Additional Information
Book Details
Abstract
Data integrity is the hottest topic in the pharmaceutical industry. Global regulatory agencies have issued guidance, after guidance after guidance in the past few years, most of which does not offer practical advice on how to implement policies, procedures and processes to ensure integrity. These guidances state what but not how. Additionally, key stages of analysis that impact data integrity are omitted entirely.
The aim of this book is to provide practical and detailed help on how to implement data integrity and data governance for regulated analytical laboratories working in or for the pharmaceutical industry. It provides clarification of the regulatory issues and trends, and gives practical methods for meeting regulatory requirements and guidance. Using a data integrity model as a basis, the principles of data integrity and data governance are expanded into practical steps for regulated laboratories to implement. The author uses case study examples to illustrate his points and provides instructions for applying the principles of data integrity and data governance to individual laboratory needs. This book is a useful reference for analytical chemists and scientists, management and senior management working in regulated laboratories requiring either an understanding about data integrity or help in implementing practical solutions. Consultants will also benefit from the practical guidance provided.
Table of Contents
Section Title | Page | Action | Price |
---|---|---|---|
Cover | Cover | ||
Data Integrity and Data Governance: Practical Implementation in Regulated Laboratories | i | ||
Preface | v | ||
Acknowledgements | vii | ||
Glossary, Abbreviations and Data Integrity Terms | ix | ||
Contents | xxxiii | ||
Chapter 1 - How to Use This Book and an Introduction to Data Integrity | 1 | ||
1.1 Aims and Objectives | 1 | ||
1.2 Structure of This Book | 2 | ||
1.2.1 Chapter Structure | 2 | ||
1.2.2 You Do Not Read the Regulations! | 2 | ||
1.2.3 The Regulatory Environment | 4 | ||
1.2.4 Data Governance | 4 | ||
1.2.5 Data Integrity | 6 | ||
1.2.6 Quality Oversight for Data Integrity | 8 | ||
1.3 Mapping This Book to the Data Integrity Model | 9 | ||
1.4 Pharmaceutical Quality System and Data Integrity | 9 | ||
1.4.1 Integration Within the Pharmaceutical Quality System | 9 | ||
1.4.2 No Chapter on Risk Management | 11 | ||
1.4.3 Back to the Future 1: Understanding Current in cGMP | 11 | ||
1.4.4 The European Equivalent of cGMP | 11 | ||
1.5 What Is Data Integrity | 12 | ||
1.5.1 How Many Definitions Would You Like | 12 | ||
1.5.2 What Do These Definitions Mean | 12 | ||
1.5.3 ALCOA+ Criteria for Integrity of Laboratory Data | 13 | ||
1.6 Data Quality and Data Integrity | 15 | ||
1.6.1 From Sample to Reportable Result | 15 | ||
1.6.2 Contextual Metadata and a Reportable Result | 16 | ||
1.6.3 Data Integrity – Can I Trust the Data | 18 | ||
1.6.4 Data Quality – Can I Use the Data | 20 | ||
1.6.5 The Proposed FDA GLP Quality System | 20 | ||
1.6.6 Continual Versus Continuous Improvement | 21 | ||
1.7 Static Versus Dynamic Data | 21 | ||
1.8 Important Data Integrity Concepts | 22 | ||
1.8.1 Data Integrity Is More than Just Numbers | 22 | ||
1.8.2 Quality Does Not Own Quality Anymore | 23 | ||
1.8.3 Data Integrity Is Not Just 21 CFR 11 or Annex 11 Compliance | 23 | ||
1.8.4 Data Integrity Is an IT Problem | 24 | ||
1.8.5 Data Integrity Is a Laboratory Problem | 24 | ||
1.8.6 We Are Research – Data Integrity Does Not Impact Us | 24 | ||
1.9 It’s Déjà vu all Over Again! | 24 | ||
References | 25 | ||
Chapter 2 - How Did We Get Here | 28 | ||
2.1 Barr Laboratories 1993: You Cannot Test into Compliance | 28 | ||
2.1.1 Background to the Court Case | 29 | ||
2.1.2 Key Laboratory Findings from the Judgement | 29 | ||
2.1.3 Regulatory Response | 30 | ||
2.2 Able Laboratories 2005: You Cannot Falsify into Compliance | 30 | ||
2.2.1 Background to the Inspection | 30 | ||
2.2.2 483 Observations | 30 | ||
2.2.3 Regulatory Response | 31 | ||
2.3 Ranbaxy Warning Letters and Consent Decrees | 32 | ||
2.3.1 Background to the Regulatory Action | 32 | ||
2.3.2 Details of the 2012 Consent Decree | 32 | ||
2.4 Court Case for GLP Data Falsification | 33 | ||
2.5 Semler Research Data Falsification | 34 | ||
2.6 The Cost of Data Integrity Non-compliance | 34 | ||
2.6.1 Relative Costs of Compliance Versus Non-compliance | 35 | ||
2.6.2 Is It Worth It | 36 | ||
2.7 A Parcel of Rogues: FDA Laboratory Data Integrity Citations | 36 | ||
2.7.1 Why Use Only FDA Warning Letters and 483 Observations | 36 | ||
2.7.2 Quality Management System Failures | 37 | ||
2.7.3 Instrument Citations | 39 | ||
2.7.4 Citations for Lack of Laboratory Controls | 41 | ||
2.7.5 Failure to Have Complete Laboratory Records | 41 | ||
2.7.6 Too Much Data – Duplicate Record Sets | 43 | ||
2.7.7 Industrial Scale Shredding and Discarding of GMP Documents | 43 | ||
2.7.8 Responses by the Regulatory Authorities | 44 | ||
References | 44 | ||
Chapter 3 - The Regulators' Responses | 47 | ||
3.1 What Do the Regulators Want | 47 | ||
3.1.1 EU Good Manufacturing Practice Chapter 1 | 47 | ||
3.1.2 EU GMP Chapter 4 on Documentation | 48 | ||
3.1.3 21 CFR 211 cGMP Regulations for Finished Pharmaceutical Goods | 48 | ||
3.1.4 EU GMP Annex 11 on Computerised Systems | 50 | ||
3.1.5 Regulatory Requirements Summary | 50 | ||
3.2 The Proposed FDA GLP Quality System | 50 | ||
3.2.1 Background to the Proposed Regulation | 50 | ||
3.2.2 New Data Quality and Integrity Requirements | 51 | ||
3.2.3 A New Data Integrity Role for the Study Director | 52 | ||
3.2.4 The GLP Study Report | 52 | ||
3.2.5 No Hiding Place for GLP Data Integrity Issues | 52 | ||
3.3 Overview of Regulatory Guidance Documents for Data Integrity | 53 | ||
3.4 Food and Drug Administration Guidance Documents | 55 | ||
3.4.1 FDA Guide to Inspection of Pharmaceutical Quality Control Laboratories | 55 | ||
3.4.2 FDA Compliance Program Guide 7346.832 on Pre Approval Inspections | 56 | ||
3.4.3 FDA Level 2 Guidance | 57 | ||
3.4.4 Delaying, Denying, Limiting or Refusing an FDA Inspection | 58 | ||
3.4.5 FDA Guidance on Data Integrity and Compliance with cGMP | 58 | ||
3.4.6 Key Points from the FDA Data Integrity Guidance | 60 | ||
