Published by MasterControl
Susan Schniepp, Distinguished Fellow
Regulatory Compliance Associates® Inc.
Among the current and emerging topics of interest to the pharmaceutical industry, the topics of quality metrics, quality culture, and data integrity are of particular concern to both the industry and regulatory authorities. The integrity of the data supporting product quality throughout the product life cycle has always been a priority for global regulatory authorities. Requirements specifying that data records need to be attributable, legible, contemporaneous, original, and accurate (ALCOA) have been included in regulations around the world for several decades. In addition to the ALCOA there is ALCOA+ which also requires data to be complete, consistent, enduring, and available.
The increase in data integrity observations has prompted the regulatory authorities to address the issue by releasing a series of guidelines that reemphasize the importance of data integrity. The U.S. Food and Drug Administration (FDA), Medicines and Healthcare Products Regulatory Association (MHRA), World Health Organization (WHO), and Pharmaceutical Inspection Convention and Pharmaceutical Inspection Co-operation Scheme (PIC/S) have all released documents to reeducate the industry on data integrity concepts and expectations. In addition to the regulatory guidelines, the Parenteral Drug Association (PDA) released a free document titled “Elements of a Code of Conduct for Data Integrity” to help address the problem.
Have you ever evaluated your Quality Culture? Contact Us Now and Find Out if You Should →
Over the course of your career, you will run into data integrity situations that could have been mitigated if the company had a better-quality culture. Below are some real-life scenarios that demonstrate how data integrity and quality culture are linked and how quality culture can drive undesirable outcomes. It is important to note that when we speak of quality culture, we are not describing the culture of the quality department. We are discussing the culture of the organization and what affect that imbedded, widespread culture had on the entire organization.
Situation 1: CMO Audited by a Client
A contract manufacturing organization (CMO) was being audited by a client and was asked for a training record. The particular training record was missing from the file. The Quality Assurance (QA) manager in charge of the audit chose to wait until the auditors left for the day and then asked the staff to do a comprehensive search for the missing training record. The record was not located so the QA manager decided to reproduce the training record from memory and present it to the client in the morning. The auditor was suspicious of the record and indicated in his audit report that he felt there were data integrity issues at the site. The client listed the CMO as “at risk” based on the suspicion of falsification of data regarding the training record that was noted in the audit report.
When a new head of quality for the company was hired to help fix some of the risky behavior present at the company, they investigated the client concern and confirmed that the QA manager had falsified the record. The QA manager was fired and the new head of quality hired a third party to perform an in-depth audit to determine how imbedded the practice of falsification was in the organization. As a result of the findings, several individuals were relieved of their quality responsibilities. It has taken the company two years to move from an “at risk” to “needs improvement” status as a result of this issue.
The situation described above is not unusual because records do occasionally get lost or misfiled. When this happens during an audit, it is certainly embarrassing but not unrecoverable. The quality culture present in the organization condoned falsification and misdirection. The situation could have been could prevented if the organizational culture rewarded honesty. If the QA manager had been forthcoming with the situation to the auditor it probably would have resulted in an observation, but if all the other training records were in order it would have been a minor observation easily addressed and corrective action outlined in the audit response. The auditor should have been told the record was missing and a commitment to retraining the individual as a part of the investigation into the missing training record would have been a more honest and understandable response.
The bottom line, there should be no tolerance for falsification and lying to any auditor and a company culture that elicits this type of response is neither desirable or effective and has a detrimental impact on the entire business. When the QA manager chose to falsify and lie to the auditor, it sent a message to the entire organization that this type of behavior was acceptable. The new head of quality quickly corrected this misconception. The outcome of lying to a client was bad enough , and the outcome could have been much worse had this been done during an inspection by a regulatory authority.
