A: This is a great question. The draft guidance, titled Data Integrity and Compliance With cGMP was released in 2016 and is still current. In the introduction, FDA states, “The purpose of the guidance is to clarify the role of data integrity in current good manufacturing practice …” I don’t think the industry should be surprised by this guidance based on the number of recent warning letters issued with citations referencing questionable data integrity practices.
The guidance itself says:
“… FDA has increasingly observed CGMP violations involving data integrity during CGMP inspections.”
The guidance goes on to say:
“This is troubling because ensuring data integrity is an important component of industry’s responsibility to ensure the … quality of drugs, and FDA’s ability to protect the public health.”
Specifically question 16 asks:
“Should personnel be trained in detecting data integrity as part of a routine CGMP training program?”
The answer in the guideline is, of course, yes and cites 21 Code of Federal Regulations(CFR) 211.25 and 212.10, which require that employees have the “education, training, and experience, or any combination thereof, to perform their assigned duties.”
From an industry perspective, the requirement for data integrity training seems new, but it isn’t. It is normally referred to as good documentation practices (GDP), annual GMP training, and investigations and corrective action and preventive action (CAPA) training. The question is how does one communicate to others that this training regimen relates to proper data handling, which in turn helps eliminate data integrity issues.
Annual cGMP training is integral to avoiding data integrity problems because it delineates what documents need to be maintained. If the GMPs require a document be preserved, one can assume it is a document that is subject to review and critique during an audit.
Focusing on the forms and records required allows one to direct their review efforts on the essential rather than on the superfluous documents that support the safety, efficacy, and quality of the products being manufactured. Once the company’s quality assurance (QA) department has identified these critical documents, the documentation group can then direct their efforts towards appropriately maintaining those documents.
A critical element in preserving the integrity of the information contained in these records is related to GDP training. GDP training should explain to the employees the necessity of the document in relationship to the quality of the product. GDP training should focus on the importance of the data being recorded, how to correct an error, how to document the reason for the error, explain the timeliness of the signature and date of the person who performed the operation and recorded the necessary information, as well as the role of the verifier’s signature for those steps in the operation that require a witness.
GDP training should also include an explanation of the review process and what the operator’s, verifier’s, and reviewer’s signatures means. The reviewer’s signature should be regarded as complementary to the original operator’s signature. It is there to support that the recording of the data was complete, accurately reflected the function or activity being documented, and that any operational errors that occurred were investigated and corrected appropriately.
If you are operating with electronic signatures and data collection systems, training should include discussion on the importance of password protection and the reason and rationale for not sharing passwords and accounts so that the integrity of the electronic system is not compromised.
Investigation and CAPA training should be taught to staff involved in the recording and reviewing of the documentation. It is important for these individuals to understand how deviations are investigated, if the investigation resulted in a CAPA, and what impact the investigation/CAPA results might have on the product.
It should also address how changes made to documentation as a result of the investigations/CAPA have been implemented in the quality management system. Documentation changes made as a result of investigation/CAPA conclusions should prompt retraining on the activity and should encompass any new documentation practices identified.
Once the employees are trained in GMP, GDP, and investigations/CAPA training, the QA group should confirm the organization’s understanding of what they were taught through the internal audit review process. This should be viewed as a confirming activity that will strengthen the records, forms, reports, and manufacturing documents that support the product’s manufacturing and release.
Issues in documentation procedures identified through the internal audit process should be responded to and tracked in a similar manner, as the company would do for an external audit by a client or a regulatory agency.
The information collected during the manufacturing of the product from the receipt of the raw materials, the facility maintenance, the testing of the product up to the release of the product, and everything in between is crucial to defending the product once it has been released for patient use. It is crucial that this information be indisputable, whether it is electronic or paper.
Bottom line, don’t over react to the guidance by sending your QA staff to criminal investigation training. Instead, utilize the cGMP training tools you already have in your quality system to reinforce the concept of data integrity throughout your training and audit processes. The best way to combat poor documentation is through the proactive inclusion of data integrity concepts, design, and implementation into your data collection systems whether they are manual or electronic in nature.
Regulatory Compliance Associates® (RCA) provides worldwide services to the following industries for resolution of compliance and regulatory challenges:
We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA-and globally-regulated companies. As your partners, we can negotiate the potential minefield of regulatory compliance and private equity due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.
- Founded in 2000
- Headquartered in Wisconsin (USA)
- Regional offices in Florida, Colorado and Europe
- Expertise backed by over 500 industry subject matter experts
- Acquired by Sotera Health in 2021