Most
companies have experienced being audited and, where necessary, “defending” the
work carried out in their analytical laboratories during audits. Historically,
laboratories have tended to provide information about the validation of their
methods and procedures, the qualification and suitability of their analytical
equipment, and information about training of their laboratory staff as
justification for the validity of the analytical results.
Nonetheless, the focus on data integrity by FDA, the United
Kingdom Medicines and Healthcare Products Regulatory Agency (MHRA), and other
regulatory bodies during audits may mean that historical approaches to
laboratory audit preparation and audit “defense” is simply not enough. In a
data integrity-focused audit, the emphasis has moved away from providing
information based on technical justification and scientific rationale towards
providing evidence that the analytical results are not fraudulent. This is almost
a “guilty until proven innocent” approach and can be very different to
historical audits. For any laboratories that are not prepared for this change,
the audit will at best be “uncomfortable” and at worst may present a potential
high risk to the organization.
Common Data Integrity Issues Found in Laboratories
Audit Trails – For electronic data acquisition systems, audit
trails are not available or are not enabled; therefore, there is no record of
data modifications or deletions. Neither any interim control are in place for
monitoring the changes.
Unique User Logins – Each user should have a unique username and
password for both the analytical software and the operating system. This is
essential for tracing work performed to a unique individual, and is critical
for Good Manufacturing Practice (GMP) compliance and data integrity.
User Privilege Levels – Each data acquisition system should have
defined user levels based on the role the user will have in the system.
Examples of common user levels include analyst, supervisor, manager and
administrator. Privileges assigned to each level should be clearly defined and
commensurate with the requirements for each user type.
Unofficial “Test” Injections – Some firms have been cited for injecting
samples prior to beginning an official sequence. This practice results in
essentially generating data for products, but not reporting the data. This
practice is called selective reporting.
Control Over Processing Methods
– Use of high
performance liquid chromatography (HPLC) processing methods (including
integration parameters) that are not defined or controlled. This includes the
practice of manual integration without justification or approval, and
processing injections in the same sequence with different processing methods
and integration parameters. Alteration in integration parameters so results
appears to be passing whereas actual results are not passing to avoid OOS, Out
of Trend (OOT) or investigation.
Control Over Electronic Systems
– Failure to establish
adequate controls over computer systems to prevent unauthorized access or
changes to electronic data. This can include failure to have mechanisms to
prevent unauthorized user access to the system, and ability to rename, move,
delete or not save file results.
Falsification of data - Recording fewer contaminants from a sample to ensure that the
result meets the specification is a simple data integrity problem.
Incomplete data- In some cases the laboratory report may be
incomplete or not legible. Improper mention of unit or unclear writing or
mis-print.
Common Data Integrity Issues Found in Microbiological Laboratories
Traditionally,
microbiological laboratories have relied on manual testing and recording
operations, which opens the door to significant issues with data integrity.
The
issues observed often relate to the
• Falsification of data; for example,
recording fewer contaminants from a sample to ensure that the result meets the
specification is a simple data integrity problem. How can a manufacturer be
sure that company or contract laboratories are not guilty of falsification of
data? Reviewing data trends can provide useful indicators
• Purified water systems with no
microbial excursions or clean rooms with no environmental monitoring excursions
are simple triggers that should prompt further investigation. If it looks too
good to be true, it may well be!
• Spot checks of samples against the
recorded results can also provide a good bench marking indicator of whether
there should be any concern regarding the integrity of recorded data.
• Microbiological samples are often read
and then rapidly discarded, so it is sometimes difficult to obtain evidence of
falsification. Physical spot checks of samples in the incubator can be a
powerful technique; if, for instance, physical spot checks identify the “first
four purified water excursions ever” to be found on a site, it is likely these
are not the first excursions.
• Microbiological data patterns can also
identify data integrity and falsification with a simple review of the data. For
example, media growth promotion results can yield interesting patterns; there
have been instances where only even.
User Privilege Levels
Each data acquisition system should have defined
user levels based on the role the user will have in the system. Examples of
common user levels include analyst, supervisor, manager and administrator.
Privileges assigned to each level should be clearly defined and commensurate
with the requirements for each user type. Examples of privileges include the
ability to create methods, modify integration parameters, reprocess data and
modify data.
Unofficial “Test” Injections
Some firms have been cited for injecting samples
prior to beginning an official sequence. This practice results in essentially
generating data for products, but not reporting the data.
Control Over Processing Methods
Use of high performance liquid chromatography
(HPLC) processing methods (including integration parameters) that are not
defined or controlled. This includes the practice of manual integration without justification or approval, and processing injections in the same
sequence with different processing methods and integration parameters. Another
example of this practice includes processing standards that are used for quantitative of samples with different processing methods (integration
parameters) without justification provided.
Control Over Electronic Systems
Failure to establish adequate controls over
computer systems to prevent unauthorized access or changes to electronic data.
This can include failure to have mechanisms to prevent unauthorized user access
to the system, and ability to rename, move, delete or not save file results.
Mechanisms should be in place to ensure that files cannot be accessed outside
the analytical software (e.g. via the operating system) and edited, moved,
renamed or deleted.
Overall,
the crucial component to any data integrity review is to ensure that data is
recorded exactly as intended and, upon later retrieval, ensure that the data is
the same as it was when it was originally recorded. In short, data integrity
aims to prevent unintentional changes to information, eliminating the potential
for significant data integrity errors occurring in the pharmaceutical
manufacturing process.
No comments:
Post a Comment