Ensuring data integrity in drug manufacturing is crucial, especially in today's highly digitized workflows. Yet drug manufacturers face several challenges in meeting regulatory requirements, including managing electronic records and validating computer systems.
This whitepaper reviews the data integrity and computer system validation (CSV) regulatory landscape in the US and EU, identifies industry trends and challenges and offers best practices for maintaining compliance.
Download this whitepaper to learn more about:
- Comprehensive strategies for ensuring data integrity and compliance
- Specific regulatory requirements and best practices for CSV
- Solutions to common pain points in electronic record management
WHITE
PAPER
Data Integrity and CSV Compliance Solutions
for Drug Manufacturers
Introduction
The term “data integrity” refers to the completeness, consistency, and accuracy of
generated data. Ensuring data integrity in drug manufacturing operations is not a new
concept - it has been part of the pharmaceutical industry landscape for many decades.
What is new, comparatively speaking, is data integrity protocols for today’s highly digitized
workflows. Beginning in the 1990s, the integrity of electronic data and systems has moved
to the forefront with researchers, manufacturers, and regulators.
A computer system is a set of software and hardware components that is used for
a specific purpose. When data is generated, recorded, and stored by a computer
system during research or production, the computer system becomes part of the data
integrity compliance efforts of drug manufacturers. Hence, the term “computer system
validation,” or CSV, is often mentioned in tandem with data integrity.
Effective data governance programs for drug manufacturing operations will contain
many of the same basic components across the industry. Regulatory requirements for
such vary from country to country.
Here, we review the data integrity and CSV regulatory setting in the United States
(US) and the European Union (EU), discuss some of the trends and challenges drug
manufacturers face, and identify best practices to help them succeed in their data
integrity compliance efforts.
2
Agencies and Regulations
In the EU, Annex 11 [1] is a supplement to the broader
good manufacturing practice (GMP) rules for medicinal
products published by the European Commission’s Health
and Consumers Directorate-General. Annex 11 focuses on
data integrity in the use of computerized systems as well as
the personnel and third parties involved with that use. The
practices of Annex 11 do not have the force of law, but they
are strongly recommended to ensure electronic data integrity is
achieved and maintained.
In the US, the federal Food and Drug Administration (FDA)
uses the rules in 21 CFR Part 11 [2] to evaluate and enforce
data integrity requirements for electronic records and
signatures in drug manufacturing operations. Part 11 defines
an electronic record as:
“any combination of text, graphics, data, audio, pictorial, or
other information representation in digital form that is created,
modified, maintained, archived, retrieved, or distributed by a
computer system.”
and an electronic signature as:
“a computer data compilation of any symbol or series of
symbols executed, adopted, or authorized by an individual
to be the legally binding equivalent of the individual's
handwritten signature.”
Although Part 11 focuses specifically on electronic records
and signatures, in practice it is part of the broader good
manufacturing practices (GMP) stipulated in 21 CFR Part 211.
[3] For example, Part 11 and Part 211 dovetail in their data
integrity criteria: attributable, legible, contemporaneously
recorded, original, and accurate, commonly known as ALCOA.
Part 11 also overlaps with 21 CFR 312.23(7) concerning the
data integrity of chemistry, manufacturing, and control (CMC)
information required for investigational new drugs before they
can enter clinical trials. [4] These overlaps are not surprising
given that Part 11, Part 211, and Part 312 rules are each
focused on human safety.
FDA Viewpoint of Data Integrity
The last several years have witnessed the FDA increasing
their scrutiny of the data integrity and CSV programs of drug
manufacturers. Understanding how the FDA views and evaluates
data integrity is critical for manufacturers and laboratories in order
for them to maintain compliance and avoid penalties.
An FDA data integrity inspection of a drug manufacturing facility
focuses on one or more of the key elements of Part 11:
1.Computer systems validations
2.Computer- generated, time-stamped audit trails
3.Compliance of “legacy” systems that were operating before
Part 11’s effective date of August 20,1997 but have been
subsequently modified
4.Ability for FDA to inspect, review, and copy records
5. Proper records retention based on “a justified and documented
risk assessment and a determination of the value of the records
over time.”
When inadequacies are noted, the FDA issues a letter to the
company detailing the violation(s) found. When there is no
potential for a violation to cause adverse human health effects,
FDA provides a timeline for the company to complete and report
their remedial actions.
FDA acts swiftly and harshly in response to violations that
could result in adverse human health effects from use of the
drug product. Major violations such as practices that have
resulted in contaminated products, adverse reactions in users,
egregious gaps in a data quality program, and others can result
in manufacturing shutdown, product recall, or other serious
consequences, including hefty fines.
