Millions in FDA Fines and Thousands of Warning Letters: How GxP Compliance Software Can Help Avoid Them

The pharmaceutical world is a highly regulated environment. And for good reason. As a potential drug moves through the development process – from the in vitro discovery phase, to pre-clinal in vivo research, to clinical trials with humans – checks and balances exist, holding business processes to high scientific and ethical standards. These are known in the industry as Good Laboratory Practices (GLP), Good Clinical Practices (GCP) and Good Manufacturing Practices (GMP), which all fall under the overarching umbrella of Good Practices (GxP).

Aided by regulations such as 21 CFR, Part 11 in the United States and Annex 11 in the European Union, GxP require researchers to maintain traceable and secure electronic records, demonstrating each detailed step of the drug development journey. In the United States, the Food and Drug Administration (FDA) uses that data to determine whether or not a drug candidate advances to the next step in the process, with the ultimate goal of putting only the safest, most effective drugs in the hands of patients. 

Unfortunately, too many organizations struggle with recordkeeping. Evidence of errors, omissions, and even manipulation call data integrity into question and could lead to dire consequences, including regulatory bodies shutting down the development of promising therapeutics.

Since 2015, the number of warning letters issued by the FDA has doubled and more than 50 percent of observations involve data integrity, posing hefty fines up to $1 million per incident.  In fact, 2,519 warning letters were issued between 2018 and 2022, with 15 percent of these violations occurring in the drug manufacturing phase and associated with poor data integrity.

It is vital that drug developers maintain reliable records to support regulatory approval.   

The first step is to embrace digital transformation, shifting from paper logs to robust, digitized systems where every action is captured in real time and validated by an electronic signature to ensure authenticity, provide traceability and create accountability.

Then it’s time to harmonize. In other words, deploy a compliance software solution capable of offering a single, secure repository for data – regardless of how many researchers are contributing from sites around the globe.

Drug developers often focus on meeting local data integrity requirements with localized software solutions. This creates a disconnect on a global level when other business units within the same organization – but perhaps in different locations – employ disparate software solutions guided by unique business practices. Without global software harmonization, the result is duplicative work, lack of transparency and increased liability risk – not to mention a loss of time and money.  

GxP compliance software harmonization is one way to maximize data integrity, and ultimately bring an increased number of effective, life-saving therapeutics to market.

Ease-of-use, efficiency and safety

A single, secure database for data governance increases ease-of-use and efficiencies for qualified users to access and control their data from anywhere in the world.

For example, files are easier to retrieve from a global repository because of filterable search features that allow users to quickly sift through thousands of data. These features prove exceptionally helpful in the case of regulated audits and investigations.

A global system owner can drive efficiencies by maintaining one software version throughout the network as opposed to several different versions for multiple groups. Perpetually maintained software creates an opportunity for global IT management to improve visibility across sites while enhancing the quality of computerized systems. Thus, system owners can ensure that the organization has the latest software version across global functions and business units. With an essential server that houses all data, computers in the network can cross-talk, improving intradepartmental communication and the fidelity of data transmission.

In market-leading software, user access and security can also be configured according to an organization’s business practices, further protecting data integrity. Equipped with the ability to secure electronic records and apply electronic signatures, software safeguards malicious intent through the use of audit trails that capture when a user logged in and what they did in the validated system. For example, the software prevents technicians who generate data from deleting data, while their supervisors are required to input an explanation before the system allows them to remove content.

Will require organizational change

A single global business process for how everyone uses the system will be necessary once a global repository using the same GxP software is in place. This is known as organizational change.

Oftentimes, a global business process owner will continue driving efficiencies by harmonizing best practices across multiple lab functions into a single global process. This ensures that the software is used as the business intends and can be extremely helpful for organizations that manufacture a product in one location but perform testing at multiple sites. While one might expect the separate testing sites to follow protocols uniformly, it’s more common that they’re following differing local requirements. The world’s best GxP software won’t solve for this, but organizational change will. 

Overall, harmonizing the business process of how to use software and manage data mitigates the risk of additional problems arising from compromised data integrity.

Translates to major savings downstream

While implementing GxP software globally requires a significant initial upfront investment, the overhead costs to validate, purchase new equipment and develop business processes warrant consideration. Fortunately, organizations will find post-implementation payoffs include reduced overhead, eliminated redundancies and uniform operation and intended use.

While there are various regulations that delineate the requirements for validation, most regulated labs tend to perform full on validation on each of their instrumentation and PC clients. A redundancy exists if multiple groups within the same organization are essentially performing the same activity. For example, a quality control lab can validate their system and their processes one way, while a development group in another area of the organization may validate their systems another way. Not only are they validating the software for intended use, they must also validate or re-validate any test method protocols needed for business process continuity.

To harmonize a computer system and test method protocols at a global level, validation can be performed once, and the validated system can be deployed locally as needed. Removing the redundancies from the validation equation also accelerates productivity by requiring less time to complete the process. In general, validation can take an estimated three to five days to carry out. For an organization with 100 clients or even 500 different test protocol files in their network, this could mean 300 to 500 days of work without harmonization. 

Sets drug candidates up for success

Harmonizing GxP compliance software can appear to be an arduous undertaking. Successful implementation requires a holistic, mindful approach. Organizations should use these key features as a guide when looking to implement the right GxP harmonization solution and capitalize on opportunities to streamline data capture and sharing, while maximizing data integrity, to ultimately get more life-saving drugs to market.

About the author:

Tim Bolus is a compliance program manager at Molecular Devices. He obtained his dual Masters in Business Administration and Project Management from DeVry University in San Francisco, California, and his BS in Biology from Angeles University Foundation in the Philippines.