3.5 MHRA Data Integrity Guidance Documents | 60 | ||
3.5.1 Initial Request to Industry December 2013 | 60 | ||
3.5.2 MHRA GMP Data Integrity Guidance for Industry | 61 | ||
3.5.3 MHRA GXP Data Integrity Guidance for Industry | 61 | ||
3.5.4 MHRA Definition of Raw Data | 62 | ||
3.6 PIC/S Guidance Documents | 63 | ||
3.6.1 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 64 | ||
3.7 WHO Guidance on Good Data and Records Management Practices | 64 | ||
3.8 GAMP Guide for Records and Data Integrity | 65 | ||
3.9 PDA Technical Report 80 | 68 | ||
3.9.1 Regulatory Trends for Data Integrity Issues | 70 | ||
3.9.2 Data Integrity in Microbiology Laboratories | 70 | ||
3.9.3 Data Integrity in Analytical QC Laboratories | 71 | ||
3.9.4 How to Remediate Breaches in Data Integrity | 72 | ||
3.10 Understanding the Meaning of Raw Data and Complete Data | 72 | ||
3.10.1 Are Raw Data First-capture or Original Observations | 72 | ||
3.10.2 In the Beginning … | 72 | ||
3.10.3 Later, Much Later in Europe … | 74 | ||
3.10.4 The GLP Quality System – The Proposed 21 CFR 58 Update | 74 | ||
3.10.5 Extracting Principles for Laboratory GXP Raw Data | 75 | ||
3.10.6 Visualising What Raw Data Mean | 76 | ||
3.10.7 Summary: Raw Data Is the Same as Complete Data | 78 | ||
3.11 Regulations and Data Integrity Guidance Summary | 78 | ||
References | 79 | ||
Chapter 4 - What Is Data Governance | 82 | ||
4.1 What Do the Regulators Want | 82 | ||
4.1.1 EU GMP Chapter 1 Pharmaceutical Quality System | 82 | ||
4.1.2 FDA Proposed GLP Quality System Update | 83 | ||
4.1.3 MHRA GXP Data Integrity Guidance | 84 | ||
4.1.4 WHO Guidance on Good Records and Data Management Practices | 85 | ||
4.1.5 PIC/S PI-041 – Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 87 | ||
4.1.6 EMA Questions and Answers on Good Manufacturing Practice – Data Integrity | 88 | ||
4.1.7 Summary of Regulatory Guidance | 88 | ||
4.2 The Rationale for Data Governance: Regulatory Boot or Business Imperative | 88 | ||
4.3 Perspectives of Data Governance Outside the Pharmaceutical Industry | 89 | ||
4.4 Key Data Governance Elements | 90 | ||
4.4.1 Summary of Regulatory Guidance for Data Governance | 90 | ||
4.4.2 Main Data Governance Areas | 92 | ||
4.4.3 Further Data Governance Chapters in this Book | 93 | ||
References | 94 | ||
Chapter 5 - A Data Integrity Model | 96 | ||
5.1 A Data Integrity Model | 96 | ||
5.1.1 A Logical Organisation of Data Integrity Elements | 97 | ||
5.1.2 Descriptions of the Four Levels in the Model | 97 | ||
5.1.3 An Analogy of Building a House | 99 | ||
5.1.4 Focus on the Laboratory Levels of the Data Integrity Model | 100 | ||
5.2 Foundation Level: The Right Corporate Culture for Data Integrity | 101 | ||
5.2.1 Role of Senior Management | 101 | ||
5.2.2 Data Governance Functions in the Foundation Level | 101 | ||
5.3 Level 1: The Right Analytical Instrument and Computer System for the Job | 104 | ||
5.3.1 Analytical Instrument Qualification and Computerised System Validation (AIQ and CSV) | 104 | ||
5.3.2 Data Governance Functions in Level 1 | 105 | ||
5.4 Level 2: The Right Analytical Procedure for the Job | 105 | ||
5.4.1 Validation of Analytical Procedures | 105 | ||
5.4.2 Verification of Pharmacopoeial Methods | 106 | ||
5.4.3 Bioanalytical Method Validation Guidance | 106 | ||
5.4.4 Manual Analytical Procedures Must Be Designed for Data Integrity | 106 | ||
5.5 Level 3: Right Analysis for the Right Reportable Result | 107 | ||
5.6 Quality Oversight for Data Integrity | 107 | ||
5.6.1 Quality Oversight of Laboratory Procedures and Work | 107 | ||
5.6.2 Data Integrity Audits | 108 | ||
5.6.3 Data Integrity Investigations | 108 | ||
5.7 Linking the Data Integrity Model to the Analytical Process | 108 | ||
5.7.1 The Data Integrity Model in Practice | 108 | ||
5.7.2 Quality Does Not Own Quality Anymore | 110 | ||
5.8 Mapping the WHO Guidance to the Data Integrity Model | 110 | ||
5.9 Assessment of Data Integrity Maturity | 112 | ||
5.9.1 Data Management Maturity Model | 112 | ||
5.9.2 Data Integrity Maturity Model | 115 | ||
References | 117 | ||
Chapter 6 - Roles and Responsibilities in a Data Governance Programme | 119 | ||
6.1 What Do the Regulators Want | 119 | ||
6.1.1 ICH Q10 Pharmaceutical Quality Systems | 119 | ||
6.1.2 EU GMP Chapter 1 | 120 | ||
6.1.3 PIC/S-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 121 | ||
6.1.4 WHO Guidance on Good Data and Record Management Practices | 122 | ||
6.1.5 Update of the US GLP Regulations | 123 | ||
6.1.6 GAMP Guide Records and Data Integrity | 124 | ||
6.1.7 A Summary of Regulatory and Industry Guidance Documents | 124 | ||
6.2 Data Governance Roles and Responsibilities – Corporate Level | 125 | ||
6.3 Data Integrity Policy | 129 | ||
6.4 Management, Monitoring and Metrics | 129 | ||
6.5 Data Integrity and Data Governance Roles and Responsibilities – Process and System Level | 131 | ||
6.5.1 From Data Governance to Data Ownership | 131 | ||
6.5.2 Process Owner and System Owner | 132 | ||
6.5.3 Can a Process Owner Be a Data Owner | 132 | ||
6.5.4 Other Data Governance Roles at the System Level | 133 | ||
6.5.5 Data Owner | 135 | ||
6.5.6 Data Steward | 136 | ||
6.5.7 Is a Lab Administrator a Data Steward | 136 | ||
6.5.8 Is a Technology Steward a System Owner | 137 | ||
6.5.9 Segregation of Roles and Duties | 137 | ||
6.6 The Short Straw ...… | 137 | ||
6.6.1 Where Are We Now | 137 | ||
6.6.2 The Hybrid System Nightmare | 138 | ||
6.7 Cascade of Roles and Responsibilities: from Boardroom to Bench | 140 | ||
References | 140 | ||
Chapter 7 - Data Integrity Policies, Procedures and Training | 142 | ||
7.1 What Do the Regulators Want | 142 | ||
7.1.1 EU GMP Chapter 4 on Documentation | 142 | ||
7.1.2 WHO Guidance on Good Data and Record Management Practices | 143 | ||
7.1.3 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 144 | ||
7.1.4 Regulatory Requirements Summary | 144 | ||
7.2 Environmental Analysis and an Approach to Data Integrity | 145 | ||
7.2.1 Background to EPA and Data Integrity | 145 | ||
7.2.2 NELAC and Laboratory Accreditation | 146 | ||
7.2.3 NELAC Quality System | 146 | ||
7.2.4 NELAC Data Integrity Training | 147 | ||
7.3 Corporate Data Integrity Policy Coupled with Effective Training | 149 | ||
