In recent years, several current good manufacturing practice (CGMP) violations involving data integrity have been observed by the U.S. Food and Drug Administration (FDA) during inspections. Data integrity in the drug industry is a vital element to ensure the safety, efficacy and quality of drugs.
The purpose of this article is to introduce key elements of data management and security for data generated by good manufacturing practice (GMP)/good laboratory practice (GLP) instruments used in the drug industry. With an abundant number of laboratory and manufacturing instrumentation available to the industry, there is no one data management/security solution to accommodate all applications.
Various regulatory agencies have established guidelines for data management and security. Below is a list of agencies and the corresponding requirements:
Enjoying this article? You may also enjoy this White Paper:
6 Big Data Concepts Every Life Sciences Executive Needs to UnderstandDownload Free White Paper
Data storage locations must be secured to prevent data from being saved to unauthorized file storage locations, including removable devices. One way of securing data is to implement local security groups or active directory groups to the data storage folder where only users in certain security groups have permissions to access the folder. It is good data integrity practice for system administrators to remove, delete and modification permissions from folders containing original CGMP/GLP raw data. In certain software applications, the removal of delete and modification permissions through the operating system will prevent the application from saving data to the folder. In such cases, third party software applications can provide solutions for restricting access to the folder without modifying Windows NTFS permissions.
Audit trails are a key element to permit detection and prevent manipulation of records. Sound data integrity practice involves retaining audit trail and all relevant metadata that support GMP/GLP processes and data reporting. Ideally, software applications for GMP and GLP environments should be 21 CFR Part 11 compliant as well as Annex 11 compliant.
The following examples will go over common and unique situations for handling data storage and backup/archiving for data retention.
1. Standalone Systems
Standalone systems generally are instruments that either have built-in firmware or computer workstations which are not connected to a network. Some of the advantages of implementing standalone systems is they are inherently protected from network hacking or intrusion. For such systems, data is stored in the instrument firmware or the local hard drive of the computer workstation.
To support the backup of data from the local hard drive, there are numerous products on the market that can create full system backup images of the local hard drive. Storage devices like USB devices or portable hard drives can be used to migrate data from the firmware to a computer workstation and then be backed up by tools mentioned above.
2. Network Servers
A network server can be used as a central data repository system for instrument workstations that are networked. In a network server, data migrates from the application installed on a local workstation to secure directories in the server. It is critical to ensure that the network server is secured with appropriate access controls that are managed by company policies. A secondary backup of the network server should be in place. A risk assessment should be implemented to assess the frequency of backups.
3. Networked Database Server
A networked database server is a database management system (DBMS) which controls access to data, defines data types and allows searching of information and computing derived information. Applicable software applications are designed to store proprietary and non-proprietary data using database management languages. DBMS systems provide framework for enforcement of data privacy and security. Multiple systems can store data to one database or multiple instances of the database on the same server. This solution is ideal when storing vast amount of data and effectively helps end users share data fast and efficiently. Administration of database servers it vital to the security of the data; authorized administrators should manage these databases. It is essential to back up the primary database for the system. The database backup will duplicate or copy the database instance. This will ensure a backup solution in case of primary database crash, corruption or loss. The backed-up instance can be restored on the database server with appropriate company procedures and guidelines .
4. Backup of a Networked PC or Local Database
In cases of application software which only have the capability to store data to the local hard drive or local databases, solutions can be implemented to provide migration solutions. If using VB scripts, Windows task scheduler can be utilized to automatically execute the scripts to move data from the local hard drive to the network server to backup data. It is good practice to implement secondary backup solutions for all GMP/GLP data.
Armando Coronado is a graduate of the University of Florida with a bachelor’s degree in microbiology and cell science. He began his career in the pharmaceutical industry in 2005 when he joined Talecris Biotherapeutics, now formally known as Grifols. During his time at Talecris/Grifols, Coronado supported R&D and assay support groups for in-process product manufacturing of plasma derived products. In 2008, he transitioned to Cirrus Pharmaceuticals, where he honed his skills in analytical instrumentation, method development and method validation in a GMP environment. Coronado brought his talents to the validation industry by joining the Sequence team in 2011. He is currently working in the laboratory compliance division at Sequence. Most recently, he managed the commissioning, qualification and implantation of a gene therapeutic laboratory. The laboratory validation used a risk-based approach to implement best practice applications to satisfy data integrity and CGMP requirements. He is a subject matter expert in regulatory compliance in the pharmaceutical industry focusing on computer system validations, data integrity, data management, quality assessment and validation management. Coronado is well versed in the implementation of 21 CFR Part 11 and Annex 11 required systems. Sequence is a Referral Partner of MasterControl.
Vidhya Ranganathan is a senior consultant & team lead at Sequence, and has been with the company since 2011. She has a wealth of experience working with pharmaceutical and biotech clients, helping them implement new instruments and equipment in a compliant manner, with a focus in data integrity. Using a risk-based approach to quality control and compliance, she has successfully delivered solutions that weave quality and data integrity into business processes.
Whether working on implementation of new systems or on critical quality components (CAPA, audits, etc.), Ranganathan provides clients with support and guidance to maintain compliance, considering each client’s business need. She has played an active role in the generation and review of standard operating procedures and technical documentation in support of validation and remediation for data integrity. Her direct experience includes facilitating data process flowcharts, process risk assessments, change management, instrument and equipment validation plans and protocols. Ranganathan holds a bachelor’s degree in biotechnology and is a member of the American Society of Quality Professionals (ASQ). Sequence is a Referral Partner of MasterControl.