managing data integrity and compliance confidence › webassets › cms › library › docs...gamp:...

©2017 Waters Corporation 1 COMPANY CONFIDENTIAL

Datenintegrität

Ralf Schröder Nov 2017, Separation Days


Quellen der Informationen in dieser Präsentation

Regulatory

Bodies FDA/MHRA etc

Industry Groups

ISPE/GAMP

Customer & QA

Sales and Specialists

Professional

Services

Product

Functionality and Design

Within


This presentation is for informational purposes only and should not be taken as advice regarding any particular course of action to be followed.

Waters does not make any representations or warranties, express or implied, to any party, regarding use of the information contained in this presentation to make decisions regarding the implementation and maintenance of effective quality control systems and quality assurance testing programs, including but not limited to the applicable Good Manufacturing Regulations that apply to the manufacture of regulated products.

Disclaimer


Datenintegrität


Was bedeutet Datenintegrität?

Quelle: www.duden.de


Interfacing

Geräte Audit Trail Prüfen

Daten Management GxP

Backup Archiv

Kultur Verantwortung Validation CSV SOP Compliance

Datenqualität

Training Regulatorien

Datenintegrität

Was verbinden Sie mit Datenintegrität?


Was beinhaltet Data Integrity? Menschen – ‘Data Integrity’ Kultur – Überwachung und Datenkontrolle – Eindeutige Accounts – Wissenschaftliche Kenntnisse – Training – Schutz vor Betrug

Qualitativ hochwertige Trennung – Geeignete Standards & Reagentien – Instrument Kalibrierung & Wartung – Qualifizierung – Methodenvalidierung – System Suitability Tests – Geeignete Säulen

IT Komponenten – Sichere zentrale Datenablage – Qualifizertes Netzwerk – Disaster Recovery Plan – Backup und Restore Prozess – Archivierung elektronischer Daten

Computersysteme für das Labor – Eingebaute Kontrollmechanismen – Computer System Validierung – Nachvollziehbarkeit – Regelmäßige Kontrolle


Woher kommt der neue Focus auf Datenintegrität?

Sie können unerwünschte Aktionen verhindern und/oder Sie aufdecken Werkzeuge für QA und Auditoren

– Zugriffskontrolle – System policies – Audit Trails

Elektronische Systeme bieten neue Möglichkeiten

Auditoren haben das Vertrauen

in die Ehrlichkeit und Integrität

der Analytiker verloren


Able Laboratories, Inc. FDA 483 Inspectional Observations (May 2005)

http://www.fda.gov/aboutfda/centersoffices/officeofglobalregulatoryoperationsandpolicy/ora/oraelectronicreadingroom/ucm061813.htm


Woher kommt der neue Focus auf Datenintegrität? Verschiebung der Datenintegritätsproblematik

Papier Dokumente Computer Systeme

Labortagebücher E-Lab Notebook Zugriffskontrolle

Gebundene Arbeitsvorlagen Lab Execution Systems Dokumentation der Aktionen mit Audit Trail

Zeitstempel Audit Trail ALCOA (keine Rückdatierung) Initialien, Datum,

Korrekturkommentare Audit Trail ALCOA (Attribute, Change Control)

Review - Prozess Metadaten beschreiben Daten Erleichterter Review Manuelle Unterschrift Elektronische Unterschrift ALCOA (Zeitstempel)

Papierarchiv im klimaüberwachten Lager Elektronische Archivierung Schneller Zugriff auf Daten

Disaster Recovery mittels PDF?

Redundante Kopien der Orginaldaten Daten und Metadaten bleiben bei einem Disaster verfügbar


Grundvoraussetzung: Vertrauenswürdige Daten

Data Integrity Guidances: Fokus auf Chromatografie Review der Audit Trails Spezielle Inspektionen: Fokus auf Datenintegrität

– Mehrere Neue Guidances (mindestens fünf) – Unterscheidung zwischen statischen und dynamischen Daten (gedruckte Chromatogramme)

o Elektronische Daten werden angeschaut, nicht nur Ausdrucke – Training der Auditoren für elektronische Laboranwendungen

