Data Integrity Thoughts

At the MHRA Blog, a GDP Inspector has posted some thoughts on Data Integrity. As always, it is valuable to read what an agency, or a representative, of an agency in this case, is thinking.

The post starts with a very good point, that I think needs to be continually reiterated. Data Integrity is not new, it is just an evolution of the best practices.

Data Integrity

It is good to see a focus on data integrity from this perspective. Too often we see a focus on the GCP and GMP side, so bringing distribution into the discussion should remind everyone that:

  • Data Integrity oversight and governance is inclusive of;
    • All aspects of the product lifecycle
    • All aspects of the GxP regulated data lifecycle, which begins at the time of creation to the point of use and extends throughout its storage (retention), archival, retrieval, and eventual disposal.

Posts like this should also remind folks that data integrity is still an evolving topic, and we should expect more guidance from the agencies from this in the near future. Make sure you are keeping data integrity in your sites and have a process in place to evaluate and improve.

I recommend starting at the beginning, analyzing the health of your current program and doing a SWOT.

data integrity SWOT




Quality Metrics – Not Dead yet

Pink Sheet has an update this week on the FDA’s Quality Metrics initiative – US FDA Quality Metrics Initiative Continues Moving Forward … Quietly.

This is behind a firewall so may not be viewable by all.

The major takeaways were:

  1. The initiative is still happening
  2. the FDA wants to remind companies why they are doing this in the first place
  3. They are starting a pilot real “soon” now

These metrics have been a hard sell within Pharma. I’ll be curious what steps the FDA will be taking to rebrand the effort.

Interoperability of Data

Thomas Peither on GMP Logfile in “Industry 4.0 – Inspiration for the Pharmaceutical Industry?” summarizes discussions from the ISPE European Annual Meeting 2018.

There is a lot to unpack in the concept of Industry 4.0. The topic on my mind is data interoperability.

“We identified a struggle with the lack of harmonised and consistent information flows in the industry”, said Volker Roeder

I think this is an understanding that a lot of us, especially from bigger companies that grew from acquisitions and mergers, are grappling with. Decisions made 15+ years ago in the ERP (for example) now has widespread impacts as we start aligning and integrating other systems. It is difficult to align the MES, CMMS, ERP, LIMS and QMS if they all think of master-data differently. Its even harder when one branch of the business deals with master data differently than another branch, but both branches are in the same system.

I don’t have a magic bullet. I just think this is an area that will make Industry 4.0 a great deal more challenging than many of its proponents advocate. And it is becoming a bigger part of my professional life.

Read the article, it is well worth the 10 minutes spent.

Communication of Changes between sites

Yesterday, the FDA finalized the ICH Q7 Q&A Guidance on GMPs following its endorsement by the regulatory agencies participating in the ICH in June 2015.

Two-and-a-half-years. And I sometimes wonder why the ICHs aren’t more broadly adopted or why some of my colleagues are a little pessimistic about their impact on this industry

However, re-reading these questions and answers gave me a good topic.

QA on Q7 change management

With complex and virtual supply chains, with world wide distribution, it is important to understand who needs to be communicated about what changes.

This communication should be evaluated for it’s directionality. It helps to break down your types of changes and determine what are:

  • Consult – those changes where the other site needs to provide an assessment. For example, if a change impacts testing that is conducted at another site, or it impacts the way the next site will receive the material (don’t forget ERP changes). These communications are always push.
  • Inform – the other site needs to be aware but will not need to take any action. A great example of this notifying the QP.

Include your suppliers in this process as well, and ensure your suppliers are also appropriately communicating. Include this in your quality/technical agreements or contract terms.

Data Integrity in the quality system

Data integrity has been, for the last few years, one of the hot topics of regulatory agency inspections for the last few years, one that it has often been noticed seems to be, at times, a popular umbrella for a wide variety of related topics (that usually have a variety of root causes).

