8 Ways to Ensure Data Integrity
Data integrity requirements have been addressed in the FDA’s Title 21 CFR Part 11 and the EU's GMP Eudralex Volume 4, Chapter 4 and Annex 11. This is so far unchanged. However, with increasing automation based on computerized systems, as well as the globalization of operations and the increasing cost of bringing products to market, new guidance was needed to clarify regulatory expectations around the creation, handling and storage of data. The following eight recommendations give an overview of how to maintain data integrity for computerized systems:
1. Perform Risk-Based Validation
- Validate only systems that are part of GxP-compliance. Ensure protocols address data quality and reliability.
- In some cases it’s cost-effective to have the system vendor perform qualification and validation of the systems. To help decide between in-house or purchased validation service, use the ISPE’s GAMP5 (Good Automated Manufacturing Practice) categorizations to determine the validation complexity of your system.
- Account for all electronic data storage locations, including printouts and PDF reports during validation.
- Ensure your quality management system defines the frequency, roles and responsibilities in system validation.
- Your validation master plan must outline the approach you will use to review meaningful metadata, including audit trails, etc.
- Schedule periodic re-evaluations after your initial validation.
2. Select Appropriate System and Service Providers
- Ensure your providers are fluent with the relevant regulations.*
- Systems must be fit-for-purpose. Get proof of a software’s efficacy for the application it will be used in.
- Learn about your suppliers’ organizational culture and maturity relating to data management. Ask them what systems are in place to ensure data integrity and audit those systems if possible.
* See EU GMP EudraLex Annex 15: “Where validation protocols and other documentation are supplied by a third party providing validation services, appropriate personnel at the manufacturing site should confirm suitability and compliance with internal procedures before approval.”
3. Audit your Audit Trails
- An audit trail must be an inerasable record of all data in a system, including any changes that have been made to a database or file. To be useful in GxP compliance an audit trail must answer: Who? What? When? And Why?
- Define the data relevant to GxP and ensure it’s included in an audit trail.
- Assign roles and schedules for testing the audit trail functionality.
- The depth of an audit trail review should be based on the complexity of the system and its intended use.
- Understand what audit trails comprise: discrete event logs, history files, database queries, reports or other mechanisms that display events related to the system, electronic records or raw data contained within the record.
4. Change Control
- Ensure system software updates are designed to comply with changing regulations, especially when implementing new features.
- Collaborate with providers to stay informed about changes and update your systems accordingly.
- Select systems that are easy to update upon the addition of new hardware or other system inputs.
5. Qualify IT & Validate Systems
- Validated systems require an IT environment that has been fully qualified.
6. Plan for Business Continuity
- Ensure disaster recovery planning is in place.
- Your plan should state how quickly functions can be restored, as well as the probable impact of any data lost.
- Look for software and systems that can record and store data redundantly to protect it during power outages or network downtime.
- Employ solutions such as UPS (Uninterrupted Power Source), battery-powered, standalone recorders or devices that can switch to an alternate power source when required. E.g. data loggers that can also be battery powered.
7. Be Accurate
- Verify system inputs. For example, an environmental monitoring system requires regularly calibrated sensors.
- For networked systems, test that data are coming from the right location.
- Select systems that provide alarm messages in case of communication failure, device problems, or data tampering.
8. Archive Regularly
- Backup and save electronic data on a pre-set schedule and to a secure location, including metadata.
- Verify the retrieval of all of data during internal audits.
- Electronic archives should be validated, secured and maintained in a state of control throughout the data life cycle.
Author Biography: Piritta Maunu
Piritta Maunu has 15 years of experience in biotechnology, having worked in several quality management positions for FIT Biotech. Maunu holds a degree of M.Sc. (Cell Biology) and is certified to teach with a specialty in General Biology, both degrees from the University of Jyväskylä, Finland. In her role at Vaisala, she supports the sales department, assists the quality department with audits, creates educational content for life science customers, and provides application support to R&D teams creating solutions for monitoring critical environments.