Pharmaceutical Technology - March 2021

Pharmaceutical Technology - Regulatory Sourcebook - March 2021

Issue link:

Contents of this Issue


Page 49 of 61

50 Pharmaceutical Technology REGULATORY SOURCEBOOK MARCH 2021 P h a r mTe c h . c o m Any steps taken to mitigate a data-integrity risk should be assessed to determine its appropriateness in the context of the criticality of the gap between desired and actual practice. The UK's Medicines and Healthcare products Regulatory Agency defines critical risks as those that would potentially allow data or metadata to be "deleted, amended or excluded without authorization" (2). FDA's guidance echoes this emphasis, high- lighting the importance of data integrity throughout the CGMP data life cycle, from creation, through modification, processing, maintenance, archival, and on through retrieval, transmission, and disposition after the period required for data retention ends (3). A risk-assessment tool (Figure 1) developed by the GMP Working Group features sections for system control and ac- cess; data protection, controls, and regulatory compliance; audit trails, metadata, and data review; archival, retrieval, back-up, disaster recovery, and contingency plans; and elec- tronic signatures (4). The tool, which consists of a summary followed by a tab- ular presentation, provides a check list to achieve harmoni- zation in how data integrity evaluation is performed within and across pharmaceutical industry. It also helps ensure facilities can demonstrate compliance during inspections. The entire tool—or selected sections—can be used by pharmaceutical firms to evaluate instrument/software sys- tems prior to purchasing, or by vendors to understand the expectations of pharmaceutical companies. This evaluation should consider any mitigations and interim actions iden- tified in the risk assessment. The tool also may be useful in managing third-party laboratories and vendors that service equipment and in drafting technical quality agreements with these organizations. Modernization US GLP regulations In August 2016, FDA published proposed amendments to regu- lations for GLPs for nonclinical laboratory studies; the stated pur- pose was to build quality into planning, conducting, and reporting a nonclinical laboratory study and to help ensure data quality and integrity (5). A GLP Working Group (WG) was formed from IQ member companies to evaluate FDA's proposed changes, an effort that aligns with the organization's strategic objectives to proac- tively build consensus with global regulators on issues and opportunities to advance innovation and quality in phar- maceutical development. The goal of the Quality LG's work in responding to the proposed GLP changes was to provide broad industry perspective from member companies to FDA to reduce any regulatory burden that may stif le innovation in the pharmaceutical industry. After several months of evaluation of the proposed changes, the GLP WG concluded the proposed rule imposed undue burden and complexity upon the pharmaceutical industry and encouraged FDA to work in collaboration with industry to develop a new proposed rule. Some changes proposed by FDA were positive, including refined definitions; removing requirement to retain empty test article containers; clarify- ing ownership of the master schedule; quality assurance unit (QAU) access to protocols rather than maintaining a copy; data integrity; definition of raw data, specifically defining signed and dated pathology report as raw data; and archiving all study material no later than two weeks after the close of the study. Another positive addition was the inclusion of attributes of Organization for Economic Co-operation and Development principals in support of conduct of multi-site studies conducted at contract research organizations. Challenges with proposed regulations The IQ GLP WG evaluation of proposed changes found five significant challenges. Significant increase in administrative burden. The following were determined by the WG to be significantly underesti- mated or not considered: • Requirements related to standard operating procedure (SOP) development Quality Collaboration Summary Click here to enter text. # Questions Responses Comments, mitigation of risk Yes No N/A Guidance System control and access 1.1 Is Access to the system via individual login credentials made up of a combination of a unique user id and user generated password? ☐ ☐ ☐ Use of generic passwords (when absolutely necessary) should be procedurally controlled. Click here to enter text. 1.2 Are any non-person system accounts (generic accounts), such as those shipped with the system, or service accounts, disabled? ☐ ☐ ☐ Accounts should be turned off, disabled, or have access revoked if determined to be unnecessary for system operations. If such accounts should be used to run the application, then procedure should specify that activities performed under such account are traceable to the individual who performed the activities in an automated manner. Click here to enter text. Figure 1. Excerpt from the data integrity tool. FIGURE COURTESY OF THE AUTHORS.

Articles in this issue

Links on this page

Archives of this issue

view archives of Pharmaceutical Technology - March 2021 - Pharmaceutical Technology - Regulatory Sourcebook - March 2021