RELATED TRAINING
|
As regulatory and QC professionals, we all understand the important role data plays in maintaining consistent, high-quality, and safe products. What is less well understood is how regulators expect you to collect, maintain, and report that data. Every year, scores of pharmaceutical manufacturers receive unexpected reprimands from FDA and EU regulators on this very issue.
EU auditors and FDA investigators are trained in the principles of data integrity and how it can be compromised. This can take many forms, including:
While many data integrity violations are not the result of malice, it’s important to note that FDA and EU regulators draw no distinction between unintentional and intentional data integrity problems. So, if you’re expecting to find a sympathetic shoulder to cry on after your next audit or inspection, expect a dose of tough love instead…minus the love.
In the US, 21 CFR Part 11 provides very specific guidance to manufacturers on the use of electronic records and signatures. Get up to speed on Part 11 requirements by reading this short article. |
Regulators consider this data to be at highest risk:1 – Data from automated processes associated with product production or testing 2 – Data supporting batch or lot release data 3 – Data supporting long-term stability or shelf life 4 – Postmarket (complaint) data |
There are enough publications related to pharma data integrity to cure insomnia for a year. Don’t try to tackle them all at once. Start with these two short publications to get a high-level overview of how US and FDA regulators think about data integrity:
After that, move on to graduate-level homework by diving into these, in order of relevance:
Over time, FDA and other regulators have been encouraging manufacturers to use critical thinking to implement risk-based decisions about data governance. Rather than focusing on simply collecting the required documentation and focusing on testing activities, the emphasis now is tilted more toward applying critical thinking to identify the most important data, associated vulnerabilities, and appropriate controls. The goal is to develop a strategy and incorporate requirements into your business processes.
Understanding the different states of data is important for effectively managing and analyzing data to extract insights and make informed decisions. Each state of data may require different tools, techniques, and approaches to effectively process and analyze the data. Data security is an essential component of an organization’s business continuity plan; therefore, a combination of technical and physical controls to protect data from unauthorized access, loss, or theft should be well thought out and implemented.
FDA and other regulators see the same problems pop up time and time again. Many of these examples were taken from publicly available FDA warning letters, but there is little doubt that EU regulators see the same issues. They generally fall into four categories.
Category | Recurring Data Themes Cited by Regulators |
Data Completeness & Reliability |
|
Tracking, Access, & Security |
|
Computer Systems Validation |
|
Data Auditing & Training |
|
What does ALCOA mean? The ALCOA acronym describes basic principles for data integrity developed in the 1990s by FDA. The core data principles (attributable, legible, contemporaneous, original, accurate) serve as a framework for data management and documentation practices that help ensure the accuracy, reliability, and completeness of data generated in support of drug development, regulatory submissions, and postmarket monitoring.
Over time, the ALCOA principles expanded and have become widely adopted as a best practice within the pharmaceutical industry and have been incorporated into regulatory guidance documents in various countries around the world.
Attribute | Description |
Attributable |
|
Legible |
|
Contemporaneous |
|
Original |
|
Accurate |
|
+ Complete |
|
+ Consistent |
|
+ Enduring |
|
+ Available |
|
The myriad overlapping guidance documents and regulations related to data compliance and integrity may start to make your head hurt. If you feel a data migraine coming on, consider our deep-dive class on pharma data integrity. Using real-life examples, our instructors will untangle the morass of data compliance requirements, giving you a clear vision of what needs to be done within your organization and how.
US OfficeWashington DC
EU OfficeCork, Ireland
UNITED STATES
1055 Thomas Jefferson St. NW
Suite 304
Washington, DC 20007
Phone: 1.800.472.6477
EUROPE
4 Emmet House, Barrack Square
Ballincollig
Cork, Ireland
Phone: +353 21 212 8530