laboratory data integrity issues found in audits and … regulatory requirements and guidance 3...
TRANSCRIPT
Laboratory Data Integrity
Issues Found in Audits and
Inspections
Data Integrity Validation Europe
29 March 2017
Presented by:
Chris Wubbolt, BS, MS
Objectives
www.QACVConsulting.com 2
Brief Overview of Data Integrity Related Guidance and Regulations pertaining to Laboratory Data Integrity
Review and discuss data integrity issues identified during audits and regulatory inspections
Current Regulatory Requirements
and Guidance
www.QACVConsulting.com 3
March 2015
• MHRA -GMP Data Integrity
Definitions and
Guidance for Industry
September 2015
• WHO -Guidance on Good Data and Record
Management Practices
April 2016
• FDA – Data Integrity
Guidance and
Compliance with CGMP
Current Regulatory Requirements
and Guidance
www.QACVConsulting.com 4
July 2016
• MHRA - GxPData Integrity
Definitions and
Guidance for Industry
August 2016
• PIC/S - Good Practices for
Data Management and Integrity in Regulated GMP/GDP
Environments
August 2016
• EMA – Data Integrity
Guidance Q&A
Data Integrity
www.QACVConsulting.com 5
Completeness, consistency, and accuracy of
data.
Attributable
Legible
Contemporaneous
Original
Accurate
Enduring
Complete
Consistent
Available
(or true copy)
•Key Terms
Can CGMP data be excluded from decision making?
Should access to systems be restricted?
Use of Shared Logins
Are electronic copies accurate reproductions?
Can static records be retained instead of electronic?
www.QACVConsulting.com 6
FDA Guidance
When does electronic data becomes a GMP record?
Can electronic signatures be used instead of handwritten?
Is it Acceptable to only save final results from chromatographs?
Handle internal tips of data integrity issues informally?
Training on detecting data integrity issues?
How should data integrity issues be addressed?
www.QACVConsulting.com 7
FDA Guidance
Generate ModifyReview / Approve
UseRetain / Retrieve
Destroy
Data Lifecycle
Specify
Design
Configure
Verify
Validation
www.QACVConsulting.com 8
www.QACVConsulting.com 9
“Standard Build”
• Date/time stamp controls
• Network backup
• Access controls
Non-Standard
Build
X
• Audit logs not backed up
• User access not controlled
Data Lifecycle
10
Validation
• Comply with EU GMP Annex 11.
• Requires an understanding of the computerisedsystem's function within a process.
• The acceptance of vendor-supplied validation data in isolation of system configuration and intended use is not acceptable.
• In isolation from the intended process, vendor testing is likely to be limited to functional verification only, and may not fulfil the requirements for performance qualification.
MHRA GuidanceTerms and Definitions
www.QACVConsulting.com 10
11
Process Understanding
www.QACVConsulting.com 11
Approval of Records
• Requested configuration specification – none available
• Internal assessment of Stability LIMS
• Vendor Supplied Documentation Provided
• User Requirements Specification
• User Acceptance Test
• URS – Included statement “the system has a ‘configurable option’
for ….. electronic signatures”.
• Reviewed configuration within system – esigs turned off
• Reviewed UAT documentation – esigs functionality passed
• Record integrity issue – lack of approved stability protocols
• First step of test – turn on esig functionality
• Last step of test – turn off esig functionality
• Requested system demonstration – approval by pressing approve button
FDA GuidanceStatic & Dynamic Records
www.QACVConsulting.com 12
Static
• Fixed-data document such as a paper record or an electronic image.
Dynamic
• Format that allows interaction between the user and the record content.
• Chromatographic Record
• Allows user to change the baseline.
• Reprocess chromatographic data.
• Resulting peaks may appear smaller or larger.
• Spreadsheet
• User modification of formulas or entries used to compute test results.
Static / Dynamic Data
www.QACVConsulting.com 13
Static / Dynamic Data
www.QACVConsulting.com 14
System Suitability: %RSD < 2.0%
%RSD 3.9% X
Q&A on CGMP, Good Guidance Practices, Level 2
Guidance - Records and Reports (August 2010)*
15
1515 www.QACVConsulting.com 15
How do the Part 11 regulations and "predicate rule requirements" (in 21 CFR Part 211) apply to the electronic records created by computerized laboratory systems and the associated printed chromatograms that are used in drug manufacturing and testing?
