Shelly Blackwell Senior Director of Dietary Supplement and Tobacco Services EAS Consulting Group
Is data integrity a new concept and does it only apply to drug manufacturers? The answer to both of those questions is “no”. Due to an increasingly complex supply chain, globalization, and the current availability and usability of data, dietary supplement manufacturers must adapt to the changing expectations for the data we produce and manage, regardless of the industry.
The focus on data integrity emerged after several FDA inspections revealed egregious findings, which documented fraudulent activities and poor data management practices. Consequently, the FDA published their final guidance on data integrity in December 2018 titled: “Data Integrity and Compliance with Drug CGMP”1 in a question-and-answer format. Many other organizations, including PDA, PIC/S, MHRA, and ISPE,2-5 have also published guidance documents. While the details vary, all of them draw upon existing current Good Manufacturing Practices (cGMPs) and expand on them with regard to maintaining the integrity of data generated.
Basic cGMP principles prevalent in the dietary supplement regulations (21 CFR Part 111 “Current Good Manufacturing Practice in Manufacturing, Packaging, Labeling, or Holding Operations for Dietary Supplements”),6 can alsobe applied to data integrity. In fact, most of the data integrity warning letters FDA has issued have been related to well known concepts, such as Good Documentation Practices, computer system validation, and records management. For example, a violation such as “the computer used to create master manufacturing records did not have controls to restrict access and unauthorized changes” could be cited against 21 CFR Part 111.123, which requires Quality Control to “review and approve all master manufacturing records and all modifications to the master manufacturing record.” Additionally, a common violation of deleting or not reporting original data could be cited against 21 CFR Part 111.605, which outlines record-keeping requirements.
The FDA defines data integrity as “The completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA).”1 While not all-encompassing, the ALCOA acronym can be used as a guideline to ensure the data produced by a dietary supplement manufacturer has integrity.
Attributable (A) means that reporting should clearly note who created a record and when. Policies around identifiable signatures and unique user log-on IDs and passwords should be created and documentation SOPs should include details on how to make a correction. Legible (L) indicates that recorded information must be easily readable (only blue or black ink, no writeovers, etc). Contemporaneous (C) requires documentation to be completed at the time of action, not before (pre-dating) or after (back-dating). The phrase “at the time of performance” is throughout the cGMPs, including 21 CFR Part 111 and also applies to time and date requirements in 21 CFR Part 11 “Electronic Records; Electronic Signatures”,7 which is a requirement for dietary supplement manufacturers using electronic records. Original (O) means documentation must include or preserve the content and meaning of the original data. Procedures should be established to prohibit the use of scrap paper to document critical data and to prevent the deletion of original data (both paper and electronic). The final “A” in the ALCOA acronym stands for Accurate. Manufacturers should look to reduce potential risks that may affect the accurate recording of data, which may include activities such as reviewing audit trails.
Given the current regulatory environment, an FDA inspector may ask to see a company’s data integrity policy or plan. Companies lacking one should start with an inventory and risk assessment. That process should identify all sources of critical data, and indicate whether the source is paper or electronic. While laboratories are often a primary focus during data integrity inspections, companies should also consider any manufacturing or operational systems producing critical data, such as the material control system. A good way to define critical data is any data generated to satisfy a requirement in the cGMPs. After the inventory’s completion, apply risk analysis principles to rank criticality and identify inherent data integrity risks. This prioritization will focus the company on data integrity policies and procedures based on their knowledge of their unique processes and technologies.
It is imperative organizations understand that risks of data integrity breaches exist at every organization. The PIC/S guidance on data integrity (Good Practices for Data Management and Integrity in Regulated GMP/GDP environments) notes: “An organisation which believes that there is ‘no risk’ of data integrity failure is unlikely to have made an adequate assessment of inherent risks in the data lifecycle.” An organization’s biggest asset in identifying these risks is its people. By using their knowledge of systems and processes, along with critical thinking skills, companies can take proper steps to ensure patient safety, product quality, and data reliability.
References
1. Data Integrity and Compliance With Drug CGMP: Questions and Answers. https://www.fda.gov/regulatory-information/search-fdaguidance- documents/data-integrity-and-compliance-drug-cgmpquestions- and-answers
2. Data Integrity Management System for Pharmaceutical Laboratories. https://www.pda.org/publications/pda-technicalreports
3. Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments. https://picscheme.org/docview/4234
4. ‘GXP’ Data Integrity Guidance and Definitions. https://assets. publishing.service.gov.uk/government/uploads/system/uploads/ attachment_data/file/687246/MHRA_GxP_data_integrity_guide_ March_edited_Final.pdf
5. GAMP Guide: Records & Data Integrity. https://ispe.org/ publications/guidance-documents/gamp-records-pharmaceuticaldata- integrity
6. Current Good Manufacturing Practice in Manufacturing, Packaging, Labeling, or Holding Operations for Dietary Supplements. https:// www.ecfr.gov/current/title-21/chapter-I/subchapter-B/part-111
7. Electronic Records; Electronic Signatures. https://www.accessdata. fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11
About the Author: Shelly Blackwell, Senior Director of Dietary Supplement and Tobacco Services with EAS Consulting Group, has over 22 years of quality and compliance experience in highly regulated environments. After starting her career as a microbiologist, she gained expert knowledge of a variety of domestic and international regulations while holding senior leadership positions in the dietary supplement, pharmaceutical, and medical device industries. These positions include seven years as the Quality Assurance Director for GNC / Nutra Manufacturing and most recently leading the Quality Systems and Compliance Team at Bausch and Lomb in Greenville, SC. Contact Shelly at shelly.blackwell@easconsultinggroup.com or call EAS Consulting Group at (571) 447-5500.