Data Integrity Governance: milestones in the global

arena

Gilda D’Incerti – PQE Group August 29, 2018

Why Data Integrity is the cornerstone?

REGULATED AGENCY

PHARMA COMPANY

DATA RECORDS DOSSIERS

MEDICINALPRODUCTS

Data

Medicinals

Data

Medicinals

Data Integrity Targets

Man

ufac

turin

gR

esea

rch

Vigi

lanc

e on

Fi

nal

Prod

uct

Data integrity shall be embedded in the Pharmaceutical Quality System within the Product Life Cycle to ensure

Quality of Medicines

Quality of GxPdecisions

TREND OF REGULATED AGENCIES

GMP Data Integrity Definitions and

Guidance

Data Integrity and compliance with

CGMP (draft)

Application of GLP Principles to

ComputerisedSystems

Guidance on good data and record

management practices

Guidance on data Integrity (draft)

REACTION

o Increase in number and severity of DI findings by almost every Regulated Agency

o Impact to public healtho Increased focus OBSERVED STATUS

TIME

Drug Data Management

Standard (draft)Records and Data

integrity guide

Data integrity Q&A

NEW

NO NEWS ON CSV SINCE 2008

2016

2017

NO NEWS ON CVS APPROACH

SINCE 2008

Evolution of DIrequirements

PIC/S

GAMP

t

t

Evolution of CSVapproach

2007

2017

2008

Ultimate Requirements for regulated dataREGULATORY EXPECTATION

Data integrity is the degree to which data are complete,

consistent, accurate, trustworthy, reliable and that

these characteristics of the data are maintained throughout the data life cycle, i.e. from initial data generation and recording through processing (including transformation or migration),

use, retention, archiving, retrieval and destruction.

Where DATA is generated and used to make GxP quality decisions, ensure it is

TRUSTWORTHY and RELIABLE

YOUR GxP RECORDS REQUIRED TO BE ALCOA

DATA INTEGRITY

ALCOA: ANOTHER RULE ?? NO !!! Rules were already embedded in the GxP ALCOA acronym has been created by Stan Woolen, who was working in the 1990’s for FDA’s Office of Enforcement – GLP area “Ordinarily I didn’t use acronyms in the actual body of my presentations. However, in preparing slides for one presentation, I ran out of space on a slide, and just inserted the acronym ALCOA as a bullet-point reminder to myself.

Additional requirements (i.e. the plus) defined in the EMA Reflection paper on expectations for electronic source data and data transcribed to electronic data collection tools in clinical trials (2010)

DID GUIDANCES FIX THE ISSUE?…NOAs recently reported by MHRA (ISPE Congress 2018), the integrity-related findings affecting Product Quality and Patient Safety are still observed within inspections

Root Causes (examples):Data Integrity Programs not implemented or not effective or requiring more time than expected (still) lack of awareness Manufacturing equipments (still) not addressedData within Clinical stage not securedSuppliers not monitored for Data Integrity

ULTIMATE TARGET: ENSURE DATA RELIABILITY TO ENSURE COMPLIANCERECORDS REQUIRED BY PREDICATE RULES

REGULATED RECORDS

DATA LIFE CYCLE

Paper-based workflows &

Approval

Computer-based Management &

Approval

Concurrent Paper & Electronic Records

Management

ALCOA ALCOA ALCOA

GxP DOCUMENTED COMPLIANCE

Batch Record,

AnalyticalWorksheet

eCRF, TMF, CTD

Adverse events

GMDP

Regulated Records provided by Suppliers

ALCOA

GCP GPvP

RISK FOR DATA INTEGRITY VIOLATIONDATA INTEGRITY VIOLATION RISK

SEVERITY PROBABILITY DETECTIONCO

NTR

IBUT

ING

FACT

ORS IMPACT OF

DATA TO PRODUCT QUALITY /

SAFETY

QUALITY CULTURE

PROCEDURAL CONTROLS

SYSTEM FUNCTIONS

AUDIT TRAIL REVIEW

SELF INSPECTIONS

SOUR

CE

NDA/CTD

SYSTEM VALIDATION

MANAGEMENT OVERSIGHT

QMS QMS

STUDY PROTOCOL

DATA LIFE CYCLE

OPEN ENVIRONMENT

MANAGEMENT OVERSIGHT

Data governance roadmap

DATA GOVERNANCE

Set forth your own Rules and approach to ensure Data Integrity (i.e. prevent breaches)

Describe your processes affecting GxP data to identify weakness points

Assess your processes affecting GxP data to identify weakness

Rely upon Validated Technology whenever possible

Establish Control Measure to Detect potential/effective Integrity breaches

STEPS to Rollout integrity across the network

Ensure a feasible approachBase upon Record Criticality

•DI Policy•Validation Procedures•AT review SOP•Supplier Qualification

SOPs

SET RULES

•Data Integrity KPIs•Assessment Method

for Regulated Electronic & Paper Records

MEASURE •Reccords Inventory & Mapping

•Assessment Execution•Suppliers Qualification

ASSESS

•Consolidate results•KPIs tracking•Central Remediation

approach

MONITOR

CAVE

ATS

Define significant KPIs Base upon ALCOA+Include verification of Validation Eletronic Records

Ensure harmonized resultsVerify Integrity of data mantained/ provided by Suppliers

Support sites for risk-basd remediation Define common Interim measuresAnalyze KPIs

SCOPE : WHAT SHOULD BE ALCOA+?

