Maintaining DATA INTEGRITY for

SUSTAINABLE
PERFORMANCE AND COMPLIANCE
 Contents
Today’s World
Data Integrity Needs & Necessities
Noncompliance Highlights
Takeaways and
The way forward
 Today's world of GMP
Focus on quality systems / concepts -
challenged , changed
Continuous improvement continues to
remain the focus….
Risk to the user is at the center….
Increased inspections
Change in the post inspection expectations
What do these pictures indicate
Some D questions ?????

Is this a old or new issue ?

Is this a new requirement ?
Is this an issue of the Lab or other
departments too ?
Is this problem Local or Global ?
Is this more of in India as compared to
other countries ?
 DI Warning Letters by FDA - Yearly
trends…
The yearly trends ( numbers ) on DI
are DIRECTIVE and not
No Small
CONCLUSIVE Names
Many factors of variability involved!
Findings are always CRITICAL / and
SEVERE
Manufacturers expected to be
failures
RESPONSIBLE then ever simple
either !
 Trends DI WL

Year 2013 2014 2015 2016 2017

No of warning letters 38 22 19 46 69
US warning letters 0/13 0/4 1/3 8/11 12/20
citing Data Integrity 0% 0% 33% 73% 60%

Warning letters citing 10/25 12/18 13/16 29/35 33/49

Data Integrity outside 40% 67% 81% 81% 67%
US
Total Data Integrity 10 12 14 37/46 45/69
Warning letters 26% 55% 74% 79% 65%
Trends DI WL
Trends DI WL - India ?

Year
2018 –
4 WLs
so far
with
2 direct
on DI
others
explicit !
 EU violations data 2017

Out of the 31 Statement of Non

Compliance reported for the Indian

Companies, 20 % Data Integrity

findings were reported
Chart Toppers 483‟s
 Most
watched
or
most
sought
after !
 Vital Stats
One-fifth of FDA inspections happen in
India currently, up from 11% in 2012, said
Edelweiss Securities in a February report.
At 572, India has the second largest
number of FDA-approved plants outside
the US
India is biggest foreign supplier of
medicines to the US
India has 2,633 FDA-approved drug
products
 War room facts
US markets account for 25% to 55% of the
revenues of large domestic companies
Of the total exports of USD 16.8 billion during the
year 2016-17, majority of the exports, accounting for
40.6 per cent were to the American continent followed
by 19.7 per cent to Europe, 19.1 per cent to Africa
and 18.8 per cent within Asia
//economictimes.indiatimes.com/articleshow/5963439
3.cms?utm_source=contentofinterest&utm_medium=t
ext&utm_campaign=cppst
Yeh mera India…
India‘s pharmaceutical exports stood at US$
16.8 billion in 2016-17 and are expected to grow
by 30 per cent over the next three years to reach
US$ 20 billion by 2020, according to the
Pharmaceuticals Export Promotion Council of
India (PHARMEXCIL).
Exports to 190 countries….
Industry sources say compliance with global
standards typically means 35% higher
manufacturing and maintenance costs
Therefore this is not lop sided!
Expectations … Loud and
Clear
In an official blog uploaded in March,
Mary Lou Valdez, US FDA‘s
associate commissioner for
international programmes, said
quality issues are an ongoing
challenge for the Indian pharma
industry and in order to fully realize
the nation‘s potential, India‘s
regulatory infrastructure must keep
pace to ensure global quality and
safety demands are met.
 Industry says –
be prepared
for the worst
FDA has cut prior intimation
time for plant inspections to 24
hours from 25-30 days. We say be
Inspection frequency increased
to once or twice a year, always
compared with once in two- inspection
three years earlier.
ready and
US FDA will inspect the pending
190 Indian facilities which it bring out the
hasn‘t in the past five years best in you !
 From the horses mouth…
―We are not targeting Indian
Do we still carry a companies. We are undertaking our
feeling that we are required regulatory activities. We
targeted by US inspect and take appropriate actions for
companies within the US. If a company
FDA
is manufacturing a product for sale in
the US, they have to meet our
regulatory standards and requirements
and we inspect facilities in other
countries as well, so, what is happening
in India is consistent with what
happens in the US and other parts of
the world,‖
INSPECTION F O C U S….
DATA INTEGRITY

