DATA INTEGRITY ASSURANCE AS KEY FACTOR FOR … · global provider, local solutions in your language...
Transcript of DATA INTEGRITY ASSURANCE AS KEY FACTOR FOR … · global provider, local solutions in your language...
GLOBAL PROVIDER, LOCAL SOLUTIONS
IN YOUR LANGUAGE
DATA INTEGRITY
ASSURANCE AS KEY
FACTOR FOR SURVIVING
CORPORATE AUDITS AND
REGULATORY INSECTIONS
Francesco Amorosi PhD Octorber 2017
DATA INTEGRITY & CSV: REGULATORY
BACKGROUND
3
MEDICINES AND QUALITY OF MEDICINES:
ONE POINT OF VIEW
ULTIMATE TARGET OF GXP
Ensure the Product Quality and Patient Safety within the entire
Product Life Cycle from R&D to Distribution
4
Globalization has fundamentally changed the economic and securitylandscape :
• Advances in transportation, telecommunications, infrastructure
• More outsourcing manufacturing
• Greater complexity in supply chain
• Imports coming from countries with less developed regulatory systems
• Computer Systems and New Technologies are more and more supportingany Actor of the Supply Chain
All this demands a major improvement in the way Regulators/Drug ProductsManufacturers, Distributors, Suppliers fulfill their mission”.
GLOBALIZATION: NEW CHALLENGES
FOR REGULATORS
5
QUALITY IN 21ST CENTURY
•Focus on DATA INTEGRITY (QC and Production)
RELY ON DATA
• PIC/S membership in continuous expansion
• Inspectional Cooperation Program Jointly announced by FDA & EMA in 2011 (Now in extension and maintenance phase)
• Formal incorporation of ICH Quality Guidelines into assessor/inspector guidelines (both EU and US Sides)
CREATE GLOBAL COALIZATION(to avoid rules interpretation and rely on each others )
• Serialization & Aggregation Requirements
FIGHT COUNTERFEIT
6
DATA INTEGRITY ISSUES PLAGUE OVERSEAS DRUGMAKERS 1/2
Data integrity issues were the most striking findings included in the Office of
Manufacturing Quality’s 2015 annual report of warning letters.
FDA investigators found data manipulation, cover-ups with faked test results,
uneven paper trails, destroyed or misplaced records, backdated production
reports.
The warning letters note problems such as failure of the quality unit to ensure:
materials are appropriately tested and the results reported,
lack of appropriate controls for batch records,
lack of controls for documentation.
Moreover, data integrity issues uncovered during an inspection were almost
always red flags for larger quality control problems, warning letters indicate
7
DATA INTEGRITY ISSUES PLAGUE OVERSEAS DRUGMAKERS 1/2
Each warning letter singled out unauthorized access or changes to data and
failure to prevent data omission.
The FDA also wants to see detailed management strategies and procedures for
getting at root causes of data integrity practices affecting the quality of drug
products.
Data integrity lapses have become so widespread globally, that even the World
Health Organization stepped in last year to issue guidance to bridge the gaps
between the principles of good data and record management and actual
practices.
Most of the letters urged companies to hire a third-party consultant with
expertise in data integrity and GMP issues, and drugmakers were urged to
review their entire organizational structure and personnel responsibilities.
8
DATA INTEGRITY EXPERTS
FDA expectations on the role of the Data Integrity Expert
Gapless identification (electronic data have been recorded and documented
incorrectly).
Identification and interview of all employees […] and the management which
contributed to or caused the GMP deviations.
Supporting indications of GMP non-compliant handling of electronic data should
be identified.
It must be revealed to what extent the top and middle management knew about
or was involved in the data manipulation.
The data integrity expert should find out whether managers are still able to have
an influence on the integrity of GMP relevant data.
Internal reviews are to be extended to other sites which are known to be involved
in violations of GMP-compliant handling of data
9
REQUIREMENTS FOR REGULATED DATA
REGULATORY EXPECTATION
The extent to which all data
are complete, consistent and
accurate throughout the data
lifecycle, i.e. from initial data
generation and recording
through processing (including
transformation or migration),
use, retention, archiving,
retrieval and destruction.
