData Integrity and Compliance with CGMP Guidance for IndustryFor the purposes of this guidance, static is used to indicate a fixed-data document such as a paper record or an electronic image, and dynamic means that the record format allows interaction between the user and the record content. For example, a dynamic chromatographic record may allow the user to change the baseline and reprocess chromatographic data so that the resulting peaks may appear smaller or larger. It also may allow the user to modify formulas or entries in a spreadsheet used to compute test results or other information such as calculated yield.
WHOTRS No. 996

Annex 5

Data means all original records and true copies of original records, including source data and metadata and all subsequent transformations and reports of these data, which are generated or recorded at the time of the GXP activity and allow full and complete reconstruction and evaluation of the GXP activity. Data should be accurately recorded by permanent means at the time of the activity. Data may be contained in paper records (such as worksheets and logbooks), electronic records and audit trails, photographs, microfilm or microfiche, audio- or video-files or any other media whereby information related to GXP activities is recorded.
WHOTRS No. 996

Annex 5

Dynamic record format.

Records in dynamic format, such as electronic records, that allow for an interactive relationship between the user and the record content. For example, electronic records in database formats allow the user to track, trend and query data; chromatography records maintained as electronic records allow the

user (with proper access permissions) to reprocess the data and expand the baseline to view the integration more clearly.

Static record format.

A static record format, such as a paper or pdf record, is one that is fixed and allows little or no interaction between the user and the record content. For example, once printed or converted to static pdfs, chromatography records lose the capability of being reprocessed or enabling more detailed viewing of baselines.

WHOTRS No. 996

Annex 5

The use of hybrid systems is discouraged, but where legacy systems are awaiting replacement, mitigating controls should be in place…

A hybrid approach might exceptionally be used to sign electronic records when the system lacks features for electronic signatures, provided adequate security can be maintained…

Replacement of hybrid systems should be a priority.

Materials Receipt Controls

Significantly, your firm failed to perform identification testing for all incoming glycerin lots to verify identity and determine whether diethylene glycol (DEG) or ethylene glycol (EG) was present. Because you did not test each lot and container of glycerin using the USP identification test that detects these hazardous impurities, you failed to ensure the acceptability of component lots used in drug product manufacture. DEG contamination in pharmaceutical products has caused lethal poisoning incidents in humans worldwide.

 FDA Warning Letter of 02-Nov-2018 to Product Packaging West, Inc.

First of all, ouch. This brings to mind an old investigation that drew a lot of attention a few years back. It involved a tanker truck and a hurricane, but still, lots of memories.

This Warning Letter brings to mind questions about receipt of materials. So here are some top level thoughts.

Choosing tests should be a risk based approach evaluating what the material is, what it is used for, supplier qualification level and history of test results. A critical raw material with custom chemistry from a supplier that has had issues is a different matter than an off-the-shelf component that hasn’t had a problem in 10 years. But there always should some basic identity testing, especially if that is listed in an pharmacopeia. This should be done through a formal process, with periodic review.

Have a process in place for delivery of material to ensure that each container or grouping of containers of material are examined visually for correct labeling (including correlation between the name used by the supplier and the in-house name/code, if these are different), container damage, broken seals, and evidence of tampering or contamination. A good in-coming receipt inspection includes:

  • Each lot within a shipment of material or components is assigned a distinctive code and an unique internal number so material or component can be traced through manufacturing and distribution
  • A check to guarantee the origin of materials from approved manufacturers and approved distributors
  • Start inspection with visual examination of each shipping container for appropriate labelling, signs of damage, or contamination
  • Use a predefined checklist for inspection

Incoming material should be quarantined prior to approval for use. I recommend a separate quarantine area for incoming versus material segregated for investigations or issues.

Supplier qualification deserves a post of it’s own.

Validation, Disposition and Change Control

A colleague asks “How do you manage changes and disposition when doing lon-term validation or specification setting in multiple markets?”

Process map for change control, validation, regulatory and disposition

Perhaps it is a cleaning validation, or a major process change, or a new filter or raw material. You need to be able to disposition product against a change control to some markets but not all.

It is important to realize that changes become effective at multiple times. Looking back on the post “Changes become Effective” we are managing after change-in-use where the regulatory approval is not being simultaneously gated and product will be sent to market on a case-by-case basis.

The change control contains a corresponding regulatory assessment with required variations for all impacted markets, and a disposition strategy aligned with validation activities. With action items (e.g. work, tasks) in the change control for ongoing evaluation of lots impacted by study.

That disposition strategy might include evaluation of data vs acceptance criteria for each lot via checklist (or other tool) included in disposition packet; or an evaluation of data through change control task and disposition references change control. They are pretty similar in results and it more ends up being a record management preference.

High level match between regulatory and inventory