Data Integrity in cGMP Drug Manufacturing: FDA Offers New Draft Guidance

The recent influx of concerns over data manipulation and other data integrity questions in India, China and elsewhere has pushed the US Food and Drug Administration (FDA) to put out new draft guidance on Thursday to help the pharmaceutical industry ensure data is consistent and accurate.
The guidance includes 18 questions and answers on data integrity, alongside well-defined terms on data as they relate to current good manufacturing practice (cGMP) records, as well as recommendations on when workflows on computer systems need to be validated, and how to ensure electronic master production and control records (MPCR) are monitored and can only be used by authorized personnel.
“FDA expects that data be reliable and accurate. cGMP regulations and guidance allow for flexible and risk-based strategies to prevent and detect data integrity issues. Firms should implement meaningful and effective strategies to manage their data integrity risks based upon their process understanding and knowledge management of technologies and business models,” the guidance says.
Data integrity issues have been well documented in India, where at least 15 companies have been hit with warning letters over data credibility concerns since May 2013. In some of the most egregious cases, companies have overwritten data collected by software or deleted pertinent data. The European Medicines Agency and the World Health Organization have both reprimanded Indian manufacturers over data integrity problems, as well.
Similarly in China, FDA inspectors have uncovered instances where “sample raw data file names are altered in an attempt to hide deleted data files.” Companies in China are often banned from shipping drugs to the US because of such cGMP concerns.
Guidance Details
At the outset of the guidance, FDA defines data integrity as “the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate.”
Electronic data generated to fulfill cGMP requirements, which is one of the focal points of many of FDA’s warning letters, should include relevant metadata, according to the 13-page guidance, which defines metadata as “the contextual information required to understand data.”
FDA also makes clear that there must be a good reason why certain data exclusions are made and raises concerns about shared logins to computer systems, which have also been documented in warning letters.
“To exclude data from the release criteria decision-making process, there must be a valid, documented, scientific justification for its exclusion,” the guidance notes.
And even if companies are still using paper-based records, the requirements for record retention and review do not differ, FDA says.
As far as audit trails, which FDA defines as “a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record,” the agency says the trails should capture changes to critical data and be reviewed with each record and before final approval of the record. Audit trails subject to regular review should include, but are not limited to: “the change history of finished product test results, changes to sample run sequences, changes to sample identification, and changes to critical process parameters.”