Data Integrity and CSV Compliance Solutions for Drug Manufacturers

WHITE

PAPER

Data Integrity and CSV Compliance Solutions

for Drug Manufacturers

Introduction

The term “data integrity” refers to the completeness, consistency, and accuracy of

generated data. Ensuring data integrity in drug manufacturing operations is not a new

concept - it has been part of the pharmaceutical industry landscape for many decades.

What is new, comparatively speaking, is data integrity protocols for today’s highly digitized

workflows. Beginning in the 1990s, the integrity of electronic data and systems has moved

to the forefront with researchers, manufacturers, and regulators.

A computer system is a set of software and hardware components that is used for

a specific purpose. When data is generated, recorded, and stored by a computer

system during research or production, the computer system becomes part of the data

integrity compliance efforts of drug manufacturers. Hence, the term “computer system

validation,” or CSV, is often mentioned in tandem with data integrity.

Effective data governance programs for drug manufacturing operations will contain

many of the same basic components across the industry. Regulatory requirements for

such vary from country to country.

Here, we review the data integrity and CSV regulatory setting in the United States

(US) and the European Union (EU), discuss some of the trends and challenges drug

manufacturers face, and identify best practices to help them succeed in their data

integrity compliance efforts.

Agencies and Regulations

In the EU, Annex 11 [1] is a supplement to the broader

good manufacturing practice (GMP) rules for medicinal

products published by the European Commission’s Health

and Consumers Directorate-General. Annex 11 focuses on

data integrity in the use of computerized systems as well as

the personnel and third parties involved with that use. The

practices of Annex 11 do not have the force of law, but they

are strongly recommended to ensure electronic data integrity is

achieved and maintained.

In the US, the federal Food and Drug Administration (FDA)

uses the rules in 21 CFR Part 11 [2] to evaluate and enforce

data integrity requirements for electronic records and

signatures in drug manufacturing operations. Part 11 defines

an electronic record as:

“any combination of text, graphics, data, audio, pictorial, or

other information representation in digital form that is created,

modified, maintained, archived, retrieved, or distributed by a

computer system.”

and an electronic signature as:

“a computer data compilation of any symbol or series of

symbols executed, adopted, or authorized by an individual

to be the legally binding equivalent of the individual's

handwritten signature.”

Although Part 11 focuses specifically on electronic records

and signatures, in practice it is part of the broader good

manufacturing practices (GMP) stipulated in 21 CFR Part 211.

[3] For example, Part 11 and Part 211 dovetail in their data

integrity criteria: attributable, legible, contemporaneously

recorded, original, and accurate, commonly known as ALCOA.

Part 11 also overlaps with 21 CFR 312.23(7) concerning the

data integrity of chemistry, manufacturing, and control (CMC)

information required for investigational new drugs before they

can enter clinical trials. [4] These overlaps are not surprising

given that Part 11, Part 211, and Part 312 rules are each

focused on human safety.

FDA Viewpoint of Data Integrity

The last several years have witnessed the FDA increasing

their scrutiny of the data integrity and CSV programs of drug

manufacturers. Understanding how the FDA views and evaluates

data integrity is critical for manufacturers and laboratories in order

for them to maintain compliance and avoid penalties.

An FDA data integrity inspection of a drug manufacturing facility

focuses on one or more of the key elements of Part 11:

1. Computer systems validations

2. Computer- generated, time-stamped audit trails

3. Compliance of “legacy” systems that were operating before

Part 11’s effective date of August 20,1997 but have been

subsequently modified

4. Ability for FDA to inspect, review, and copy records

5. Proper records retention based on “a justified and documented

risk assessment and a determination of the value of the records

over time.”

When inadequacies are noted, the FDA issues a letter to the

company detailing the violation(s) found. When there is no

potential for a violation to cause adverse human health effects,

FDA provides a timeline for the company to complete and report

their remedial actions.

FDA acts swiftly and harshly in response to violations that

could result in adverse human health effects from use of the

drug product. Major violations such as practices that have

resulted in contaminated products, adverse reactions in users,

egregious gaps in a data quality program, and others can result

in manufacturing shutdown, product recall, or other serious

consequences, including hefty fines.

The FDA maintains a database of their inspection findings

and conclusions, which can be helpful for manufacturers in

compliance planning and program review. It is not uncommon

for FDA to increase inspections for violations that are noted

to be on the increase. The agency sometimes issues guidance

documents in order to help manufacturers better understand and

comply with trending problems.