Where DATA are generated and used to made
GxP quality decisions, ensure it is
TRUSTWORTHY and RELIABLE
YOUR GxP RECORDS REQUIRED TO
BE ALCOA
DATA INTEGRITY
10
WHY DATA INTEGRITY MIGHT BE VIOLATED IN YOUR
COMPANY
(Anil Sawant- PDA Europe - Data Integrity Workshop - London, 2016)
11
POTENTIAL ROOT CAUSE FOR DATA INTEGRITY
VIOLATIONS
POTENTIAL ROOT CAUSE FOR DATA INTEGRITY VIOLATIONS
Business Pressure
No Awareness
Poor Quality Culture
Obsolete / Inadequate Automation
Vulnerable Process
80% 20 %
Unintentional Intentional
DATA INTEGRITY VIOLATIONS STATS
12
REACTION OF REGULATED AGENCIES
o Increase in number and severity of DI findings by almost every Regulated Agency
o Impact to public health
o Increased focus
OBSERVED STATUS
GxP Data Integrity
Definitions and
Guidance
Data Integrity and
compliance with
CGMP (draft)
Guidance on good data
and record
management practices Guidance on data
Integrity (draft)
t
Records and Data
Integrity GUIDE
V1 Mar. 2015
(V2 Jul. 2016)
Sept. 2015 Apr. 2016 Aug. 2016 Mar. 2017
REACTION
DATA INTEGRITY FOUNDATIONS
14
DATA INTEGRITY GOVERNANCE SYSTEM
The Data Governance System will be
oriented to establish the Directives to
ensure the Integrity of Regulated Data
created and maintained by the company
for Regulated purposes
15
DATA GOVERNANCE SYSTEM FOUNDATION
Data Governance Establishment Plan
Data Integrity Policy
Code of ethics
Computer System Policy
Training Program
Data Integrity Assessment Procedure
Audit Trail Review procedure
16
DATA GOVERNANCE ESTABLISHMENT PLAN
Purpose: Design the Governance System to demonstrate effective data governance
practices including the necessity for a combination of appropriate organizational culture
and behaviors and an understanding of data criticality, data risk and data lifecycle. This
will include:
Both long term and interim measures should be implemented to mitigate risk, and
will be monitored for effectiveness.
Responsibilities: High management
• communication of expectations to personnel at all levels within
the organization in a manner
• organizational controls: Procedures, Training Program for
Management and staff, Documented authorization for data
generation and approval, Routine data verification; Periodic
surveillance
• technical controls: Computerized system control and Automation
17
DATA INTEGRITY POLICY
DI Policy establishes the general approach for GxP data integrity
created and maintained by the company.
Purpose: set forth the activities to assure the completeness,
consistency and accuracy of all data generated in GxP impacting
areas and facilities according to the regulatory requirements and
to ensure that Regulated data are: attributable, legible,
contemporaneous, original and accurate.
Responsibilities: High management
18
COMPUTER SYSTEM POLICY
CS Policy establishes the general approach for implementing,
maintaining use of, and retirement of computerized systems in
GxP regulated environments
Purpose: ensure any CS, IT equipment/service GxP critical is
validated or qualificated prior to it use and maintained in a
valid state throughout the system lifecycle, together the
assurance of data integrity
Responsibilities: Management, BPO, TO, QA, IT
19
TRAINING PROGRAM
Establish a standard approach (methods and responsibilities) for
the training
Each personnel should be adequately trained in order to fulfil
their duties and responsibilities according to their job description
guaranteeing to have the knowledge and skills required to
perform tasks.
Responsibilities: QA
20
AUDIT TRAIL REVIEW PROCEDURE
The Audit Trail Review is a process to assure that activities related to a system
and modifications to the data are executed in a controlled manner, ensuring the
integrity of the data managed by the system.
Purpose: to define the strategy and methodology to execute the Audit Trail
Review assuring data integrity and compliance with the applicable rules.
