leveraging alcoa+ principles to establish a data … · leveraging alcoa+ principles to establish a...
TRANSCRIPT
Leveraging ALCOA+ Principles to Establish a Data Lifecycle Approach for the Validation and
Remediation of Data Integrity
Bradford Allen
Genentech
1
Agenda
• Introduction
• Data Integrity 101 – Review
– What is Data
– True copies
• Regulatory Requirements
• ALCOA+
• CSV / Data Life Cycle
• Basic DI Requirements
• Data Integrity Validation
• Validation FOR Intended Use2
What is Data?
• Raw Data
– Original records and documentation, retained
In the format in which they were originally
generated (i.e. paper or electronic),
Or as a ‘true copy’.
• Data
– Information derived or obtained from
raw data (e.g. a reported analytical result).
3
What is Data?
• MetaData -“Data about the data.”
– Structured information that describes, explains, or otherwise makes it easier to retrieve, use or manage data.
– Metadata describes the attributes of the data, and provides the context and meaning.
– Relationships between data and their metadata should be preserved in a secure and traceable manner.
The value “1.2”; What does it mean? • Weight? (Lbs. or Grams?)
• Distance? (meters or inches)
• pH? or voltage?
4
What is Metadata?
Metadata helps you understand the data!
For example:
(1.2)• Instrument: HPLC -1
• Date / Time: 21JUL16/17:48
• Comment: Run 1 was stopped because of retention time shift
• Audit trail: old value: flow rate1.2 changed to new value 1.0
• By: Stef Curry
• Reason: wrong method per SOP 123456
5
Original Record / True Copy
• True copy:
– Must preserve the integrity of the data (accuracy,completeness, content and meaning), and must include the “metadata”.
• Data retention processes must be shown to include:
– Original or True copies of all data, (audit trails, result files, software / system configuration settings ) and metadata, necessary for reconstruction of a given raw data set.
6
Types of Data
Static vs dynamic
• Static: fixed data document such as a paper record or an electronic image.
• Dynamic: record format that allows interaction between the user and the record content, such as a chromatogram where the integration parameters can be modified.
7
True Copy
21 CFR 211.194 requires that laboratory records contain "complete data”
8
For example, a pH meter or spectrophotometer may create a paper printout as the original record as a static record; either paper or electronic.
True Copy
• Dynamic data:
9
True Copy?
21 CFR 211.194 requires that laboratory records contain "complete data”
Per FDA:
• The printed paper copy of a chromatogram
cannot be considered a "true copy" of the
electronic raw data used to create that chromatogram,
as required by 211.180(d).
• Also cannot be considered an "exact and complete"
copy of the electronic raw data used to create the
chromatogram, as required by §211.68.
– … “The chromatogram does not include, for example, the injection sequence, instrument method, integration method, or the audit trail, of which all were used to create the chromatogram or are associated with its validity and to be used to reconstruct the data.”
10
Data Integrity Regulatory Requirements
11
EudraLex Vol 4; Annex 11
211.160.b, 211.63; Instruments must be qualified and fit for purpose
211.22; …the authority to review production records to assure that no errors have occurred…
211.194(a)(8); Original records have been reviewed by a second individual to ensure accuracy, completeness and compliance…
211.68(b); backup file of data entered into the computer or related system shall be maintained …. to assure that backup data are exact and complete and that it is secure from alteration, inadvertent erasures, or loss …
212.110(b); data must be stored to prevent deterioration or loss
211.180; records be retained as original records or as true copies…
211.194(a) Laboratory records shall include complete data derived from all tests necessary to assure compliance…
211.68(b); Input to and output from the computer or related system of formulas or other records or data shall be checked for accuracy.
211.188; 211.192; …there must be a documented, scientific justification for its exclusion
211.100; 211.160;…activities must be documented at the time of performance…211.188; records shall be prepared for each
batch of drug product produced and shall include complete information…
211.194; Laboratory records shall include complete data derived from all tests necessary to assure compliance …
211.194(a)(4); complete record of all data secured in the course of each test, including all graphs, charts, and spectra from laboratory instrumentation, …
211.188; An accurate reproduction of the appropriate master production or control record, checked for accuracy, dated, and signed;…
21 CFR Part 11
ALCOA+
12
No!
Defined by FDA in 1990s and added to by EMA (+)
ALCOA+
13
ALCOA
Attributable
Contemporaneous
Legible
Original
Accurate
Who performed?Can the data be read
and understood?
When was the data created?
Is it the original record? Not copy,
printout
Does the record accurately reflect
the event?