The FDA maintains a database of their inspection findings
and conclusions, which can be helpful for manufacturers in
compliance planning and program review. It is not uncommon
for FDA to increase inspections for violations that are noted
to be on the increase. The agency sometimes issues guidance
documents in order to help manufacturers better understand and
comply with trending problems.
In addition, two general guidance documents issued by FDA to
help the industry meet data integrity requirements are:
• Guidance for Industry Part 11, Electronic Records; Electronic
Signatures — Scope and Application
• Data Integrity and Compliance With Drug CGMP Questions
and Answers Guidance for Industry
For a complete listing of our global offices, visit www.perkinelmer.com/ContactUs
Copyright ©2021, PerkinElmer, Inc. All rights reserved. PerkinElmer® is a registered trademark of PerkinElmer, Inc. All other trademarks are the property of their respective owners.
167896 PKI
PerkinElmer, Inc.
940 Winter Street
Waltham, MA 02451 USA
P: (800) 762-4000 or
(+1) 203-925-4602
www.perkinelmer.com
Data Integrity Considerations and Trends
Data integrity programs must cover the full data lifecycle, from
data generation and analysis to archiving and destruction. One of
the most challenging compliance points in that lifecycle is at the
end-of-life for hardware or software. The data must be archived
or migrated to a new instrument or system, which can be difficult
when the components do not easily integrate with each other.
Preparing for these inevitable transitions should be an important
part of a company’s instrument and software continuity planning
and data integrity program.
The pharmaceutical industry and related professional
organizations have been increasing their efforts to develop
guidance documents for industry-wide data integrity and
CSV needs. For example, the US Pharmacopeia (USP) has
recently updated its Chapter <1058> on analytical instrument
qualification, to include testing of software functions to verify
system data integrity.
Drug manufacturers and laboratories are conducting more
thorough evaluations when selecting instrumentation and
software. In addition to price point and performance capabilities,
they are looking for data integrity and CSV competencies
that will help them meet or exceed security requirements and
maintain complete audit trails, among other data integrity
considerations. In response to these demands, hardware and
software companies are integrating data integrity considerations
into their new or updated products.
A growing trend within the drug manufacturing industry is the
creation of corporate data integrity governance programs. Such
programs provide a dedicated focus on data integrity and CSV
compliance throughout the company and are critical for successful
compliance and avoidance of violations, fines, or worse.
Best Practices for Data Integrity Success
A drug manufacturer is well-served by having a data integrity
governance committee and a data integrity manager who has
the knowledge, authority, and dedicated time needed to oversee
the program. The committee and manager must work together
to develop well-defined data integrity policies and practices,
including routine data integrity assessments. The data integrity
manager must have ownership of implementing, monitoring, and
adjusting those policies and practices as needed over time, with
committee input.
The expertise and experiences of other organizations can
be very helpful when developing a data integrity program.
The committee and manager should seek out information
available from professional organizations, industry guidance,
government guidance, trends reports, and so forth. The data
integrity manager should regularly monitor such sources for new
information that might be helpful in adjusting or improving their
company’s program.
Proactive partnerships with other organizations in the broader
industry can help a drug manufacturer optimize their data
integrity program. Organizations such as materials and
technology providers, who must keep their fingers on the
industry pulse to better serve their own customers, can be an
invaluable source for leading-edge input and support.
Conclusion
Data integrity compliance has become a large and crucial part of
drug manufacturing operations. The pharmaceutical industry and
professional organizations are ramping up their efforts to address
and standardize data integrity needs and processes. Concurrently,
individual companies are putting more dedicated resources into
their data integrity and CSV programs. These multi-pronged efforts
will serve the industry, and their customers, well into the future.
References
1. https://ec.europa.eu/health/documents/eudralex/vol-4_en
2. https://www.ecfr.gov/cgi-bin/text-idx?SID=14dece54eb7b7c7ef0e3
06a4711e9801&mc=true&node=pt21.1.11&rgn=div5
3. https://www.ecfr.gov/cgi-bin/text-idx?SID=e2f7afee93a6d9205a3a
76b1f60640e6&mc=true&tpl=/ecfrbrowse/Title21/21cfr211_
main_02.tpl
4. https://www.ecfr.gov/cgi-bin/text-idx?SID=fc81d00136319312aff2f
9f09f182dd7&mc=true&tpl=/ecfrbrowse/Title21/21cfr312_
main_02.tpl
5. https://www.fda.gov/regulatory-information/search-fda-guidancedocuments/data-integrity-and-compliance-drug-cgmp-questionsand-answers-guidance-industry
6. https://www.fda.gov/regulatory-information/search-fda-guidancedocuments/part-11-electronic-records-electronic-signatures-scopeand-application