Attributable : Data Integrity Issues
Attributable means information is captured in the record so that it is uniquely identified as executed by the originator of the data (e.g. a person or a computer system).
Common User ID and Password or Sharing
Disable of Audit Trail: Not able to identify the person who did the activities or changed
Admin User ID is as “Admin” and Who is access? Not able to identify
Analyst does not log out of Window/ Application Software. Subsequent analysis is performed by second analyst under same login in Window/ Application Software or Same analyst started another activity
Two persons are performing the activity and one person is signing
Design of Forms/ Records: BPR/ QMS Events does not have space for recording observation or additional information/ signature
Legible : Data Integrity Issues
The terms legible and traceable and permanent refer to the requirements that data are readable, understandable, and allow a clear picture of the sequencing of steps or events in the record so that all GXP activities conducted can be fully reconstructed by the people reviewing these records at any point during the records retention period set by the applicable GXP.
Handwriting should be readable by others
If Chemists handwriting is not readable like prescription, it will be assumption
Any Correction shall be done as per Good Documentation Practices (GDP)
Data printouts shall be readable. No smudged letters/ Fade Ink Cartridge No Write Over’s and Usage of Correction Fluids/ Eraser or Pencil
Contemporaneous : Data Integrity Issues
Contemporaneous data are data recorded at the time they are generated or observed.
Second person/ Witness (e.g. Weight) enter the data by observer at the actual time, but second person only signing data at the end of shift
Checklist/ Raw Data Sheet is filled by Doer/ Reviewer in a later time after the activity is completed
Recording data in white paper/ scrap paper/ post it and entered the data in actual record later
Unavailability of Form, Raw Data Sheet and Log books at the time of related
activity/ right place
Time clock is not available/ accessible where the activity is performed. E.g. Time Synchronization with Instruments not done
Non compliance with Good Documentation Practices (Back date/ Forward date)
Original : Data Integrity Issues
Original data include the first or source capture of data or information and all subsequent data required to fully reconstruct the conduct of the GXP activity.
The GXP requirements for original data include the following:
original data should be reviewed;
original data and/or true and verified copies that preserve the content and meaning of the original data should be retained;
as such, original records should be complete, enduring and readily retrievable and readable throughout the records retention period.
Modify/ Deleting the Original Data
Operator writes down data into scratch paper and then transcribes it into batch record
Results written onto a new Work sheet because Original Worksheet got smudged/ torn. Old sheet discarded
Supporting Data/Raw Data is Unavailable/ Destroyed/ Discarded
Data print out is retained as raw data, Original electronic record which contain meaningful metadata is discarded
Accurate : Data Integrity Issues
The term “accurate” means data are correct, truthful, complete, valid and reliable.
Operator records a passing value for Assay Result, even though they never performed the test, as they assume that these attribute never fails
Actual result is failing, so data is discarded; the system adjusted to get passing results to avoid an OOS Flow meter readings are recorded with “typical” value, rather than the (Start and End) actual value accidentally reversed
Data from passing run is re-named, and used for a different sample to ensure the result is within specification
Complete : Data Integrity Issues
All data are available, nothing has been deleted (evidence: audit trail).
Deleting selective data (Deviation/ OOS) and retaining desired data Worksheets/ Lab.
Notebooks not controlled or reconciled
Data print out without Instrument ID, Analyst Name, Method Name, Date or Time of AnalysisThree technicians/ analysts worked on a complex calibration procedure, but only one person’s name is on the record
Data print out is retained as raw data, original meaningful meta data is discarded.
Consistent: Data Integrity Issues
All data are available, nothing has been deleted (evidence: audit trail).
Batch Record Steps/ Analytical Methodologies are filled inconsistently-based on operator’s time to report the data
Recorded information may found ambiguity in the process or data, which may be due to inadequate design of worksheet/ format.
For example; parallel activity/ Sequential activity…
System allows to preview data prior to naming or saving the record
System flashes the result and the result disappear before Operator can record the data. For example; rpm of Reactor
Enduring: Data Integrity Issues
Data are accessible for an extended period of time – after 20 years.
Thermal paper is used for equipment print outs, but copies are not made available
Poor quality of Printed Report/ BPR/ Worksheet/ Test Data Sheet
New software upgraded for the system, but existing data could not be retrieved due to Old version of the Software
Not storing the data from system/ not taking back up
Record the data in temporary manner and forget. For example; Q.C Chemists Write in Butter Paper, Post-It Notes etc.
Available: Data Integrity Issues
Data are accessible over the lifetime of the product.
OOS results are hide out in separate folder and/ or frequently deleted
Files are not backed up and data is deleted from the system periodically
Records are not achieved until its complete retention period
Validated Spreadsheet is not backed up
Typical Content in Warning Letter :
Firm did not identify, report or investigate OOS/ OOT/ OOE/ OOC/ Deviation/ Lab Incident and Selectively reported only passing results
Firm did not retain any raw data related to sample weights and sample preparations for Previous Analysis and Repeat the analysis next day using a new set of sample solutions and reported the retest result
During Inspection, Q.C Chemist admitted that under the direction of senior colleague, he had recorded false data in the lab Notebook/ Q.C Chemist admitted that he was told by Supervisor to sign the record/ protocol/ report. However, he was not involved either as Doer/ Reviewer
Documentation is first done on loose sheets of paper and recorded in batch record
Q.C Chemist label sample “trial” injections as Standard rather than by actual sample batch numbers
Firm deleted multiple HPLC data files acquired
USFDA Inspector found an operator/ analyst performing in-process weight checks; memorizing two “weights”, going to the next room where the batch records are kept and documenting the same
Creating acceptable test result without performing the test
Access Control is not implemented in GC, FT-IR and HPLC to prevent unauthorized access and control
Backdating Stability test results to meet the required commitments
Torn raw data records/ un attended paper found in Dust bin or Waste Area
Training was not provided to Operator/ Analyst/ Reviewer on SOP related to Operation, Calibration & P.M of Instrument/ Equipment or On Job Training for Instrument/ Equipment. However, he is doing activity on that particular Instrument/ Equipment.