7.3.1 Contents of a Corporate Data Integrity Policy | 151 | ||
7.3.2 Training in the Data Integrity Policy | 152 | ||
7.3.3 Agreeing to Comply with the Policy | 155 | ||
7.4 Suggested Data Integrity Procedures | 155 | ||
7.5 Principles of Good Documentation Practice | 155 | ||
7.5.1 Say What You Do | 156 | ||
7.5.2 Do What You Say | 157 | ||
7.5.3 Document It | 157 | ||
7.5.4 Automating Procedure Execution | 157 | ||
7.6 Training to Collect and Manage Raw Data and Complete Data | 158 | ||
7.6.1 Principles for GXP Laboratory Raw Data and Complete Data | 158 | ||
7.6.2 Approach to Training for Complete and Raw Data in the Laboratory | 159 | ||
7.6.3 Example 1 – Paper Records from a Manual Test | 159 | ||
7.6.4 Example 2 – Spectroscopic Analysis Using a Hybrid System | 161 | ||
7.6.5 Example 3 – Chromatographic Analysis with a CDS Interfaced with a LIMS | 163 | ||
7.6.6 Additional Raw Data | 165 | ||
7.7 Good Documentation Practice for Paper Records | 165 | ||
7.7.1 Recording Observations and Results | 166 | ||
7.7.2 Examples of Good and Poor Documentation Practice for Handwritten Records | 167 | ||
7.7.3 Fat Finger, Falsification and Fraud – Take 1 | 168 | ||
7.7.4 Original Records and True Copies | 169 | ||
7.8 Good Documentation Practice for Hybrid Records | 169 | ||
7.8.1 Record Signature Linking for Hybrid Systems – Spreadsheet Example | 171 | ||
7.9 Good Documentation Practice for Electronic Records | 172 | ||
7.9.1 Good Documentation Practice for Electronic Records | 173 | ||
7.10 Good Documentation Practice Training | 173 | ||
7.11 Role of the Instrument Log Book | 173 | ||
7.11.1 EU GMP Chapter 4 on Documentation | 175 | ||
7.11.2 FDA Good Laboratory Practice 21 CFR 58 | 177 | ||
7.11.3 FDA 21 CFR 211 cGMP for Finished Pharmaceutical Products | 177 | ||
7.11.4 FDA Inspection of Pharmaceutical QC Laboratories | 177 | ||
7.11.5 Instrument Lag Books in Practice | 178 | ||
7.12 Training for Generating, Interpreting and Reviewing Laboratory Data | 178 | ||
7.12.1 Data Integrity Training for a Chromatography Data System: Operational SOPs | 178 | ||
7.12.2 Training Is of Little Value without an Open Culture | 179 | ||
References | 179 | ||
Chapter 8 - Establishing and Maintaining an Open Culture for Data Integrity | 181 | ||
8.1 What Do the Regulators Want | 181 | ||
8.1.1 WHO Guidance on Good Data and Record Management Practices | 181 | ||
8.1.2 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 182 | ||
8.1.3 MHRA “GXP” Data Integrity Guidance and Definitions | 183 | ||
8.1.4 Regulatory Guidance Summary | 183 | ||
8.2 Bad Culture: Cressey's Fraud Triangle and Organisational Pressure | 184 | ||
8.2.1 Cressey's Fraud Triangle | 184 | ||
8.2.2 Breaking the Fraud Triangle | 185 | ||
8.2.3 Managerial and Peer Pressures Can Influence Analytical Results | 186 | ||
8.3 ISPE Cultural Excellence Report | 187 | ||
8.4 Management Leadership | 188 | ||
8.4.1 Generate and Communicate the Data Integrity Vision | 188 | ||
8.4.2 Talk the Talk and Walk the Walk | 188 | ||
8.4.3 Reinforcing an Open Culture for Data Integrity | 189 | ||
8.4.4 FDA Expectations for Analysts | 189 | ||
8.5 Mind Set and Attitudes | 189 | ||
8.5.1 Quality Does Not Own Quality Anymore | 190 | ||
8.5.2 The Iceberg of Ignorance | 190 | ||
8.5.3 How Do I Raise Problems to Management | 190 | ||
8.6 Gemba Walks | 192 | ||
8.6.1 Where Does a Gemba Walk Fit in a QMS | 192 | ||
8.6.2 What Gemba Walks Are and Are Not | 193 | ||
8.6.3 Why Bother with a Gemba Walk | 194 | ||
8.6.4 Activation Energy for a Gemba Walk | 194 | ||
8.6.5 Performing the Gemba Walk | 195 | ||
8.6.6 Keep the Focus on the Process | 196 | ||
8.6.7 Generic Questions for a Gemba Walk | 196 | ||
8.6.8 Let Management See Analytical Instruments First Hand | 197 | ||
8.7 Fat Finger, Falsification and Fraud – Take 2 | 197 | ||
8.7.1 To Err Is Human | 197 | ||
8.7.2 Verification of Data Entry | 198 | ||
8.7.3 What Is the Fat Finger Rate in a Laboratory | 198 | ||
8.7.4 Learning from Health Service Studies | 199 | ||
8.8 Maintaining the Open Culture | 200 | ||
References | 200 | ||
Chapter 9 - An Analytical Data Life Cycle | 202 | ||
9.1 What Do the Regulators Want | 202 | ||
9.1.1 MHRA GXP Data Integrity Guidance | 202 | ||
9.1.2 WHO Guidance on Good Data and Record Management Practices | 203 | ||
9.1.3 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 203 | ||
9.1.4 Regulatory Requirements Summary | 204 | ||
9.2 Published Data Life Cycles | 205 | ||
9.2.1 GAMP Guide on Records and Data Integrity | 205 | ||
9.2.2 Validation of Chromatography Data Systems | 206 | ||
9.2.3 Critique of the Two Life Cycle Models | 207 | ||
9.3 An Analytical Data Life Cycle | 208 | ||
9.3.1 Overview of an Analytical Data Life Cycle | 208 | ||
9.3.2 Controlling the Analytical Data Life Cycle | 209 | ||
9.3.3 Phases of the Analytical Data Life Cycle | 210 | ||
9.3.4 Generic Data Life Cycles Do Not Work in the Laboratory | 212 | ||
9.3.5 The Requirement for Flexibility to Adapt to Different Analytical Procedures | 212 | ||
9.4 Establishing Data Criticality and Inherent Integrity Risk | 215 | ||
9.4.1 Spectrum of Analytical Instruments and Laboratory Computerised Systems | 215 | ||
9.5 Risks to Data Over the Data Life Cycle | 218 | ||
9.5.1 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 218 | ||
9.5.2 Initial Assessment of Risk of the Analytical Data Life Cycle Phases | 219 | ||
9.5.3 Phases of the Data Life Cycle are Equal but Some are More Equal than Others | 220 | ||
9.5.4 Summary Risks in the Analytical Data Life Cycle | 221 | ||
References | 221 | ||
Chapter 10 - Assessment and Remediation of Laboratory Processes and Systems | 223 | ||
10.1 What Do the Regulators Want | 224 | ||
10.1.1 WHO Guidance on Good Data and Record Management Practices | 224 | ||
10.1.2 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 224 | ||
10.1.3 MHRA GXP Data Integrity Guidance and Definitions | 224 | ||
10.1.4 Regulatory Guidance Summary | 225 | ||
10.2 Business Rationale for Assessment and Remediation | 225 | ||
10.2.1 Improve Business Processes | 225 | ||
10.2.2 Ensure Regulatory Compliance | 225 | ||
10.2.3 Release Product Earlier | 226 | ||
10.2.4 The Problem is Management | 226 | ||