Situation 2: Company Audited by a Regulatory Authority
In this next scenario, a company is being audited by a regulatory authority. They are reviewing the equipment validation/qualification program and they ask to see the most recent qualification for a depyrogenation oven that was the subject of a previous audit observation. The qualification for that oven has an investigation associated with it. The investigation was because the temperature recorder was out of tolerance and recording temperatures higher than the actual oven temperature. In other words, the vials being depyrogenated were not exposed to the optimal condition leaving a question in the auditor’s mind as to whether the vials and the product in them were safe. The last passing qualification for the temperature recorder was two years ago and the investigation has no product impact assessment to justify the safety of the product. One of the inspectors asks the head of quality to justify why this issue should not be considered a public health issue. He indicates that he will expect a response before the close of the day. The culture present in the company may dictate what response you give the inspector.
If you have a poor quality culture, the response might be to tell the auditor that even though the chart recorder was recording an incorrect temperature you are confident that the oven was hot enough and the cycles were long enough to kill the pyrogen so the product is safe. The temperature recorder has been fixed and there should be no issues as described in a book explaining the principles of depyrogenation.
An acceptable quality culture would elicit a more thoughtful response supported by data and information collected on a daily basis. An effective response would indicate there is no risk to the product because of the endotoxin monitoring that is performed as follows:
- The Water for Injection (WFI) is monitored daily for endotoxin.
- The raw materials being used to manufacture the product, including the active pharmaceutical ingredient (API), is tested for endotoxin as part of incoming receipt.
- The glass is tested for endotoxin as part of incoming release.
- Each lot of product is tested for endotoxin as part of the final product acceptance criteria.
- There have been no complaints for the affected products during the last two years.
In this case, the CMO was being inspected by a regulatory authority. The inspector said they agreed with the assessment and the data supporting the statement should be included in the official 483 response. The inspector also indicated he would not make this a public health issue. The company included two years of data in their response. The only comment from the agency was to provide additional data to cover the products from the last successful calibration to the time the current calibration.
Situation 3: Company’s Quality Culture has the Wrong Focus
This situation demonstrates how an organizational culture can impact the investigation process. The company in question is very proud of their ability to complete 95% of deviations/investigations within 30 days. The company has hired a new head of quality and this person decides to familiarize themselves with the investigation/deviations that have occurred over the last six months.
During the review, they discover that one operator on the second shift has 25 repeat deviations for failing to sign a critical portion of the batch record for a particular product. The deviations all indicate the operator has been retrained and the root cause of the deviation is listed as human error.
The new head of quality brings this information to the attention of the staff and whether the operator in question is suitable for the job they perform based on the high incident of repeat deviations for the same issue. The staff assures the head of quality that the operator is an excellent employee and also one of the most conscientious operators in the organization. The head of quality asks if the operator was appropriately interviewed and the staff indicates that they know the operator has a problem, but they feel that retraining is suitable.
Not satisfied with this answer the new head of quality decides to personally interview the operator in question. In the interview the operator tells the head of quality that in order to sign the batch record when indicated they need to leave the manufacturing area and leave the product unattended while they de-gown, sign the batch record, re-gown and reenter the manufacturing area. The operator says he does not think this is a good practice and has been requesting the batch record be revised, but the only outcome so far has been that he gets retrained and reprimanded.
In this scenario, the quality culture focuses on timeliness rather than getting to root cause. If the emphasis of the culture was on thorough and complete investigation, the root cause of human error for the same repeat deviation would have been noticed and corrective action initiated. The real data integrity issue here is not the repeat deviation but the action of the other operators. Clearly, the operator in question was concerned with product safety because he felt it wasn’t appropriate to leave the product unattended. The question to be answered is how the other operators were handling the signing of the batch record and what risk there was to the product.
Conclusion: Quality Culture Impacts Data Integrity
It is important to understand that your quality culture is linked to data integrity. Once you acknowledge this relationship you can perform a necessary risk assessment, identify vulnerabilities, and remediate your risks before an inspection. Regulators have clearly delineated through the guidance documents that there is a link between the culture of an organization and the veracity of the data being generated. In the future, it is anticipated that audits will focus on determining the health of an organization based on their culture and the data it supports.