ERES MANAGEMENT AND DATA INTEGRITY - ASQ...

ERES MANAGEMENT AND

DATA INTEGRITY

ASQ CHICAGO FEBURARY MEETING

10 FEB 2016

KRITI CHOPRA

© 2016 Kriti Chopra All Rights Reserved

EDUCATION

• B.S. Biochemistry & Molecular Biology - 2011

Michigan State University

• M.S. Biotechnology - 2013

Northwestern University

PROFESSIONAL EXPERIENCE

• Abbott Laboratories - Co-op (May 2010 – May 2011)

• Stepan Co.- Internship (Jun 2012 – Sep 2012)

• Abbvie - Co-op (Sep 2012 – Dec 2013)

• Hospira- Full-time (Jan 2014 – Sep 2015)

• Pfizer- Full-time (Sep 2015 – Present)


BACKGROUND

OUTLINE

• Key Concepts

• Paper vs Electronic Records

• Global Compliance Standards

• 21 CFR Part 11- Expectations, Experience and Pitfalls

• FDA 483s/Warning Letters

• Assuring Data Integrity – Work Arounds

• Data Lifecycle



DATA

• Data can be defined as facts • Data can exist in a variety of forms – as numbers or text on

paper or as bits and bytes in electronic form

This information can be contained in several formats, e.g.

• Paper Data • Electronic Data • Certified Copy • Duplicate Data


Any work-sheets, records, memoranda, notes, or exact copies thereof, that are the result of original observations and activities and which are necessary for the reconstruction and evaluation of a work project, process or study report, etc. Raw data may be hard/paper copy or electronic but must be known and defined in system procedures.

RAW DATA

META DATA – DATA ABOUT DATA

Meta data is data used in support of the generation of an electronic or other record, which does not become part of the final data set.

In this context, it may contain information about an electronic record to ensure a meaningful presentation of the information in human readable form or it may be required in order to generate a record in final form from the original data.

For example, the program executable file used to generate a GxP record would be considered metadata related to the generation of an electronic record, and is separate to the electronic record itself.


DATA INTEGRITY

“The extent to which all data are complete, consistent and accurate throughout the data lifecycle.”

• Data integrity arrangements must ensure that the accuracy, completeness, content and meaning of data is retained throughout the data lifecycle.

• Source: MHRA Data Integrity Definitions and Guidance March 2015


DATA INTEGRITY

“The degree to which a collection of data is complete, consistent and accurate.”

• Follow Good Documentation Practices

- A = Attributable

- L = Legible

- C = Contemporaneous

- O = Original or Certified Copy of Original

- A = Accurate

• Source: IEEE- FDA Glossary of Computer Systems Software Development Terminology


DATA INTEGRITY

Why is it important to ensure the integrity of data is not compromised?

• Patient safety must not be compromised

• It´s our legal obligation to report accurate and correct data

• The reputation of the company and it’s employees is at stake

How can we protect or assure the integrity of data?

• Training and awareness sessions

• Appropriate analytical and production controls (including security)

• Management controls and systems validation


ELECTRONIC RECORDS &

SIGNATURES 2

1 C

FR

P

AR

T 1

1

ELECTRONIC RECORD

Any combination of text, graphics, data, audio, pictorial or other

information representation in digital form that is created,

modified, maintained, archived, retrieved or distributed by a

computer system

Ref. §11.3 (b6), Preamble 41,42,43,44

21

C

FR

P

AR

T 1

1

ELECTRONIC SIGNATURE

A computer data compilation of any symbol or series of symbols

executed, adopted, or authorized by an individual to be the legally

binding equivalent of the individual’s handwritten signature

Ref. §11.3 (b7), Preamble 56


CLOSED

CLOSED VS OPEN SYSTEMS

Records are fully under Responsibility of the Firm

OPEN Responsibility of Records is

shared with Third Parts


Data Integrity applies to both paper and electronic records.

Both must follow Good Documentation Practices

- A=Attributable

- L=Legible

- C=Contemporaneous

- O=Original (or Certified copy of original)

- A=Accurate

PAPER VS. ELECTRONIC RECORDS


A= ATTRIBUTABLE

- Traceable to Unique Individual

Paper Records

• Initials/Hand Written Signatures

Electronic Records

• Log-on ID/Electronic Signatures



L= LEGIBLE

- Readable, Traceable Changes, Permanent

Paper Records

• No pencil

• No scribbling/no correction fluid

• Single line cross-out with initials, date and explanation

• Archive records

Electronic Records

• No over-writing

• No deletion

• No obscuring with annotation tools

• Ability to be saved

• Changes/Modifications captured in ‘audit trail’

• Backup & Archival




C= CONTEMPORANEOUS

- Activities must be recorded at the time they occur.

Paper Records

• No back-dating

• No pre-completion of information

• Record the Date (and Time if applicable to the activity)

Electronic Records

• Must be saved immediately once data is entered

• Lock access to Time/Date stamps (Workstation/Server Time service)

• Synchronize all Time/Date stamps to Certified Time Source



O= Original

- First capture of data (not transcribed data)

- Review and retain Original Record or Certified Copy of Original Record

A= Accurate

- Accuracy of data entered

- Best practice is to perform 200% verification of entered data.


