The recent trend of increasing CGMP violations involving data integrity identified during FDA inspections has created a cause for concern with the agency. This trend is “troubling because ensuring data integrity is an important component of industry’s responsibility to ensure the safety, efficacy, and quality of drugs, and of FDA’s ability to protect the public health.” Currently the FDA acts on these violations by issuing regulatory actions such as “warning letters, import alerts, and consent decrees.”
In April 2016, the FDA issued a question-and-answer-based draft guidance entitled “Data Integrity and Compliance with CGMP Guidance for Industry”. This guidance clarifies the role of data integrity in current good manufacturing practice (CGMP) for drugs.
“CGMP regulations and guidance allow for flexible and risk-based strategies to prevent and detect data integrity issues.” The agency expects data to be reliable and accurate to help ensure the safety of patients. “Firms should implement meaningful and effective strategies to manage their data integrity risks based upon their process understanding and knowledge management of technologies and business models.”
While guidances are not binding, FDA does tend to rely on guidance during inspections and in making enforcement decisions.
The 21 CFR Part 211 and 212 regulations that FDA emphasizes in the draft guidance as forming an integral part of the data integrity requirements include:
- Requiring that backup data are exact and complete, and secure from alteration, inadvertent erasures, or loss;
- Requiring that data be stored to prevent deterioration or loss;
- Requiring that certain activities be documented at the time of performance and that laboratory controls be scientifically sound;
- Requiring that records be retained as original records, true copies, or other accurate reproductions of the original records; and
- Requiring complete information, complete data derived from all tests, complete record of all data, and complete records of all tests performed.
This guidance applies to human and animal drugs and biologics and defines terms like ‘data integrity’, ‘meta data’, ‘audit trail’. From this base level the Q&A document dives into specific questions such as:
- Does each workflow on a computer system need to be validated?
- When does electronic data become a CGMP record?
- Is it acceptable to only save the final results from reprocessed laboratory chromatography?
- Should personnel be trained in detecting data integrity issues as part of a routine CGMP training program?
- How does the FDA recommend data integrity problems identified during inspections, in warning letters, or in other regulatory actions be addressed?
The FDA Guidance expects companies to be proactive in ensuring that adequate Data Integrity controls and oversight are implemented prior to an FDA inspection.
FDA link to guidance: