ERES MANAGEMENT AND DATA INTEGRITY - ASQ...
-
Upload
trinhkhanh -
Category
Documents
-
view
222 -
download
4
Transcript of ERES MANAGEMENT AND DATA INTEGRITY - ASQ...
ERES MANAGEMENT AND
DATA INTEGRITY
ASQ CHICAGO FEBURARY MEETING
10 FEB 2016
KRITI CHOPRA
© 2016 Kriti Chopra All Rights Reserved
EDUCATION
• B.S. Biochemistry & Molecular Biology - 2011
Michigan State University
• M.S. Biotechnology - 2013
Northwestern University
PROFESSIONAL EXPERIENCE
• Abbott Laboratories - Co-op (May 2010 – May 2011)
• Stepan Co.- Internship (Jun 2012 – Sep 2012)
• Abbvie - Co-op (Sep 2012 – Dec 2013)
• Hospira- Full-time (Jan 2014 – Sep 2015)
• Pfizer- Full-time (Sep 2015 – Present)
© 2016 Kriti Chopra All Rights Reserved
BACKGROUND
OUTLINE
• Key Concepts
• Paper vs Electronic Records
• Global Compliance Standards
• 21 CFR Part 11- Expectations, Experience and Pitfalls
• FDA 483s/Warning Letters
• Assuring Data Integrity – Work Arounds
• Data Lifecycle
© 2016 Kriti Chopra All Rights Reserved
© 2016 Kriti Chopra All Rights Reserved
DATA
• Data can be defined as facts • Data can exist in a variety of forms – as numbers or text on
paper or as bits and bytes in electronic form
This information can be contained in several formats, e.g.
• Paper Data • Electronic Data • Certified Copy • Duplicate Data
© 2016 Kriti Chopra All Rights Reserved
Any work-sheets, records, memoranda, notes, or exact copies thereof, that are the result of original observations and activities and which are necessary for the reconstruction and evaluation of a work project, process or study report, etc. Raw data may be hard/paper copy or electronic but must be known and defined in system procedures.
RAW DATA
META DATA – DATA ABOUT DATA
Meta data is data used in support of the generation of an electronic or other record, which does not become part of the final data set.
In this context, it may contain information about an electronic record to ensure a meaningful presentation of the information in human readable form or it may be required in order to generate a record in final form from the original data.
For example, the program executable file used to generate a GxP record would be considered metadata related to the generation of an electronic record, and is separate to the electronic record itself.
© 2016 Kriti Chopra All Rights Reserved
DATA INTEGRITY
“The extent to which all data are complete, consistent and accurate throughout the data lifecycle.”
• Data integrity arrangements must ensure that the accuracy, completeness, content and meaning of data is retained throughout the data lifecycle.
• Source: MHRA Data Integrity Definitions and Guidance March 2015
© 2016 Kriti Chopra All Rights Reserved
DATA INTEGRITY
“The degree to which a collection of data is complete, consistent and accurate.”
• Follow Good Documentation Practices
- A = Attributable
- L = Legible
- C = Contemporaneous
- O = Original or Certified Copy of Original
- A = Accurate
• Source: IEEE- FDA Glossary of Computer Systems Software Development Terminology
© 2016 Kriti Chopra All Rights Reserved
DATA INTEGRITY
Why is it important to ensure the integrity of data is not compromised?
• Patient safety must not be compromised
• It´s our legal obligation to report accurate and correct data
• The reputation of the company and it’s employees is at stake
How can we protect or assure the integrity of data?
• Training and awareness sessions
• Appropriate analytical and production controls (including security)
• Management controls and systems validation
© 2016 Kriti Chopra All Rights Reserved
ELECTRONIC RECORDS &
SIGNATURES 2
1 C
FR
P
AR
T 1
1
ELECTRONIC RECORD
Any combination of text, graphics, data, audio, pictorial or other
information representation in digital form that is created,
modified, maintained, archived, retrieved or distributed by a
computer system
Ref. §11.3 (b6), Preamble 41,42,43,44
21
C
FR
P
AR
T 1
1
ELECTRONIC SIGNATURE
A computer data compilation of any symbol or series of symbols
executed, adopted, or authorized by an individual to be the legally
binding equivalent of the individual’s handwritten signature
Ref. §11.3 (b7), Preamble 56
© 2016 Kriti Chopra All Rights Reserved
CLOSED
CLOSED VS OPEN SYSTEMS
Records are fully under Responsibility of the Firm
OPEN Responsibility of Records is
shared with Third Parts
© 2016 Kriti Chopra All Rights Reserved
Data Integrity applies to both paper and electronic records.