Complete (All data including
meta data)
Consistent
Enduring
Available (for the lifetime of the
record)
ALCOA
ALCOA is Good Documentation Practices for both paper and e-records!14
Good Documentation PracticesAttribute
Attributable
Legible
Contemporaneous
Original
Accurate
Paper
Signature/ Initials/ date
Data must be recorded permanently in a durable medium and be readable
Record data at time it happens
Indelible ink, no white-out/Tipp-ex
No errors or editing performed without documented amendments
Electronic Data
User login/ e-Signature
Human readable
Time stamp; audit trail
Audit Trail; no annotation tools allowed; “Read Only” rights
Audit trail
Computer System Validation
15
Data Life Cycle
Generation Processing ReportingBackup/ Archiving
Retrieval Destruction
16
Data Integrity: The extent to which data is complete, accurate, consistent throughout the data life cycle
MHRA-All phases in the life of the data (including raw) from initial generation and recording , processing, transformation, use, retention, archive, retrieval21CFR Part 11.1(b)- creation, modification, maintain, archive, retrieve and transmit
Data Life CycleData Generation
17
Regulation Description ALCOA+
211.101(d)211.100(b) 211.160(a)
Documented at time of performance
Contemporaneous, attributable
211.160(b) Instruments must be qualified and fit for purpose
Consistent
Data Life CycleData Processing
18
Regulation Description ALCOA
211.194(a)211.22(a)211.188212.60(g)
Complete data derived from all tests
Accurate, Complete
211.68(b) Input/output from the computer or related system of formulas or other records or data shall be checked for accuracy; Calculations must be verified
Accurate, Consistent
211.160(a) Data generated must meetcriterion of scientific soundness;Data generated and transformed must meet the criterion of scientific soundness
Accurate, Consistent
Data Life CycleData Reporting
19
211.188 /211.192 / 212.71(b)
Release testing requires completeinformation; complete records ofall testsThere must be valid, documented scientific justification for exclusion of data
Complete
211.194(a)(8) Checked by 2nd person to ensure accuracy, completeness and conformance
Accurate, Complete,Consistent
211.180(e) / 211.22/ 212.70
Any GMP data created must be evaluated by quality unit
Legible, Accurate, Complete
Data Life CycleData Backup Archiving
20
211.180211.194(e)
Retained as original records, or as true copies
Original, enduring, available
212.110(b) Stored to prevent deterioration or loss
Enduring
211.68(b) Data must be backed up (exact and completeand free secure form alteration, inadvertent erasures, or loss
Enduring, available
Computer System Validation
21
Data Integrity Validation Perspective
• Data Integrity Core Principles
– User access & security
– Segregation of duties
– Protection of data
– Reviewing / Reporting of data
– Backup / Restore/ Archive of data
i.e. Basic GMP
22
User Access Security
Roles / permissions
• Roles in Computerized Systems should be tailored (where technical feasible) to ensure access only for functionality which is necessary for the respective job role.
• Make sure you understand the privileges applied to each user profile and be prepared to justify them.
• Validation (functional testing) to verify assigned roles and their intended use.
• Periodic review of users.
– Generic accounts are not allowed
• All data lifecycle steps must be traceable to an specific person.
• What to do about vendor service accounts?
23
User Roles Permissions
24
Segregation of Duties
– Systems must be configured in a way that system operators who work with the system cannot delete or change data or system settings (e.g. inactivate audit trails, delete data, delete files, change configuration,etc.).
– System Administrator rights (permitting activities such as data deletion, database changes or system configuration changes) should not be assigned to individuals with a direct interest in the data (data generation, data processing, data review or approval).
– Administration control should be independent of data life cycle function to eliminate conflict of interest.
25
Protection of Data
– No deletion rights
• Once data is acquired, it cannot be deleted or moved.
– Auto saving of data
• Electronic data must be auto saved before it can be reviewed (or printed to hard copy).
• Testing into compliance (pre-screening)
26
Protection of DataPre-screening data
Auto saving of data
– No Save or “save as” functions
• Testing into compliance
– Ignoring failing injections and recalculating without saving
– Performing trial standard or sample analysis prior to official analysis
– Re-integrations without valid procedure
27
Protection of Data
– Files/ folders must be protected from user access
– No data saved on local drives
– No USB access
– Recycle bin
– Internet access
28
Data Review
• Written procedures on data review must define the frequency, roles and responsibilities.
• Data review procedures must evaluate the integrity of data sets before the final approval of the record.
• Data on which decisions are based should therefore followthe concept of ALCOA (Accurate, Legible, Contemporaneous, Original and Attributable).
• Traceability must be given to raw data for all changes to data, and that the changes shall be traceable to analysis results, method and processing parameters, etc.
29
Data Review
The data review should be executed on original data or a true copy.
This means that the data review should be executed electronically (not on paper) for computerized systems; within the software to ensure that the reviewer has access to original source data.
• All data should be reviewed.– Raw, processed, invalids
– Methods, setups, parameters, etc.
– Audit trails
– Time frame? • What happened before and after “official” assay?
30
Data Review
• Audit trails must be reviewed with the associated data/ record(s) for modifications and deletions to critical data. If modifications or deletions were identified, verify the changes were appropriate and comments are included as required per approved procedure.
• Therefore, respective data review procedures must include data audit trail review activities, including (but not limited to):• Overwriting files/ data
• Aborted / invalid runs
• Testing into compliance
• Deleted data
• Altered data
31
Back up Restore / Archive
– Regular back-ups of all relevant data should be done• Not to be confused with backup created for disaster recovery. Backup
(FDA) refers to a true copy of the original data maintained securely throughout the records retention period.
