• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Blog
  • News & Events
  • Videos
  • Resources
main-logo-small

Compliance Architects

Consulting Technology Outsourcing

  • About Us
    • Senior Staff
    • Why Us
    • Mission And Vision
    • Clients
    • Partners
    • Career Opportunities
  • Services
    • Inspection Readiness & Enforcement
      • FDA Inspection Readiness
      • Audits & Assessments
      • FDA Enforcement Response/Remediation
    • FDA Quality Consulting
      • Quality System & Compliance Turnarounds / Restructuring
      • Training / Coaching
      • Quality & Compliance Computer-Based Systems
      • External Supply Chain Compliance
      • Part 11 & Computer Systems Validation
      • Turnkey Quality Systems
    • Quality Assurance and Engineering
      • CRPN Quality Roadmap®
      • Quality Culture Assessment
      • Product Quality Consulting
      • Operational Efficiency/Compliance Effectiveness
      • Project/Program Management
    • Corporate Compliance and Litigation
      • Corporate Compliance Programs
      • Interactions With Department Of Justice And The Courts
    • FDA Regulatory Consultants
      • Product Development / Submissions / Commercialization
      • REMS (Risk Evaluation And Mitigation Strategies)
      • Mergers / Acquisitions / Licensing
    • Quality, Compliance, Regulatory & Operations’ Staffing
      • Staffing
      • Talent Management
      • Rapid Turnaround
  • Innovative Solutions
    • Writing for Compliance®
    • CRPN Quality Roadmap®
    • Quality Pulse®
    • IEEP
    • REMS
  • Success Stories
  • Industries
    • Biopharmaceuticals
    • Cannabis/CBD
    • Cell & Gene Therapies
    • Combination Products
    • Cosmetics
    • Dietary Supplements
    • Medical Devices and Diagnostics
    • Pharmaceuticals
  • Contact Us
||

Is Your Data Getting You in Trouble? A Look at FDA Requirements and Expectations

Data drives the pharmaceutical and medical device industries. It informs the manufacture and release of medical products to patients and consumers, and determines which products are approved for sale in the US and other markets. And regulators, like the FDA, rely on data to determine whether a manufacturing operation is compliant with cGMP and QSR requirements. Thus, regulators place a very high value on accurate and reliable data, which it uses during inspections to determine whether a company’s operations are compliant.Data Integrity, FDA, ALCOA

The FDA demands that the data it reviews be attributable, legible, contemporaneous, original and accurate (ALCOA). Collectively, as FDA’s expectation for this topic, those characteristics constitute data integrity. Data that the agency may review during an inspection appears in a broad range of documents and reports, such as chart recorders, paper and electronic lab notebooks, product release and approval documents, batch release documents, certificates of analysis, raw data, instrument printouts and computer-based data, among others.

Enforcement activity surrounding data integrity has been intensive — for years now. Reviews by Compliance Architects® and other industry experts have found data integrity to be among the most common issues cited in warning letters from the FDA, with significant increases in frequency from 2013 through the present day.

The emphasis the FDA places on data integrity is also highlighted by its continuing focus in talks and workshops on this topic over the last few years. For instance, Sarah Barkow of the FDA Office of Manufacturing Quality and Karen Takahashi of the agency’s Office of Policy for Pharmaceutical Quality gave a presentation on agency expectations regarding data integrity compliance at the Society of Quality Assurance’s annual meeting in March 2017. Barkow and Takahasi reiterated the ALCOA concept and stated repeatedly that data integrity underpins cGMP compliance.

Using Existing Requirements and Guidance to Ensure Valid Data

To inform and educate industry the agency clarified its regulatory position in a guidance, entitled Data Integrity and Compliance with Drug cGMP: Questions and Answers. The guidance was issued in draft form in April 2016 and finalized in December 2018. Medical product manufacturers need to thoroughly review, digest and apply the recommendations in this document to help ensure that data integrity is an integral part of their company’s overall quality systems.

FDA regulations and guidances form the bedrock upon which a strong data integrity program is built. As such, application of these regulations and guidances, along with prevailing industry standards, is the first of the seven elements necessary to ensure data integrity within an operation (see accompanying illustration). Detailed analysis of, and actions for, meeting FDA requirements and expectations will ensure that companies establish sound internal standards and incorporate systems and practices into their quality operations that support strong outcomes for data integrity.