Responsibilities: BO, QA, Supervisor, Application manager, IT, Validation
System which manages RER and
used to release Finished Products
AUDIT TRAIL REVISION
MONTHLY with AQL 4.0
AUDIT TRAIL REVISION
WEEKLY with AQL 1.5YES
Revision of the Audit Trail frequency and/
or AQL by QA and Business Owner,
increasing or decreasing the
conditions based on the identified
recurrent deviations and/or anomalies
Class 1
- System which manages RER
supporting the batch release of Raw
Materials or Intermediate Products
- System which manages RER
supporting Stability Studies
- System which manages RER with
direct impact on product Quality
Class 2YES
AUDIT TRAIL REVISION
ANNUALLY with AQL 10.0Class 3
NO
NO
21
COMPUTER VALIDATION LIFE CYCLE PROCEDURE PACKAGE
Computer Validation Life Cycle Procedure
Supporting Processes
Computerized Systems Risk Management
Supplier Assessment
System Inventory
Management
IT Infrastructure Qualification
Life Cycle
Retirement
Periodic Review
Change and Configuration Management
Incident Management
Business Continuity
Archiving
Backup & Restore
Security Management
22
IT INFRASTRUCTURE QUALIFICATION LIFE CYCLE
Demonstrate that infrastructure components (networks, servers,
clients, server rooms, software tools) are able to meet the related
technical requirements
Purpose: defined process for the qualification IT Infrastructure
supporting GxP computerized systems, which shall be based on
actual risks and regulatory compliance.
Responsibilities: IT, QA
ALCOA ASSESSMENT
ELECTRONIC RECORDS CASE STUDY
24
DATA INTEGRITY GOVERNANCE ROADMAP
LIST OF BUSINESS PROCESSES
RISK-BASED PRIORITY ASSOCIATED TO EACH MACROPROCESS
EVALUATION OF EXPOSURE OF RECORDS TO INTEGRITY
VIOLATIONS DETERMINED UPON THE OBSERVED GAPS
GAPS AGAINST THE ALCOA REQUIREMENTS
PROCESS STEPS ASSOCIATED TO EACH BUSINESS PROCESS &
DATA LIFE CYCLE
LIST OF GMP RECORDS (BOTH PAPER AND ELECTRONIC)
RISK BASED & PRIORITY DRIVEN REMEDIATION PLAN
DATA INTEGRITY GOVERNANCE
PROCESS INVENTORY
PROCESS PRIORITY RANK
ALCOA GAP ANALYSIS
PROCESS MAPPING & DATA LIFE CYCLE
GMP RECORDS INVENTORY
REMEDIATION PLAN
Paper ALCOA Gap Analysis
Electronic ALCOA Gap Analysis
1
2
3
4
6
8
INTEGRITY EXPOSURE7
RECORD CLASSIFICATION5 DETERMINATION OF RECORD CRITICALITY AND TYPE
25
REMEDIATION PLAN
TIME FRAME
SHORT TERM:Remediation
Very High Risk systems
MEDIUM TERM:Remediation
High Risk systems
Finalization Deadline:
Q1, 2016
Finalization Deadline:
Q2, 2016
Finalization Deadline:
Q3, 2016
LONG TERM:Remediation
Medium and Low Risk systems
Computerized Systems Assessment Report& Remediation Plan(present document)
Risk-based and priority-driven remediation actions Short, Medium and Long
remediation phases
25
26
PAST FUTURE
HOW TO MEET REGULATORY EXPECTATIONS
Assess Historical Data in case the current
status is observed as deficient
TestingRequirements and Specifications Definition
ReportingPlanning
System
Build
t0 t0
ON
GO
ING
Qualification Plan Qualification Report
User Requirements Specifications
Design Specifications
User Acceptance Tests
Integration Tests
System Tests
Functional Specifications
Risk Assessment Traceability Matrix
Configuration Specifications
SPECIFICATIONS Module Tests
Configuration Tests
TESTING
REMEDIATION
Reliable Data
Data integrity
technical measures
SOPs & CSV to ensure
system reliability
CONCLUSIONS
28
NOT (ONLY) A TECHNOLOGY MATTER
Technologies change our way of working, but the need of
Quality Requirements (GxP) remains the same
In both the cases Data Integrity must be assured
29
USER PROFILES
CORRELATED COMPONENTS
All Data Integrity components (and relevant Compliance
Requirements) are essential
ACCESS CONTROL
EVERY ASPECT NOT PROPERLY
HANDLED MAY RESULT IN FAILURE
30
WHERE WE ARE HEADED
Globalization has driven the need to create common standards which
rely upon the Integrity of GxP data
The monitoring of GxP compliance applies to the entire R&D,
Manufacturing and Distribution chain
Creating a Culture of Quality is the best way to ensure Data Integrity
Computer Validation purpose shall be targeted not to technology but
to ensure Data Integrity
The status of compliance related to Data Integrity must be
documented in the present, analyzed with respect to the past and
maintained in the future
GLOBAL PROVIDER, LOCAL SOLUTIONS
IN YOUR LANGUAGE