DATA INTEGRITY
DATA INTEGRITY
Even if 100 countries do a wrong thing,
its still a wrong thing
 Diagnosis or prognosis ?
Problems seen globally - from domestic to international
Small to large, new to well established firms
Individual employee to a conspiracy
Isolated to pervasive frequency
In premarket and post market data
Clinical trial data to production data
Human errors of omission as well as commission
All types of regulated products affected
Identified thru inspections, policies and audits
 THE BEGINNING

DATA INTEGRITY
– CONCEPTS,
FUNDAMENTALS
AND
ESSENTIALS
 Understanding – Data
Integrity
What is data
facts and statistics collected
together for reference or
analysis.
What is integrity
the quality or condition of being
whole or undivided;
completeness.
Reality check
 Data Integrity Definitions

Source Definition of Data Integrity or Integrity

The extent to which all data are complete, consistent and accurate
MHRA
throughout the data lifecycle (data integrity).
The degree to which a collection of data are complete, consistent and
FDA 1
accurate (data integrity)
Data, information and software are accurate and complete and have
FDA 2
not been improperly modified (integrity)

The property that data has not been altered in an unauthorized manner
NIST (data integrity).Data integrity covers data in storage, during
processing, and while in transit

The degree to which a system or component prevents unauthorized

IEEE
access to, or modification of, computer programs or data (integrity)
 Simplified….
―generating,
transforming,
maintaining and
assuring
the accuracy, completeness and consistency
of data over its entire life cycle
in compliance with applicable regulations.‖
Guidance
documents
 Data Lifecycle
A planned approach to assessing and managing
risks to data in a manner commensurate with
potential impact on patient safety, product quality,
and/or the reliability of the decisions made
throughout all phases of the process by which data
is created, processed, reviewed, analysed and
reported, transferred, stored and retrieved, and
continuously monitored until retired‖.
 Data Governance
Data governance is the sum total of
arrangements which provide assurance of data
integrity. These arrangements ensure that data,
irrespective of the process, format or technology
in which it is generated, recorded, processed,
retained, retrieved and used will ensure a
complete, consistent and accurate record
throughout the data lifecycle.
 Extensive …..
Any unintended change to data as the result of a
storage, retrieval or processing operation (including
malicious intent, unexpected hardware failure and
human error) is still a failure of data integrity.
Issues not new, companies now are being cited more
frequently
GMP Inspectors also rely on evidence of data integrity
issues from other regulatory agencies
 Inspectors experience

Carmelo Rosa, Director of FDA

OMPQ‘s (Office of Manufacturing &
Product Quality),recently acknowledged
that ―Data integrity issues have always
existed!‖, but now FDA is doing more to
uncover the evidence of such problems.
Although a Global issue, many of the
most egregious data integrity
transgressions have surfaced at Indian
API & finished product manufacturing
facilities.
 Inspectors gut feeling
Data integrity breaches cast doubt on all results
and records.
Can we trust what we see during an inspection?
Are drugs within specification?
Is data submitted in applications to FDA reliable and
truthful?
Can we be confident in providing these drugs to
patients?
 Data Integrity - Elaboration
Data integrity
is the assurance that data records are:
accurate,
complete,
intact and
maintained within their original context,
including their relationship to other data records.
This applies to data recorded in electronic and paper
formats or a hybrid of both.
 Data ….

QUALITY SYSTEM

DATA DATA DATA

HYBRID RECORDS
PAPER PAPER ELECTRONIC ELECTRONIC
RECORDS RECORDS RECORDS RECORDS

PAPER ARCHIVE ELECTRONIC ARCHIVE

 Data Integrity - Elaboration
Ensuring data integrity means :
Protecting original data from :
accidental or intentional modification,
falsification or even deletion,
which is the key to reliable and trustworthy records that
will withstand scrutiny during regulatory inspections.
A scientifically unsound or technically unjustified omission,
manipulation, or alteration of procedures or omission or data that
bypasses the required quality control data , parameters, making
the results appear acceptable.
 Seeking to understand….
Data Integrity problems break trust. In
the time between inspections, we trust
you to do the right thing. And if we finish
an inspection, and that trust has been
broken, then we need to go through few
exercises to build that trust ( again ),
before we can go forward and trust you
untill the next inspection.
Karen Takahashi - Senior Compliance
and policy officer - FDA
 B + DI
What is Breach of Data Integrity (BDI) ??
Breach of Data Integrity is , a violation of the
integrity of Data. Which means, the actions
performed and the documents / records written do
not reflect the truth and the reality which has taken
place.
 Reported Breaches…..
Intentional
Unintentional
Entry errors
Deleting files
Overwriting files
Destroying records
Misrepresenting data
Falsification
Fraud
 BDI
BDI during BDI during BDI during Post
Manufacturing and Inspection Inspection
Testing