10.3 Current Approaches to System Assessment and Remediation | 226 | ||
10.3.1 The Rationale for Current Approaches | 226 | ||
10.3.2 Assessment of Validated Computerised Systems | 227 | ||
10.4 Data Process Mapping | 229 | ||
10.4.1 The Problem with Checklists | 229 | ||
10.4.2 What is Data Process Mapping | 229 | ||
10.4.3 Instrument Data System with Spreadsheet Calculations | 232 | ||
10.4.4 Spreadsheets Used for GMP Calculations Are High Risk | 233 | ||
10.4.5 Critical Activities in a Process | 234 | ||
10.4.6 Fix and Forget versus Delivering Business Benefits | 235 | ||
10.4.7 Short Term Remediation Leading to Long Term Solution | 236 | ||
10.5 Data Integrity Issues with Analysis by Observation | 238 | ||
10.5.1 Potential Problems with Analysis by Observation | 238 | ||
10.5.2 A Risk Based Approach to Analysis by Observation | 238 | ||
10.5.3 Melting Point Determination | 239 | ||
10.6 Data Integrity Issues with Paper Records | 239 | ||
10.6.1 Blank Forms Must be Controlled with Accountability | 240 | ||
References | 241 | ||
Chapter 11 - Data Integrity and Paper Records: Blank Forms and Instrument Log Books | 242 | ||
11.1 What Do the Regulators Want – Blank Forms | 242 | ||
11.1.1 Focus on the Key Data Integrity Issues with Paper Records | 242 | ||
11.1.2 FDA Guide to Inspection of Quality Control Laboratories | 243 | ||
11.1.3 MHRA GMP Data Integrity Guidance | 243 | ||
11.1.4 MHRA Draft GXP Data Integrity Guidance | 243 | ||
11.1.5 MHRA GXP Data Integrity Guidance and Definitions | 244 | ||
11.1.6 WHO Guidance on Good Data and Record Management Practices | 244 | ||
11.1.7 FDA Data Integrity and Compliance with cGMP | 244 | ||
11.1.8 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 245 | ||
11.1.9 EMA GMP Questions and Answers on Data Integrity | 246 | ||
11.1.10 Regulatory Guidance Summary | 246 | ||
11.2 Control of Master Templates and Blank Forms | 247 | ||
11.2.1 Understanding Master Templates and Blank Forms | 247 | ||
11.2.2 Requirements for the Design, Approval and Storage of Master Templates | 248 | ||
11.2.3 Process for Generation, Review and Approval of a Master Template | 248 | ||
11.2.4 Requirements for the Issue and Reconciliation of Blank Forms | 251 | ||
11.2.5 Process for Issue and Reconciliation of Blank Forms | 253 | ||
11.2.6 Process for Issue and Reconciliation of Blank Forms | 254 | ||
11.2.7 Completing Blank Forms and Creating GXP Records | 255 | ||
11.3 What Do the Regulators Want – Instrument Log Books | 255 | ||
11.3.1 EU GMP Chapter 4 on Documentation | 255 | ||
11.3.2 FDA GMP 21 CFR 211 | 255 | ||
11.3.3 FDA Good Laboratory Practice 21 CFR 58 | 257 | ||
11.3.4 OECD GLP Regulations | 257 | ||
11.3.5 Summary of Regulatory Requirements for an Instrument Log Book | 257 | ||
11.4 The Role of an Instrument Log Book for Ensuring Data Integrity | 258 | ||
11.4.1 Why is an Instrument Log Book Important | 258 | ||
11.4.2 What Needs to be Entered in the Log Book | 259 | ||
11.4.3 Inspectors Know the Importance of an Instrument Log | 260 | ||
11.4.4 FDA Citations for Laboratory Log Books | 261 | ||
11.4.5 Instrument Log Books in Practice | 261 | ||
11.5 Role of the Instrument Log Book in the Second Person Review | 262 | ||
11.5.1 Is an Instrument Performing OK | 262 | ||
11.6 Automating Blank Forms and Instrument Log Books | 263 | ||
11.6.1 Automating Master Templates and Blank Forms | 263 | ||
11.6.2 Instrument Log Book | 264 | ||
Acknowledgements | 265 | ||
References | 265 | ||
Chapter 12 - The Hybrid System Problem | 267 | ||
12.1 What Do the Regulators Want | 267 | ||
12.1.1 Electronic Records and Electronic Signatures Regulations (21 CFR 11) | 267 | ||
12.1.2 WHO Guidance on Good Data and Record Management Practices | 268 | ||
12.1.3 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 269 | ||
12.1.4 EU GMP Chapter 4 on Documentation | 269 | ||
12.1.5 FDA Guidance for Industry Data Integrity and cGMP Compliance | 269 | ||
12.1.6 FDA Level 2 Guidance for Records and Reports | 271 | ||
12.1.7 Regulatory Summary | 272 | ||
12.2 What Is a Hybrid System | 272 | ||
12.2.1 WHO Definition of a Hybrid System | 272 | ||
12.2.2 Key Features of a Hybrid System | 273 | ||
12.3 The Core Problems of Hybrid Systems | 273 | ||
12.3.1 A Typical Hybrid System Configuration | 273 | ||
12.3.2 File Organisation and Printing Results | 275 | ||
12.3.3 Synchronising Paper Printouts and Electronic Records | 276 | ||
12.3.4 A Simple Way to Reduce Paper with Hybrid Systems | 278 | ||
12.4 Eliminate Hybrid Systems | 278 | ||
References | 280 | ||
Chapter 13 - Get Rid of Paper: Why Electronic Processes are Better for Data Integrity | 281 | ||
13.1 What Do the Regulators Want | 281 | ||
13.1.1 WHO Guidance on Good Data and Record Management Practices | 281 | ||
13.1.2 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 282 | ||
13.1.3 EU GMP Annex 11 Computerised Systems | 283 | ||
13.1.4 Regulatory Summary | 283 | ||
13.2 Why Bother with Paper | 284 | ||
13.2.1 Tradition – Why Change Our Approach | 284 | ||
13.2.2 Back to the Future 2: Understanding the Current in cGMP | 284 | ||
13.2.3 The Pharmaceutical Industry is a Two Sigma Industry | 285 | ||
13.2.4 Are the Regulations Part of the Data Integrity Problem | 286 | ||
13.2.5 Is Paper a Realistic Record Medium Now | 287 | ||
13.3 Design Principles for Electronic Working | 287 | ||
13.4 Designing Data Workflows 1 – Analytical Balances | 289 | ||
13.4.1 Weighing a Reference Standard or Sample | 290 | ||
13.4.2 Recording a Weight by Observation | 290 | ||
13.4.3 Recording Balance Weights with a Printer | 291 | ||
13.4.4 Connecting the Balance to an Instrument Data System | 292 | ||
13.5 Designing Data Workflows 2 – Chromatography Data Systems and LIMS | 295 | ||
13.5.1 Options for Interfacing | 295 | ||
13.5.2 Manual Data Transfer Between CDS and LIMS | 297 | ||
13.5.3 Unidirectional Interfacing from CDS to LIMS | 297 | ||
13.5.4 Bidirectional Interfacing Between CDS and LIMS | 299 | ||
13.6 Impact on Data Integrity and Second Person Review | 301 | ||
13.6.1 Ensuring Data Integrity with Electronic Working | 301 | ||
13.6.2 Impact on Second Person Review | 302 | ||
13.6.3 Summary of an Approach for Electronic Working that Ensures Data Integrity | 302 | ||
References | 302 | ||
