DATA INTEGRITY – QUESTIONS AND ANSWERS
1. Please clarify the following terms as they relate to CGMP records:
1.A) What is “data integrity”?
Data integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA).
1.B)What is “metadata”?
Metadata is the contextual information required to understand data. A data value is by itself meaningless without additional information about the data. Metadata is often described as data about data. Metadata is structured information that describes, explains, or otherwise makes it easier to retrieve, use, or manage data.
For example, the number “23” is meaningless without metadata, such as an indication of the unit “mg.” Among other things, metadata for a particular piece of data could include a date/time stamp for when the data were acquired, a user ID of the person who conducted the test or analysis that generated the data, the instrument ID used to acquire the data, audit trails, etc.
Data should be maintained throughout the record’s retention period with all associated metadata required to reconstruct the CGMP activity (e.g., §§ 211.188 and 211.194). The relationships between data and their metadata should be preserved in a secure and traceable manner.
1.C)What is an “audit trail”?
Audit trail means a secure, computer-generated,time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record.
An audit trail is a chronology of the “who, what, when, and why” of a record. For example, the audit trail for a high performance liquid chromatography (HPLC) run could include the user name, date/time of the run, the integration parameters used, and details of a reprocessing, if any, including change justification for the reprocessing.
Electronic audit trails include those that track creation, modification, or deletion of data (such as processing parameters and results) and those that track actions at the record or system level (such as attempts to access the system or rename or delete a file).
CGMP-compliant record-keeping practices prevent data from being lost or obscured (see §§ 211.160(a), 211.194, and 212.110(b)). Electronic record-keeping systems, which include audit trails, can fulfill these CGMP requirements.
1.D)How does FDA use the terms “static” and “dynamic” as they relate to record formats?
For the purposes of this guidance, static is used to indicate a fixed-data document such as a paper record or an electronic image, and dynamic means that the record format allows interaction between the user and the record content. For example, a dynamic chromatographic record may allow the user to change the baseline and reprocess chromatographic data so that the resulting peaks may appear smaller or larger. It also may allow the user to modify formulas or entries in a spreadsheet used to compute test results or other information such as calculated yield.
1.E)How does FDA use the term “backup” in § 211.68(b)?
FDA uses the term backup in § 211.68(b) to refer to a true copy of the original data that is maintained securely throughout the records retention period (for example, § 211.180). The backup file should contain the data (which includes associated metadata) and should be in the original format or in a format compatible with the original format.
This should not be confused with backup copies that may be created during normal computer use and temporarily maintained for disaster recovery (e.g., in case of a computer crash or other interruption). Such temporary backup copies would not satisfy the requirement in § 211.68(b) to maintain a backup file of data.
1.F)What are the “systems” in “computer or related systems” in § 211.68?
The American National Standards Institute (ANSI) defines systems as people, machines, and methods organized to accomplish a set of specific functions.
Computer or related systems can refer to computer hardware, software, peripheral devices, networks, cloud infrastructure, operators, and associated documents (e.g., user manuals and standard operating procedures).
2. When is it permissible to exclude CGMP data from decision making?
Any data created as part of a CGMP record must be evaluated by the quality unit as part of release criteria (see §§ 211.22 and 212.70) and maintained for CGMP purposes (e.g., § 211.180). Electronic data generated to fulfill CGMP requirements should include relevant metadata. To exclude data from the release criteria decision-making process, there must be a valid, documented, scientific justification for its exclusion (see the guidance for industry Investigating Out-of-Specification (OOS) Test Results for Pharmaceutical Production, and §§ 211.188, 211.192, and 212.71(b)). The requirements for record retention and review do not differ depending on the data format; paper-based and electronic data record-keeping systems are subject to the same requirements.
3. Does each workflow on our computer system need to be validated?
Yes, a workflow, such as creation of an electronic master production and control record (MPCR), is an intended use of a computer system to be checked through validation (see 161 §§ 211.63, 211.68(b), and 211.110(a)). If you validate the computer system, but you do not validate it for its intended use, you cannot know if your workflow runs correctly.
For example, qualifying the Manufacturing Execution System (MES) platform, a computer system, ensures that it meets specifications; however, it does not demonstrate that a given MPCR generated by the MES contains the correct calculations. In this example, validating the workflow ensures that the intended steps, specifications, and calculations in the MPCR are accurate. This is similar to reviewing a paper MPCR and ensuring all supporting procedures are in place before the MPCR is implemented in production (see §§ 211.100, 211.186, and 212.50(b), and the guidance for industry PET Drugs — Current Good Manufacturing Practice (CGMP)).
FDA recommends you implement appropriate controls to manage risks associated with each element of the system. Controls that are appropriately designed to validate a system for its intended use address software, hardware, personnel, and documentation.
4. How should access to CGMP computer systems be restricted?
You must exercise appropriate controls to assure that changes to computerized MPCRs, or other records, or input of laboratory data into computerized records, can be made only by authorized personnel (§ 211.68(b)). FDA recommends that you restrict the ability to alter specifications, process parameters, or manufacturing or testing methods by technical means where possible (for example, by limiting permissions to change settings or data).
FDA suggests that the system administrator role, including any rights to alter files and settings, be assigned to personnel independent from those responsible for the record content. To assist in controlling access, FDA recommends maintaining a list of authorized individuals and their access privileges for each CGMP computer system in use.
If these independent security role assignments are not practical for small operations or facilities with few employees, such as PET or medical gas facilities, FDA recommends alternate control strategies be implemented.
For example, in the rare instance that the same person is required to hold the system administrator role and to be responsible for the content of the records, FDA suggests having a second person review settings and content. If second-person review is not possible, the Agency recommends that the person recheck settings and his or her own work.
5. Why is FDA concerned with the use of shared login accounts for computer systems?
You must exercise appropriate controls to assure that only authorized personnel make changes to computerized MPCRs, or other records, or input laboratory data into computerized records, and you must implement documentation controls that ensure actions are attributable to a specific individual (see §§ 211.68(b), 211.188(b)(11),
211.194(a)(7) and (8), and 212.50(c)(10)). When login credentials are shared, a unique individual cannot be identified through the login and the system would thus not conform to the CGMP requirements in parts 211 and 212. FDA requires that systems controls, including documentation controls, be designed to follow CGMP to assure product quality (for example, §§ 211.100 and 212.50).
Referance :Data Integrity and Compliance With CGMP (Guidance for Industry) -FDA