FDA’s specific regulatory requirements for data integrity can be found throughout 21 CFR 211 for drug GMPs, 21 CFR 820, the Quality Systems Regulation for medical devices, and 21 CFR 111, covering GMPs for dietary supplements.  However, because regulatory requirements are often not directly actionable, FDA’s December 2018 guidance is intended to provide a clearer explanation of exactly what the agency expects in terms of data integrity. At the heart of the document is a definition of data integrity, which the guidance refers to as the “the completeness, consistency, and accuracy of data.” Expanding on this short definition, FDA maintains that a company’s quality system should be designed with controls intended to “detect errors and aberrations throughout the data’s life cycle.”

In the introduction to the guidance FDA, referencing ICH Q7, states that: “FDA expects that data be reliable and accurate …. CGMP regulations and guidance allow for flexible and risk-based strategies to prevent and detect data integrity issues. Firms should implement meaningful and effective strategies to manage their data integrity risks based upon their process understanding and knowledge management of technologies and business models.”

FDA also explicitly outlines that management has final responsibility to require practices aimed at protecting data integrity: “It is the role of management with executive responsibility to create a quality culture where employees understand that data integrity is an organizational core value and employees are encouraged to identify and promptly report data integrity issues.”

In addition to data in quality records and other agency-reviewable reports and documents, the guidance notes, metadata—the contextual information required to understand data—must also meet the same ALCOA characteristics. The guidance recommends that companies maintain data throughout a given record’s retention period, along with all associated metadata that is necessary to reconstruct the cGMP activity described, with relationships between the data and metadata clearly described and traceable. It also discusses the need to validate all workflow on computer systems, including creation of electronic master production and control records.

In addition to FDA guidance, there are many industry, regulator and NGO guidances and standards that can help a company to build a strong data integrity program that permeates all facets of their quality systems. These include:

  • ISPE’s GAMP approach to data integrity; 
  • PDA’s Elements of a Code of Conduct for Data Integrity in the Pharmaceutical Industry and Assuring Data Integrity for Life Sciences;
  • The WHO Final Guidance on Good Data and Record Management Practices (Annex 5; 2016);
  • MHRA’s Definitions and Draft Guidance (March and July 2016);
  • EMA’s Guidance (August 2016); and
  • The PIC/S Good Practices for Data Management (August 2016). 

Using a broad set of resources, medical product manufacturers can begin constructing their data integrity compliance programs. A good first step is creation of a consolidated requirements document from available requirements, guidance, and the previously outlined third-party created documents. The consolidated requirements document must provide standards of practice and must be consistent across all operations. Following development of a consolidated requirements document, the next step is development of corporate policies that define “corporate intent” relative to data integrity requirements and expectations. From these policies, derivative corporate standards will arise for quality systems, procedures, audits, and focus areas. The standards will define corporate minimum approaches for internal activities. From that point, companies must:

  • Develop internal quality system documentation to ensure alignment to the corporate standards and ensure consistent vertical cascade to operational documents;
  • Establish a comprehensive trace matrix to link requirements, expectations and enforcement to policies, standards and systems; and
  • Ensure that all staff are trained in those requirements and expectations, as drawn from all input documents, standards, policies and procedures.

The FDA Data Integrity Enforcement Risk

Failure to comprehensively implement strong data integrity quality assurance programs will almost certainly create data integrity failures that may lead to significant FDA 483 observations and ultimately, a warning letter. If this occurs, pharmaceutical and medical device companies must be prepared to provide thorough responses to the Agency’s consistent data integrity warning letter demand language. The actions FDA seeks through these requirements are extensive, and can cost companies large sums of money to achieve. The agency will require a comprehensive investigation into the extent of the inaccuracies in data records and reporting, including:

  • A detailed investigation protocol and methodology, a summary of all laboratories, manufacturing operations, and systems to be covered by the assessment and a justification for any part of operations excluded;
  • Interviews with current and former employees to identify the nature, scope and root cause of data inaccuracies, conducted by a qualified third party;
  • Assessment of the extent of data integrity deficiencies at the facility, including identification of omissions, alterations, deletions, record destruction, non-contemporaneous record completion and other deficiencies; and
  • A comprehensive retrospective evaluation of the nature of the data integrity deficiencies, ideally by a qualified third party with specific expertise in the area where potential breaches were identified.