INPUT RECORDS

OUTPUT RECORDS

DATA CAPTURED FROM DEVICES/

SENSORS

MANUAL DATA ENTRY

REPORTS

DISPLAYED DATA

DATA TRANSMITTED/COLLECTED

BY INTERFACE

CRITICAL SYSTEM

DATA RECEIVED FROM INTERFACED

SYSTEM

INPUT RECORDS

OUTPUT RECORDS

DATA CAPTURED FROM DEVICES/

SENSORS

MANUAL DATA ENTRY

REPORTS

DISPLAYED DATA

DATA TRANSMITTED/COLLECTED

BY INTERFACE

CRITICAL SYSTEM

DATA RECEIVED FROM INTERFACED

SYSTEM

INPUT RECORDS

OUTPUT RECORDS

DATA CAPTURED FROM DEVICES/

SENSORS

MANUAL DATA ENTRY

REPORTS

DISPLAYED DATA

DATA TRANSMITTED/COLLECTED

BY INTERFACE

CRITICAL SYSTEM

DATA RECEIVED FROM INTERFACED

SYSTEM

QUALIFIED INSTRUMENT

REGULATED DATA

COMPUTER SYSTEM

REGULATED DATA

REGULATED DATA

REGULATED DATA

REGULATED DATA

REGULATED REPORT

METHOD

LOGBOOK

REGULATED DATA

REPORT / OOSREGULATED DATA

Data Integrity does not apply only to Computer Systems: ALCOA+ requirements shall be verified for • records fed into the system (Input Records) • records created/elaborated by the System (Output Records)

TUNE THE ASSESSMENT LEVELLevel of details and relevant expected outcomes should be tuned on the basis ofthe agreed resources in terms of time, acceptable regulatory exposure and budget

Exposure

Budget

Time

Assessment activities may be developed combining one or morekey factors (see below):o Status of Technology used to implement data integrity featureso Adequacy and Completeness of Data/Systems Validation Life

Cycleso Presence of specific Process/Operational requirements within

specifications and testing documentso Status of supporting Quality System documentso Status of IT Infrastructure Qualification supporting GxP critical

applications

Assessment STREAMSALCOA

METRICS

GxP

RECORDS CREATED/MANAGED/RELIED UPON WITHIN THE PROCESS SHALL BE VERIFIED AGAINST THE ALCOA

REQUIREMENTS

Paper Record

Electronic Record

GxPE-ALCOA

GAP ANALYSIS

P-ALCOA GAP ANALYSIS

HOW TO (REQUIRE TO) ADDRESS INTEGRITY GAPS

GAPS

MITIGATE

REMEDIATEALCOA

AssessmentGxP

VIOLATIONS ARE NOT

PREVENTED

YES

INVESTIGATEIMPLEMENT

INTERIM SOLUTION(S)

TEST SOLUTION(S)

VALIDATE FIXED

SYSTEM

UPGRADE SYSTEMS

VALIDATE UPGRADED

SYSTEM

Qualification Vs Validation

What is computer system validation?

Computer System Validation is the documented evidence that a Computerized System, while performing its intended functions consistently and reliably, ensures the integrity of

quality product data

The most quoted definitions of ‘validation process of a Computerized System ’ come from the FDA:

“The collection and evaluation of data, from the process design state through commercial production, which establishes scientific

evidence that a process is capable of consistently delivering quality product”.

“Guidance for Industry, Process Validation: General Principles and Practices”, January 2011.

“Establishing documented evidence which provides a high degree of assurance that a specific process will consistently produce a product meeting its pre-determined specifications and quality attributes.”

FDA “Guideline on general principles of process validation, May, 1987”

CONCLUSIONS

WHERE ARE WE HEADEDGlobalization has driven the need to create common standards which rely upon the Integrity of GxP data

The monitoring of GxP compliance applies to the entire Manufacturing and Distribution chain

Creating a Culture of Quality is the best way to ensure Data Integrity

Computer Validation purpose shall be targeted not to technology but to ensure Data Integrity

The Status of Compliance related to Data Integrity must be documented in the present, analyzed with respect to the past and maintained in the future

ACKNOWLEDGEMENTS• info@pqegroup.com