The U.S. Food and Drug Administration (FDA) has long emphasized the importance of data integrity in medical device and other regulated product development. To help companies better understand the regulation and reduce the number of violations, the agency drafted a question-and-answer-based guidance, “Data Integrity and Compliance With CGMP.”(1)
It’s safe to say that the FDA is particular about data management practices. This fact was reiterated by former acting FDA Commissioner Ned Sharpless in response to discovering a data integrity violation involving a high-profile drug manufacturer: “The agency relies on truthful scientific data to make regulatory decisions, and we take the issue of data integrity very seriously.”(2)
The ALCOA acronym establishes a basic formula for data integrity requirements:(3)
Enjoying this article? You may also enjoy this Ultimate Guide:
The Ultimate Guide to Connected Quality DataDownload Free Ultimate Guide
However, the FDA’s expectations for data handling extend beyond this benchmark. This means companies need to implement meaningful and effective strategies to manage their data integrity risks. What it boils down to is falling out of compliance with data integrity leads to:
The following questions from the agency’s Q&A guidance provides valuable insight into proper data management.
Metadata is the contextual information required to understand data. It’s essentially data about data. For instance, a value by itself (e.g., 3) is meaningless without additional information about the data (e.g., 3 mg). To have relevance, documentation needs to include contextual attributes such as:
Outside of providing clarifying information, metadata makes it easier to manage, retrieve and use data.
An audit trail is a secure, computer-generated and time-stamped electronic record. It allows for easy reconstruction of the events (who, what, when and why) relating to the creation, modification, or deletion of the record.
The guidance says that electronic copies can be used as true copies of paper or electronic records. It also stipulates that the copies need to preserve the content and meaning of the original data, which includes associated metadata and the static or dynamic nature of the original records.
Manufacturers are allowed to keep paper printouts or static records. However, some electronic records are dynamic in nature. In this case, the printout or static record does not preserve the dynamic nature of the original electronic record. According to the FDA, the record would fail to meet the CGMP requirements.
The short answer is yes. The FDA’s guidance states that workflows, such as batch records and control records are an intended use of a computer system, which needs to be checked through validation. It goes on to say that if you validate your computer system, but do not validate it for its intended use, you cannot know if your workflow is running correctly.
Any changes to computerized MPCRs or other records as well as the input of laboratory data into computerized records must be completed only by authorized personnel. The FDA recommends that whenever possible, you should use technology to restrict the ability to alter specifications, process parameters or manufacturing and testing methods (e.g., limiting permissions for specific tasks and types of data).
All data generated to satisfy a CGMP requirement is a CGMP record. The data integrity guidance states that in order to comply with CGMP requirements with manufacturing processes, you must document or save recorded data at the time a task or process is performed. Also, all data that is recorded and maintained cannot be modified or discarded.
Because of the criticality of data integrity, the FDA’s guidance expands beyond the parameters of the standard CGMP requirements. While the guidance is not binding, the agency tends to rely on guidances during inspections and when making enforcement decisions.(4)
The FDA is determined to ensure that consumers have confidence in the quality, safety and effectiveness of health care products. In pursuing that initiative, the agency will continue to ramp up its enforcement of data integrity compliance guidelines. That said, companies are urged to implement digitized technologies designed to automatically prevent omission, incorrect entry, unauthorized alteration, etc. of data.
A digital quality management system (QMS) will enable you to ensure the integrity of your data, easily comply with all other regulatory requirements and remain audit-ready at all times. Advantages of a digital QMS specific to data management include:
To learn more about a technology-driven approach to not only ensuring data integrity, but turning data management into a business accelerator, download MasterControl’s exclusive “The Ultimate Guide to Connected Quality Data.”
David Jensen is a content marketing specialist at MasterControl, where he is responsible for researching and writing content for web pages, white papers, brochures, emails, blog posts, presentation materials and social media. He has over 25 years of experience producing instructional, marketing and public relations content for various technology-related industries and audiences. Jensen writes extensively about cybersecurity, data integrity, cloud computing and medical device manufacturing. He has published articles in various industry publications such as Medical Product Outsourcing (MPO) and Bio Utah. Jensen holds a bachelor’s degree in communications from Weber State University and a master’s degree in professional communication from Westminster College.