• Preferably real time backups, automatically
• If not, risk based assessment and justification
– The integrity and accuracy of backup data and the ability to restore the data should be verified during validation and monitored periodically.
– Archived data should be checked for accessibility, readability and integrity.
– If changes are to be made to the system, then the ability to retrieve the data should be ensured and tested.
32
Validation
• Validation must consider the intended use of the data throughout its life cycle.
• You must define the requirements for data integrity and verify that both system and procedural controls for data integrity are in place.– Processes should be based on the data life cycle
33
Generation Processing ReportingBackup/ Archiving
Retrieval Destruction
Validation
Validated for INTENDED use:
• Is the system Validated for INTENDED use?
• 21 CFR Part 11.10(a):– Validation of systems to ensure accuracy, reliability, consistent
intended performance, and the ability to discern invalid or altered records. (i.e. audit trail)
34
Data Integrity requirements
1
Preparation Cat.
B
Cat.
C
1.1 Sample identifier, sequence names and file names, as applicable, must be unique.
•If possible the respective identifiers/names should be generated automatically by the
software.
•If automatic generation is not possible, a procedure must be in place to define
identification/naming conventions and implemented.
- X
1.2 Where technically feasible, equipment/systems must automatically serialize or track
every analytical test (= unique identifier).X X
35
Data Integrity requirements
2
Data Generation Cat.
B
Cat.
C
2.1 Audit trails must allow reconstruction of critical data lifecycle activities (where
feasible).- X
2.2 All measurement/analysis results generated by paper-based/hybrid systems must be
printed (preferably automated directly after data generation) on durable medium or
transferred to a superior computerized system. When printing/data transfer is not
feasible then implementation of data verification using the “four eyes principle” is
required for critical process steps. Details about what critical process steps are is
defined by the Internal Category B Data Integrity Guidance document.
X X
2.3 Reprocessing of data (if applicable) must be traceable with change justification in
audit trails.- X
36
Data Integrity requirements
3
Data Review Cat.
B
Cat.
C
3.1 Written procedures on data review must define the frequency, roles and
responsibilities. These procedures must also describe how aberrant data is handled if
found during the review. Data review procedures must evaluate the integrity of data
sets before the final approval of the record. Data on which these decisions are based
must therefore be complete as well as follow the concept of ALCOA (Accurate,
Legible, Contemporaneous, Original and Attributable). Traceability must be given to
raw data for all changes to data, and that the changes shall be traceable to analysis
results, method and processing parameters.
X X
37
Data
• Is the data/ record(s) defined?
• Is criticality assessed?
• Is there a description of the process/ data flow?
38
Data Flow MapUV-VIS
39
Data Flow Risk Assessment
40
Data Flow Risk Assessment
41
Is the System Validated for INTENDED use
For data integrity (data life cycle approach), have you included in your Validation Protocol:• 21CFR Part 11 (11.10 (a); )- ability to discern invalid or altered records
• Configuration; paths, folder rights, tools
• Sys Admin – Segregation of Duties, Security/ Access and their definition and configuration
• Description of data flow , definition what is the critical data, risk
• Data Review SOP based on ALCOA (Accurate, Legible, Contemporaneous, Original and Attributable)
– Complete set of data reviewed
– What to look for; What to do if anomaly
• Audit Trail Review Procedure
• Backup Restore; Regularly tested and SOP in place
• Archive /Retrieval (if required); Testing of restore 42
ValidationIntended Use - Example
Validation of Computerized System Audit Trail
• Functional Testing:
– Test case to make sure audit trail is turned on, captures correct information, can be viewed, printed, not deleted, etc.
• Validation for intended Use (ability to discern invalid, altered records) :
– Should include testing to confirm that the required audit trail not only correctly captured (functional testing), but is aligned with the data review process described in a system SOP.
– System SOP should describe the process for audit trail review, including the definition of the data to be reviewed.
– What do to if issue found, how to document review
43
Validation Configuration
• Verify that the system has adequate technical controls to prevent unauthorized changes to configuration– Verify the configuration is locked and only authorized admin has access
• Define the configuration in a approved document.– Verify items affecting data integrity are considered and justified
44
Validation Configuration
45
Validation User Access
46
• Verify that procedures are in place to oversee user access management
• Verify a role/ permissions matrix exists listing users and their role and associated permissions – No user should more rights than needed to perform job function
– Review and challenge system permission settings
Validation User Access
47
Backup/ Restore
• Backup Restore– Regularly tested
– Original electronic data capture of data, metadata and all subsequent data required to fully reconstruct the conduct of the GMP activity
• SOP in place– An approved document, either local, global which describes what data
is backed up and to what location
• Verification should be enabled
– to ensure that the backed up data is identically to the original data.
48
Archiving
• Ensure that the archived data are complete and readable.
• A procedure in place, to test on a regular basis that the archived data are available and readable during entire retention period.
– Plan for obsolescence
• A secure storage location for archived data protected from manipulation.
49
Training
50
Confirm that a training program addresses:
• Only qualified users have access
• Correct usage of the system
• Aware of consequences and potential harm from data integrity issues
Questions
51