Ib Alstrup, Danish Medicines Agency, DMA, Copenhagen, Denmark
Bob McDowall, R.D. McDowall Ltd.
Yves Samson, Kereon AG
Dr Wolfgang Schumacher, formerly F. Hoffmann-La Roche Ltd.
- You will get familiar with the current regulatory requirements on data integrity and how regulators refine these requirements
- You will get a deeper understanding what FDA and European inspectors expects from pharmaceutical companies in regard to Data Integrity
- You will learn how to implement the (new) regulatory requirements on Data Integrity into your Pharmaceutical Quality System
- You will learn how to prepare your company for an successful inspection in regard to Data Integrity
- You will understand how to establish an effective Data Governance system
- You will learn how to investigate Data Integrity issues in your company
Even Data Integrity is one of the basic GMP principles since years multiple Data Integrity citations were reported by FDA und European inspectors during the last 3 years. Many US Warning Letters and EU Non-Compliance Reports deal with serious Data Integrity violations. Data Integrity questions have been and will continue be the focus of many GMP inspections.
As a consequence international authorities – FDA, EMA, PIC/S, WHO, MHRA - published draft documents to describe the regulatory expectations of Data Integrity.
Although all guidelines are not intended to impose additional regulatory burden to the regulated companies, a lot of uncertainty predominates the pharmaceutical industry how to implement these requirements into the daily business.
The courses are directed at
- Managers and staff from Manufacturing, QC/QA and Analytical Development Laboratories of pharmaceutical companies
- Contract Research Organisation and Contract Manufacturing Organisation manufacturing, laboratory and QA personnel
- Auditors (internal and external) responsible for performing self-inspections or external audits and needing to understand and assess data integrity
Especially the Data Integrity Master Class course is directed to participants who have first experiences in Data Integrity, e.g. the ECA course “Data Integrity – Requirements for a GMP compliant Data Life Cycle.
Data Integrity in the pharmaceutical quality system / Data Governance
- EU GMP Requirements: Chapter 4, Annex 11
- Guidance Documents Overview (state of the art): GMDP Inspectors WG, Data Integrity Q&A, (PIC/S Good Practices for Data Management and Integrity in regulated GMP/GDP Environments), WHO, Annex 5 Guidance on Good Data and Record Management Practices, MHRA GxP Data Integrity Definitions and Guidance for Industry
- FDA, Data Integrity and Compliance with cGMP,
- “These Guides are not intended to impose additional regulatory burden upon regulated entities” Is This correct? Data Governance, Dynamic Data
Data flow analysis
- Which PQS elements need to be added or updated?
- The Data Integrity Program: Priorities (immediate/short/mid-term), Capacity, Timing
- Governance responsibilities
- Data governance vs. IT governance
- Elements of a data governance
- Embedding data governance into the PQS
Metrics for Data Integrity
- Objective and purpose
- Electronic data flow
- Complete data flow
- Identification of possible weaknesses
Control of Master Templates and Blank Forms
- Metrics in the context of a corporate data integrity programme
- Suggested metrics in the assessment phase
- Suggested metrics in the operational phase
- Why is control of master templates and blank forms important?
- Regulatory requirements from FDA, MHRA, WHO, EMA and PIC/S
- Devising and controlling the master template
- Operational use of the blank forms
- Do you really want to work this way?
Preparing your company for an Data Integrity inspection
- Basis for Inspections: “PIC/S Good Practices for Data Management and Integrity in regulated GMP/GDP Environments”
- Data Integrity Assessment during Inspection: Quality Control | Manufacturing
- Inspection Findings
Second Person Review
- How to present the DI status and future approach?
- Gap analysis
- Training program coverage
- Experience from FDA inspections – Hot Buttons
Facilitated discussion on Second Persons Review
Quality Culture for Data Integrity
- Regulatory and guidance document requirements for the second person review
- Role of the second person review
- Scope of the second person review
- Documenting the review for paper, hybrid and electronic systems
- Facilitated discussion on Second Person review
QA oversight for data integrity
- Regulatory expectations for a data integrity quality culture
- Role senior management in creating the culture
- Components of a quality culture
- Reinforcement of the culture
Vulnerability of Records
- Data integrity training
- Enforce data flows
- Internal inspection
- Audit of external organisations
Audit trail review
- What is record vulnerability?
- Protection and security of electronic records requirements
- What can go wrong? Scope of misfortunes that can impact records
- Assessment of record vulnerability and implementation of control measures
Options for Long Term Data Retention of Laboratory Data
- Regulatory Overview
- Essential Audit Trails in QA/QC/Manufacturing. Risk-based approach.
- What about legacy systems w/o Audit Trail?
- Who shall review Audit Trails? Documentation
- What process and documentation is appropriate in case of deviations/discrepancies?
Case study Data Migration
- Proprietary v open standards for laboratory data
- Options for long term retention: Keep original system, Virtualisation, Data migration
Cybersecurity / Cloud Computing / Time synchronisation
- Principles of data migration
- Design of the migration process
- Risk-based elaboration of the verification strategy – case study examples
Results of a Data integrity audit from a contract laboratory
- Cybersecurity securing data integrity
- Robust IT infrastructure
- Time synchronisation
- Qualification of time dissemination
Data Integrity Investigations
- Audit context
- Audit scope
- Root causes
Workshop on Data Integrity Investigations
- What are data integrity investigations?
- Human and technical triggers for DI investigations
- Who should investigate the problem?
- Process description and how to document a DI investigation
- Should we inform regulatory authorities?
Based on a case study, attendees will be presented with key facts and determine what an organisation should do to investigate a data integrity issue. At the end of the workshop, during the discussion of the team outputs there will be a comparison with the work performed in the case study.
Key Learning Points and Final Discussion
Workshop on Data Flow Analysis
Identification of data flow weaknesses and non-compliances
Workshop on QA Oversight for Data Integrity
Identification of QA oversight weaknesses
Workshop on Vulnerability of Records
Working in teams, the attendees will be presented with a scenario of a computerised system that generates electronic records. They will assess the record vulnerability and determine the controls to put in place to protect the records and ensure data integrity. Team outputs will be discussed with all participants.