Non Compliance Ambiguous, unclear, CAPA timeliness

with Good Practices multiple contradictory, and deadlines not
during day to day misleading answers met
operations as
mandated by GMP Backdating and Support evidence
regulations, required creation of documents for CAPA
by guidelines and undertaken,
company standards Delay, Denying, missing, incomplete
Limiting and Refusal or incorrect
 Application Integrity Policy
(AIP)
The Application Integrity Policy is what FDA pulls up when
it has questions about a manufacturer‘s electronic data.
“A wrongful act also includes submitting data that are otherwise
unreliable due to, for example, a pattern of errors whether caused by
incompetence, negligence, or a practice such as inadequate
standard operating procedures or a system-wide failure to ensure
the integrity of data submissions.” FDA AIP March 5, 1998
Electronic information includes everything, such as emails,
adverse events reports, complaints, batch records, and
quality control records — everything that’s stored
electronically.
What is an Electronic Record
An electronic record as any combination of text,
graphics, data, audio, pictorial, or other
information represented in digital form that is
created, modified, maintained, archived,
retrieved, or distributed by a computer system.
21 CFR Part 11.3 (b)(6)
 AIP issues
Application Integrity Policy Invocation
Review of pending applications is halted
FDA conserves review resources while validity
assessment and corrective actions are implemented
Possible withdrawal of affected applications
Reference: K. Takahashi, Senior Policy Advisory,
FDA/CDER/Office of Compliance at ISPE Annual Meeting
Nov. 2013
 More on Integrity

Integrity means ethical strength

The quality of being honest always and in all the
ways
Free from defects or flaws
Being whole or complete or total
In short it is the Information that is accurate, complete
and truthful
According to Roget‘s
Integrity Criteria
 Integrity Criteria
Attributable
Linked to the individual responsible for observing and
recording data ( user id with pw in case of ed )
Who acquired the data ( capture in case of ed )
Who performed the action ( input in case of ed )
Who ammended the record ( change authorisation ed )
Documented authorization to sign records post training
E signatures equivalent to hand signatures
 MHRA Observation….
Training record creation
―caught in the act‖
Issues identified as overnight / immediate creation of :
Procedures,
Change Controls,
Self inspection programmes
Aim to give the Inspector what they have asked for..?
Likely ―Other‖ deficiency now rated ―Critical‖
 Integrity Criteria
Legible
Data must be legible.

Data must be clearly documented and easy to read

What is written to be understood by any reviewer with no or

minimum clarification from the writer

Handwriting must be clearly understood

 Legibility criteria
Readable
Clear
Concise
Permanent
Human readable format in case of electronic
documents
 Integrity Criteria
Contemporaneous
Documented at the time of performing the activity
All signatures must be dated indicating ‗when‘ they were
done
Related also to the method of evaluation of that data
Are we able to reconstruct the occurrences around that data
Clearly designated entries
Inspectors found that the records were signed by
company personnel who were actually absent on that day.
 MHRA Observation….
Non contemporaneous records –Batch record not
actually available on the packaging lines
Kept in IPQA or travels from primary to secondary as
they use the same Batch Packaging Record
Inaccurate recording of data –Maximum / Minimum
Temperature / RH data observed over the limit
Records show no previous evidence of Out of
Specifications
 Integrity Criteria
Original
The basic science behind recording and records is they must
be ORIGINAL
Entries are to be done on proper formats only
No flexible or adjustable ways as
• Scratch / scribble pads
• Paper chits
• Post its
• Uncontrolled note books
 Original….links….
Are records correct ?
Are they complete
Content unaltered – clear, available, readable
Consistent – meaning of the record
Good data management – from back-up to recovery
 MHRA observation….
There are records where alterations made to the entries
on the documents are not signed and dated
The alterations do not ensure that the original
information may be read and they lack explanations for
the alterations
Obliteration { including Liquid correction fluid, tape (or
stickers) and overwriting } had been used to amend
original entries
 Integrity Criteria
Accurate
Two important values : be honest and thorough
Be truthful and record correct information
Avoid the fraud traps as : manipulation, cooking and fudging
data
We are an organisation of values : we have a culture of clear
conscience : we are equally concerned about our customer
and profession
 Inspection Expectations

FDA needs to be able to verify the quality and

integrity of the data during inspections.