Chapter 14 - Data Integrity Centric Analytical Instrument Qualification and Computerised System Validation | 305 | ||
14.1 What the Regulators Want | 306 | ||
14.1.1 21 CFR 211 Current GMP for Finished Pharmaceutical Products | 306 | ||
14.1.2 21 CFR 58 GLP for Non-clinical Studies | 306 | ||
14.1.3 United States Pharmacopoeia ၘ on Analytical Instrument Qualification | 306 | ||
14.1.4 EU GMP Annex 11 | 307 | ||
14.1.5 ICH Q7 and EU GMP Part 2: Good Manufacturing Practice Guide for Active Pharmaceutical Ingredients | 307 | ||
14.1.6 WHO Guidance on Good Data and Record Management Practices | 307 | ||
14.1.7 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 308 | ||
14.1.8 Regulatory Summary | 308 | ||
14.2 GMP Regulations and the Pharmacopoeias | 309 | ||
14.2.1 Relationship Between GMP and the Pharmacopoeias | 309 | ||
14.2.2 Importance of USP ၘ | 310 | ||
14.2.3 Use the USP ၘ Principles for GLP Instruments and Systems | 311 | ||
14.3 Why Is Instrument Qualification Important | 311 | ||
14.3.1 Data Quality Triangle | 311 | ||
14.3.2 Data Integrity Model | 312 | ||
14.4 Why a New Revision of USP ၘ | 312 | ||
14.4.1 Problems with the 2008 Version | 312 | ||
14.4.2 Revision Path of USP ၘ | 313 | ||
14.5 What Has Changed with USP ၘ | 314 | ||
14.5.1 Differences Between the Old and New Versions of USP ၘ | 314 | ||
14.5.2 Omitted Sections in the New Version | 314 | ||
14.5.3 Additions and Changes to USP ၘ | 315 | ||
14.5.4 Roles and Responsibilities | 315 | ||
14.5.5 An Updated 4Qs Model | 315 | ||
14.5.6 Harmonisation of Qualification Approaches | 319 | ||
14.6 Importance of the Laboratory URS for Analytical Instruments | 320 | ||
14.6.1 Role of the URS | 320 | ||
14.6.2 Understand Your Intended Use | 321 | ||
14.6.3 A Role of the Supplier: Write Meaningful Specifications | 321 | ||
14.6.4 How Minimal Is Minimal | 322 | ||
14.6.5 Do Not Forget the Software! | 323 | ||
14.6.6 Purchasing a Second Instrument | 323 | ||
14.6.7 It's all About Investment Protection | 323 | ||
14.7 Software Validation Changes to USP ၘ | 324 | ||
14.7.1 Improving the Analytical Process | 325 | ||
14.7.2 A Validated System with Vulnerable Records Means Data Integrity Problems | 326 | ||
14.7.3 Change the Validation Approach to Ensure Data Integrity | 328 | ||
14.7.4 Brave New CSV World | 328 | ||
14.7.5 Turning Principles into Practice | 329 | ||
14.7.6 Qualified, Validated and Released for Operational Use | 331 | ||
14.8 Performance Qualification | 331 | ||
14.8.1 Changes to USP ၘ and the Impact on Understanding of PQ | 332 | ||
14.8.2 Linking the URS, OQ, and PQ | 333 | ||
14.8.3 PQ for Group A Instruments | 334 | ||
14.8.4 PQ for Group B Instruments | 334 | ||
14.8.5 PQ for Group C Instruments | 335 | ||
14.8.6 System Suitability Tests as Part of a PQ | 337 | ||
14.8.7 Keep It as Simple as Possible – But No Simpler | 338 | ||
14.8.8 Holistic HPLC PQ Test | 338 | ||
Acknowledgement | 339 | ||
References | 339 | ||
Chapter 15 - Validating Analytical Procedures | 342 | ||
15.1 What the Regulators Want | 343 | ||
15.1.1 US GMP 21 CFR 211 | 343 | ||
15.1.2 EU GMP Chapter 6 on Quality Control | 343 | ||
15.1.3 EU GMP Annex 15: Qualification and Validation | 343 | ||
15.1.4 Bioanalytical Method Validation Guidances | 343 | ||
15.1.5 Regulatory Requirements Summary | 345 | ||
15.1.6 Outsource Analytical Work with Care | 345 | ||
15.2 Current Method Validation Guidance | 346 | ||
15.2.1 Terminology: Analytical Method or Analytical Procedure | 346 | ||
15.2.2 Business Rationale for Procedure Validation/Verification | 346 | ||
15.2.3 ICH Q2(R1) Validation of Analytical Procedures: Text and Methodology | 348 | ||
15.2.4 FDA Guidance for Industry on Analytical Procedure Validation | 348 | ||
15.2.5 Update of ICH Q2(R1) to a Life Cycle Approach | 348 | ||
15.2.6 Pharmacopoeial Methods Do Not Work as Written | 349 | ||
15.3 Role of Analytical Procedure Validation in Data Integrity | 350 | ||
15.3.1 Method Validation in the Data Integrity Model | 350 | ||
15.3.2 Equating the Data Integrity Model with the USP ၘ Data Quality Triangle | 351 | ||
15.4 Current Approaches to Validation and Verification of Procedures | 351 | ||
15.4.1 Good Manufacturing Practice | 351 | ||
15.4.2 Bioanalytical Method Validation | 351 | ||
15.4.3 Validation Documentation for Analytical Procedures | 353 | ||
15.4.4 Validation Parameters | 354 | ||
15.5 Overview of the Life Cycle of Analytical Procedures | 354 | ||
15.5.1 USP ሠ and Stimuli to the Revision Process | 354 | ||
15.5.2 Life Cycle of Analytical Procedures | 355 | ||
15.6 Defining the Analytical Target Profile (ATP) | 356 | ||
15.6.1 Specification for an Analytical Procedure | 356 | ||
15.6.2 Advantages and Limitations of an Analytical Target Profile | 356 | ||
15.7 Stage 1: Procedure Design and Development | 357 | ||
15.7.1 Overview | 357 | ||
15.7.2 Information Gathering and Initial Procedure Design | 357 | ||
15.7.3 Iterative Method Development and Method Optimisation | 358 | ||
15.7.4 Risk Assessment and Management | 360 | ||
15.7.5 Analytical Control Strategy: Identifying and Controlling Risk Parameters | 361 | ||
15.7.6 Procedure Development Report | 361 | ||
15.8 Stage 2: Procedure Performance Qualification | 361 | ||
15.8.1 Planning the Validation | 361 | ||
15.8.2 Validation Report | 362 | ||
15.8.3 Analytical Procedure Transfer | 363 | ||
15.9 Stage 3: Procedure Performance Verification | 364 | ||
15.9.1 Routine Monitoring of Analytical Performance | 364 | ||
15.9.2 Changes to an Analytical Procedure | 364 | ||
15.9.3 Validated Analytical Procedure | 364 | ||
References | 365 | ||
Chapter 16 - Performing an Analysis | 367 | ||
16.1 What the Regulators Want | 368 | ||
16.1.1 EU GMP Chapter 1 Pharmaceutical Quality System | 368 | ||
16.1.2 US GMP 21 CFR 211 GMP for Finished Pharmaceutical Products | 368 | ||
16.1.3 FDA Guide for Inspection of Pharmaceutical Quality Control Laboratories | 369 | ||
16.2 The Analytical Process | 370 | ||
16.2.1 Linking the Data Integrity Model to the Analytical Process | 370 | ||
16.2.2 Process Overview | 372 | ||
16.2.3 Analytical Instruments Are Qualified and/or Validated | 372 | ||
16.2.4 System Suitability Tests and Point of Use Checks | 372 | ||
16.3 The Scope of Analytical Procedures | 374 | ||
16.4 Sampling and Sample Management | 375 | ||
