Complying with FDA guidelines on Data Integrity may be easier than you think
The official data integrity guidelines have been in full force for more than 5 years now. There is no Life Sciences professional who has never heard of Data Integrity. At first this term was scary. However, companies that adhere to current Good Manufacturing Practices (cGMP) have realized they have nothing to worry about. And we can also guess it from the title of the official FDA document: “Data Integrity and Compliance With Drug CGMP”.
But then, if the new guidelines have come into effect while the old good GMPs are still valid, does that mean we have to apply both of them? Should we combine them with the operational procedures that any self-respecting pharmaceutical company already applies?
THE BENEFITS OF GMP
We immediately answer the question, also because our goal is another, that is to demystify the idea that respecting Data Integrity is difficult. Although cGMP can be considered a set of guidelines in its own right, it is better to understand the meaning of the acronym. In fact, Data Integrity is simply a by-product, a subset of cGMPs. But ensuring data integrity is just as important as the following cGMP, if not more so, especially nowadays when all processes and applications become Data-Driven.
And why was this by-product necessary?
The whole concept of cGMP originated from an event of lack of objective data on a batch of contaminated tablets and the consequent inability to withdraw it from the market, before it caused hundreds of deaths in 1941. Nowadays, regulatory agencies have several tools to prevent such a disaster: random inspections, official warnings, and drug seizures. But the most effective tool of all is, of course, to provide data integrity guidelines, because they are preventive rather than reactive measures.
And as the world changes all the time, so do the ways in which data is generated, managed, and used. The awareness and priorities of different data and processes also change. Therefore, even if GMPs remains a fundamental document, it becomes inevitable to develop a guide dedicated to data, a clear and specific guidelines that allows us to focus on what increasingly represents the drug administered to the patient.
DATA INTEGRITY AND SECURITY
Take, for example, the General Data Protection Regulation (GDPR), a regulation that came into force at about the same time as Data Integrity. User data security has become more critical in the internet age and data integrity and security simply go hand in hand.
Data integrity, as defined in the FDA document, is "the completeness, consistency and accuracy of data", and to achieve integrity, data should follow the ALCOA+ principles, which we discussed in depth in a previous article, of which we report a short excerpt:
Staff must be trained to prevent and detect data integrity issues.
Any quality problems detected must be formally managed.
Only authorized personnel should have the necessary access to edit records.
Each user should have their own login credentials, rather than shared.
The use of electronic signatures instead of handwritten (paper) signatures is strongly recommended.
WHY BE ALWAYS ALIGNED AND COMPLIANT WITH REGULATIONS?
Respecting the cGMP, and more specifically, guaranteeing Data Integrity, means dedicating many resources to one's operations. Appropriate quality systems and procedures must be maintained, employees must be qualified and constantly trained, analytical laboratories must be reliable, and equipment always calibrated. But all of these expensive features describe not only companies bent on achieving success. They are also mandatory for any company wishing to remain on the market.
It is clear to everyone that there is a direct relationship between data integrity and product quality. But it is equally true that there is a direct relationship between data integrity and product costs, a very important concept, unless the company holds the patent of the drug and does not fear competition.
The challenge, therefore, is to guarantee data integrity with a well-studied and planned and, above all, acceptable investment.
By demanding to comply with the guidelines, the FDA is doing nothing but helping companies make their lives easier. Paradoxical, but it is. After all, the word “current” in cGMP simply tries to remind companies that their systems must always be updated to the latest technology.
Yes, because the disaster of 1941 was also partly due to technological obsolescence. And it is naive to think that such an event cannot occur today. It is true that technologies have made great strides, but even the complexity and risks of today's world cannot be compared to those of a hundred years ago. And companies that get stuck in the past and don't invest in technology risk being, rightly, wiped out.
WHAT DOES THE FDA GUIDE MEAN FOR MY BUSINESS?
We have gone too far in discussing the importance of Data Integrity. It was necessary to do this to arrive at an important premise: today data integrity cannot be guaranteed except through modern technological means.
So what are the technologies and tools that can be used in companies, and more specifically, in the analysis laboratories and production department? When it comes to data integrity, of course we must take advantage of all those new technologies that affect data: IoT, BigData, Cloud, BPM and Low-Code platforms, Analytics and AI.
To go into more detail, here are the main systems that can be installed:
LIMS (Laboratory Information Management System)
ELN (Electronic Laboratory Notebook)
SDMS (Scientific Data Management System)
True, some of these already existed 20 years ago. Indeed, certainly some are already present in your company. But the question is:
Do the systems we have today really exploit new technologies? Do they really comply with the latest guidelines on Data Integrity and current GMP?
It must be said that not all the technologies listed are equally important for DI. BigData, Analytics, and AI do better to optimize processes and costs, to guide choices on operations, minus those on data security. The technology that is most beneficial is certainly the IoT because it allows data to be collected directly (without human intervention) from digital devices.
BPM and Cloud, in turn, allow developing extremely articulated, complex, and automated flows that manage this data and avoid users to perform manual operations, thus eliminating the risks related to errors, loss, and tampering of data.
The main risk to the integrity of the data is represented by the users themselves. As human beings, people tend to disregard procedures, make mistakes, forget deadlines, underestimate risks and, sadly, intentionally change data.
Of all the 9 terms of the acronym ALCOA + , perhaps the most important is ACCURATE, because it can be applied to the other 8. Only automatic systems can always accurately perform all the actions defined to guarantee the integrity of the data.
It is easy to ensure data integrity if it is delegated to the latest generation of digital systems. Sure, it might be less easy to adopt such systems, but definitely not because of the systems themselves. People's resistance to change, the cultural and digital skills gap are one of the biggest obstacles to technological innovation. Our projects consist, in large part, to work with people rather than with digital systems, in assisting pharmaceutical companies in their digital growth. We have dedicated several of our articles to this topic and we will certainly address it again.