Überprüfung der ‘guten und schlechten’ Daten – Re-Analyse und Re-prozessierung

Fehlerbehandlung und OOS Prozeduren – Adäquate Handhabung

Datenintegrität: Der Schlüssel zur Qualitätssicherung


Website Q and A 2015, DRAFT Guidance April 2016 GMP Data Integrity, March 2015

GxP Data Integrity, DRAFT July 2016

Medicines & Healthcare Products Regulatory Agency (UK)

Pharmaceutical Inspection Co-Operation Scheme

PI-041-1 (DRAFT 2), August 2016

Released June 2016, as WHO_TRS_996 Annex 5 Q and A: August 2016

For GLP, April 2016

Data Integrity Guidances

Points to Consider Series: Conduct: March 2016

Fundamentals: Sept 2016 Data Integrity: In Progress

EPA QA/G-8, November 2002

GAMP: RDI Guide Published

April 4th 2017

Coming Soon


Definition of Data Integrity

Data Integrity is the extent to which all the data are complete, consistent and accurate throughout the data lifecycle.

Data Integrity refers to completeness, consistency and accuracy of data. That data should be ALCOA.

The collected data should be Attributable, Legible, Contemporaneously recorded, Original or a true copy, and Accurate (ALCOA).

Data Integrity is defined as the extent to which all data are complete, consistent and accurate, throughout the data lifecycle.


ALCOA+ Key Factor in Data Integrity

A Attributable Who acquired the data or performed an action?

L Legible Can you read and understand the data entries?

C Contemporaneous Were records documented at the time of the activity?

O Original Is it the first recorded observation (or a verified, true copy)?

A Accurate Is the result scientifically valid and error free?

+

Complete All data including any repeat or reanalysis performed Consistent All elements of the analysis are date/time stamped in the expected sequence Enduring Recorded in a permanent, maintainable form throughout its lifecycle Available For review, audit, or inspection over the lifetime of the record

Stan W. Woollen, Sr. Compliance Advisor

Wer, Wann, Was, Warum?

Verständlich

Zeitnah dokumentiert

Orginal

Wissenschaftlich korrekt

Komplett Konsistent Unveränderlich Verfügbar


…from initial generation and recording through processing

(including analysis, transformation or migration), use, data retention, archive / retrieval and destruction.

...assessing risk and developing quality risk mitigation

strategies for the data life cycle, including controls to prevent and detect risks throughout the steps of:

– data generation and capture; – data transmission; – data processing; – data review; – data reporting, including handling of invalid and atypical data; – data retention and retrieval; – data disposal.

What is Data Life Cycle?


Sichern und Prüfen der kompletten Daten: Statische und dynamische Daten


www.FDA.Gov Questions and Answers Level 2 Guidance - Records and Reports


Papierdokumentation ist nicht ausreichend

Simple/Static

Complex/Dynamic

Printouts COULD

represent original data

Printouts are NOT Representative

pH Meter

UV Spec FTIR

HPLC GC

LIMS ERP


Data may be… – Static (e.g. a ‘fixed’ record such as paper or pdf) or – Dynamic (e.g. an electronic record which the user / reviewer can interact with).

Data must be retained in a dynamic form where this is critical to its integrity or later verification.

(Once printed) chromatography records lose the capability of being reprocessed and do not enable more detailed viewing of baselines or any hidden fields.

Some data generated by electronic means to be retained in an acceptable paper or PDF format

– Where it can be justified that a static record maintains the integrity of the original data. – Verified copies of all raw data, meta data, audit trail, result files, software/system configuration settings

for each record, all data processing runs including methods and audit trails for a reconstruction …. and verification

This approach is likely to be onerous to enable a GxP compliant record

MHRA Draft GxP Guidance: Reviewing Electronic Records Summary

GxP Data Integrity Definitions and Guidance for Industry DRAFT July 2016


Static is used to indicate a fixed-data document (such as a paper record or an electronic image), and

Dynamic means that the record format allows interaction between the user and the record content. – But defines as allowing the reviewer to change/edit things…???

