Data Integrity
Nichola Stevens
AstraZeneca
3rd April 2014, Stevenage
1
Introductions
• Nichola
– 20 + years experience across all aspects of computer system validation
and IT, R&D labs, and manufacturing.
– Covering GLP, GCP and GMP areas, SOx and data privacy.
3rd April 2014, Stevenage
2
What is Data Integrity:•
The degree to which a collection of data is complete, consistent, and
accurate. (IEEE)
•
The assurance that information is unchanged from its source, and has not
been accidentally or maliciously modified, altered or destroyed. (NIST)
3rd April 2014, Stevenage
3
Why Data Integrity
•
Data Integrity has become a HIGH focus area by the FDA and other regulatory agencies are also focusing on this
combined with Security reviews.
•
Monica Cahilly [Green Mountain Quality Assurance (GMQA)] has been a main driver on this working closely with
the FDA.
•
Although data integrity has been on audit reviews in the past this is a more detailed focus – capturing steps in the
process to ensure the Data is adequately secure.
•
No.3 OECD Guidance – No.3 Revised Guidance for the Conduct of Laboratory Inspections and Study Data:
– “----- Test Facility Inspections are conducted to determine the degree of conformity of test facilities and
studies with GLP Principles and to determine the integrity of data to assure that resulting data are of
adequate quality for assessment and decision-making by national Regulatory Authorities.”
•
It’s a fact:– Without data integrity, data is no longer trustworthy and reliable and our products are considered
adulterated.
3rd April 2014, Stevenage
4
Areas for Discussion:
•
How do you ensure the data in your systems is adequately protected at
each stage of its transfer?
•
What methodology do you adopt?
•
Do you focus on Labs, IT & Automation as separate DI projects?
•
How do you ensure you’re focusing on right processes / data – do you
consider data directly impacting batch release?
•
Can Fish Bone Analysis assist?
3rd April 2014, Stevenage
5
The Regulatory Agency Perspective
(483 and Warning Letter Excerpts)
• Failure to have adequate controls to prevent manipulation of raw data during routine
analytical testing.
• For example, your firm’s laboratory analyst had modified printed raw data related
to the IR Spectra test of XXX. We are concerned that the lack of security or
system controls allows for this practice.
• You are responsible not only for having controls to prevent omissions in data, but
also for recording any changes made to existing data, which should include the
date of change, identity of person who made the change, and an explanation or
reason for the change.
• The software did not secure data from alteration, inadvertent erasures, or losses
• Lacks systems to ensure data generated in QC lab is secure and remains unaltered.
3rd April 2014, Stevenage
6
The Regulatory Agency Perspective
(483 and Warning Letter Excerpts)
• QA personnel allowed to edit data calculated by the software without an SOP to
control process, resulting in inconsistent operations
• Please note that computerized systems should have sufficient controls to prevent
unauthorized access or changes to data. There should be controls to prevent data
omissions and assure back-up
• This system also does not include an audit trail or any history of revisions that would
record any modification or deletion of raw data or files.
3rd April 2014, Stevenage
7