background image for GxP Lifeline
GxP Lifeline

How to Avoid Warning Letters for Data Integrity Nonconformances

Data Management Best Practices to comply with Data Integrity Regulations.

In 2018, the U.S. Food and Drug Administration (FDA) published its final guidance detailing how companies developing regulated products need to maintain and ensure the integrity of their data throughout the product’s life cycle. The bottom line is the FDA expects that all data be complete, reliable, accurate, and consistent. Data integrity is established where the data is stored and managed in its original form.

To be confident that no corners were cut or data was falsified in product development, the FDA expects manufacturers to ensure all data meets the guidelines outlined in the ALCOA acronym:

  • Attributable - Easily identified to the person who collected the data, the data’s place of origin, and the time the data was collected.
  • Legible - Data should be easily read for as long as the data exists.
  • Contemporaneously recorded or a true copy - The date and time the data was collected should
  • Original - The original data records need to be preserved throughout their life cycle, meaning the data storage processes and materials need to be durable.
  • Accurate - Data needs to be error free and high quality. All changes must include supporting documentation.1

Data Integrity Violations Are Alarmingly High

The FDA has released several guidance documents detailing its current thinking and policies on data management. Still, data integrity, or the lack thereof, keeps appearing in warning letters and remains a hot topic in industry publications. This is highly concerning to the FDA because violations continue to present an unacceptable level of risk to the public - not to mention product shortages. Nevertheless, data integrity observations are continuing on an upward trajectory. In 2021, 65% of FDA warning letters addressed data integrity problems. This is up from the 51% reported in 2020.2

Getting to the Core of Data Integrity Nonconformance

The data integrity issues cited in warning letters tend to have a recurring pattern. Incomplete production record data, incomplete lab data, and deficient access controls regularly top the list of the most common data integrity observations. A deep dive into these violations could reveal a deficiency of the company’s quality management system (QMS) and data integrity assurance strategy. This means companies are likely struggling to ensure data integrity at the quality governance level. Below are recommendations for how to right the data integrity ship.

Put on the Regulator’s Hat

Part of the data integrity compliance shortfall is simply that companies have an abundance of data. This inherently makes data oversight much more unwieldy. The goal of data integrity is to maintain data quality, much like manufacturing systems are developed with the goal of maintaining product quality.

When creating a data integrity strategy, consider putting yourself in the position of the regulator and look at the intent of the data management regulations. Ultimately, data integrity and all other regulatory guidelines are in place to ensure that all products put on the market for public health purposes are high quality, safe, and effective. It’s important to closely follow the data management best practices outlined in the guidance in order to achieve those objectives with the products you deliver.

Make Data Integrity a Continuous Process

Regulated products move through various stages during manufacturing and throughout their life cycles. To produce high quality and compliant products, companies are encouraged to embed quality at each phase of the product’s life cycle. Just like a product being manufactured, data moves through different phases as it is processed and verified. Therefore, it makes sense to apply the same amount of attention to ensuring data integrity (data quality) throughout the data’s life cycle.

An effective strategy for maintaining data integrity is implementing a modular approach to achieving compliance. Using the ALCOA guidelines, clearly define each task in every data management process that needs to be completed for compliance. Giving consistent attention to each individual focus area is a good way to prevent overlooking critical tasks and remaining in compliance with data management regulations.

Formally Plan Your Data Integrity Strategy

Achieving data integrity compliance involves a cultural change rather than simply completing a short project. That said, create a detailed plan for how the entire organization can contribute to proper data management best practices and data integrity compliance.

When creating your plan, carefully consider your current state. Assess the compliance status of your existing systems as well as the scope of your company’s data integrity efforts. Lack of clarity in any area of the organization commonly leads to data integrity issues.

Leverage QMS Technology

Regulators rarely prescribe technologies or strategies for achieving compliance. The “how” is usually left up to the individual companies. The systems companies put in place for record and data management are simply their own approach or a strategy for ensuring data quality. Retrofitting data management controls into an existing GxP quality management system is difficult, especially with a paper-based system where data is unstructured and stored in files and bankers boxes. This scenario is a recipe for lost files, inaccurate or incomplete data sets, and a plethora of data integrity violations.

Your product needs to comply with the regulatory standards for quality before it can go on the market - data integrity is an essential component for compliance. With so many opportunities for data integrity lapses, companies that digitize their QMS and data management processes are able to gain tighter control of data oversight.



David Jensen is a content marketing specialist at MasterControl, where he is responsible for researching and writing content for web pages, white papers, brochures, emails, blog posts, presentation materials and social media. He has over 25 years of experience producing instructional, marketing and public relations content for various technology-related industries and audiences. Jensen writes extensively about cybersecurity, data integrity, cloud computing and medical device manufacturing. He has published articles in various industry publications such as Medical Product Outsourcing (MPO) and Bio Utah. Jensen holds a bachelor’s degree in communications from Weber State University and a master’s degree in professional communication from Westminster College.

Free Resource
Mastering Data to Drive Medical Device Innovation to 2030

Enjoying this blog? Learn More.

Mastering Data to Drive Medical Device Innovation to 2030

Download Now
[ { "key": "fid#1", "value": ["GxP Lifeline Blog"] } ]