Data needs to meet ALCOA elements

of quality…. You need all of them….
 Data Integrity and Quality

ALCOA - RECAP
Attributable – data are identified with a specific subject and a specific observer and
recorder. (Password, audit trail and e-signature)

Legible – data are readable and understandable by humans (reports, tables, and
listings)

Contemporaneous - data are recorded at the time they are generated or

observed. (Time stamps and time-limited entry)

Original – data are recorded for the first time. (Source data and meta data)
Accurate – data are correct (Calculations, algorithms, analyses, and transmissions)
Meta Data “data about data”
Provides information about one or more aspects of the data
Used to summarize basic information about data
Makes tracking and working with specific data easier –
Examples :
Means of creation of the data
Purpose of the data
Time and date of creation
Creator or author of the data
Location on a computer network where the data was created
Standards used
File size
A picture is worth a thousand
words ……
A picture is worth a thousand
words ……
A picture is worth a thousand
words ……
Unearthed during an audit
Unaceptable storage
Unaceptable archival
During overseas audits too ….
And So on…

65
 This too…

―Documents and e-data spend more than 80% of their

lifespan in an archived (e.g., stored) state. ‖
 What is ALCOA+

+ additional terms based on the European

Medicines Agency‘s concept paper on electronic data :
Complete - all data including repeat or reanalysis performed
on the sample.
Consistent - uniform application of data time stamps in the
expected sequence
Enduring - recorded on controlled worksheets, laboratory
notebooks, or electronic media.
Available – there for reference / accessible for review / audit
for the lifetime of the record.
 FDA Approach
FDA may look to see that the process of data
creation at the site can be reconstructed and
that it matches the information submitted to
the agency. If problems are discovered, the
integrity of the data are questionable.
 DnD
No Requirement
01 Deliberately amending or destroying GMP records to hide or falsify data
is fraud.
02 Do not discard a GMP record just because you might have made a
mistake, it is still required for traceability
03 It is not acceptable to discard GMP records for any reason unless the
retention period expiry is reached
04 Loose unofficial papers, notes and uncontrolled documents that can
easily be lost or changed without appropriate approval do not meet
good documentation requirements.
05 Do not use notebooks / legal pads with easily removed pages, scrap
paper or post-it-notes to record GMP information.
 FALSIFICATION
Falsification in the context of GMP
compliance :
Any willful misstatement, misrepresentation,
manipulation, adulteration, rewriting, hiding,
replacing of quality related documents, materials,
activities or buildings in order to give an item the
appearance of GMP compliance when this is not
the case
 More on falsification….
Issues with individual or company integrity can give rise to
falsification of records and fraudulent data.
Falsification - creating, altering, recording, or omitting data
in such a way that the data do not represent what actually
occurred
Falsification of data is a major concern for regulators and
invites enhanced level of concern and scrutiny from
regulators in the area of data integrity.
Fraud - Wrongful or criminal deception intended to
result in financial or personal gain.
 FRAUD
Lack of data integrity is
often just FRAUD….
Howard Sklamberg J D
Deputy Commissioner
for Global Regulatory
Operations and Policy
US FDA
 DI
Data Integrity key to - reliable and trustworthy records
Protecting original data from :
Accidental modification
Intentional Modification
Falsification
Deletion
Destruction
So who does err? – Machines or Humans ?
To err is human ?
 Common Pitfalls
Conducting ‗unofficial‘ analysis with unofficial batch sheets and similar
analytical reports
Unreported failing results
Deleting data ( manipulating, paper, hybrid or electronic data )
Deliberately Disabling audit trails in analytical instruments
Gross violations in training records
Trial analysis ?
Test until pass, keep on testing
Back dating
Failures are not reported
 Tracking and Trending
Batch production record
7 instances where
employees signing as
completing manufacturing
steps were not on premises
at the time the steps were
completed
2 employees involved
 Tracking and Trending
Batch production record
Over 30 batch records (80% of those reviewed)
Data was removed and new data was added
Including: dates, signatures, temperatures, test results,
weights, volumes, and times
Employee scraped off entries with hand-made tool
Management was aware of this for at least 2 years
Firm had no CGMP training
 Tracking and Trending
Stability
Testing conducted late but recorded as being tested on time
No samples available, however testing data was generated
Quality Control Data
Test results for one batch were used to release other
batches
Occurred for at least 3 batches
This happened at three unrelated firms
Employee used same sample for identity testing on a regular
basis
 Tracking and Trending
Microbiological testing
Growth on microbiological
plates was observed and
recorded as no growth
The plates were double
checked by a second
employee
This happened at three
unrelated firms manufacturing
sterile finished dosage forms
 Tracking and Trending
Quality Control Unit
Releasing product with known
contaminants
Repacking failed product
without assessing impact of
failure
Repacked product was
released
Data supporting test results
was missing
 Tracking and Trending
No raw data for:
Standard preparation
Sample weights
Sample solution preparation and
sample dilutions
Sample and reagent weights are
written on small pieces of paper and
transcribed onto analytical worksheets
Then, small pieces of paper were
discarded
 Tracking and Trending
No raw data for:
HPLC integration
parameters were changed
and re-run until passing
results were obtained
Audit trail function was
disabled
Senior colleague directed
the chemist to record false
data in the logbook
 Tracking and Trending
Unofficial testing of
samples with file
names like test, trial, or
demo
Some failed
specification
All were saved on
personal computers
instead of a network
 Tracking and Trending
Out-of-specification or
undesirable results were
ignored and not
investigated
Re-testing without
justification
Product released despite
failing sterility testing
Failing or suspect HPLC
assay results are
overwritten
 Tracking and Trending
There are no controls to prohibit
unauthorized changes to electronic data
Turning off the audit trail function
Altering or deleting analytical result files
Making up records during an FDA
inspection
Batch records
Training records
 Tracking and Trending
Quality Control Data
Destruction of raw data not meeting
specification
Missing raw data
Re-writing laboratory notebooks
Unjustified invalidation of data and
re-testing without a laboratory
investigation
Refused to allow FDA to talk to
employees
 Tracking and Trending
Quality Control Data
Delaying, denying, limiting or
refusing an inspection
Raw data found in the
garbage
Unlabeled or partially labeled
vials dumped down the drain
Providing false information
during an FDA inspection
 PQR findings
Specs amended during validation w/o justification
Out of spec result ignored
Protocol sample size not adhered to
Re-use of test specimens – validity of data generated
Inconsistent protocol and test report rev number
Summary report inconsistent with raw data including
altered results / testing duration cut short
Reports not signed by designated level or missing
signatures
Review of Atypical warning
letters
 DI – Wl - Lab
Alteration of Raw, Original data and Records
Multiple analyses of assay with the same sample
without adequate justification
Manipulation of a poorly defined analytical procedure
Data analysis thereafter to obtain passing results
Backdating stability results for multiple reasons
Dry lab/tests/results
Substitution of previous results of other batches
Quality System Documentation:

Employee observed fraudulently signing weighing record

for activity he did not perform
Supervisor created logbooks after the fact for two years
(after FDA requested to review)
Cleaning employee was suspected of lying, so 5 FDA
investigators returned to the plant during the next cleaning
to simultaneously watch actual practices in five different
areas. FDA confirmed employee had lied
Employee discarded project file to hide records from
detection by auditor (& company management)
Quality System Documentation:

Entire completed original batch records for several lots were

found in supervisors possession, duplicate records had been
created for the document retention files
Entries for ―tomorrow‘s‖ batch had already been filled out
Desk drawer at analyst workbench contained multiple OOS
worksheets that had not been reported to QA
Log book contained dated entries that were out of sequence
In-process batch record with blanks for significant steps, post-it-
note created by supervisor instructing employee to fill in the
blanks
 Latest the worst
Failure to maintain complete data derived from all
lab tests conducted to ensure compliance with
specs and stds…..
Retesting failing samples
Test till pass
No investigations
Raw data management
Custom Quality Control ( CQC ) lab hidden from
the FDA, explanation unjustified…
 Latest the worst
Failure to prevent unauthorised access or changes
to data and to provide adequate controls to prevent
omission of data
All users use software administrators privilege
No audit trail
Non GMP activities in the PDL
 Latest the worst
Failure to control issuance, revision, superseding
and withdrawal of all documents with maintenance
of their history
Documents in the waste area
Masters in production as against in QA per DC SOP
Control stamps with production
SOP says do not photocopy, but photocopying rampant,
such docs found in the garbage
QC Lab analyst authorised to release batches for
commercial distribution, NO ROBUST QUALITY
SYSTEM….
Understanding Terms in WL
Intentional misrepresentation of lab data to hide existing or
potential problems.
Intent to deceive – making data look better than it really is.
Dry Lab – Reporting data for samples or procedures not
actually analyzed or performed.
Data deletion – removal of bad/undesirable data.
Backlogging – In this context, is the entry of data into a
laboratory document at a time later than the time indicated
on the document
Time Travel- Changing times and dates
Affects individuals too
 EU violations data 2017

