Strengthening Data Integrity for Compliance and Success
Estimated reading time: 6 minutes
Data integrity and its ALCOA+ guiding principles are crucial to the operation and success of life science companies and toward their compliance with federal regulations (cGMP – current Good Manufacturing Practices). The FDA values a company’s cGMP data as highly as it values the actual products that are made; from a quality standpoint they are inseparable. Failure to meet the FDA’s regulations on data integrity can result in 483 warning letters and in some serious cases, the closure of a facility. In this article, we will touch on a few key elements organizations should consider to strengthen data integrity policies.
Backup / Archived Data – Most data is now electronically generated and captured. This means that all computer systems that generate data also have backup and storage capabilities. Backups are defined by the FDA as a “true copy of the original record that is maintained securely throughout the record retention period”. Backups are to be used for recovery of data in the case of data loss, interruption, or disaster and can be performed as often as a company deems necessary based on volume, risk, and other factors. Once data is no longer active, the process can begin to archive the data for long-term retention. Depending on the type of data, retention lengths typically range from 2 to 10 years. Archived data is preserved inactive information that is stored to be available for inspections. Effective archiving systems can automatically flag and destroy data once record retention time periods are met. The main difference between data backups and archives is that backups are utilized for disaster recovery while archives are used for data storage. Both should be validated and procedurally managed during the system life cycle to ensure data integrity is maintained.
Orphan Data - Orphan data occurs in broken database relationships. It is a record or row in a database that is related to a non-existent primary record or row. Losing data in this manner can be a serious GMP compliance issue and can result in regulatory agency warnings or other actions. It is imperative that systems are set up so there are safeguards for generating orphan data. This includes limiting the number of users accessing raw data and limiting manipulation. If orphaned data is discovered, systems such as audit trails and file structures should be reviewed to understand what is causing the issue and how it can be resolved.
Legacy Systems - The cost to immediately upgrade every computer system to the latest hardware or software is not feasible for most companies. This means some legacy systems are still used for business purposes. Many of these systems were developed before more stringent data integrity practices were developed and often have outdated security requirements. This could include less stringent password security or a lack of audit trail capabilities. It is imperative for companies to identify these legacy systems and do what is possible to mitigate their exposure to security and data integrity risks until they can update or replace them.
Supply Chain Security – Pharmaceutical products travel in a secure supply chain from the manufacturer to wholesalers, hospitals, pharmacies, and finally to the patient. The data associated with the products should move concurrently in an equally secure digital supply chain. This security is mandated by the Drug Supply Chain Security Act (DSCSA). At every step of the supply chain, the electronic data should perfectly reflect the state and status of the physical products. To achieve this, products are affixed with serial numbers often down to the unit dose. These serial numbers are then aggregated to larger packaging units of cases up to a full pallet. Through a parent-child relationship, it is possible for a partner in the supply chain to scan a barcode on the pallet and read every serial number that is packed on the pallet. This process allows for increased visibility in the supply chain and for companies purchasing pharmaceutical drugs to ensure they have the correct type, quantity, and strength of products.
The FDA’s recent draft guidance toward CSA (Computer Software Assurance) promotes a risk-based validation approach with a focus on software quality assurance. For software quality assurance, computer system qualification must include data integrity checks which include the key elements that were discussed in this article, along with an effective periodic review process while the system is in operation.
Interested in learning more about strengthening your data integrity? Masy can support your company with onboarding of all GxP system types including: Assessments (GxP and 21 CFR Part 11), Specifications (User, Design, Functional, Configuration), Validation Plans, Risk Assessments, Installation Qualifications, Operational Qualifications, Performance Qualifications, Traceability Matrices, Final/Summary Reports, and SOPs.
Contact us today to learn more about how we can help you strengthen your systems for compliance and operational excellence.