Both must follow Good Documentation Practices
- A=Attributable
- L=Legible
- C=Contemporaneous
- O=Original (or Certified copy of original)
- A=Accurate
PAPER VS. ELECTRONIC RECORDS
© 2016 Kriti Chopra All Rights Reserved
A= ATTRIBUTABLE
- Traceable to Unique Individual
Paper Records
• Initials/Hand Written Signatures
Electronic Records
• Log-on ID/Electronic Signatures
PAPER VS. ELECTRONIC RECORDS
© 2016 Kriti Chopra All Rights Reserved
L= LEGIBLE
- Readable, Traceable Changes, Permanent
Paper Records
• No pencil
• No scribbling/no correction fluid
• Single line cross-out with initials, date and explanation
• Archive records
Electronic Records
• No over-writing
• No deletion
• No obscuring with annotation tools
• Ability to be saved
• Changes/Modifications captured in ‘audit trail’
• Backup & Archival
PAPER VS. ELECTRONIC RECORDS
© 2016 Kriti Chopra All Rights Reserved
PAPER VS. ELECTRONIC RECORDS
C= CONTEMPORANEOUS
- Activities must be recorded at the time they occur.
Paper Records
• No back-dating
• No pre-completion of information
• Record the Date (and Time if applicable to the activity)
Electronic Records
• Must be saved immediately once data is entered
• Lock access to Time/Date stamps (Workstation/Server Time service)
• Synchronize all Time/Date stamps to Certified Time Source
© 2016 Kriti Chopra All Rights Reserved
PAPER VS. ELECTRONIC RECORDS
O= Original
- First capture of data (not transcribed data)
- Review and retain Original Record or Certified Copy of Original Record
A= Accurate
- Accuracy of data entered
- Best practice is to perform 200% verification of entered data.
© 2016 Kriti Chopra All Rights Reserved
GLOBAL COMPLIANCE STANDARDS
© 2015 Kriti Chopra All Rights Reserved
Annex 11
≈
Part 11 Guidance 21 CFR Part 11
+ +
Warning Letters
US 21 CFR Part 11 & EU GMP Annex 11 are the equivalent Global standards
CHINA CFDA Computer Rule (Draft)
BRASIL Anvisa Title VII: Computer information systems
CANADA Health PIC/S Annex 11: Computerized Systems
© 2016 Kriti Chopra All Rights Reserved
21 CFR PART 11 2
1 C
FR P
AR
T 1
1 The Rule sets forth the criteria under which the
agency considers electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper
Ref. § 11.1
© 2016 Kriti Chopra All Rights Reserved
PART 11 – PAST, PRESENT & FUTURE
1997 Part 11 Released
1999 – 2003 Enforcement according to the letters of the rule
2003 New interpretation according to new guidance (Scope and Applications)
2003 Announcement of the new Part 11
2003 – 2006 Enforcement stopped
2006 – 2010 Enforcement starts again
2010 – 2014 Special Part 11 Inspection Program • Series of inspections with evaluation of industry’s part 11 compliance and determine
industry’s interpretation of 21 CFR part 11 (2003 guidance) • Focus on critical items as found in previous inspections • Results to be used to determine next steps • Alternatives/considerations for next step - No change, New guidance, New part 11, Change
inspection’s focus and enforcement
On-going Focus on data integrity and security Data Integrity is the assurance that data records are accurate, complete, intact and maintained within their original context, including their relationship to other data records. This applies to data recorded in electronic, paper formats or a hybrid of both. Data Security means that the data is restricted to authorized personnel and monitored through the system’s software with its required log-on, security procedures, and audit trail. In addition, system software does not allow data manipulation without justification.