Out of the 31 Statement of

Non Compliance for the Indian

Companies 20 %
Data Integrity findings were
reported
 C A U S E S ….
Lack of understanding
Willingness to please
Sloppiness
Inadequate Quality Systems to
Detect, Correct and Prevent
Intentional – data fraud ( Tidying / falsification )
 M H R A – F R A U D ….
Documents presented during the inspection were found
to have differing information compared to the equivalent
documents found in an incineration area.
This issue related to:
batch records, analytical reports and area / equipment log
books
data submitted to EDQM for CEP dossier submission
Results in an inability to rely on any other information
presented in submissions or during inspection, as it‘s
authenticity is in question
 „Tidying‟

‗Tidying‘ often includes

changes from original
Undeclared duplication
compromises integrity of all
data presented
Risk that mitigating information
becomes less reliable
 Tidying….
Inspectors fully accept ―scruffy‖
sets of documentation
when these are the original,
contemporaneous ones
If the damage or spillage
(chemicals or text entry boxes
limited in size)
means a copy of document is a
necessity ….
 Tidying….
Have a procedure describing the controls Under the
control of Quality Assurance(QA)
Subject to a Deviation
Ensure that the clean ―copy‖ clearly states ―copy‖
QA to Second Person Verify the transcription
Keep the original
Present both ―original‖ and ―copy‖ sets in an Inspection
 Regulatory Findings
Back and post dating / Missing Signatures
Cooked data
Presenting existing data as new data
Discarding data / omitting negative data (like OOS or
eliminating outliers)
Re-running samples
Releasing failing product - test until release
Unreported SOP or protocol deviations
 Regulatory Findings
No saving / retaining data
Poor Document Control
No / Inappropriate Audit Trail
Inadequate, poor or missing software validation and control
over computerised systems
Back-up & Disaster / crisis management
Mismatch between reported data and actual data
No links/traceability with source documents (original data) and
stored records
 REMEMBER
Data integrity issues could lead to patient safety
concerns
Data integrity issues could lead to business operations
concerns
BIG RISK TO THE USER
LOSS OF CREDIBILITY
REVIVAL PATH ….. DISTANT
 The equation….

DQ = D ( I + M )
Data Quality = Data Integrity + Data Management
Need both to better the important component of
final

PQ
Product Quality
 Data Management
How data is collected and reported
How data is reviewed
How the integrity of data is protected
How calculation errors are handled
How alarms are managed
Who has the authority to invalidate data
What happens to this data? (i.e., discarded, archived with sample
analysis package, etc.)
How electronic data is protected from editing, changing, deletion?
How are passwords assigned and protected?
REGULATORY REFRENCES
 Regulatory References
21 CFR Part 11
11.1 Scope:
―Electronic records and
signatures…to be
trustworthy, reliable, and
generally equivalent to
paper records and
handwritten signatures
executed on paper.‖
 Regulatory References
21 CFR Part 11
11.10 Controls for closed systems:
―Persons who used closed systems to create, modify,
maintain, or transmit electronic records shall employ
procedures and controls designed to ensure the
authenticity integrity and when authenticity, integrity,
and, appropriate, the confidentiality of electronic
records, and to ensure the signer cannot readily
repudiate the signed record as not genuine.‖
 Regulatory References
11.10 Controls for closed systems:
Validate systems (EU Annex 11: System (7))
Generate accurate and complete copies of records (EU
Annex 11: System (12))
Protect records (EU Annex 11: System (13, 14))
Limit system access (EU Annex 11: System (8))
Employ audit trails (EU Annex 11: System (10))
 Regulatory References
21 CFR Part 11
11.50 Signature manifestations:
Signature integrity encompasses:
Printed name
Date and time
Meaning of signature
 Regulatory References
21 CFR Part 11
Subpart C – Electronic Signatures:
Signature integrity also encompasses:
Uniqueness to an individual
Use of 2 identification components
Only 1 component required ―during a single, continuous
period of controlled system access‖
Fraudulent use ―requires collaboration of two or more
individuals‖
 Regulatory References
21 CFR Part 11
11.70 Signature/record linking:
Signatures must be linked to
their respective records such
that the signatures ―cannot be
excised, copied or otherwise
transferred to copied, falsify an
electronic record by ordinary
means.‖
 Regulatory References
21 CFR Part 11
11.30 Controls for identification
codes/passwords:
…………..
―Persons who use electronic
signatures based upon use of
identification codes in
combination with passwords shall
employ controls to ensure their
security and integrity.‖
 Regulatory References
21 CFR Part 11
11.30 Controls for identification codes / passwords:
Uniqueness
Retirement of electronic signature components
Maintenance
Loss management procedures
―Use of transaction safeguards to prevent unauthorized use
of passwords and/or identification codes, and to detect and
report in an immediate and urgent manner any attempts at
their unauthorized use…‖
 What is „audit trail?‟