(Printouts allowed if) includes associated metadata and the static or dynamic

nature of the original records

Electronic records from certain types of laboratory instruments are dynamic records, and a printout or a static record does not preserve the dynamic format

FDA Guidance: Reviewing Electronic Records Summary

Data Integrity and Compliance with CGMP Guidance for Industry DRAFT April 2016


A PDF or printout is fixed or static and the ability to expand baselines, view the full spectrum, reprocess and interact dynamically with the data set would be lost in the PDF or printout

Data integrity risks may occur when persons choose to rely solely upon paper printouts or PDF reports – If the reviewer only reviews the subset of data provided as a printout or PDF, these risks may go

undetected

Paper printouts of original electronic records from computerized systems may be useful as summary reports… verify that the printed summary is representative of all (electronic)results.

A risk-based approach to reviewing data requires process understanding and knowledge of the key quality risks… requires understanding of the computerized system, the data and metadata and data flows.

WHO Guidance: Reviewing Electronic Records Summary

Guidance on Good Data and Record Management Practices Released June 2016 As WHO_TRS_996 Annex 5


Sichern Sie Ihre Gerätedaten?


Backup & Archiv


Wie archivieren Sie? – Projekte? System Audit Trail? – Warum? Wer? Wann? Wo? – Audit Trail für die Archivierung? – Bleiben die Metadaten erhalten ? – Überprüfen Sie den ‘restore‘ Prozess? – Löschen Sie die Daten nach x Jahren? – Ist dies beschrieben in einer SOP?

Richtlinien zur Archivierung

– EU und PIC/S Annex 11: Section 17 Archiving – MHRA guidance: in Data Retention section, Archive – FDA guidance: in Question 1 (a), a bit cryptic – WHO guidance: in Annex 5 Retention of Original Records

Sichern sie Ihre Empower Daten?


Data Integrity Regulatory Findings


FDA Presentation | June 2015


FDA Presentation | March 2017


21 CFR Part 211.194: Laboratory Records

Sample Description

Method Description Sample

Weight All Test Data Created All Test Data Created All Test Data Created All Test Data Created All Test Data Created

All Test Data Created All Calculations

Performed Results, Pass/Fail Signature Performer Signature Reviewer

Lab Book or forms Lab Book or forms

Various PC’s in Lab

Analytical Applications or

Excel

All laboratory records required to be kept


Failure to prevent unauthorized access or changes to data, and to provide adequate controls to prevent manipulation and omission of data.

During the inspection, an FDA investigator discovered a lack of basic laboratory controls to prevent changes to your firm’s electronically stored data and paper records. Your firm relied on incomplete records to evaluate the quality of your drugs…

Our investigator found that your firm routinely re-tested samples without justification, and

deleted analytical data. We observed systemic data manipulation across your facility, including actions taken by multiple analysts and on multiple pieces of testing equipment.

Specifically, your Quality Control (QC) analysts used administrator privileges and passwords to manipulate your high performance liquid chromatography (HPLC) computer clock to alter the recorded chronology of laboratory testing events.

Chinese Company | May 2016


Failure to ensure that test procedures are scientifically sound and appropriate to ensure that your API conform to established standards of quality and/or purity. Our investigators observed that the software you use to conduct high performance liquid chromatography (HPLC) analyses of API for unknown impurities is configured to permit extensive use of the “inhibit integration” function without scientific justification.

Failure to prevent unauthorized access or changes to data, and to provide adequate controls to prevent manipulation and omission of data. During the inspection, an FDA investigator discovered a lack of basic laboratory controls to prevent changes to your firm’s electronically-stored data in laboratories where you conduct CGMP activities. Specifically, audit trail functionality for some systems you used to conduct CGMP operations was enabled only the day before the inspection, and there were no quality unit procedures in place to review and evaluate the audit trail data.

Indian Company - April 2017


EU GMP Certificates have been publicized for some time – http://eudragmdp.ema.europa.eu/inspections/gmpc/index.do – Recently opened a database of Non Compliance Reports

(or statements of non compliance)

SUMMARY – Deliberate falsification of results / hiding non conformities – Failed injections deleted – Discrepancies in raw data / lack of raw data – Inadequate review and control of computerized laboratory results and systems – Insufficient Qualification of Equipment – Quality Control deficiencies including; inadequate records, lack of specificity in analytical

methods, failure to investigate unknown peaks

Statements of EU Non GMP Compliance

http://eudragmdp.ema.europa.eu/inspections/gmpc/index.do


Italian Medicines Agency Statement of Non-Compliance with GMP

Nature of non-compliance: Major deficiencies were found in the following areas: – electronic and paper analytical data integrity, – QC activities, – computerized systems security, – analytical and process data manipulation, – personnel, and – deviations and OOS management

leading to a serious risk for public health.

