www.biopharminternational.com March 2021 eBook BioPharm International 37
drug products. Over the past seven
years, FDA inspec tion repor t s have
revealed a pattern of repeated failure
of facilities to follow data-integrity
requirements established in cur-
rent good manufacturing practice
(CGMP) predicate rules, regulations
in 21 Code of Federal Regulations
(CFR) 211, and other international
regulations (1).
The number of cited data integ-
rity infractions indicated that bio/
pharma facilities lacked a risk-assess-
ment tool to that could be used to
ensure consistency when evaluat-
ing standalone R&D data-acquisition
and processing software (1).
Any steps taken to mitigate a
data-integrity risk should be assessed
to determine its appropriateness in
the context of the criticality of the
gap between desired and actual prac-
tice. The UK's Medicines and Healthcare
products Regulatory Agency defines crit-
ical risks as those that would poten-
tially allow data or metadata to
be "deleted, amended or excluded
without authorization" (2). FDA's
guidance echoes this emphasis, high-
lighting the importance of data
integrity throughout the CGMP data
life cycle, from creation, through
modification, processing, main-
tenance, archival, and on through
retrieval, transmission, and dispo-
sition after the period required for
data retention ends (3).
A risk-assessment tool (Figure 1)
developed by the GMP Working
Group features sections for system
control and access; data protection,
controls, and regulatory compli-
ance; audit trails, metadata, and data
review; archival, retrieval, back-up,
disaster recovery, and contingency
plans; and electronic signatures (4).
The tool, which consists of a
summary followed by a tabular pre-
sentation, provides a check list to
achieve harmonization in how data
integrity evaluation is performed
within and across pharmaceutical
industry. It also helps ensure facil-
ities can demonstrate compliance
during inspections.
The entire tool—or selected sec-
tions—can be used by pharmaceu-
tical firms to evaluate instrument/
software systems prior to purchas-
ing, or by vendors to understand
the expectations of pharmaceutical
companies. This evaluation should
consider any mitigations and interim
actions identified in the risk assess-
ment. The tool also may be useful in
managing third-party laboratories
and vendors that service equipment
and in drafting technical quality
agreements with these organizations.
MODERNIZATION OF
US GLP REGULATIONS
In August 2016, FDA published pro-
posed amendments to regulations for
GLPs for nonclinical laboratory studies;
the stated purpose was to build qual-
ity into planning, conducting, and
reporting a nonclinical laboratory
study and to help ensure data quality
and integrity (5).
A GLP Working Group (WG) was
formed from IQ member compa-
nies to evaluate FDA's proposed
changes, an effort that aligns with
the organization's strategic objec-
tives to proactively build consensus
with global regulators on issues and
opportunities to advance innova-
tion and quality in pharmaceuti-
cal development. The goal of the
Quality LG's work in responding to
the proposed GLP changes was to
provide broad industry perspective
from member companies to FDA to
reduce any regulatory burden that
may stifle innovation in the phar-
maceutical industry.
After several months of evalua-
tion of the proposed changes, the
GLP WG concluded the proposed
rule imposed undue burden and
complexity upon the pharmaceuti-
cal industry and encouraged FDA to
work in collaboration with indus-
try to develop a new proposed rule.
Some changes proposed by FDA
were positive, including refined defi-
nitions; removing requirement to
retain empty test article containers;
clarifying ownership of the mas-
ter schedule; quality assurance unit
(QAU) access to protocols rather
than maintaining a copy; data
integrity; definition of raw data,
specifically defining signed and
dated pathology report as raw data;
and archiving all study material
no later than two weeks after the
close of the study. Another positive
addition was the inclusion of attri-
butes of Organization for Economic
Co-operation and Development
principals in support of conduct of
multi-site studies conducted at con-
tract research organizations.
CHALLENGES WITH
PROPOSED REGULATIONS
The IQ GLP WG evaluation of pro-
posed changes found five signifi-
cant challenges.
Significant increase in administra-
tive burden. T he follow ing were
determined by the WG to be sig-
Regulatory Sourcebook Quality Collaboration
Figure 1. Excerpt from the data integrity tool.
Summary Click here to enter text.
# Questions Responses Comments,
mitigation of risk
Yes No N/A Guidance
System control and access
1.1 Is Access to the system via individual login
credentials made up of a combination of a
unique user id and user generated
password?
☐ ☐ ☐
Use of generic passwords (when
absolutely necessary) should be
procedurally controlled.
Click here to enter
text.
1.2 Are any non-person system accounts
(generic accounts), such as those shipped
with the system, or service accounts,
disabled?
☐ ☐ ☐
Accounts should be turned off, disabled,
or have access revoked if determined to
be unnecessary for system operations.
If such accounts should be used to run
the application, then procedure should
specify that activities performed under
such account are traceable to the
individual who performed the activities
in an automated manner.
Click here to enter
text.
FIGURE
COURTESY
OF
THE
AUTHORS.