In addition, two general guidance documents issued by FDA to

help the industry meet data integrity requirements are:

• Guidance for Industry Part 11, Electronic Records; Electronic

Signatures — Scope and Application

• Data Integrity and Compliance With Drug CGMP Questions

and Answers Guidance for Industry

For a complete listing of our global offices, visit www.perkinelmer.com/ContactUs

is a registered trademark of PerkinElmer, Inc. All other trademarks are the property of their respective owners.

167896 PKI

PerkinElmer, Inc.

940 Winter Street

Waltham, MA 02451 USA

P: (800) 762-4000 or

(+1) 203-925-4602

www.perkinelmer.com

Data Integrity Considerations and Trends

Data integrity programs must cover the full data lifecycle, from

data generation and analysis to archiving and destruction. One of

the most challenging compliance points in that lifecycle is at the

end-of-life for hardware or software. The data must be archived

or migrated to a new instrument or system, which can be difficult

when the components do not easily integrate with each other.

Preparing for these inevitable transitions should be an important

part of a company’s instrument and software continuity planning

and data integrity program.

The pharmaceutical industry and related professional

organizations have been increasing their efforts to develop

guidance documents for industry-wide data integrity and

CSV needs. For example, the US Pharmacopeia (USP) has

recently updated its Chapter <1058> on analytical instrument

qualification, to include testing of software functions to verify

system data integrity.

Drug manufacturers and laboratories are conducting more

thorough evaluations when selecting instrumentation and

software. In addition to price point and performance capabilities,

they are looking for data integrity and CSV competencies

that will help them meet or exceed security requirements and

maintain complete audit trails, among other data integrity

considerations. In response to these demands, hardware and

software companies are integrating data integrity considerations

into their new or updated products.

A growing trend within the drug manufacturing industry is the

creation of corporate data integrity governance programs. Such

programs provide a dedicated focus on data integrity and CSV

compliance throughout the company and are critical for successful

compliance and avoidance of violations, fines, or worse.

Best Practices for Data Integrity Success

A drug manufacturer is well-served by having a data integrity

governance committee and a data integrity manager who has

the knowledge, authority, and dedicated time needed to oversee

the program. The committee and manager must work together

to develop well-defined data integrity policies and practices,

including routine data integrity assessments. The data integrity

manager must have ownership of implementing, monitoring, and

adjusting those policies and practices as needed over time, with

committee input.

The expertise and experiences of other organizations can

be very helpful when developing a data integrity program.

The committee and manager should seek out information

available from professional organizations, industry guidance,

government guidance, trends reports, and so forth. The data

integrity manager should regularly monitor such sources for new

information that might be helpful in adjusting or improving their

company’s program.

Proactive partnerships with other organizations in the broader

industry can help a drug manufacturer optimize their data

integrity program. Organizations such as materials and

technology providers, who must keep their fingers on the

industry pulse to better serve their own customers, can be an

invaluable source for leading-edge input and support.

Conclusion

Data integrity compliance has become a large and crucial part of

drug manufacturing operations. The pharmaceutical industry and

professional organizations are ramping up their efforts to address

and standardize data integrity needs and processes. Concurrently,

individual companies are putting more dedicated resources into

their data integrity and CSV programs. These multi-pronged efforts

will serve the industry, and their customers, well into the future.

References

1. https://ec.europa.eu/health/documents/eudralex/vol-4_en

2. https://www.ecfr.gov/cgi-bin/text-idx?SID=14dece54eb7b7c7ef0e3

06a4711e9801&mc=true&node=pt21.1.11&rgn=div5

3. https://www.ecfr.gov/cgi-bin/text-idx?SID=e2f7afee93a6d9205a3a

76b1f60640e6&mc=true&tpl=/ecfrbrowse/Title21/21cfr211_

main_02.tpl

4. https://www.ecfr.gov/cgi-bin/text-idx?SID=fc81d00136319312aff2f

9f09f182dd7&mc=true&tpl=/ecfrbrowse/Title21/21cfr312_

main_02.tpl

5. https://www.fda.gov/regulatory-information/search-fda-guidance-

documents/data-integrity-and-compliance-drug-cgmp-questions-

and-answers-guidance-industry

6. https://www.fda.gov/regulatory-information/search-fda-guidance-

documents/part-11-electronic-records-electronic-signatures-scope-

and-application