USFDA New Data Integrity and Compliance Guideline at a Glance

In recent years, CGMP violations related to data integrity was increased during FDA inspections. In order to protect the public health it is the responsibility of manufacturer/firms to ensure the safety, efficacy, and quality of drug products. As a result of data integrity-related CGMP violations many manufacturer/firms has got regulatory actions, including warning letters, import alerts etc.

However Data Integrity related requirement of FDA is available in 21 CFR Part 211 & 212

In December 2018 FDA has published New data Integrity Guideline which contains guidance on different data integrity issues &  let’s have a look on below points.

1.Some questions & answers related to Data Integrity definition like What is Data integrity, What is Metadata, What is Audit Trail, What is Static & dynamic records, what is the term backup, and what are computer or related system.

Metadata : The data that describes the attributes of other data and provides context and meaning.

Audit Trail : A secure, computer generated, time stamped electronic record that allows for reconstruction of the course of events relating to the creation, or deletion of an electronic records. An audit trail is the arrangement of events of the who, what, when & why of a record

Static is used to indicate a fixed-data record such as a paper record or an electronic image and Dynamic means that the record format allows interaction between the user and the record content.

Related : ALCOA & ALCOA PLUS for Data Integrity

2. Before release of the product to the market the same must be evaluated and maintained by the quality unit. Invalidated test results should be recorded with supporting data. Invalid test results must be documented & justified on the basis of a scientifically investigation. The data in the Paper-based and electronic form should be reviewed & kept.

3.The computer system should be validated . Use of invalidated system may impact on the product quality of the product. so controls should be designed to validate a system for its intended use like software, hardware, and documentation.

4. Computer system must be used & records can be made only by authorized personnel who are competent for that activity. The system administrator role, including any rights to alter files and settings, should be assigned to personnel independent from those responsible for the record content. Computer system access privileges should be given based upon the persons experience & skill. A list of Authorized persons should be displayed in the work place.

5. When login credentials are shared, a unique individual cannot be identified & FDA does not allow to share login information between the persons/users. Person can share read only user account to view data in computer system by which user cannot modify or create or delete data.

6. The CGMP documents or record generated in the form of Binding Logbooks & loose formats must be controlled & all these records should have issuance records. Reconciliation should be made for each issued documents or records.

7. Audit trail review is similar to assessing cross-outs on paper when reviewing data. Personnel responsible for record review under CGMP should review the audit trails that capture changes to data associated with the record as they review the rest of the record. The person supervising or checking the information can also review the Audit Trial data.

8. Audit trail should be reviewed after each significant steps like manufacturing, processing, packing, or holding, and required data should be review before batch release. The review frequency can be decided based upon the evaluation of data criticality, control mechanisms, and impact on product quality.

9.Electronic copies can be used as true copies of paper or electronic records, provided the copies preserve the content and meaning of the original record, which includes all metadata required to reconstruct the CGMP activity and the static or dynamic nature of the original records. True copies of dynamic electronic records may be made and maintained in the format of the original records.

10. PH meters, Conductivity meter and balances may create a paper printout as the original record & in this case, the paper printout or a true copy must be retained The original laboratory records, including paper and electronic records, are subject to second-person review  to make certain that all test results and associated information are appropriately reported.

11. Electronic signatures with the appropriate controls can be used instead of handwritten signatures or initials in any CGMP required record. Firms using electronic signatures should document the controls used to ensure that they are able to identify the specific person who signed the records electronically.

12. FDA expects processes to be designed so that data required to be created and maintained & cannot be modified without a record of the modification. For Example HPLC analysis data should be saved upon completion of each step or injection instead of at the end of an injection set, and changes to the data or injection sequence should be documented in an audit trail.

13.System suitability tests should be performed according to the firm’s established written procedures which should include the identity of the preparation to be injected and the rationale for its selection. If an actual sample is to be used for system suitability testing, it should be a properly characterized secondary standard.

14.Written procedures must be established and followed for chromatography analysis.FDA required complete data in laboratory records, which includes but is not limited to notebooks, worksheets, graphs, charts, spectra, and other types of data from laboratory instruments.

15. Any falsification or alteration of data or records must be fully investigated under the CGMP quality system to determine the effect of the event on patient safety, product quality, and data reliability. & necessary corrective actions to be taken to determine the root cause. FDA invites individuals to report suspected data integrity issues that may affect the safety, identity, strength, quality, or purity of drug products at

16. Personnel involved in the Processing, testing & performing the activity must have the education, training, and experience, to perform their assigned duties & to prevent and detect data integrity issues.

17. All the records or data whether it is generated through computerized systems or electronic form or paper are subject to FDA inspection. example an email to authorize batch release is a CGMP record that FDA may review & firm must allow to review such type of documents.

18. In order to identify data integrity lapses which can can influence CGMP-related or drug application data or can affect the quality of the drug product the firm may appoint third-party auditor. Firm also may include improvements in quality oversight, enhanced computer systems, and creation of mechanisms to prevent recurrences (the fact of occurring again) and address data integrity breaches.


10 thoughts on “USFDA New Data Integrity and Compliance Guideline at a Glance

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s