Companies also need to be able to provide a current risk assessment of the potential effects of the observed failures on the quality of your products. The assessment should include analyses of the risks to patients caused by the release of product affected by a lapse of data integrity, and risks posed by ongoing operations.

Additionally, a management strategy that details global corrective and preventive actions will be required. This strategy should include a detailed plan to ensure the reliability and completeness of all of data generated, along with a comprehensive description of the root causes of all data integrity lapses, including evidence that the scope and depth of the current action plan is commensurate with the findings of the investigation and risk assessment, as well as any interim measures taken to ensure product quality and patient safety.

Filed Under: Achieving Compliance, data integrity

Primary Sidebar

Sign Up To Our Newsletter

You May Also Like

Proud to be a Silver Sponsor of RIC’s Inaugural Annual Meeting! Join us March 22-23, 2023 at Convene in Arlington, VA!

Compliance Architects is proud to be Silver Sponsor of this year's RIC's inaugural annual meeting! The REMS Industry Consortium fosters collaboration and innovation to advance

Join the Team at Compliance Architects as our Content Marketing Manager!

This excellent opportunity will require the successful candidate to lead the technical content marketing and marketing automation activities as well as enable, manage, and drive
life sciences staffing

Talk to us about current talent trends, and what the industry will need in the next 5 to 10 years?

Transcript taken from 2022 PMWS by Executive Platforms The talent crisis as it has been called is certainly not something that has gone away or

Footer

Compliance Architects®

  • Contact Us
  • (888) 734-9778
  • info@compliancearchitects.com

Quick Links

  • About Us
    • Senior Staff
    • Why Us
    • Mission And Vision
    • Clients
    • Partners
    • Career Opportunities
  • Services
    • Inspection Readiness & Enforcement
      • FDA Inspection Readiness
      • Audits & Assessments
      • FDA Enforcement Response/Remediation
    • FDA Quality Consulting
      • Quality System & Compliance Turnarounds / Restructuring
      • Training / Coaching
      • Quality & Compliance Computer-Based Systems
      • External Supply Chain Compliance
      • Part 11 & Computer Systems Validation
      • Turnkey Quality Systems
    • Quality Assurance and Engineering
      • CRPN Quality Roadmap®
      • Quality Culture Assessment
      • Product Quality Consulting
      • Operational Efficiency/Compliance Effectiveness
      • Project/Program Management
    • Corporate Compliance and Litigation
      • Corporate Compliance Programs
      • Interactions With Department Of Justice And The Courts
    • FDA Regulatory Consultants
      • Product Development / Submissions / Commercialization
      • REMS (Risk Evaluation And Mitigation Strategies)
      • Mergers / Acquisitions / Licensing
    • Quality, Compliance, Regulatory & Operations’ Staffing
      • Staffing
      • Talent Management
      • Rapid Turnaround
  • Innovative Solutions
    • Writing for Compliance®
    • CRPN Quality Roadmap®
    • Quality Pulse®
    • IEEP
    • REMS
  • Success Stories
  • Industries
    • Biopharmaceuticals
    • Cannabis/CBD
    • Cell & Gene Therapies
    • Combination Products
    • Cosmetics
    • Dietary Supplements
    • Medical Devices and Diagnostics
    • Pharmaceuticals
  • Contact Us

Our Services

  • Inspection Readiness & Enforcement
  • FDA Quality Consulting – Systems and Training
  • Quality Assurance and Engineering
  • Corporate Compliance and Litigation Services
  • FDA Regulatory Consultants – Due Diligence
  • Quality, Compliance, Regulatory & Operations’ Staffing Services

Proprietary Solutions

  • Writing for Compliance®
  • Quality Pulse®
  • CRPN Quality Roadmap®

© 2009-2023 Compliance Architects Holdings LLC – used by permission. All copyrights, trademarks and other intellectual property are the property of Compliance Architects Holdings LLC and are used by permission.

  • Debarment Certification Statement
  • Privacy Policy
  • Terms of Use

Contact Us Today

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT