Today, failures in data governance and data integrity are not new to the pharmaceutical industry but it has taken a more prominent place in health authority enforcement actions in the past few years. With more focused training and a better understanding of computer systems and capabilities, FDA inspectors have identified new data integrity deficiencies in recent years. These new deficiencies involve test injections of actual samples, alternate enabling and disabling of audit trails, and deliberate manipulation of data/time stamps.

FDA Pharmaceutical GMP Warning Letters associated with data integrity issues have increased tenfold (from 4 to 41) in the last decade. Over 70% of all pharmaceutical FDA GMP Warning Letters in 2016 include a data integrity component.

The FDA has traditionally led the way in early enforcement. Global health authorities have now begun to catch up and cite similar deficiencies in their inspections. Approximately 70% of the published Eudra reports of GMP non-compliance cite similar shortcomings in data integrity and data governance.

The below graph identifies countries where the facilities that received Warning Letters in 2016 with data integrity are located. China received the most warning letters of this type, with India close behind. Note that 7 firms located in the US received warning letters with data integrity deficiencies. Of the 56 total warning letters* provided in 2016, 41 included data integrity concerns.

Common deficiencies in data integrity include:

  • Failure to review all laboratory data. Firms did not review original electronic data and the associated critical meta-data (audit trails). This is sometimes identified when data submitted to the FDA is not in agreement with the raw, electronic, data.
  • No audit trails enabled for laboratory computer systems, rendering it impossible to establish who performed actions within the system, what actions were taken, and whether Out-of-Specification (OOS) results were modified or deleted.
  • Failure to implement adequate controls over computer systems to ensure that only authorized individuals have access to the systems and that access is appropriate for job functions. Ignoring the OOS result when a ‘test’ injection, fails.
  • Alternately enabling and disabling audit trails in chromatography data systems to obscure modification or deletion of data.
  • Deliberate manipulation of date/time stamps to make it appear that samples were tested on a different day than it was actually evaluated.

In light of this heightened U.S. and global scrutiny, it is imperative that pharmaceutical companies properly assess and address any data integrity issues. Validant has proven expertise in data integrity and data governance including and computer system validation and performing gap assessments under current global health authority requirements. Validant provides experienced technical experts to assist your firm with either short or long-term remediation efforts including:

  • Developing long-term remediation actions and timelines, including data governance programs. Interim corrective actions are justified and time bounded.
  • Implementing Quality System refinements, including consistent review of electronic records and audit trails, to ensure compliance.
  • Remediation of computer system validation pursuant to health authority requirements.
  • Training on fundamental data integrity requirements with the use of actual enforcement actions for compelling and meaningful learning. Specialized training for GMP/GCP/GLP auditors for optimal effectiveness in this area.

*This number excludes warning letters issued to compounding pharmacies and outsourcing facilities.

Di Graph