Data Integrity is an interesting grab bag because it involves both paper and electronic data. While some of the principles overlap, it sometimes can seem nebulous, Luckily, the MHRA recently published a final guidance on GXP Data Integrity that ties together several threads. This is a great reference document that lays out some key principles:

  1. Organizational culture should drive ALCOA
  2. Data governance is part of the management review process
  3. Data Risk Assessments with appropriate mitigations (full risk management approach)

I love the snarky comment about ALCOA+. More guidances should be this snarky.

The FDA so far this year has been issuing warning letters and 483s in more traditional GMP areas, such as testing and validation. It will be curious if this lessening of focus in a subtle shift in inspection, or just the result of the sites inspected. Either way, building data integrity into your quality systems is a good thing.

Processes and tools for the prevention, detection, analysis, reporting, tracking and remediation of noncompliance to data integrity principles should be integrated into the Quality Management System to:

  • Prevention of data integrity issues through governance, training, organizational controls, processes, systems underlying and supporting data integrity.
  • Detection of data integrity issues through leveraging existing Quality Systems, tools and personnel.
  • Remediation of data integrity issues through leveraging existing Quality Systems that identify and track implementation of corrective/preventive action(s).

Some ways to integrate includes:

  • Data integrity training for all employees
  • Include as an aspect of audits and self-inspections
  • Controls in place to ensure good documentation practices
  • good validation practices
  • Computer system lifecycle management (include audit trail reviews)
  • Ensure your root cause investigators and CAPA people are trained on data integrity
  • Data integrity as a critical decision point in change management

Data integrity, like many other aspects of a quality culture, are mindsets and tools that are applied throughout the organization. There really isn’t a single project or fix. By applying data integrity principles regularly and consistently you build and ensure. A such, data integrity is really just an affirmation of good quality principles.

FDA Cycle Times and Compliance

Mark Schwarz reviews FDA compliance times in “Does FDA Need Statutorily Imposed Incentives for Regulatory Compliance Matters?” at FDA Law Blog (a must read blog for those in pharmaceutical, medical device or food quality). I found these cycle-times fascinating.

It also amazes me that after the last few years of the agency pushing quality metrics, this is the first time these numbers have been shared. I deeply hope they drive improvements.

Given these lead times I find it interesting that the FDA has taken to pointing out the need for a consultant in warning letters. By the time a warning letter is obtained, a meeting perhaps held, and a consultant obtained it is easily a year before real work is happening. This does not provide the most nimble of approaches.

Again, a good article I strongly recommend.

Risk Management and Quality Intelligence

Kris Kelly on the Advantu blog brought to my attention a February post he wrote titled “Medical Device Recalls – Do You See the Pattern…?

While specific in intent to medical devices, the content is very relevant to my last post. Risk Management is a major enabler of quality system, and a big part of risk assessments is moving beyond the expected to find the unexpected.

The other part of the article that stood out to me was how this was a great example of regulatory intelligence as a part of knowledge management. Kris took a trend of medical device recalls and evaluated the need for action. And you should too. Regulatory intelligence should be informing your quality system, it needs to be an input to decision making from design through change management activities and every step of the way. Regulatory intelligence should be an input to your organization. This idea can be expanded to quality intelligence, which also looks at best practices, pharmacopeias and a whole assortment of inputs from agencies to industry associations to benchmarking with other companies.

To bring this post around to one of my long-term preoccupations, change management, the following request is found in 3 of the drug cGMP warning letters on the FDA website since the 01Mar2018.

A comprehensive, independent evaluation and remediation of your change management system. The evaluation should include, but not be limited to, assuring changes are appropriately justified, approved by your quality unit, and evaluated for effectiveness. Also, include a retrospective assessment of all changes executed outside an appropriate change management process.

Is your quality system strong enough? Have you evaluated the risks of your change management system? Are you prepared for your next regulatory inspection? How do you ensure you are evaluating these trends as they develop? Do you have a process in place to make sure you are not surprised?