© 2016 Kriti Chopra All Rights Reserved
21 CFR PART 11 REQUIREMENTS
Heavy enforcement
• Limited access to systems and data (*)
• Authority checks (*)
• Binding signatures with records (*) - handwritten, electronic
• Electronic audit trail (*)
• Accurate and complete copies (*)
• Instant retrieval of data and meta data
• Computer system validation (*)
(*) also requirement of the EU Annex 11
© 2016 Kriti Chopra All Rights Reserved
Little or no enforcement
• Use of operational system checks
• Use of device checks
• Requirements related to electronic signatures
• Accountability of signatures
• Digital signatures for open systems
• Training/qualification of people (*)
(*) also requirement of the EU Annex 11
21 CFR PART 11 REQUIREMENTS
© 2016 Kriti Chopra All Rights Reserved
Observations Companies Cited
Electronic raw data not saved Trifarma Smruthi Canton Labs Sun Pharmaceuticals Apotex Smruthi Organics Ltd
Unauthorized user access levels Trifarma Usv Limited Sun Pharmaceuticals
Data manipulation without justification Trifarma Usv Limited Sun Pharmaceuticals
Data changed without audit trail Trifarma Smruthi Organics Ltd Sun Pharmaceuticals
No procedures for data backup Trifarma Usv Limited Sun Pharmaceuticals
FDA WARNING LETTERS/483S
© 2016 Kriti Chopra All Rights Reserved
PITFALLS
• No individual passwords causes repudiation problems
• Insufficient system security
• No electronic audit trail and audit trail not reviewed
• (Electronic) raw data not saved or lost
• No correlation between e-records and paper print-outs
• Missing procedures, e.g., access control
• No back-up of data
• No prevention of data deterioration during archiving
• No or inadequate computer system validation
© 2016 Kriti Chopra All Rights Reserved
• Records that are required to be maintained under predicate rule requirements and that are maintained in electronic format in place of paper format
What is Regulated ER ?
Rationale from the FDA Guidance for Industry
• Records that are required to be maintained under predicate rules, that are maintained in electronic format in addition to paper format, and that are relied on to perform regulated activities
• Records submitted to FDA, under predicate rules (even if such records are not specifically identified in Agency regulations) …
To implement part 11, first identify your records
• REGULATED vs. NON-REGULATED RECORDS
IDENTIFICATION OF RECORDS
© 2016 Kriti Chopra All Rights Reserved
COMPLIANCE ROAD MAP
•Who is Accountable from a regulatory perspective?
(Signature)
•Change Control
•Who did what, when
and why (Audit Trail)
•Link Raw Data and Result
•Prevent Data Alteration
•Access Control
•Authority Check
•Archiving
Security Integrity
Accountability Traceability
© 2016 Kriti Chopra All Rights Reserved
BENEFITS OF PART 11 COMPLIANCE
Backup & Central Repository
Audit Trail
Consistency
Standardization
Automation
Data Integrity & Security
© 2016 Kriti Chopra All Rights Reserved
HOW TO HANDLE NON-COMPLIANT
SYSTEMS?
e.g.: Use system LOG BOOK to keep trace of access and actions of operators (Paper Based Audit Trail)
e.g.: Include in the System Use SOP a documented check of input data before process execution against official paper document
Implement procedural measures allowing to consider the E-REC as «Not Regulated»
Keep-on Considering the E-REC as «Regulated» and implement work around to fulfill Part 11/Annex 11 Reqs
© 2016 Kriti Chopra All Rights Reserved
DATA LIFECYCLE
Key Fundamental Questions
1. What is “data” associated with our business processes?
2. What is “GMP data” for our business processes?
3. What is the source of “data”?
4. What impact does the source and the “data” have?
5. What is the “meta data” associated with my “data”?
6. How is the data collected?
7. How is the data recorded/processed?
8. Do we review data? What review practices are in place?
9. How is data reported?
10. What is the relevance of ensuring the integrity of this data?
11. Map your data flow for your business processes and identify areas of risk. List all controls in place for data and its metadata.
© 2016 Kriti Chopra All Rights Reserved
ADDITIONAL TRAINING
• Guidance on Identification and Preparation of Data
• Data Process Mapping and Data Lifecycle Management
• Data Integrity Audits – Pitfalls, Expectations & Experiences
• Assuring Electronic Data Integrity for Laboratory Systems
• Regulatory Authorities
• Validation Lifecycle Management
• Risk Management Lifecycle Approach
• Types of Quality Management Systems
• Best Practices for Computer System Validation (CSV) Methodology
• CSV Regulatory Pitfalls
• Best Practices for Spreadsheet Verification/Validation (CSV)
• Challenges with SSV and Key Takeaways
• Case Studies- Types of Spreadsheets and how to handle them
• Maintaining System/Spreadsheet Validated State
© 2016 Kriti Chopra All Rights Reserved
Kriti Chopra
Phone
001-(517)-488-2117
https://www.linkedin.com/in/kriti-chopra-
277a2921