• For HPLC and GC systems (and other computerized systems involving user inputs, outputs, audit trials, etc.), the predicate rules, such as 21 CFR 211.68 and 21 CFR 211.180(d), require the electronic records themselves to be retained and maintained in accordance with those regulations. 21 CFR 211.180(d) requires records to be retained “either as original records or true copies”
• The printed paper copy of the chromatogram would not be considered a “true copy” of the entire electronic raw data used to create that chromatogram, as required by 21 CFR 211.180(d).
* https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/ucm124787.htm
Q&A on CGMP, Good Guidance Practices, Level 2
Guidance - Records and Reports (August 2010)
16
1616 www.QACVConsulting.com 16
• The printed chromatogram would also not be considered an
“exact and complete” copy of the electronic raw data used to
create the chromatogram.
• The chromatogram does not generally include, for example,
the injection sequence, instrument method, integration
method, or the audit trail, of which all were used to create the
chromatogram or are associated with its validity.
• Therefore, the printed chromatograms used in drug
manufacturing and testing do not satisfy the predicate rule
requirements in 21 CFR Part 211.
• The electronic records created by the computerized laboratory
systems must be maintained under these requirements.
Data Integrity throughout the
Lifecycle
www.QACVConsulting.com 17
Generate ModifyReview / Approve
UseRetain / Retrieve
Destroy
www.QACVConsulting.com 18
Backup and Restore
• Backup and Restore SOP
• Failed backup required a help desk ticket
• 3 failed backups require notification to Director of
Infrastructure Technology
• 5 failed backups require notification to CTO
• Bioanalytical Laboratory
• No help desk tickets generated for month of June
• No successful backups for June or first two weeks of July
• Director and CTO were not aware of failures
• Potential Data Integrity Issue
• Requested backup logs for three months
Backup and Restore
• Director and CTO were not notified
Data Integrity – Good
Documentation Practices
www.QACVConsulting.com 19
Use indelible (permanent blue or black ink).
Do not use pencil, correction fluid or tape.
Do not obliterate original entry.
Use single line cross-out, initial, date, reason for change.
Record data only on GMP documents.
Do not record data on unofficial documents (paper towels, note pads, etc.).
Record data when activities are completed.
Data Integrity
www.QACVConsulting.com 20
Good Documentation Practices
- Error Codes
• Codes:
• TE – Transcription Error
• CE – Calculation Error
• WD – Wrong Date
• WT – Wrong Time
• WO – Write Over
• EE – Entry Error
• Use of foot notes is acceptable
Documentation Practices
Single Line
ReasonInitial and
Date
www.QACVConsulting.com 21
Certificate of Analysis
www.QACVConsulting.com 22
Laboratory Record Review
• pH
• Result was originally recorded as 5.4; the spec is ≥5.8 to ≤6.5. The results was changed to 5.9. A reason for this change was recorded as entry error.
• Polysorbate 80
• Gross weight changed from 14.5651 to 14.5129, but change was only made after net weight was calculated.
FD-483 July 2016
www.QACVConsulting.com 23
Warning Letter – Cadila Healthcare(Dec 2015)
www.QACVConsulting.com 24
Your firm failed to exercise sufficient controls over computerized systems to prevent unauthorized access or changes to data.
• Our inspection team found that the laboratory manager had the ability to delete data from the Karl Fischer Tiamo software. We found that one file had been deleted.
• However, because the audit trail function for the Karl Fischer Tiamo software was not activated, and because eight different analysts share a single username and password, you were unable to demonstrate who performed each operation on this instrument system.
• The inspection also found that a file containing the moisture content results for (b) (4) API batch (b)(4) had been deleted.
• This deletion was not identified and reviewed as part of your batch release decision.
Sekisui Warning Letter –
November 8, 2016
www.QACVConsulting.com 25
Sekisui Warning Letter –
November 8, 2016
www.QACVConsulting.com 26
Sekisui Warning Letter –
November 8, 2016
www.QACVConsulting.com 27
Sekisui Warning Letter –
November 8, 2016
www.QACVConsulting.com 28
Summary
www.QACVConsulting.com 29
Reviewed data integrity issues identified during audits and regulatory inspections
Provided a brief Overview of Data Integrity Related Guidance and Regulations pertaining to Laboratory Data Integrity
Questions
www.QACVConsulting.com 30
Chris Wubbolt
QACV Consulting, LLC
Telephone: 610-442-2250
E-mail: [email protected]