Update: This post has been updated with a link to the most recent Medicines & Healthcare products Regulatory Agency (MHRA) ‘GXP’ Data Integrity Guidance and Definitions – March 2018 document.
For pharmaceutical, biotech and other manufacturers in highly-regulated industries, the production data is as important as the product itself for release to sale. Data integrity of this production data is paramount.
Michalle noted that in recent years, the regulatory agencies for the Life Sciences industry, including the U.S. Food and Drug Administration (FDA), have increasingly observed Current Good Manufacturing Practices (cGMPs) data integrity issues during cGMP inspections.
Data integrity is defined as the completeness, consistency and accuracy of the data produced during the manufacturing process. The data must be attributable, legible, contemporaneous, original (or true copy), and accurate—ALCOA for short. It must also be enduring, complete, consistent and retrievable.
Current regulatory guidance includes:
Michalle highlighted some of the key components of these global data integrity guidance documents. With respect to validation plans, procedures and processes, they should be documented including the evaluation of a system for criticality, applicability of electronic records and signatures, and system validation approach that includes the documentation and testing requirements.
A disaster recovery plan including backups, storage and retrieval should be established and tested. Procedures are established and followed and tested for backing up the system and data as well as recovering the system and data.
From a security standpoint, operators should log out for breaks, shift changes, and for periods of inactivity when they are away from the operator station. Individual users should have individual user IDs and passwords. Shared logins should not be permitted unless there are unavoidable circumstances for safety reasons in which case audit trails should be reviewed to ensure that related procedures are followed and investigated when a shared ID must be used. In some cases, Biometric and/or card reader capabilities are used.
User management procedures are established and include the following activities: managing new users, ensuring that users have the appropriate training commensurate with their assigned system privileges, performing periodic audits of active users, managing position/permission changes, suspending/deactivating users, token checks (for cases of badge readers), and periodically reviewing audit trails for suspicious activities.
For cases where an electronic signature is required or where operator actions are logged for system management and audit review purposes, a unique user ID and password should be required. This type of two token (ID and password) or Biometric reading should be required for cases where a signature is required. Signatures are only required for specific activities that are related to the quality of the product. In other instances, current user login or a single token is appropriate, as per established procedures.
From an effective alarm management perspective, developing and following an alarm strategy that is based on safety and process criticality of the alarms is pertinent. Also, the design should include establishing rules and mechanisms for dealing with alarm floods triggered by a single event. Overall, for safe and reliable operations, it is important to eliminate nuisance alarms so that operators can then be focused on the more critical alarm issues.
For electronic batch reports, in cases where portions of data or any portion of the batch reports are printed, these items should be signed, and stored with the batch record. The paper copy is a copy, not the source data, and may be a “True Copy” if all the associated meta data is included. The archived electronic data is still the source data.
This is also true for data which is captured in the system and written on the batch record. The access to the electronic data should still be available for potential audit of the data, since the paper is merely a copy and the source data/record is still the system. Ensuring that the paper batch record and the electronic batch report are managed in a way that any original source data and true copies are maintained is important.
You can read the details of the regulatory requirements in the links above or connect with the Emerson Life Sciences consultants to discuss the data integrity requirements and recommended best practices for your facility.
You can also connect and interact with other pharmaceutical and biotech industry experts in the Life Sciences group in the Emerson Exchange 365 community.
The post Data Integrity for Pharmaceutical and Biotech Manufacturers appeared first on the Emerson Automation Experts blog.
This is the official online community site of the Emerson Global Users Exchange, a forum for the free exchange of non-proprietary information among the global user community of all Emerson Automation Solution's products and services. Our goal is to improve the efficiency and use of automation systems and solutions employed at members’ facilities by sharing our knowledge, experiences, and application information.
User Groups |
World Areas |
Community Guidelines |
Legal Information |
Contact Community Manager
Website translation provided by
© 2015 Emerson Global Users Exchange. All rights reserved.