Data Integrity

In recent years, FDA has increasingly observed cGMP violations involving data integrity during cGMP inspections. This is troubling because ensuring data integrity is an important component of industry’s responsibility to ensure the safety, efficacy, and quality of drugs, and of FDA’s ability to protect the public health. These data integrity-related cGMP violations have led to numerous regulatory actions, including warning letters, import alerts, and consent decrees. The underlying premise in §§ 210.1 and 212.2 is that cGMP sets forth minimum requirements to assure that drugs meet the standards of the FD&C Act regarding safety, identity, strength, quality, and purity. Requirements with respect to data integrity in parts 211 and 212 include, among other things:

§ 211.68 (requiring that “backup data are exact and complete” and “secure from alteration, inadvertent erasures, or loss” and that “output from the computer… be checked for accuracy”).
§ 212.110(b) (requiring that data be “stored to prevent deterioration or loss”).
§§ 211.100 and 211.160 (requiring that certain activities be “documented at the time of performance” and that laboratory controls be “scientifically sound”).
§ 211.180 (requiring that records be retained as “original records,” or “true copies,” or other “accurate reproductions of the original records”).
§§ 211.188, 211.194, and 212.60(g) (requiring “complete information,” “complete data derived from all tests,” “complete record of all data,” and “complete records of all tests performed”).
§§ 211.22, 211.192, and 211.194(a) (requiring that production and control records be “reviewed” and that laboratory records be “reviewed for accuracy, completeness, and compliance with established standards”).
§§ 211.182, 211.186(a), 211.188(b)(11), and 211.194(a)(8) (requiring that records be “checked,” “verified,” or “reviewed”).

When considering how to meet many of these regulatory requirements, it may be useful to ask the following questions:

Are controls in place to ensure that data is complete?
Are activities documented at the time of performance?
Are activities attributable to a specific individual?
Can only authorized individuals make changes to records?
Is there a record of changes to data?
Are records reviewed for accuracy, completeness, and compliance with established standards?
Are data maintained securely from data creation through disposition after the record’s retention period?

ALCOA

What is ALCOA? The five data integrity attributes as defined by the FDA:

Attributable. Data must be stored so that it can be connected to the individual who produced it. Every piece of data entered into the record must be fully traceable in time.
Legible. Data must be traceable, permanent, readable, and understandable by anyone using the record. This also applies to any metadata attached to the record.
Contemporaneous. Data must be fully documented at the time they are generated or acquired.
Original. Data must be the original record or in a certified copy. The data record should include the first data entered and all successive data entries required to fully understand the data.
Accurate. Data must be correct, truthful, complete, valid and reliable.

MEDVACON delivers leading Data Integrity and Computer System Validation services that are designed to help reduce the overall cost of compliance for Life Sciences organizations. We offer our clients comprehensive services, including leadership and a range of strategic solutions and tactical services that provide cost-effective and comprehensive compliance and validation. The MEDVACON team of highly-qualified consultants can deliver a broad suite of solutions in areas of computer systems validation, infrastructure qualification, IT Quality Management, and process improvement.

Risk-Based Computer System Validation
Software QA and User Acceptance Testing
Software Vendor Audits
Gap Assessments and Remediation
SDLC Methodology Development
SOP Development
Project Management
21 CFR Part 11 Compliance and Assessments
IT Policies and Procedure Development

Computer Software Validation is a formalized, documented process for testing computer software and systems, required by 21 CFR 11.10(a) and Annex 11, Section 4. The FDA and other regulatory bodies require validation to demonstrate that computer systems are in compliance with all regulations for electronic data management systems. Failure to validate systems is one of the leading reasons a business is issued a 483. MEDVACON can validate all of your software, databases, spreadsheets, and computer systems, and develop the appropriate documentation for all phases of the software life cycle. We have written and executed validation packages for systems of all sizes. We can provide any level of service required, from executing test scripts generated from your existing specifications to writing the entire validation package. MEDVACON will follow your existing validation procedures or provide your company with validation standards. Our validation methodology ensures validation deliverables that are in line with industry standards & best practices, focus resources towards the most critical system functions, and complete the validation projects efficiently.

Data Integrity

ALCOA

Downloads

This website uses cookies.