As the pharmaceutical industry started switching their validation process to computerised systems in the 90's, regulatory directives required to adapt and prepare this transition. However, industries needed to ensure the maintenance in compliance of the documentation, while adapting themselves to this new system whose mechanics, required skills but also risks were unknown. Today, as the transition is still ongoing, guidelines and systems still may vary from an industry to another, regarding their needs and capacities.
By essence, the objective of the cGMPs is to ensure that the medicines produced are of consistent high quality, appropriate for their intended use, and meet the requirements of the marketing or clinical trial authorization.
Data integrity, often abbreviated as DI, is the degree to which data is complete, consistent, accurate, trustworthy and reliable and that these characteristics of the data are maintained throughout the data life cycle. The integrity of data can only be guaranteed if it is securely gathered, stored and archived throughout its lifecycle in such a way that it satisfies the ALCOA+ principles. The ALCOA+ principles (ALCOA: Attributable, Legible, Contemporaneous, Original and Accurate; +: Complete, Consistent, Enduring and Available) applied to data ensure that the right decision can be made with regards to release of medicine batches to the public, based on data that has not been altered in any manner. In that regards, Data Integrity principles are a fundamental concept that underpin the cGMPs.
Compliance in computerised systems
Data Integrity has always been a regulatory requirement through the application of Good Documentation Practices (GDocP) when filling in paper-based documentation. With technological advancement, the use of computerised systems generating electronic data became widespread, but the same principles of maintaining data integrity should be fulfilled regardless of the complexity of the system. These principles are described in regulations (21 CFR part 11, EudraLex Vol 4 Annex 11) and guidance documents (PIC/S PI041-1, WHO TRS 966 (2016), FDA GFI, ...). Some new considerations to be taken into account in such systems are electronic signatures, security of the stored data, audit trails and their review, configuration, access and password controls among others.
Ellion has assembled an expertise pole in Computerised System Validation and Data Integrity (CSV/DI) built up from the wealth of experience brought by its experts nest. Together, they defined a framework solution to help companies to perform a data integrity assessment of their computerised systems and propose appropriate control strategies where data integrity cannot be guaranteed. This solution is declined in different steps:
Define priority groups based on the complexity of computerised systems and the use and criticality of the data generated.
Perform global and individual assessments as follow, on the basis of the requirements described in regulations and guidance: > Perform a global risk assessment of the procedural environment surrounding the computerised systems in order to ensure compliance for future acquired system. > Perform a data integrity assessment of each existing system using a detailed questionnaire aimed at identifying any gaps.
Perform risk analysis of the detected data integrity gaps using Quality Risk Management principles.
Define an appropriate remediation plan as well as appropriate mitigations if required, pending the implementation of remediations.
Define the review strategy for critical electronic data such as audit trails (as opposed to the review of paper-based printouts).
Coach local teams to instil the data integrity mindset and transfer know-how internally.