Reprinted with permission from Colgin Consulting, Inc.
|FDA recently published a new set of seven
questions and answers targeting GMP but applicable
to anyone working in quality assurance.
Recently FDA published a new set of seven questions and answers. Three questions cover data integrity and e-signatures. While the Q&A target GMP, there are lessons to be learned for all of us:
- Maintain the electronic records created by instrument systems used for your GLP and GCP studies - paper printouts are not equivalent.
- Don't share accounts for computer systems - you must be able to attribute actions to an individual.
- Go ahead and use e-signatures - document how you ensure you can identify the signer.
The other questions address destroying audit reports, dealing with high in-process material reject rates, establishing expiry dates for chemicals, reagents, solutions, and solvents, and using actual samples for system suitability testing.
The first two questions bring together in one convenient place Warning Letter citations FDA has been making routinely for the past three years.
Let's explore the three questions about data integrity and e-signatures.
This article is related to the Whitepaper:
Managing Change Control to Comply with FDA and EU Regulations
To get the full details, please download your free copy.
But before we do, let's touch on GCP studies. Sadly, US regulations for GCP studies are not as black and white as the GLPs or GMPs. They don't even supply us with a definition of raw data. Keeping the story short, GCP studies should provide "data capable of meeting statutory standards for marketing approval" and require the investigator to keep "adequate and accurate case histories." I hope we can all agree that lab data obtained from trusting, human volunteers to support decisions allowing the manufacturing and marketing of new drugs should have the same data integrity attributes as nonclinical and manufacturing lab data.
Lab Instrument Data
The first data integrity question asks, how do Part 11 and the predicate rule requirements "apply to the electronic records created by computerized laboratory systems and the associated printed chromatograms that are used in drug manufacturing and testing?"
FDA reminds us that the printed record is not a "true copy" or an "exact and complete" copy of the electronic record. The electronic record includes information "used to create the chromatogram" or establish its validity, including "injection sequence, instrument method, integration method, or the audit trail." Therefore, "the electronic records created by the computerized laboratory systems must be maintained under these requirements."
For GLP studies, Part 58 requires all raw data to be retained and provides a definition of raw data and exact copies. However, for most instruments used in GLP and GCP labs, the printed record will not be an "exact copy" of the electronic record, for the same reasons described in FDA's answer.
What should we do? Maintain the electronic records created by instrument systems used for your GLP and GCP studies - paper printouts are not equivalent.
Shared Login Accounts
The second data integrity question asks, "Why is FDA concerned with the use of shared login accounts for computer systems?"
FDA is so politely professional in their response: "When login credentials are shared and a specific individual cannot be identified through the login, this would not conform to the CGMP requirements."
(Did you know shutterstock.com has no pictures available for Captain Obvious?)
Seriously, finding instrument systems that support multiple users logging on and off during a day of use can be challenging. The good news is that manufacturers are listening, and we're seeing better designs all the time.
Part 58 requires users to be "identified at the time of data input" and audit trails on data changes.
What should we do? Don't share accounts for computer systems - you must be able to attribute actions to an individual.
Finally, "Can electronic signatures can be used instead of handwritten signatures for master production and control records?"
No big surprise here when FDA says, "Yes," and recommends firms "document the controls used to ensure that they are able to identity the specific person who signed these records electronically." This one made me wonder what FDA inspectors have seen.
What should we do? Go ahead and use e-signatures - document how you ensure you can identify the signer.
Jamie Colgin specializes in integrated computer system compliance audits. Unlike other CSV consultants and auditors, her comprehensive approach clearly identifies where your risks and issues are, links them to GLP and GCP regulatory requirements, and visually interprets them for easier understanding and communicating with your executive team or sponsors. Contact her for assistance with audits, mock inspections, remediation, or on-the-job training for your promising staff.
Copyright © 2014 Colgin Consulting, Inc., All rights reserved.