GLOBAL COMPLIANCE STANDARDS


Annex 11

≈

Part 11 Guidance 21 CFR Part 11

+ +

Warning Letters

US 21 CFR Part 11 & EU GMP Annex 11 are the equivalent Global standards

CHINA CFDA Computer Rule (Draft)

BRASIL Anvisa Title VII: Computer information systems

CANADA Health PIC/S Annex 11: Computerized Systems


21 CFR PART 11 2

1 C

FR P

AR

T 1

1 The Rule sets forth the criteria under which the

agency considers electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper

Ref. § 11.1


PART 11 – PAST, PRESENT & FUTURE

1997 Part 11 Released

1999 – 2003 Enforcement according to the letters of the rule

2003 New interpretation according to new guidance (Scope and Applications)

2003 Announcement of the new Part 11

2003 – 2006 Enforcement stopped

2006 – 2010 Enforcement starts again

2010 – 2014 Special Part 11 Inspection Program • Series of inspections with evaluation of industry’s part 11 compliance and determine

industry’s interpretation of 21 CFR part 11 (2003 guidance) • Focus on critical items as found in previous inspections • Results to be used to determine next steps • Alternatives/considerations for next step - No change, New guidance, New part 11, Change

inspection’s focus and enforcement

On-going Focus on data integrity and security Data Integrity is the assurance that data records are accurate, complete, intact and maintained within their original context, including their relationship to other data records. This applies to data recorded in electronic, paper formats or a hybrid of both. Data Security means that the data is restricted to authorized personnel and monitored through the system’s software with its required log-on, security procedures, and audit trail. In addition, system software does not allow data manipulation without justification.


21 CFR PART 11 REQUIREMENTS

Heavy enforcement

• Limited access to systems and data (*)

• Authority checks (*)

• Binding signatures with records (*) - handwritten, electronic

• Electronic audit trail (*)

• Accurate and complete copies (*)

• Instant retrieval of data and meta data

• Computer system validation (*)

(*) also requirement of the EU Annex 11


Little or no enforcement

• Use of operational system checks

• Use of device checks

• Requirements related to electronic signatures

• Accountability of signatures

• Digital signatures for open systems

• Training/qualification of people (*)

(*) also requirement of the EU Annex 11

21 CFR PART 11 REQUIREMENTS


Observations Companies Cited

Electronic raw data not saved Trifarma Smruthi Canton Labs Sun Pharmaceuticals Apotex Smruthi Organics Ltd

Unauthorized user access levels Trifarma Usv Limited Sun Pharmaceuticals

Data manipulation without justification Trifarma Usv Limited Sun Pharmaceuticals

Data changed without audit trail Trifarma Smruthi Organics Ltd Sun Pharmaceuticals

No procedures for data backup Trifarma Usv Limited Sun Pharmaceuticals

FDA WARNING LETTERS/483S


PITFALLS

• No individual passwords causes repudiation problems

• Insufficient system security

• No electronic audit trail and audit trail not reviewed

• (Electronic) raw data not saved or lost

• No correlation between e-records and paper print-outs

• Missing procedures, e.g., access control

• No back-up of data

• No prevention of data deterioration during archiving

• No or inadequate computer system validation


• Records that are required to be maintained under predicate rule requirements and that are maintained in electronic format in place of paper format

What is Regulated ER ?

Rationale from the FDA Guidance for Industry

• Records that are required to be maintained under predicate rules, that are maintained in electronic format in addition to paper format, and that are relied on to perform regulated activities

• Records submitted to FDA, under predicate rules (even if such records are not specifically identified in Agency regulations) …

To implement part 11, first identify your records

• REGULATED vs. NON-REGULATED RECORDS

IDENTIFICATION OF RECORDS


COMPLIANCE ROAD MAP

•Who is Accountable from a regulatory perspective?

(Signature)

•Change Control

•Who did what, when

and why (Audit Trail)

•Link Raw Data and Result

•Prevent Data Alteration

•Access Control

•Authority Check

•Archiving

Security Integrity

Accountability Traceability


BENEFITS OF PART 11 COMPLIANCE

Backup & Central Repository

Audit Trail

Consistency

Standardization

Automation

Data Integrity & Security


HOW TO HANDLE NON-COMPLIANT

SYSTEMS?

e.g.: Use system LOG BOOK to keep trace of access and actions of operators (Paper Based Audit Trail)

e.g.: Include in the System Use SOP a documented check of input data before process execution against official paper document

Implement procedural measures allowing to consider the E-REC as «Not Regulated»

Keep-on Considering the E-REC as «Regulated» and implement work around to fulfill Part 11/Annex 11 Reqs


DATA LIFECYCLE

Key Fundamental Questions

1. What is “data” associated with our business processes?

2. What is “GMP data” for our business processes?

3. What is the source of “data”?

4. What impact does the source and the “data” have?

5. What is the “meta data” associated with my “data”?

6. How is the data collected?

7. How is the data recorded/processed?

8. Do we review data? What review practices are in place?

9. How is data reported?

10. What is the relevance of ensuring the integrity of this data?

11. Map your data flow for your business processes and identify areas of risk. List all controls in place for data and its metadata.


ADDITIONAL TRAINING

• Guidance on Identification and Preparation of Data

• Data Process Mapping and Data Lifecycle Management

• Data Integrity Audits – Pitfalls, Expectations & Experiences

• Assuring Electronic Data Integrity for Laboratory Systems

• Regulatory Authorities

• Validation Lifecycle Management

• Risk Management Lifecycle Approach

• Types of Quality Management Systems

• Best Practices for Computer System Validation (CSV) Methodology

• CSV Regulatory Pitfalls

• Best Practices for Spreadsheet Verification/Validation (CSV)

• Challenges with SSV and Key Takeaways

• Case Studies- Types of Spreadsheets and how to handle them

• Maintaining System/Spreadsheet Validated State


Kriti Chopra

Email

[email protected]

Phone

001-(517)-488-2117

LinkedIn

https://www.linkedin.com/in/kriti-chopra-

277a2921

mailto:[email protected]

https://www.linkedin.com/in/kriti-chopra-277a2921





ERES MANAGEMENT AND DATA INTEGRITY - ASQ...

Documents

Transcript of ERES MANAGEMENT AND DATA INTEGRITY - ASQ...