FDA Regulatory Expectations, Warning Letters and Trends 17th Annual Computer and Software Validation Conference Oleg Trigub Director, Global IT Quality Covance Inc. Oleg.Trigub@Covance.com What is an FDA-483? Start of the Warning Letter! • The form used by FDA investigators to record observations o 483 observations are not violations • The observed practices indicate drug adulteration FDA Warning Letter • Official correspondence o Notifies the highest-ranking known official o Identifies serious violations of regulations • Published on the FDA website o Available for review by other agencies, businesses, consumers, and the media FDA Inspection Focus Drugs must meet standards for: • • • • • Safety Identity Strength Quality Purity Data Integrity • • • How do we ensure quality of our products? Ensure Laboratory controls Failure to investigate unexplained discrepancies Document and follow processes So, What is Data Integrity? Contemporaneous Recording Original or a true Legible Attributable Complete copy Data Integrity Consistent Enduring Accurate Available Just How Important is Data Integrity to FDA? • "Data integrity really sounds off alarm bells for us ... if you see data integrity on the surface, there is likely a lot going on underneath.“ Thomas Cosgrove, director at the FDA's office of manufacturing quality FDA Draft Data Integrity Guidance • Data Integrity and Compliance with CGMP – Guidance for Industry, April 2016 o 21 CFR Parts 211 and 212 Requirements with respect to data integrity include: • 211.68 – “backup data are exact and complete,” and “secure from alteration, inadvertent erasures, or loss” • 212.110(b) – data be “stored to prevent deterioration or loss” • 211.100 and 211.160 – activities be “documented at the time of performance” and that laboratory controls be “scientifically sound” • 211.180 – records be retained as “original records,” “true copies,” or other “accurate reproductions of the original records” • 211.188, 211.194, and 212.60(g) – “complete information,” “complete data derived from all tests,” “complete record of all data,” and “complete records of all tests performed”). Draft Data Integrity Guidance Clarifications • Reiterates and clarifies terminology o Data Integrity o Metadata o Audit Trail o “Static” and “dynamic” Record Formats o Backup o “Systems” in “Computer or Related Systems” Draft Data Integrity Guidance Clarifications • • • • • • • • • • Excluding CGMP data from decisions Workflow Validation Access Restrictions Concerns with Shared Login Accounts Controls for Blank Forms Reviewing Audit Trails Electronic Copies Paper Printouts Electronic Signatures Electronic CGMP Record Draft Data Integrity Guidance Clarifications • It is NOT Acceptable to: o Use Actual Samples in “System Suitability” o Save the final results from Reprocessed Lab Chromatography o Informally Address Tips about Quality Issues Draft Data Integrity Guidance Clarifications • Training on Data Integrity • Electronic Records subject to FDA inspection • Addressing data integrity problems post inspection MHRA Guidance for Industry on Data Integrity (revised in March 2015) • The guidance expects that o The effort and resource assigned to data governance is based on risk to product quality o Companies have an overarching data governance system o Data integrity policies and staff training be developed • As well as verify the adequacy of comparable vendor systems MHRA Guidance for Industry on Data Integrity (revised in March 2015) • The guidance also expects that o Consideration should be given to the organizational and technical controls • Procedures and computer system access o Data reliance checks are early on in the inspection • The result will determine whether the inspection will continue normally or with a forensic approach o Changes are being made to in EU GMP to the definition of ‘Critical’ deficiency to include “data falsification” What are Data Integrity Observation Categories? • • • • • • Maintain manufacturing and drug testing data Ensure that Data is attributable to Specific People Falsification and inaccurate data Failure to complete documentation ‘contemporaneously’ Non-availability of raw data Training file ‘re-written’ FDA Data Integrity Warning Letters Dr. Reddy’s Laboratories “Failure to prevent unauthorized access or changes to data, and to provide adequate controls to prevent omission of data “ Nov 2015 Agila Specialties Pvt Ltd “failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel can change master production and control records“ Aug 2015 24 • Since 2010, the FDA has issued warning letters to an increasing number of companies for Data Integrity violations o The FDA issued warnings to 10 drug companies in 2015 for data integrity violations – the most in at least 10 years. 5 2010-2012 2013-2015 DI Citations to Drug Manufacturing Companies Trends of Violations • FDA Food Safety and Modernization Act (FSMA) • Food and Drug Administration Safety and Innovation Act (FDASIA) 39.2 20.6 2010 2015 FDA Foreign Drug Quality Inspections Increased Foreign Inspections Geographic Locations of FDA Violations 6 Warning Letters 1 Warning Letter 68.8% of all FDA global drug quality inspections between 2010 and 2015 were in the US 18 Warning Letters Industry Implications Other Current FDA and MHRA Points of Interest • EU’s General Data Protection Regulation • MHRA Auditor Direct Access • FDA’s Guidance for Mobile Medical Applications References • • • • • • • • • • • • • • • • • • http://www.gpo.gov/fdsys/pkg/FR-2009-08-11/pdf/E9-19107.pdf http://www.fda.gov/ICECI/Inspections/IOM/ucm122530.htm http://www.fda.gov/iceci/inspections/fieldmanagementdirectives/ucm096015.htm http://www.fda.gov/MedicalDevices/default.htm http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2009/default.htm http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2008/default.htm http://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM4 95891.pdf http://www.fda.gov/ICECI/EnforcementActions/ApplicationIntegrityPolicy/ucm2005394.htm http://www.fda.gov/downloads/MedicalDevices/.../UCM263366.pdf http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=820 http://www.accessdata.fda.gov/scripts/warningletters/wlSearchResult.cfm?qryStr=data%20integrity&we bSearch=true https://mhrainspectorate.blog.gov.uk/2016/04/01/2015-eu-gcp-inspectors-electronic-data-integrityworkshop/ https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/412735/Data_integrity _definitions_and_guidance_v2.pdf https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/448609/Good_manuf acturing_practice_inspection_deficiencies_2013.pdf http://www.gmp-compliance.org/eca_news_1740_rss.html http://www.pharmtech.com/how-important-data-integrity-regulatory-bodies http://www.raps.org/Regulatory-Focus/News/2016/02/10/24296/US-FDA-Inspections-in-China-AnAnalysis-of-Form-483s-from-2015/?_sm_au_=iVVQbVbkWVZsWb1H http://www.cbronline.com/news/cybersecurity/data/european-parliament-approves-general-dataprotection-regulation-in-historic-privacy-ruling-4864721 http://www.pharmsource.com/quality-systems-data-integrity-among-most-frequent-problems-cited-bymhra/ FDA Regulatory Expectations, Warning Letters and Trends 17th Annual Computer and Software Validation Conference Oleg Trigub Director, Global IT Quality Covance Inc. Oleg.Trigub@Covance.com