Site Specific Training Program is not Effective. For example; Training Record of Employee Mr. XYZ shows that he has taken training on 8 SOPs dated DD/MM/YY
Your Firm failed to exercise appropriate controls over Computer or related Systems to assure that only authorized personnel institute changes in Master Production and Control Records or Other Records (21 CFR 211.68 (b))
Your FT-IR Spectroscopy computerized system did not have appropriate controls in place to prevent deletion of raw laboratory data
Specifically, this data is used to create an internal certificate of analysis to release drug components for drug product manufacturing
Further you did not have appropriate password protection of your software to prevent unauthorized access to data
In your response, you stated that you have password protected the software for FT-IR System and only chemist has the access to the data. You also stated that FTIR data is backed up to an external hard drive and a copy is printed and included as part of raw material test data package.
Your response is inadequate as it did not provide a retrospective review of the integrity of your FT-IR, details regarding instrument audit trail till the discrepancy found and an evaluation of effectiveness related to computer system change
Failure to have a Quality Unit that is independent of Production and fulfills Quality Assurance (Q.A) and Quality Control (Q.C) duties
Failure to have a Quality Assurance (Q.A) Department that is independent of Quality Control (Q.C) Department and fulfill respective duties
Firm’s Complaint SOP “Handling of Product Complaints” requires all complaints be investigated, reviewed and closed within 30 Working days.
In addition; the SOP related to Handling of Product Complaints does not require any formal request for extension and approval in case the complaint investigation is Overdue. Few Complaints as Stated below were kept open for extended period of time such as 180 days, 120 days & 100 days without a written justification.
Opportunity Vs Motivation Vs Control :
|Unclear or Inadequate Procedures||Pressure to Succeed|
|Lack of Control over Forms and/ or Samples||Lack of Training|
|Controls not forcing Accountability||Inefficient Review/ Insufficient Time for Review|
|Disjointed Electronic Systems||Role and Accountability of Subject Matter Expert (SME) is not Utilized|
|Too many Transcription Steps||Operational Inefficiencies|
Mitigation for Data Integrity Issues :
D.I Issues would be less, If:
The process is well understood
Understand risk in the process
Do not leave with issue
Initiator shall not think that reviewer will find mistake and correct. And the Reviewer shall not think that 2nd Reviewer will take care of entire documents
Understand and Correct them
|STRATEGY||DEVELOP STRATEGY, IDENTIFY AND GET SUPPORT FROM THE MANAGEMENT|
|Culture||Build into Organizational Culture and to change the Mindset and Behavior|
|Training||Provide Appropriate Training by Q.A & Cross Functional Department like Q.C, Production, I.T etc. Involve Team and bring Initiative depending upon Concerned SOP and SMEs|
|Detection||Identify thro Strong Internal Audit Audit Trail Review Program Identify Regulatory Expectations|
|Prevention||Risk Assessment/ Internal Audit on D.I|
Tips For Data Integrity-Implementation
Promoting and Supporting Quality Culture
Establish a Data Integrity (D.I) Policy
Describe D.I and Consequences of D.I Breach/ Falsification of Data
Training on D.I Policy and Procedure
Establish Good Documentation Practices (GDP) so that the most frequent and complicated recording issues cannot be deemed as fraudulent
Design systems so as to prevent D.I Issues
- Keep BPR/ Logbooks at work place to access and record
- Control over formats/ templates/blank papers for data recording
- Setting proper access to users/ audit trail
- Connect Recorder/ Print Out attach to Instruments like Analytical Balance, pH meter
- Time Synchronization with Digital Clock/ Server
Quality Risk Management Processes and Identifying Risk Factors so as to Mitigate Identified Risks
Qualification/ Calibration/ Preventive Maintenance of Instrument/ Equipment
Computer System Validation (CSV) 11) Control of Documents and Records
Training on SOPs & On Job Training by SMEs, Analyst & Reviewer Qualification
Data Review Policy
Strengthen Internal Audit
Effective CAPAs- Systematic Assessment in all area
Quality Management Performance Review Meetings
Data Integrity-What We Have To Do?
Enter Data and Sign or Initial on Original Record in a Contemporaneous manner (On line/ At the time of Activity)
Record/ Enter Date & Time as per Procedure
Data shall be accurate
Keep inform Superior in case of Deviation
Self Introspection for Top Management to Employees :
Is Quality a Critical factor for Company’s Decision Processes?
Are We Compliant with ALCOA+ Principles in Our Daily Work?
Do We meet the requirements of Regulatory Guidelines?
Where do we have problems or deviations regarding Data Integrity (D.I) Issues?
Which Employees have difficulty with Implementation & follow of ALCOA+ Principles?
Do we live by the principles of a comprehensive Quality Culture?