The European Medicines Agency (EMA) and the Pharmaceutical Inspection Co-operation Scheme (PIC/S) on Thursday released new draft guidance and a question and answer document to help ensure that data integrity is maintained during the process of testing, manufacturing, packaging, distributing and monitoring medicines.
The 44-page PIC/S draft guidance, known as “Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments,” is focused on providing industry with “consolidated, illustrative guidance on risk-based control strategies” for data integrity and reliability as described in PIC/S Guides for GMP and GDP.
The release of the EMA and PIC/S guidance follows the US Food and Drug Administration’s (FDA) release of draft guidance on data integrity in GMP manufacturing in April.
The 13-page guidance includes 18 questions and answers on data integrity, alongside well-defined terms on data as they relate to cGMP records, as well as recommendations on when workflows on computer systems need to be validated, and how to ensure electronic master production and control records (MPCR) are monitored and can only be used by authorized personnel.
The release of the guidance follows an increase in the number of concerns over data manipulation and other data integrity questions in manufacturing facilities based in India, China and elsewhere.
The new draft guidance document from PIC/S, which will be applied on a six-month trial basis by the 49 PIC/S participating authorities, defines and deals with:
- Data governance systems
- Organizational influences on successful data integrity management
- Specific data integrity principles and enablers
- Data integrity considerations for paper-based and computerized systems
- Integrity considerations for outsourced activities
- Regulatory actions in response to data integrity findings
“Management should aim to create a work environment (ie. quality culture) that is transparent and open, one in which personnel are encouraged to freely communicate failures and mistakes, including potential data reliability issues, so that corrective and preventative actions can be taken,” the draft reads.
The draft also details the various deficiencies linked to data integrity failures that may have varying impacts on product quality:
Impact to product with risk to patient health:
- Critical deficiency: Product failing to meet specification at release or within shelf life. Reporting of a “desired” result rather than an actual out of specification result when reporting of quality control (QC) tests, critical product or process parameters.
Impact to product with no risk to patient health:
- Major deficiency: Data being misreported (e.g. original results “in specification,” but altered to give a more favorable trend). Reporting of a “desired” result rather than an actual out of specification result when reporting of data which does not relate to QC tests, critical product or process parameters. Failures arising from poorly designed data capture systems (e.g. using scraps of paper to record information for later transcription)
No impact to product; evidence of widespread failure:
- Major deficiency: Bad practices and poorly designed systems which may result in opportunities for data integrity issues or loss of traceability across a number of functional areas (quality assurance, production, QC etc), though individually, each violation "has no direct impact to product quality"
No impact to product; limited evidence of failure:
- Other deficiency: "Bad practice or poorly designed system which results in opportunities for data integrity issues or loss of traceability in a discrete area. Limited failure in an otherwise acceptable system"
In addition to the draft guidance, EMA released 23 questions and answers on data integrity, which were developed by EMA’s GMP / Good Distribution Practice (GDP) Inspectors Working Group.
The stakeholder advice includes measures that ensure data integrity and minimize risks at all stages of the data lifecycle in pharmaceutical quality systems. The advice applies to both paper-based and electronic systems and specifically addresses:
- Assessment of risks to data integrity in the collection, processing and storage of data
- Risk management measures at various stages of the “data lifecycle”
- Design and control of both electronic and paper-based documentation systems
- Measures to ensure data integrity for activities contracted out to another company.
EMA notes that the Q&A document should be read in conjunction with national guidance, medicines legislation and the GMP standards published in Eudralex volume 4.