Technical articles

Data Integrity - The adventures continues


Why data integrity?

Data are central to all our interactions, communications and strategic decision-making. In the pharmaceutical and medical device industries, they should therefore be able to demonstrate and ensure product quality and patient safety.

In recent years, regulatory agencies have focused their inspections on issues of data integrity. The requirements cover the entire life cycle of data, from their generation to their archiving by way of their use, verification and transmission, whether in paper, hybrid or electronic format. The increasing use of computerised data management systems has made the processes ensuring the reliability of these data more complex.

Still today, 50% of the observations made during European and American regulatory inspections involve data integrity issues. The recurrent deviations identified concern the manipulation or deletion of data or destruction of records, the repetition of analytical tests until they are compliant, backdating, and the non-validation of computerised systems.

Guides have been published to define and explain the subject of data integrity. In recent years, MHRA, FDA, EMA, WHO, PIC/S, APIC and ISPE guidelines have been published. Several drafts and versions have even quickly followed the first publication.The message sent by the regulatory bodies is clear: we must manage our data flows and consolidate our data.

How did you implement one of our DI projects?

Our daily objective is thus to respond to this desire to improve the reliability of data. We recently assisted a pharmaceutical manager who, following a seminar we attended together, decided that his company would be compliant for its next regulatory inspection.

He therefore asked Efor to carry out audits of his control laboratory and production processes to measure their level of compliance. He wanted to have an objective assessment and identify gaps and their significance with regard to the data integrity requirements. The list of gaps turned out to be quite long – much longer than expected: many documents and procedures had to be completed to build data governance, and new processes had to be put in place such as the definition of critical data and the consideration of electronic rather than “all paper” data archiving, standalone data back-ups, the blocking of clocks, double-checks, a number of validations of his computerised systems, and a review of audit trails.

To support his management and teams and help them understand and implement the necessary actions to make these data reliable, and to demonstrate that the critical operations of his processes were being carried out correctly, he decided to continue the compliance work initiated with EFOR-CVO.

Step by step, the data integrity project was implemented through a remediation plan over time. All topics were covered: risk analyses, data governance structure, the definition of ALCOA, the definition of access rights and privileges based on “need to know” and “least privilege” and the segregation of roles, the training of staff according to their activity, ownership of data and the definition of responsibilities for data integrity, data review, the use and review of audit trails for each activity requiring it, backups, etc. The advice given served as guidance and was applied or adapted as seen fit. After some feedback during the audits, confidence in the explanations and advice given was reinforced.

The company’s teams now have a perfect command of the subject and are autonomous.

Each company has established a data integrity project and is participating in this great data integrity adventure. Whatever your current status, new guides are still supplementing the notion of data integrity in the data life cycle. The recent ISPE and PIC/S guides include approaches that go further in their requirements for data reliability and quality system deployment by focusing on these famous data. The Quality by Design and Computer Software Assurance (CSA) approaches should be incorporated into processes; this new governance will have to be accepted by everyone and will have to mature further to integrate these new requirements.

All company sectors are concerned – Quality Control departments and also, increasingly, IT, Production and Automation departments – to ensure that data are complete, consistent and accurate and thus guarantee decision-making.

What support do you need?

Data integrity management remains a major daily challenge in the pharmaceutical and medical device industries.

Efor has experience with data integrity projects in various formats and offers services tailored to your needs depending on the type of production, for every size of company and according to the technological means used.

The Efor team of trainers offers general or specific training for a target audience: awareness-raising, GMP, operational QC or Production teams, management, validation team, etc., with pragmatic, fun programmes based on practical examples tailored to each situation.

The Efor team of auditors performs audits and gap assessments in all departments to analyse 21 CFR Part 11, CSV, audit trail, back-up and restore, quality and SOP requirements.

The Efor expert teams develop remediation plans to address the risks and weaknesses identified during the audit including the necessary activities as well as the required workload and timeline to achieve data integrity compliance.

The Efor operational consultants are trained in data integrity and work according to the ALCOA+ principles. They will advise you and help you find pragmatic solutions to execute remediation and improvement activities for each identified topic (support for data integrity policy and SOP updates, specific process and system mapping, and validation support to ensure data integrity).

For all of these topics, feel free to request support from Efor, which will provide you with scientific and regulatory expertise as well as in-depth knowledge on all topics impacting data integrity.