Indian Company | March 2017


Werden alle Daten betrachtet – auch die nicht verwendeten (orphan data) – Werden nur die guten Resultate gewählt? – Was passiert mit schlechten Resultaten?

o gelöscht, versteckt, ignoriert? o mit Begründung und Signatur?

– Werden die Proben ‘tested into compliance’ o Solange analysiert bis das Ergebnis passt? o An anderer Stelle verändert bis das Ergebnis passt?

Sind die Daten sicher? – Zugriffsrechte korrekt? – Archiv, regelmäßige Prüfungen, Disaster Recovery – Sind Daten versteckt oder gelöscht?

Kann die Erstellung der Daten nachvollzogen werden? – Audit Trail, Metadaten, Versionen

Auditoren prüfen die Datenintegrität


Inspection Themes

CSV

Technical Controls Sharing Accounts

Delete Privileges

Unsecured Data

No Audit Trail

Procedural Controls

All Data: Good and Bad

Poor Review of Electronic Data

including audit trails Poor OOS or

Lab Error Investigations OOS found in

orphan data

DATA MANIPULATION

Periodic Review


Impact: Investigation into suspected Data Integrity problem (an example)

14 people for 4.5 months

600 PAGE REPORT into investigation

35,000 chromatograms, all related methods, and paper records to review AGAIN

Outside laboratories engaged to cover urgent testing

Remediation projected cost CA$18m Currently at CA$35m and still going

Hiring outside consultants

Product Quarantined until end of investigation EXPIRED: tons of product lost


Impact: Investigation into suspected Data Integrity problem (an example)

14 people for 4.5 months

Hiring outside consultants

600 PAGE REPORT into investigation

Product Quarantined until end of investigation EXPIRED: tons of product lost

35,000 chromatograms, all related methods, and paper records to review AGAIN

Outside laboratories engaged to cover urgent testing

Remediation projected cost CA$18m Currently at CA$35m and still going

AND NOTHING WAS WRONG.


Was können Sie tun?


“Den Überblick behalten” und regelmäßig prüfen – Kritische Bereiche identifizieren, analysieren und Kontrollmechanismen etablieren

Schulen und bestärken der Mitarbeiter – Firmenkultur ist ein wichtiger Faktor

Überprüfen was Sinn macht – Wo liegen die größten Risiken? – Wieviel Zeit und Geld können Sie auf die Verbesserungen verwenden?? – Was können Sie sofort verbessern? Was in der Zukunft?

Führen Sie keine ‘unmöglichen’ SOPs und Vorschriften ein – Überprüfen Sie die Einhaltbarkeit der SOP

Was können Sie tun?


Um das richtige Maß zu finden, macht es Sinn die Arbeitsabläufe im Labor zu dokumentieren. Beschreiben Sie die Schritte der unterschiedlichen Analyse (Von der Probennahme bis zur Resultaterstellung) und der übrigen Laborprozesse

Die Dokumentation sollte aufzeigen: – Welche Schritte durchgeführt werden – Wie die Schritte durchgeführt werden – Wie sie dokumentiert werden – Wo Entscheidungen getroffen werden – Sind Prozesse automatisiert oder manuell durchzuführen – Welches sind die Risiken eines jeden Schrittes

(Würden Sie merken, wenn die Datenintergrität verletzt wäre?)

Der Zweck eines Datenintegritäts Audits ist die aktive Suche nach Betrug!

Data Integrity OK? Überprüfen Sie Ihre Prozesse


A stand-alone guide, that is aligned and can be used in parallel with GAMP® 5 and the Good Practise Guides – Based upon life science regulations and guidance (GCP, GMP, GLP and medical Devices),

including recent Data Integrity guidances, 21 CFR part 11, Chapter 4 Annex 11, ICH Q9 & ICH Q10

– Main Body Consists of 5 main chapters o Introduction o Regulatory Focus o Data Governance Framework o Data Life Cycle o Quality Risk Management

– & 16 Appendices: o Management o Development o Operations

ISPE GAMP® Guide: Records and Data Integrity

M2: Data Integrity Maturity Level


Der Kunde ist letztendlich verantwortlich für Compliance Validierung und Compliance können nicht “outsourced” werden, aber man kann

sich Unterstützung verschaffen Im Audit müssen Sie Ihre Arbeitsabläufe und Vorgehensweisen verteidigen

Es ist Ihre Verantwortung


Your vendor is the BEST resource for Training – The WHOLE application, not just the bits you think you will use – Regular review with updates for new versions – Attend User Meetings regularly – Release Notes are essential to read very carefully

o Defects addressed, New features, New OS and instrument support

SOPs need to address your business needs – But ask your vendor for advise or to review

Talk to your Vendor long before your Audit


Summary

DON’T share accounts or passwords DON’T provide delete privileges to users DON’T disable the audit trails DON’T hide or exclude data DON’T forget to backup your data

DO review data and audit trails DO perform and record training DO use a change control process DO create Standard Operating Procedures DO select compliance-ready systems DO archive your data DO train users and prepare your response for Multiple Analyses & Multiple Results


Waters products are there to help you!

Control your Instruments Process/Report your data Streamline your workflow Confidence in Data Integrity

Archive your e-data Streamline your workflow Electronic Lab Notebook Sample Management Stability Testing Inventories Confidence in Data Integrity

Control MS Instruments Process/Report your Data Data traceability Screening application Confidence in Data Integrity


Maximize the value of your Waters’ software and join us for: Latest product updates and case studies in the Plenary sessions Deep dives on Waters' core Informatics products

Guidance on Waters' services and product features, including technical tips and tricks

Hands-on training and Tutorial tracks to ensure your team is up to date with Waters’ Products

Workshops focusing on hot topics, such as Data Integrity and the Cloud

Fun with the Waters community at our networking activities

WHEN: May 14–17

WHERE: Copenhagen Marriott Hotel

SAVE THE DATE!

Choose from over 35 workshops and demonstrations on everything from the basic foundations of Data Integrity and hot topics like Cloud, to Empower practical tips and techniques.

Copenhagen, Denmark

DatenintegritätQuellen der Informationen in dieser PräsentationDisclaimerFoliennummer 4Was bedeutet Datenintegrität?Was verbinden Sie mit Datenintegrität?Was beinhaltet Data Integrity?Woher kommt der neue Focus auf Datenintegrität?Able Laboratories, Inc.�FDA 483 Inspectional Observations (May 2005)Woher kommt der neue Focus auf Datenintegrität?Datenintegrität:�Der Schlüssel zur QualitätssicherungData Integrity GuidancesDefinition of Data IntegrityALCOA+�Key Factor in Data IntegrityWhat is Data Life Cycle?Foliennummer 16www.FDA.Gov Questions and Answers �Level 2 Guidance - Records and Reportswww.FDA.Gov Questions and Answers �Level 2 Guidance - Records and ReportsPapierdokumentation ist nicht ausreichendMHRA Draft GxP Guidance:�Reviewing Electronic Records Summary FDA Guidance:�Reviewing Electronic Records Summary WHO Guidance: �Reviewing Electronic Records SummaryFoliennummer 23Foliennummer 24Sichern sie Ihre Empower Daten?Foliennummer 26FDA Presentation | June 2015FDA Presentation | June 2015FDA Presentation | June 2015FDA Presentation | March 2017FDA Presentation | March 2017FDA Presentation | March 201721 CFR Part 211.194: �Laboratory RecordsChinese Company | May 2016Indian Company - April 2017Statements of EU Non GMP ComplianceIndian Company | March 2017Auditoren prüfen die DatenintegritätInspection ThemesImpact: Investigation into suspected �Data Integrity problem (an example)Impact: Investigation into suspected �Data Integrity problem (an example)Foliennummer 44Was können Sie tun?Data Integrity OK?�Überprüfen Sie Ihre ProzesseISPE GAMP® Guide:�Records and Data IntegrityEs ist Ihre VerantwortungTalk to your Vendor long before your AuditSummaryWaters products are there to help you!Foliennummer 52

managing data integrity and compliance confidence › webassets › cms › library › docs...gamp:...

Documents