Rise in Data Integrity Violations Prompts FDA Guidance on Data Handling


EDITOR’S NOTE: This is part of a series of highly popular GxP Lifeline blog posts that we are republishing in order to share their important subject matter and insights with a wider audience and those who may be new to the blog.

Noting an unprecedented increase in data integrity compliance violations, the U.S. Food and Drug Administration (FDA) drafted a question-and-answer-based guidance, “Data Integrity and Compliance With CGMP.” The purpose of the guidance is to reaffirm the current good manufacturing practice (CGMP) guidelines and respond to frequently asked questions regarding data integrity in drug manufacturing.

The FDA finds the increase of data integrity violations troubling. Nevertheless, the agency’s current position on the content of the guidance is that it should be viewed only as recommendations. The use of the word “should” in agency guidances means that something is suggested, but not required.

Still, some of the “shoulds” addressed in the guidance might seem like a tall order for many regulated companies — particularly those using paper-based systems. The FDA commonly encounters issues with the control of paper records, which can easily be discarded or lost. Other concerns include an organization’s handling of blank forms and audit trails. This is where having a digital quality management system (QMS) can help organizations heed the suggestions in the guidance.

#1 How does FDA define data integrity?

A common statement in a regulatory audit is “if it isn’t written down, it didn’t happen.” The guidance on data integrity takes that notion a bit further. The FDA expects data to be attributable, legible, contemporaneously recorded, original or a true copy and accurate (ALCOA)1. The agency expects data to be reliable and accurate, which means companies need to implement meaningful and effective strategies to manage their data integrity risks.

#2 What is metadata? Metadata is the contextual information required to understand data. It’s essentially data about data. A value by itself is meaningless (e.g., 3) without additional information about the data (e.g., 3 mg). To have relevance, documentation needs to be accompanied by attributes like title, author, date/time stamp, etc. It is structured information that describes, explains or otherwise makes it easier to retrieve, use or manage data.

To ensure integrity, changes made to a document’s metadata should be tracked and made available for review. Each time a change is made to any metadata, a user must enter a reason for the change so the data stays current. A digital QMS helps eliminate the common problem of out-of-sync metadata during a revision process. When a document is revised, metadata information, such as document number, revision number and basic information about a document, is updated as well.

#3 What is an audit trail?

As defined in the FDA guidance, an audit trail is a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the events relating to the creation, modification, or deletion of an electronic record. An audit trail is a chronology of the “who, what, when and why” of a record.

A digital QMS automatically tracks all changes. This includes remembering the old field values, date and time of the change, the name of the person who made the change and the reason for the change. This makes the necessary information readily available for the audit trail.

#4 Can electronic copies be used as accurate reproductions of paper or electronic records?

The guidance says that electronic copies can be used as true copies of paper or electronic records. However, it does stipulate that the copies need to preserve the content and meaning of the original data, which includes associated metadata and the static or dynamic nature of the original records. Manufacturers are allowed to keep paper printouts or static records. However, some electronic records are dynamic in nature and the printout or static record does not preserve the dynamic nature of the original electronic record. According to the FDA, this would not fully satisfy the CGMP requirements.

A digital QMS does preserve the meaning of the original record, which includes the associated metadata. You can configure a QMS to keep records indefinitely or for only a specified period. Also, if necessary, you can restore any deleted data.

#5 Does each workflow on the organization’s computer need to be validated?

According to the guidance, a workflow, such as an electronic master production and control record (MPCR), is an intended use of a computer system to be checked through validation. It goes on to say that if you validate your computer system, but do not validate it for its intended use, you cannot know if your workflow is running correctly.

#6 How should access to CGMP computer systems be restricted?

You must ensure that changes to computerized MPCRs or other records and input of laboratory data into computerized records be made only by authorized personnel. The FDA recommends that whenever possible, you should use technology to restrict the ability to alter specifications, process parameters or manufacturing and testing methods (e.g., limiting permissions to change settings or data).

A digital QMS has numerous levels of security to automatically track and ensure the authenticity of each user in the system. The software tracks every signature combination and does not allow duplication or reassignment of the user ID and signature combination. All user IDs and passwords are encrypted and are not available to anyone in the system.

All data generated to satisfy a CGMP requirement is a CGMP record. The data integrity guidance states that in order to comply with CGMP requirements with manufacturing processes, you must document or save recorded data at the time a task or process is performed. Also, all data that is recorded and maintained cannot be modified or discarded.

A digital QMS can be configured to automatically save record data after each separate entry. Automation makes it easier to comply with CGMP standards because all records and data are automatically tracked and updated. This makes finding and retrieving records during audits much faster.

The data integrity guidance does go beyond the standard CGMP requirements because of the criticality of data integrity. Although the guidance is not binding, the agency tends to rely on guidances during inspections and making enforcement decisions2. A digital QMS will enable you better ensure data integrity, maintain an audit-ready state and more easily comply with the regulations that are required.


  1. Data Integrity and Compliance with CGMP Guidance for Industry


  2. Law Blog: FDA’s Draft Guidance on Data Integrity: The Cupola on Tower of Guidances http://www.fdalawblog.net/fda_law_blog_hyman_phelps/2016/04/fdas-draft-guidance-on-data-integrity-the-cupola-on-a-tower-of-guidances.html


David Jensen is a marketing communication specialist at MasterControl. He has been writing technical, marketing and public relations content in technology, professional development, business and regulated environments for more than two decades. He has a bachelor’s degree in communications from Weber State University and a master’s degree in professional communication from Westminster College.

Free Resource

The Ultimate Guide to Digitizing the Shop Floor

Enjoying this blog? Learn More.

The Ultimate Guide to Digitizing the Shop Floor

Get the Guide
[ { "key": "fid#1", "value": ["GxP Lifeline Blog"] } ]