Tag: living risk assessments

Data Integrity in the quality system

Data integrity has been, for the last few years, one of the hot topics of regulatory agency inspections, one that it has often been noticed seems to be, at times, a popular umbrella for a wide variety of related topics (that usually have a variety of root causes).

Data Integrity is an interesting grab bag because it involves both paper and electronic data. While some of the principles overlap, it sometimes can seem nebulous, Luckily, the MHRA recently published a final guidance on GXP Data Integrity that ties together several threads. This is a great reference document that lays out some key principles:

  1. Organizational culture should drive ALCOA
  2. Data governance is part of the management review process
  3. Data Risk Assessments with appropriate mitigations (full risk management approach)

I love the snarky comment about ALCOA+. More guidances should be this snarky.

The FDA so far this year has been issuing warning letters and 483s in more traditional GMP areas, such as testing and validation. It will be curious if this lessening of focus in a subtle shift in inspection, or just the result of the sites inspected. Either way, building data integrity into your quality systems is a good thing.

Processes and tools for the prevention, detection, analysis, reporting, tracking and remediation of noncompliance to data integrity principles should be integrated into the Quality Management System to:

  • Prevention of data integrity issues through governance, training, organizational controls, processes, systems underlying and supporting data integrity.
  • Detection of data integrity issues through leveraging existing Quality Systems, tools and personnel.
  • Remediation of data integrity issues through leveraging existing Quality Systems that identify and track implementation of corrective/preventive action(s).

Some ways to integrate includes:

  • Data integrity training for all employees
  • Include as an aspect of audits and self-inspections
  • Controls in place to ensure good documentation practices
  • good validation practices
  • Computer system lifecycle management (include audit trail reviews)
  • Ensure your root cause investigators and CAPA people are trained on data integrity
  • Data integrity as a critical decision point in change management

Data integrity, like many other aspects of a quality culture, are mindsets and tools that are applied throughout the organization. There really isn’t a single project or fix. By applying data integrity principles regularly and consistently you build and ensure. A such, data integrity is really just an affirmation of good quality principles.

Knowledge Management

ICH Q10 “Pharmaceutical Quality System” describes a lifecycle approach, from development through product discontinuation. The knowledge about a pharmaceutical product and the processes required to reliably produce that product starts with product and process development. An effective pharmaceutical quality system (PQS) uses the knowledge acquired throughout the lifecycle of the product, builds on that knowledge, and applies it to:

  • Other stages of the product lifecycle
  • Other product lifecycles

A change management system is defined as an important element of a PQS as seen in this figure reproduced from ICH Q10.

Q10

There are two enablers to this quality system model, knowledge management and risk management. The thing about those enablers is that they are really intertwined. Or put another way, risk management is a powerful way to make use of your knowledge.

ICHQ12 “Technical and Regulatory Considerations for Pharmaceutical Product Lifecycle Management” (in draft) expands on knowledge management and provides more examples of its use. The below illustration is an adaptation of one found in the draft Q12.

knowledge and change

There are many ways to tap into knowledge management in change management. The subject matter experts are critical, as is checklists and risk ranking and filtering tools. Knowledge should drive the development of an effectiveness review.

One of my favorite is the Living Risk Assessment approach. Living risk assessments are a holistic view of a system, product, or process in an effort to prevent risk realization. They are updated throughout the product /system lifecycle to continuously assess risks that may arise or change.

In the context of change management, the living risk assessment is both an input and an output. A rigorous, maintained, living risk assessment allows us to prospectively mitigate potential risks as part of our change management program.

Living Risk Assessments have a schedule, a review period (for example, once a year) to evaluate how risk has changed, drawing from all the sources of knowledge. It is also important to have a way to trigger adhoc reviews (for example, major process changes or critical deviations).

living risk assessments

In my ASQ World Conference workshop I will be going into more detail on knowledge management, risk management and the pharmaceutical quality system. I’ll also be discussing what non-Pharma companies can learn from the PQS.