16.4.1 What the Regulators Want | 375 | ||
16.4.2 Sampling Is Critical | 376 | ||
16.4.3 GMP Sample Plan and Sampling | 377 | ||
16.4.4 GLP Protocol and Sampling | 377 | ||
16.4.5 Ensure Correct Sample Labelling | 378 | ||
16.4.6 Transport to the Laboratory | 379 | ||
16.4.7 Sample Receipt and Storage | 380 | ||
16.4.8 Sample Collection Best Practice | 381 | ||
16.5 Reference Standards and Reagents | 382 | ||
16.5.1 What the Regulators Want | 382 | ||
16.5.2 Preparation of Reference Standards and Solutions | 383 | ||
16.5.3 Sweep Under the Carpet or Own Up to a Mistake | 384 | ||
16.5.4 What Is the FDA's View of Analyst Mistakes | 385 | ||
16.6 Sample Preparation | 386 | ||
16.6.1 What the Regulators Want | 386 | ||
16.6.2 Sample Preparation Current Practices | 386 | ||
16.6.3 Automate Where Technically Feasible | 387 | ||
16.7 Recording Data by Observation | 388 | ||
16.7.1 Typical Tests Recording Results by Observation | 388 | ||
16.7.2 Instruments with No Printer or Data Transfer Capability | 388 | ||
16.7.3 Pharmacopoeial Indicator Tests | 389 | ||
16.8 Sample Preparation Followed by Instrumental Analysis Methods | 389 | ||
16.8.1 An Illustrative Analytical Procedure | 389 | ||
16.8.2 Ensuring Data Integrity | 390 | ||
16.8.3 Consider Alternate Analytical Approaches | 390 | ||
16.9 Methods Involving Instrumental Analysis and Data Interpretation | 391 | ||
16.9.1 What the Regulators Want | 391 | ||
16.9.2 Near Infra-red (NIR) Identity Testing | 392 | ||
16.9.3 Building a Spectral Library | 392 | ||
16.9.4 Performing the Analysis | 393 | ||
16.10 Chromatographic Analysis and CDS Data Interpretation | 393 | ||
16.10.1 What the Regulators Want | 394 | ||
16.10.2 Setting Up the Chromatograph and Acquiring Data | 394 | ||
16.10.3 Entering Factors, Weights, and Other Assay Values into the Sequence File | 394 | ||
16.10.4 An Alternate Approach to Weights and Factors | 396 | ||
16.10.5 System Evaluation Injections | 397 | ||
16.10.6 System Suitability Tests – What the Regulators Want | 398 | ||
16.10.7 Integrating Chromatograms | 399 | ||
16.10.8 General Principles for Ensuring Good Chromatographic Integration | 400 | ||
16.10.9 SOP for Integration of Chromatograms | 401 | ||
16.10.10 Bioanalytical Guidance for Integration of Chromatograms | 404 | ||
16.10.11 Incomplete (Aborted) Runs | 405 | ||
16.10.12 Other Unplanned Injections | 406 | ||
16.10.13 Data Storage Locations | 406 | ||
16.10.14 Chromatography Falsification Practices 1: Peak Shaving and Enhancing | 406 | ||
16.10.15 Chromatography Falsification Practices 2: Inhibiting Integration | 407 | ||
16.10.16 Chromatography Falsification Practices 3: Integrating Samples First | 408 | ||
16.11 Calculation of Reportable Results | 408 | ||
16.11.1 What the Regulators Want | 409 | ||
16.11.2 General Considerations for Calculations | 410 | ||
16.11.3 Avoid Using Spreadsheets for Analytical Calculations Whenever Possible | 411 | ||
16.11.4 Calculation of Reportable Results and Out of Specification Results | 411 | ||
16.11.5 Completion of Testing | 412 | ||
Acknowledgement | 412 | ||
References | 412 | ||
Chapter 17 - Second Person Review | 415 | ||
17.1 What Do the Regulators Want | 416 | ||
17.1.1 cGMP for Finished Pharmaceutical Products (21 CFR 211) | 416 | ||
17.1.2 EU GMP Chapter 6 Quality Control | 416 | ||
17.1.3 EU GMP Annex 11 | 416 | ||
17.1.4 MHRA GXP Data Integrity Guidance and Definitions | 417 | ||
17.1.5 FDA Guidance on Data Integrity and cGMP Compliance | 417 | ||
17.1.6 WHO Guidance on Good Data and Record Management Practices | 419 | ||
17.1.7 Regulatory Compliance Summary | 420 | ||
17.2 What the Regulators Want: Out of Specification (OOS) Results | 420 | ||
17.2.1 21 CFR 211 | 420 | ||
17.2.2 EU GMP Chapter 6 Quality Control | 421 | ||
17.2.3 FDA Guidance for Industry on Investigating OOS Test Results | 421 | ||
17.2.4 FDA Guidance on Quality Metrics | 422 | ||
17.2.5 OOS Definitions | 422 | ||
17.2.6 OOS Regulatory Summary | 422 | ||
17.3 Procedures for the Second Person Review | 423 | ||
17.3.1 Who Should Conduct a Second Person Review | 423 | ||
17.3.2 The Scope of the Procedure | 423 | ||
17.3.3 The Troika of Record Review | 424 | ||
17.3.4 Timeliness of the Second Person Review | 425 | ||
17.3.5 Documenting the Audit Trail Review | 425 | ||
17.3.6 Training for Second Person Review | 425 | ||
17.3.7 Out of Specification (OOS) Procedure | 426 | ||
17.4 Second Person Review of Analytical Procedures Involving Observation | 426 | ||
17.4.1 What Is an Analytical Procedure Involving Observation | 426 | ||
17.4.2 Improving Manual Analytical Procedures | 426 | ||
17.4.3 Witness Testing or Second Person Review | 427 | ||
17.5 Sample Preparation and Instrumental Analysis | 428 | ||
17.5.1 Loss on Drying Analysis | 428 | ||
17.5.2 Review of the Second Person Review of the Analytical Records | 429 | ||
17.6 Second Person Review of a Hybrid System Records | 431 | ||
17.6.1 Increased Scope of Record and Data Review | 431 | ||
17.6.2 Technical Versus Procedural Controls for Second Person Review | 431 | ||
17.6.3 The Scope of an Analytical Procedure Involving a Hybrid System | 432 | ||
17.6.4 Technical Controls to Aid a Second Person Review | 433 | ||
17.6.5 Paper and Electronic Records to be Reviewed | 434 | ||
17.6.6 Recording the Work Performed and the Review | 434 | ||
17.6.7 Original Record or True Copy | 435 | ||
17.6.8 Have Critical Data Been Entered into the Instrument Data System | 436 | ||
17.6.9 Review of Electronic Records, Metadata and Audit Trail | 436 | ||
17.6.10 Second Person Review to Ensure Data Have Not Been Falsified | 437 | ||
17.6.11 Do You Really Want to Work This Way | 437 | ||
17.7 Risk Based Audit Trail Review | 438 | ||
17.7.1 MHRA GXP Data Integrity Guidance and Definitions | 438 | ||
17.7.2 Which Audit Trail Should Be Reviewed | 439 | ||
17.7.3 How Regular Is a Regular Review of Audit Trail Entries | 439 | ||
17.8 Second Person Review of Electronic Systems and Data | 442 | ||
17.8.1 LIMS Interfaced with a CDS | 442 | ||
17.8.2 A Second Person Review Is Process Not System Centric | 444 | ||
17.9 Recording and Investigating Out of Specification Results | 447 | ||
17.9.1 Phase 1: Initial OOS Laboratory Investigation | 448 | ||
