Issue link: https://www.e-digitaleditions.com/i/1394390
16 BioPharm International eBook July 2021 www.biopharminternational.com personnel, hereafter referred to as the sponsor, or by vendors. The authors will refer to vendor-generated data, whether generated using the sponsor's instrumentation or the vendor's own instrumentation, as "outsourced data". A lthough data generated during rout ine test ing may employ wel l- established processes that ensure data integ r it y, because pha r maceut ica l companies deal with many vendors a s w e l l a s i n-ho u s e s up p or t for instrument support, the maintenance/ c a l i br at ion /q u a l i f ic at ion p r o c e s s m ay b e f u l l y p ap e r b a s e d , f u l l y paperless, or a combination of both (i.e., hybrid documentation). As such, the approaches taken to ensure data integrity during these activities may vary and should be assessed on a case- by-case basis. In addition, the possible modes of remediation may evolve as instrument manufacturers and testing/ ma intena nce vendors evolve t hei r approaches and capabilities. Within this article, data are defined as electronic and /or paper records generated during GxP testing (e.g., release or stability testing) as well as during analytical instrument calibra- tion and /or qualif ication activities. Outsourced (or third-party) data are data generated on qualified/validated instr uments by outside personnel. These include: • Data generated by vendors when visiting a sponsor site and generat- ing electronic and/or paper records that are created and saved outside of the sponsor's network and sup- port regulated activities (e.g., lot release, clinical stability, etc.) • D at a t h at s upp or t re g u l ate d activities generated by a vendor other than at the sponsor site; these data include electronic and/ or paper records • Data generated by secondary ven- dors contracted by a primary ven- dor, which may include electronic and/or paper records (e.g., in the case of hybrid systems). All expectations should be clearly described in the written agreement (e.g., maintenance contract, qualit y agreement) in any of these situations. Data should be attributable, leg- ible, contemporaneously recorded, origina l or a tr ue copy, and accu- rate (ALCOA). Data management, retention, and archiving should be managed based on documented risk, including the format of the data. If electronic, dynamic data are available, these data or a complete, certified true copy thereof should be maintained. D y na mic data a re for mat ted to a l low for interact ion bet ween t he user and the record content. With dy namic data, a user may be able to reprocess using different param- eter s or mo d i f y for mu l a s /ent r ie s that w ill a lter a ca lculation result. If it is not possible to maintain the electronic, dy namic data record, a complete static representation of all data including metadata, audit trails, etc., must be maintained. Static data (data that are f ixed and allow little or no interaction bet ween the user and the record content) may allow for a more streamlined approach than that required for dynamic data. For instance, because there is no need to monitor changes in data process- ing or in reported results, in many cases it may be appropriate for the third-party to supply only a printed or static electronic report (e.g., a PDF f ile) of the reported data for archive and retent ion. For data t hat were generated in static format, a static archived representation is appropri- ate if it is a true copy (including all relevant metadata) of the data. In all cases, the original data must be com- pletely reconstructable. The various scenarios under which outsourced data may be generated and managed are summarized in Table I and are further discussed in the fol- lowing scenarios. In each case, key requirements and points to be consid- ered are given. For all three scenarios, the vendor should be approved by the sponsor and there should be an agree- ment in place for services provided. The necessar y details of the agree- ment vary depending on the service provided and the scenario. OUTSOURCED DATA SCENARIOS Scenario A: Vendor-generated data on sponsor instruments using the information technology (IT) infrastructure of the sponsor In cases where data a re acqu i red and stored by the vendor through t he sponsor's sta nda rd work f low s a nd on t he sp onsor 's tec h nolog y infrastructure, the sponsor's standard data integrity policies and procedures shou ld apply. T he a c c ou nt s a nd roles utilized by the vendor should be unique and conf igured to ensure attributability and be specif ic to the work being performed. The sponsor s h o u l d e n s u r e t h a t t h e v e n d o r possesses the appropriate tra ining requ i red for acce ss p er sponsor 's a p p l ic a bl e s t a n d a r d s a n d r e t a i n documentation of this assurance. Scenario B: Vendor-generated data on sponsor instruments using the IT infrastruc ture of the sponsor and non-standard processes This scenario pertains to situations w he r e t he i n s t r u me nt h a rd w a r e , f i r m w a r e , o r s o f t w a r e i s b e i n g a c c e s s e d o r u t i l i z e d i n a n o n - rout ine ma n ner (d i f ferent t ha n it wou ld t y pica l ly be used to col lect Biopharmaceutical Analysis Data Integrity Data management, retention, and archiving should be managed based on documented risk.