New FDA Draft Guidance 'Data Integrity and Compliance with cGMP' published
In recent years, the topic "data integrity" has become a priority for European and American inspectors. At the beginning of 2015, the British authority MHRA published a first paper on that topic. Also in 2015, the World Health Organisation WHO issued another significant draft document on data integrity. Recently, the US American FDA has released the draft of a Guidance for Industry entitled "Data Integrity and Compliance with cGMP". Although the FDA describes the Guidance as a non-binding recommendation, one may assume that the document presents the current thinking of the FDA regarding the topic.
The FDA criticises the fact that more and more cGMP deficiencies with regard to data integrity have been observed during inspections. Those deficiencies have led to a number of follow-up measures like Warning Letters or import alerts.
For the FDA, the integrity of data is one of the main quality issues. In the Guidance, the corresponding reference points in parts 21 CFR 211 and 21 CFR 212 are listed in detail as well as the principles for electronic records laid down in 21 CFR Part 11.
- § 211.68 (requiring that “backup data are exact and complete,” and “secure from 48 alteration, inadvertent erasures, or loss”)
- § 212.110(b) (requiring that data be “stored to prevent deterioration or loss”)
- §§ 211.100 and 211.160 (requiring that certain activities be “documented at the time 51 of performance” and that laboratory controls be “scientifically sound”)
- § 211.180 (requiring that records be retained as “original records,” “true copies,” or 53 other “accurate reproductions of the original records”)
- §§ 211.188, 211.194, and 212.60(g) (requiring “complete information,” “complete 55 data derived from all tests,” “complete record of all data,” and “complete records of 56 all tests performed”).
The most important topics for the FDA are presented in the quite rare but not unusual form of questions and answers. The document contains 18 questions with their respective answers.
1. Clarification of terms
- What is "data integrity"?
- What is "metadata"?
- What is an "audit trail"?
- How does FDA use the terms "static" and "dynamic" as they relate to record formats?
- How does FDA use the term “backup” in § 211.68(b)?
- What are the “systems” in “computer or related systems” in § 211.68?
2. When is it permissible to exclude CGMP data from decision making?
3. Does each workflow on our computer system need to be validated?
4. How should access to CGMP computer systems be restricted?
5. Why is FDA concerned with the use of shared login accounts for computer systems?
6. How should blank forms be controlled?
7. How often should audit trails be reviewed?
8. Who should review audit trails?
9. Can electronic copies be used as accurate reproductions of paper or electronic records?
10. Is it acceptable to retain paper printouts or static records instead of original electronic records from stand-alone computerized laboratory instruments, such as an FT-IR instrument?
11. Can electronic signatures be used instead of handwritten signatures for master production and control records?
12. When does electronic data become a CGMP record?
13. Why has the FDA cited use of actual samples during “system suitability” or test, prep, or equilibration runs in warning letters?
14. Is it acceptable to only save the final results from reprocessed laboratory chromatography?
15. Can an internal tip regarding a quality issue, such as potential data falsification, be handled informally outside of the documented CGMP quality system?
16. Should personnel be trained in detecting data integrity issues as part of a routine CGMP training program?
17. Is the FDA investigator allowed to look at my electronic records?
18. How does FDA recommend data integrity problems identified during inspections, in warning letters, or in other regulatory actions be addressed?
Source: FDA Draft Guidance for Industry "Data Integrity and Compliance with cGMP"