17.9.2 Phase 2A Production | 450 | ||
17.9.3 Phase 2B Additional Laboratory Testing | 450 | ||
17.9.4 OOS Investigations: Prevention Is Better than the Cure | 451 | ||
References | 451 | ||
Chapter 18 - Record Retention | 453 | ||
18.1 What Do the Regulators Want | 453 | ||
18.1.1 WHO Guidance on Good Data and Record Management Practices | 453 | ||
18.1.2 EU GMP Annex 11 | 454 | ||
18.1.3 GLP Regulations: 21 CFR 58 | 454 | ||
18.1.4 US GMP Regulations: 21 CFR 211 | 455 | ||
18.1.5 21 CFR 11 Requirements | 455 | ||
18.1.6 MHRA GXP Data Integrity Guidance and Definitions | 456 | ||
18.1.7 FDA Guidance on Data Integrity and cGMP Compliance | 456 | ||
18.1.8 EU GMP Chapter 4 Documentation | 457 | ||
18.1.9 FDA Guidance for Industry Part 11 – Scope and Application Guidance | 457 | ||
18.1.10 FDA Inspection of Pharmaceutical Quality Control Laboratories | 458 | ||
18.1.11 OECD GLP Regulations | 458 | ||
18.1.12 OECD GLP Guidance on Application of GLP to Computerised Systems | 459 | ||
18.1.13 Regulatory Requirements Summary | 459 | ||
18.2 Laboratory Data File Formats and Standards | 460 | ||
18.2.1 JCAMP-DX Data Format for Spectroscopy | 460 | ||
18.2.2 Current CDS Data Standards | 461 | ||
18.2.3 Progress Towards Universal Data File Formats | 461 | ||
18.3 Options for Electronic Records Retention and Archive | 462 | ||
18.3.1 Backup Is Not Archive (Unless You Are the FDA) | 462 | ||
18.3.2 Organising Electronic Records to Retain | 463 | ||
18.3.3 Options for Electronic Archive | 464 | ||
18.3.4 Can I Read the Records | 465 | ||
18.3.5 Impact of a Changed Data System File Format | 466 | ||
18.3.6 Selection of Off-line Archive Media | 466 | ||
18.3.7 Changing the Instrument Data System – What Are the Archive Options | 467 | ||
18.3.8 Overview of Some Options | 467 | ||
18.3.9 Assessment of Option Feasibility | 467 | ||
18.4 OECD Guidance for Developing an Electronic Archive | 468 | ||
18.4.1 Definitions | 468 | ||
18.4.2 Roles and Responsibilities | 469 | ||
18.4.3 Archive Facilities | 469 | ||
18.4.4 Archiving Electronic Records | 470 | ||
References | 472 | ||
Chapter 19 - Quality Metrics for Data Integrity | 474 | ||
19.1 What Do the Regulators Want | 474 | ||
19.1.1 EU GMP Chapter 6 Quality Control | 474 | ||
19.1.2 FDA Quality Metrics Guidance for Industry | 475 | ||
19.1.3 WHO Guidance on Good Data and Record Management Practices | 475 | ||
19.1.4 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 476 | ||
19.1.5 MHRA GXP Data Integrity Guidance and Definitions | 477 | ||
19.1.6 Regulatory Guidance Summary | 477 | ||
19.2 KPIs and Metrics for the Laboratory | 477 | ||
19.2.1 Understanding Laboratory Metrics | 478 | ||
19.2.2 Metrics Must Be Generated Automatically | 478 | ||
19.2.3 Why Metrics for Data Integrity | 479 | ||
19.2.4 Do Quality Metrics Lead Behaviour | 479 | ||
19.2.5 Are Incidents Hidden Metrics | 481 | ||
19.3 Data Integrity Metrics in an Organisation | 481 | ||
19.3.1 Overview: Start Small and Expand | 481 | ||
19.3.2 Scope of the Organisation | 482 | ||
19.3.3 Some Suggested Data Integrity Metrics | 482 | ||
19.4 DI Policies, Assessment and Remediation of Processes and Systems | 482 | ||
19.4.1 Data Integrity Policy and Associated Procedures | 482 | ||
19.4.2 Assessment of Processes and Systems | 483 | ||
19.4.3 Executed Remediation Plans | 484 | ||
19.5 Laboratory Data Integrity Metrics | 486 | ||
19.5.1 Some Preliminary Considerations for Laboratory Data Integrity Metrics | 486 | ||
19.5.2 Outsourced Laboratory Testing | 487 | ||
19.6 Quality Assurance DI Metrics | 487 | ||
19.7 Management Review of DI Metrics | 488 | ||
19.7.1 Management Are Responsible for Data Integrity and the PQS | 488 | ||
19.7.2 How Regular Is Regular Review | 489 | ||
Acknowledgement | 489 | ||
References | 489 | ||
Chapter 20 - Raising Data Integrity Concerns | 491 | ||
20.1 What Do the Regulators Want | 491 | ||
20.1.1 WHO Guidance on Good Data and Record Management Practices | 491 | ||
20.1.2 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 492 | ||
20.1.3 NELAC Quality Standard | 493 | ||
20.1.4 Regulatory Guidance Summary | 493 | ||
20.2 Data Integrity Problem or Concern | 493 | ||
20.3 What Is Needed to Raise a Data Integrity Concern | 494 | ||
20.3.1 A Section in the Corporate Data Integrity Policy | 494 | ||
20.3.2 Communicate and Train How to Raise Data Integrity Concerns | 494 | ||
20.3.3 Raising a Concern or Airing a Grievance | 495 | ||
20.3.4 What Should Be Reported | 495 | ||
20.3.5 Protecting the Whistleblower | 495 | ||
20.3.6 Confidentiality | 495 | ||
20.3.7 Raising Concerns Anonymously | 496 | ||
20.4 Raising a Concern | 496 | ||
20.4.1 Who Should You Raise Your Concern with | 496 | ||
20.4.2 How to Raise a Concern | 496 | ||
20.4.3 Raise an Issue via Management or Quality Assurance | 497 | ||
20.4.4 What the Organisation Must Do | 497 | ||
20.4.5 What If the Company Is the Problem | 498 | ||
References | 498 | ||
Chapter 21 - Quality Assurance Oversight for Data Integrity | 499 | ||
21.1 What Do the Regulators Want | 499 | ||
21.1.1 EU GMP Chapter 9 Self-inspections | 499 | ||
21.1.2 US GMP 21 CFR 211 Current Good Manufacturing Practice for Finished Pharmaceutical Products | 500 | ||
21.1.3 FDA Compliance Program Guide 7346.832 for Pre-approval Inspections | 500 | ||
21.1.4 21 CFR 58 Good Laboratory Practice for Non-clinical Laboratory Studies | 501 | ||
21.1.5 MHRA GXP Data Integrity Guidance and Definitions | 501 | ||
21.1.6 WHO Guidance on Good Data and Record Management Practices | 502 | ||
21.1.7 PIC/S-PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 503 | ||
21.1.8 Regulatory Compliance Summary | 504 | ||
21.1.9 Role of the Laboratory in Ensuring Data Integrity | 505 | ||
21.2 Data Integrity Audits: Planning and Execution | 505 | ||
21.2.1 Rationale for Data Integrity Audits | 505 | ||
21.2.2 What Are the Objectives of a Laboratory Data Integrity Audit | 505 | ||
21.2.3 What Will We Audit The Data Integrity Inventory and Data Criticality | 506 | ||
21.2.4 What Is the Order and Frequency of Audit | 506 | ||
21.2.5 Who Will Conduct the Audit | 508 | ||
21.2.6 Data Integrity Audits and Periodic Reviews of Computerised Systems | 508 | ||
21.2.7 Procedure and Checklist for a Data Integrity Audit | 509 | ||
