Issue link: https://www.e-digitaleditions.com/i/1394390
www.biopharminternational.com July 2021 BioPharm International eBook 19 unless otherwise def ined/agreed upon with the sponsor. • Timing ex pectations for data retrievabilit y should be clearly described in the written agreement. • The written agreement should define who is responsible for back- up and archiving features. Any incidents with or changes to data archival, backup, or restoration should be clearly documented in accordance with appropriate pro- cedures and reported to the spon- sor within an agreed time period. • The written agreement should include expectations on confiden- tiality of all disclosed information. The written agreement should define who in the vendor organi- zation has access to sponsor data. • The w ritten agreement should define the requirements for data r e v ie w. T h i s s ho u ld i nc lu d e review against ALCOA + prin- ciples (e.g., metadata such as audit trails, where applicable) and sys- tem-level reviews. • Any vendors using cloud service providers should be assessed to ensure infrastructure controls are in place, including infrastructure and services for change control, system backup/restore, and data archiving processes. Additional considerations for data generated during instru- ment calibration, qualification, repair, and troubleshooting (can be Scenario A, B or C) Data integrity controls for analytical instruments and equipment may be challenged during internal or regula- tory authority audits and inspections. It is a regulator y expectation (1– 4) that the integrity of supporting instru- ment data is robust and that risks to these data have been adequately mit- igated. Some examples where data integrity controls (including appropri- ate change control) are needed include calibration and qualif ication of raw data, control of standards (e.g., refer- ence standards, external calibrated test probes, etc.) used during calibration, and management of internal and ven- dor documentation. T h e r e a r e s e v e r a l a s p e c t s o f the data lifecycle needed to under- write the accuracy of analytical data. Requ irements inc lude demonst ra- tion that an instrument can produce accurate results and is under adequate system controls. Adequate system con- trols relate to documented procedures that support initial qualification, peri- odic ca libration and maintenance, instrument repair and troubleshooting (including change control), and peri- odic review of the calibration/qualifi- cation status of the instrument. Analytical instrument qualification and/or initial calibration is critical to ensure data generated on an instru- ment is accurate (A LCOA). Data generated using systems other than the one under qualif ication or cali- bration (e.g., a thermocouple used to calibrate a chromatography column heater) should be subject to the same controls as other data. In a scenario where initial validation/qualif ication is performed prior to mitigation of data integrity concerns, consideration shou ld be g iven to potentia l data integrit y concerns of the qualif ica- tion testing. In general, data gener- ated during calibration, qualification/ validation, or maintenance activities should comply with all the forego- ing requirements. However, there may be scenarios where data are generated outside of the normal workf low. In these cases, deviations from the nor- mal workf low should be evaluated for risk and documented appropriately, particularly for risks that may impact the attributability or accuracy of the resultant data. CONCLUSION While all three scenarios, as well as many permutations of them, are pos- sible and may be managed, Scenarios A (vendor-generated data on sponsor instruments using IT infrastructure of the sponsor) and C (vendor-generated data stored on the IT infrastructure of the vendor) are strongly preferred from a compliance and risk perspec- tive. If Scenario B (vendor-generated data on sponsor instruments using the IT infrastructure of the sponsor and non-standard processes) is employed, a risk assessment and mitigation strat- eg y should be considered to ensure compl ia nce w it h A LCOA pr inci- ples. In any case, the considerations described in this article should be evaluated to achieve compliance. ACKNOWLEDGEMENTS This manuscript was developed with t he s up p or t of t he I nte r n at ion a l C o n s o r t i u m f o r I n n o v a t i o n a n d Q u a l i t y i n P h a r m a c e u t i c a l D e v e l o p m e n t ( I Q , w w w. i q c o n - sortium.org). IQ is a not-for-prof it organization of pharmaceutical and biot e c h nolo g y c omp a n ie s w it h a m ission of adv a nc ing sc ience a nd technology to augment the capabil- ity of member companies to develop transformational solutions that ben- ef it pat ient s , reg u l ator s , a nd t he broader resea rch and development community. REFERENCES 1. MHRA, 'GXP' Data Integrity Guidance and Definitions (London, UK, March 2018). 2. FDA, Guidance for Industry: Data Integrity and Compliance With Drug CGMP Questions and Answers (Rockville, MD, December 2018). 3. World Health Organization, Guideline on Data Integrity (Geneva, Switzerland, October 2019). 4. Pharmaceutical Inspection Convention Pharmaceutical Inspection Co-operation Scheme, Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (Geneva, Switzerland, November 2018). BP Biopharmaceutical Analysis Data Integrity