Q. I have been hearing that regulatory authorities are beginning to audit companies regarding their ‘quality’ culture’s relationship to data integrity tools. Can you give me a little background on this issue?
A. The regulatory authorities have always been interested in data integrity tools. Recently, however, the specific culture of an organization is being connected to the veracity and accuracy of the data generated to support the quality of manufactured products. The theory is the more mature an organization is the more reliable the product support data are. To understand this concept thoroughly, we should start with a brief review of FDA’s quality metrics initiative.
Data Integrity Guidance
When FDA posted the first draft guidance, Request for Quality Metrics, the metrics chosen were lot acceptance rate, product quality complaint rate, invalidated out-of-specification (OOS) rate, and annual product review or product quality review on time rate. The guidance also contained three optional metrics intended to measure quality culture: measuring senior management engagement, corrective actions and preventive actions (CAPA) effectiveness, and process capability/performance.
Although the optional data integrity tools intended to measure quality culture were removed from the current version of the guideline, it is the first indication that regulators felt there was a correlation between culture and data integrity. At the same time the issue of quality metrics was being discussed, there was a resurgence of data integrity problems in the industry evidenced by the number of citations that reference this issue.
Data Integrity Issue
Between 2005 and 2016, approximately 225 FDA warning letters were issued with observations for data integrity. These observations included repeat human error deviations, insufficient training, system failures, inappropriate qualification or configuration of systems, poor procedures or not following procedures, and intentional acts of falsification.
The increase in data integrity observations prompted regulatory authorities to address the issue by releasing a series of guidelines that reemphasize the importance of data integrity. FDA, the Medicines and Healthcare products Regulatory Agency (MHRA) in the United Kingdom, the World Health Organization (WHO), and the Pharmaceutical Inspection Co-operation Scheme (PIC/S) have all released documents to reeducate the industry on data integrity concepts and expectations. In addition to the regulatory guidelines, the Parenteral Drug Association (PDA) released a free document titled Elements of a Code of Conduct for Data Integrity to help address the problem.
One common theme permeating through these documents is that of quality culture. Regulators have linked the reliability of data to the existence of a quality culture as exemplified by statements taken directly from the guidance.
The PIC/S guidance on Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (5) states, ‘Management should aim to create a work environment (i.e., quality culture) that is transparent and open, one in which personnel are encouraged to freely communicate failures and mistakes. Organizational reporting structure should permit the information flow between personnel at all levels’.
The MHRA guidance (2) titled ‘GXP’ Data Integrity Guidance and Definitions discusses organizational culture, stating:
‘The organization needs to take responsibility for the systems used and the data they generate. The organizational culture should ensure data [are] complete, consistent, and accurate in all its forms (i.e., paper and electronic)’ … ‘The impact of organizational culture, the behavior driven by performance indicators, objectives, and senior management behavior on the success of data governance measures should not be underestimated. The data governance policy (or equivalent) should be endorsed at the highest levels of the organization.’
WHO deals with the concept of quality culture in their document Guidance on Good Data and Record Management Practices by stating,
Adoption of a quality culture within the company that encourages personnel to be transparent about failures so that management has an accurate understanding of risks and can then provide the necessary resources to achieve expectations and meet data quality standards.
This same document states:
Management, with the support of the quality unit, should establish and maintain a working environment that minimizes the risk of non-compliant records and erroneous records and data. An essential element of the quality culture is the transparent and open reporting of deviations, errors, omissions and aberrant results at all levels of the organization, irrespective of hierarchy.
Based on the language used in data integrity guidance documents, it is clear that regulatory authorities consider quality culture an important element in establishing the veracity and integrity of the data being generated by companies that support the products they manufacture.
The trouble with quality culture is determining how to measure it. PDA has developed a culture assessment tool that links organizational attributes to specific behaviors.
Attributes were defined as elements of a quality system such as, but not limited to, deviations reporting, change control, CAPA, complaints, and environmental monitoring programs or systems. Behaviors were defined as intangibles such as, but not limited to, robust communication and transparency, rewards and recognition, employee engagement, and cross functional vision.
The theory was if quality attributes equaled quality behaviors, which then equaled quality culture, then if the quality attributes of a company could be measured, they would reflect the maturity of the quality culture of an organization. The PDA tool involves several steps that include training employees on the use of the tool, an onsite assessment, an all-staff survey, and finally analysis and action on the results.
ALCOA Data Integrity
There are, of course, other tools available to measure the culture of an organization. The real point is whatever tool your company uses to measure culture, it will be an important element in determining your data integrity risks and remediating them before an inspection.
Auditing a company to determine if their culture is conducive to generating data that meets the attributable, legible, contemporaneous, original, and accurate (ALCOA) concepts is on the horizon and may become a part of routine audits performed by regulators or industry auditors when evaluating the suitability of a manufacturer, potential partner, or service provider.
Vol. 42, No. 10
Pages: 82, 81
Regulatory Compliance Associates® (RCA) provides worldwide services to the following industries for resolution of compliance and regulatory challenges:
We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA-and globally-regulated companies. As your partners, we can negotiate the potential minefield of regulatory compliance and private equity due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.
- Founded in 2000
- Headquartered in Wisconsin (USA)
- Regional offices in Florida, Colorado and Europe
- Expertise backed by over 500 industry subject matter experts
- Acquired by Sotera Health in 2021