21.3 Conducting a Laboratory Data Integrity Audit | 510 | ||
21.3.1 Relationship Between the Data Integrity Model and a Data Integrity Audit | 510 | ||
21.3.2 Overview of the Analytical Process for a Laboratory Data Integrity Audit | 511 | ||
21.3.3 Expectations for Laboratory Records | 513 | ||
21.3.4 Auditing Records and Data from Sampling to Report | 513 | ||
21.3.5 Checking the Configuration Settings of Computerised Systems | 515 | ||
21.3.6 Identification and Investigation of Laboratory Out of Specification Results | 516 | ||
21.3.7 Photographs to Support Audit Observations and Findings | 516 | ||
21.3.8 Reporting the Audit | 517 | ||
21.4 What Is a Forensic Approach to Data Checking | 517 | ||
21.4.1 Forensic Data Analysis | 517 | ||
21.4.2 Recovery of Deleted Files | 518 | ||
21.4.3 Forensic Data Analysis Techniques | 519 | ||
21.5 Triggers for a Data Integrity Investigation | 519 | ||
References | 520 | ||
Chapter 22 - How to Conduct a Data Integrity Investigation | 521 | ||
22.1 What the Regulators Require | 521 | ||
22.1.1 WHO Guidance on Good Data and Record Management Practices | 522 | ||
22.1.2 FDA Guidance on Data Integrity and Compliance with CGMP | 523 | ||
22.1.3 FDA Application Integrity Policy | 523 | ||
22.1.4 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 524 | ||
22.1.5 Summary of Data Investigation Regulations and Guidance | 525 | ||
22.2 Case Study 1: Software Error Investigation | 527 | ||
22.2.1 Case Study 1 Background | 527 | ||
22.2.2 Sequester a Copy of the System and the Data | 527 | ||
22.2.3 Temporary Resolution of the Problem | 528 | ||
22.2.4 Systems Approach to the Issue | 528 | ||
22.2.5 Time Frame of the Potential Data Integrity Vulnerability | 528 | ||
22.2.6 Investigating the Impacted Database | 529 | ||
22.2.7 Informing Regulatory Authorities | 529 | ||
22.3 Case Study 2: Data Falsification Investigation | 530 | ||
22.3.1 Case Study Background | 530 | ||
22.3.2 Meeting the Intent of the Application Integrity Policy | 531 | ||
22.3.3 Scope of the Data Integrity Investigation | 533 | ||
22.3.4 Approaches to the Investigation of Laboratory Data Integrity Issues | 533 | ||
22.3.5 Do Not Just Focus on Data Integrity Violations – Look Also for Poor Practices | 534 | ||
22.3.6 Investigation of Tests Using Observation | 534 | ||
22.3.7 Investigation of Simple Analytical Testing | 535 | ||
22.3.8 Investigation of Analytical Testing by Chromatography | 535 | ||
22.3.9 Staff Interviews | 536 | ||
22.3.10 Findings and Their Classification | 537 | ||
22.3.11 Root Cause of Data Integrity and Poor Data Management Practices | 540 | ||
22.3.12 Assessment of Material Impact | 543 | ||
22.3.13 CAPA Plans: Short-term Remediation and Long-term Solutions | 544 | ||
22.4 Summary | 545 | ||
References | 545 | ||
Chapter 23 - Data Integrity and Outsourcing | 547 | ||
23.1 What the Regulators Want | 547 | ||
23.1.1 WHO Guidance on Good Data and Record Management Practices | 547 | ||
23.1.2 PIC/S PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments | 549 | ||
23.1.3 Regulatory Guidance Summary | 551 | ||
23.2 Cetero Research Laboratories Data Falsification Case | 552 | ||
23.3 Include Data Integrity in Supplier Assessment/Audit | 553 | ||
23.3.1 Current Approaches to Laboratory Audit | 553 | ||
23.3.2 Extending Assessment to Include Data Integrity | 554 | ||
23.4 Initial Data Integrity Assessment of a Facility | 554 | ||
23.4.1 Initial Selection of the Contract Laboratory | 555 | ||
23.4.2 Do Not Forget the Scientific and Technical Competence of the Supplier | 556 | ||
23.4.3 Request for Pre-audit Information | 556 | ||
23.4.4 Planning the Audit | 557 | ||
23.4.5 Data Governance and Data Integrity in the Context of a PQS | 557 | ||
23.4.6 Investigate Electronic Record Controls | 558 | ||
23.4.7 Conclusion of the Audit | 559 | ||
23.5 Agreements and Contracts for Data Integrity | 560 | ||
23.5.1 Main Data Integrity Contractual Responsibilities | 560 | ||
23.5.2 Using the Same Chromatography Data System | 561 | ||
23.5.3 Storage of the Records Generated | 561 | ||
23.6 On-going Monitoring of Work and Audits | 561 | ||
23.6.1 Risk Based Approaches to Monitoring | 562 | ||
23.6.2 Monitoring the Results | 562 | ||
23.6.3 Remote Assessment of Work Packages | 563 | ||
23.6.4 On-site Audits | 563 | ||
23.6.5 Contract Analytical Work with Your Eyes Open | 564 | ||
References | 564 | ||
Chapter 24 - Data Integrity Audit Aide Memoire | 565 | ||
24.1 What the Regulators Want | 565 | ||
24.1.1 EU GMP Chapter 9 Self-inspections | 565 | ||
24.1.2 Data Integrity Guidances for Audits | 566 | ||
24.1.3 Regulatory Requirements Summary | 566 | ||
24.2 Audit Aide Memoire for the Foundation Layer: Data Governance | 566 | ||
24.2.1 Management Leadership for Data Integrity | 567 | ||
24.2.2 Corporate Data Integrity and Ethics Policy | 568 | ||
24.2.3 Data Integrity Training | 568 | ||
24.2.4 Data Ownership for Computerised Systems | 570 | ||
24.2.5 Data Ownership for Manual Processes | 570 | ||
24.2.6 Establishment and Maintenance of an Open Culture | 570 | ||
24.3 Audit Aide Memoire for Level 1: AIQ and CSV | 571 | ||
24.3.1 Overview | 571 | ||
24.3.2 Analytical Instrument Qualification | 571 | ||
24.3.3 Computerised System Validation | 571 | ||
24.3.4 Validating Interfaces Between Computerised Systems | 571 | ||
24.4 Audit Aide Memoire for Level 2: Analytical Procedure Validation Life Cycle | 571 | ||
24.4.1 Procedure Design (Method Development) | 574 | ||
24.4.2 Analytical Procedure Performance Qualification (Method Validation) | 576 | ||
24.4.3 Method Application: Control and Monitoring | 576 | ||
24.5 Level 3: Study and Batch Analysis Data Integrity Aide Memoire | 576 | ||
24.5.1 Routine Analysis Data Integrity Aide Memoire | 577 | ||
24.5.2 Audit of Paper Analytical Records | 579 | ||
24.5.3 Audit of Hybrid Laboratory Computerised Systems | 579 | ||
24.5.4 Validation and Use of a Spreadsheet | 579 | ||
24.5.5 Chromatography Data System Aide Memoire | 579 | ||
24.6 Quality Assurance Oversight Aide Memoire | 579 | ||
24.6.1 Routine Checks of Study or Batch Records | 582 | ||
24.6.2 Data Integrity Audits | 582 | ||
24.6.3 Data Integrity Investigations | 584 | ||
Acknowledgements | 584 | ||
References | 584 | ||
Subject Index | 586 |