Data in the form of a logical path linking a sequence of

events, used to trace the transactions that have affected
the contents of a record. (ISO )
A chronological record of system activities that is sufficient
to enable the reconstruction, reviews, and examination of
the sequence of environments and activities surrounding
or leading to each event in the path of a transaction from
its inception to output of final results. ( ANSI )
 Audit trail requirements

What was changed?

What was the original value?
What was the value changed
to?
Who changed it?
When was it changed?
Where was it changed?
Why was it changed?
Any takes…..
 That is it….

"Data integrity really sounds off alarm

bells for us ... if you see data integrity on
the surface, there is likely a lot going on
underneath.
― Thomas Cosgrove, director at the
FDA's office of manufacturing quality
 Data integrity & risk
assessment
Assess each requirement (and the system as a whole) for
data integrity concerns
Not all requirements are created equally in terms of data
integrity risks
Create a ranking system (high, medium, low) that identifies
those requirements that, should the system fail to meet
them for any reason (failure mode), a data integrity issue
could result
These requirements can now be more robustly designed
and validated
 Data integrity & risk
management
EudraLex - Volume 4, GMP Guidelines, Annex 11
General:
1. Risk Management
―Risk management should be applied throughout the
lifecycle of the computerised system taking into account
patient safety, data integrity and product quality. As part of
a risk management system, decisions on the extent of
validation and data integrity controls should be based on a
justified and documented risk assessment of the
computerised system.‖
 DI DESIGN
Design a robust backup/restore/disaster recovery
process
Implement tight access controls
Implement a robust audit trail
Design unambiguous e-signature mechanisms
Create rigid e-signature-document linkages
Implement data entry prompts/help text/input checks
 Laboratory Notebooks:
Types, Advantages & Drawbacks
Type Advantages Disadvantages

Bound book •No lost sheets •Experiments entered as done, no

•Proof against fraud logical order
• cannot keep some raw data forms

Loose-leaf sheets/folders
Electronic notebook
•Can group by experiment, •Can lose sheets, harder to prove
maintain order authenticity
•Easy to record data during
experiments
• More flexible to hold
various types of data
•Easy to read •Must back up data, harder to prove
•Easy to do calculations authenticity
•Can be manipulated after the fact.

Barker, Kathy. At the Bench: A Laboratory Navigator. Cold Spring Harbor: Cold Spring Harbor
Laboratory Press (2005), 90. 125
Impact spreads
 Regulators – Any answers ?
1. Will a citation fix the problem ?
2. Will an Import Alert resolve the issue ?
3. Can you enjoin these companies with the original
faith ?
4. Will a seizure or prosecution resolve it ?
5. Is punishment the only answer ?
 How to overcome
The first principle – BE HONEST
The second principle – have a value based quality
system and culture
Personal integrity at all levels automatically leads to
data integrity
Realise, implement and always practice good
documentation
The third principle - CONSISTENCY
 How to overcome
Individual development for institutional development –
Trust and accountability
Must put a much higher value on human life than we do
at present
No two different sets of standards — for domestic and
exports market
Active WHISLE BLOWER Mechanism ?, Honour the
messenger…..
Take local actions in terms of global compliance findings
Learnings from recent trends

Science isn't that simple n easy

The vast nature of knowledge renders us limited
Data has its own story
Raw data is never wrong.
We may misinterpret it, be fooled by an incorrect
assumption, be limited by technology / approach
but intrinsically, it is not wrong.
Your scientific reputation is based on the quality of
your data.