Data integrity continues to be a major concern in the regulated pharmaceutical industry due to discovery of either poor record management practices or falsification of data. Some of the key issues were presented in a publication earlier this year . Chromatography is an important analytical technique used in regulated laboratories, where it can account for 40 to 100% of the workload. Over the past 10-15 years, chromatography data systems (CDS) have been at the center of data integrity issues involving data falsification, resulting in numerous FDA warning letters. In this article, the main violations cited in FDA warning letters found over that time will be identified and ways to avoid them will be discussed.
Main CDS regulatory citations
An analysis of multiple FDA warning letters for CDS available on the FDA web site from 2010 onwards is shown in Figure 1. The regulatory citations found have been classified against three clauses in the US Good Manufacturing Practice (GMP) regulations for automatic and electronic equipment (21 CFR 211.68(b)), laboratory controls (21 CFR 211.160 – 165) and laboratory records (21 CFR 211.194 (a) - (e)) . The most common CDS data integrity violations are:
- Shared user identities where all users are administrators
- Failure to back up records, especially on a standalone system
- Failure to have complete data (often a laboratory relies on paper printouts only)
- Unofficial testing
- No audit trail, audit trail turned off or failure to review audit trail entries
- Failure to control chromatographic integration
Some of these citations are due to laziness (e.g. failure to backup records) or means of saving time (e.g. shared user identities) but the root cause is a lack of knowledge of the regulations. Failure to have complete data, unofficial testing and turning the audit trail on and off are deliberate ways of falsifying data, often sanctioned by management to pass every batch regardless of the actual results of testing.
What You Should Know to Assure Laboratory Data Integrity with LabSolutions
In order to assure data integrity in life sciences industry laboratories it is necessary to address procedural, behavioural and technical controls. While it is regulated companies who are accountable for data integrity within their organizations, both regulated companies and laboratory instruments and their data management suppliers must be responsible for ensuring that all aspects of compliance are addressed. Download this whitepaper to discover what you should know in order to assure laboratory data integrity.View Whitepaper
Action to Ensure Compliance
Unique user identities with appropriate access privileges
· Each user must have a unique user identity
· Configure user roles with access privileges appropriate to each role e.g. tester, reviewer, administrator
· Normal users should not have application administrator privileges to avoid conflicts of interest
· A user account should be disabled, not deleted to ensure an individual’s identity remains unique
· User account management should be performed by IT and be independent of the laboratory
Ensure data are backed up effectively
· Acquire data to a secure network drive
· Backup must be established and validated before the system becomes operational
· Backup should be performed by the IT department
· Data recovery must be checked periodically to ensure it works
· If a system is being upgraded ensure that the data are backed up first
Complete Data Available
· Save all files used to acquire and process data and control the chromatograph
· Restrict access to data so that users cannot manipulate or delete data
· Ensure that data for a specific analysis can only be stored in a single location
· Develop searches for short analytical or aborted runs to detect unofficial testing
· Enable electronic records protection functions in the CDS application
· Electronic records and signed paper printouts are the record set for hybrid systems
No Unofficial Testing
· Unofficial testing to see if a sample passed must be prohibited and enforced by technical controls within the CDS. Data must only be stored in approved locations
Independent System Support
· User account management, application configuration and system support should be performed by IT and not the laboratory
· Ensure that the audit trail is turned on from initial installation
· Ensure that no laboratory user has the ability to turn the audit trail or any electronic records protection functions off
· Users must be trained to review audit trail entries for analytical runs
Control of Chromatographic Integration
· There must be an SOP for integration including when to and when not to manually integrate a peak
· All users and reviewers must be trained in this SOP including acceptable and unacceptable working practices
· Where possible technical controls within the CDS software should prevent manual integration
· Reviewers must ensure that integration has been performed correctly
Table 1: How to avoid the main regulatory citations for CDS.
How to avoid the major regulatory citations
The use of a single account and password for all users does not allow any work to be attributed to an individual. Therefore, allocating a unique user identity to all users is a simple solution to this. The issues with all users having administration rights is also solved by implementing user roles with access privileges appropriate to the work each user carries out. Ideally, no chromatographer should have application administration rights, but this can pose a problem with a standalone CDS. The best solution would be to have an IT group that is responsible for configuring the application, user account management and system support such as backup and recovery. To achieve this, the CDS needs to be networked and not standalone.
Streamline the Chromatographic Method Validation Process using Empower Method Validation Manager
Chromatographic method validation is a critical step in the workflow of pharmaceutical, food safety, chemical and environmental laboratories that can adversely impact regulatory compliance, product development and ultimately product release and availability. Download this whitepaper to discover how the Empower Method Validation Manager can streamline the chromatographic method validation process.Download Whitepaper
Inspection focus moves to peak integration
Although there are still systems found with some of the non-compliances listed in Figure 1, in recent years the focus in warning letter citations has moved to asking the question “Are chromatograms being integrated into compliance?” Therefore, control of peak integration is essential, and companies must address the following points around peak integration: [2, 4-7]
- Is there an SOP on integration highlighting when integration parameters can be changed and the situations when baselines can be placed manually?
- Does this procedure highlight acceptable and unacceptable integration practices?
- Peak integration should be the same for standards and samples as chromatography is a comparative technique.
- The order of integration should be system suitability test (SST) injections, standards and lastly samples. If the SST injections fail, no further integration should be performed “just to see what the results would be”.
- Define analytical procedures where baselines can be manually placed (manual integration).
- Are integration parameters scientifically sound, especially the use of integrate inhibit that could be used to hide impurities?
- Is the processing method saved?
- Is each reintegration saved with an entry in the audit trail?
- Can all work be reconstructed from the acquisition of the data to calculation of the reportable result?
More detailed guidance for CDS peak integration can be found in the Parenteral Drug Association Technical Report 80 guidance document .
Many of the data integrity violations cited in FDA warning letters can be easily avoided by reading the user guide and implementing technical controls in the software to protect both capture and the electronic record. A key regulatory focus now is peak integration, as small changes in baseline positioning can turn a failing result into a passing one. Many of the controls required to prevent a regulatory citation are common sense, something sometimes absent in laboratories.
- R.D.McDowall. Data Integrity: What Are Some of the Key Issues? 2019; Available from: https://www.technologynetworks.com/informatics/articles/data-integrity-what-are-some-of-the-key-issues-314165
- R.D.McDowall, Validation of Chromatography Data Systems: Ensuring Data Integrity, Meeting Business and Regulatory Requirements Second Edition, 2017, Cambridge: Royal Society of Chemistry.
- 21 CFR 211 Current Good Manufacturing Practice for Finished Pharmaceutical Products. 2008, Food and Drug Administration: Sliver Spring, MD.
- H.Longdon and R.D.McDowall, Can We Continue to Draw the Line? LC-GC Europe, 2019. 32(In press).
- M.E.Newton and R.D.McDowall, Data Integrity in the GxP Chromatography Laboratory, Part III: Integration and Interpretation of Data. LC-GC North America, 2018. 36(5): p. 330–335.
- R.D.McDowall, Where Can I Draw The Line? LC-GC Europe, 2015. 28(6): p. 336-342.
- Technical Report 80: Data Integrity Management System for Pharmaceutical Laboratories. 2018, Parenteral Drug Association (PDA): Bethesda, MD.