PDA is Tackling the Data Integrity Topic

Richard M. Johnson
President & CEO
Parenteral Drug Association (PDA)

Connecting People, Science & Regulation® Copyright @ PDA 2017 1

 Back to Basics!
• A basic principle of assuring the quality of
healthcare products is the review of data: by
industry of data from their partners, of
manufacturing and testing data by an independent
quality function, and of all of this data by regulators
who are responsible for monitoring the products for
the public.
• The accuracy and trustworthiness of the data, the
integrity of that data, must not be in question, or all
of the checks and balances, control measures, and
quality agreements will not be effective.

Connecting People, Science & Regulation® Copyright @ PDA 2017 2

 Key themes from PDA-FDA 2014
Brainstorming Meeting on Data Integrity

• Culture—quality and local -- issue is huge. Good quality culture can

counterbalance weak systems. Culture can influence understanding or
definition of “integrity”
• Data Integrity is a disease with a spectrum like cancer; proper diagnosis is
needed to identify appropriate treatments.
• Data Integrity is really a design issue. Fear or desire to make a batch pass
leads to DI problems. A lifecycle problem.
• All levels and parts of the organization need to understand importance of
DI and their individual roles: C suite, IT, operator level, etc. First level
supervision is key.
• Natural tendency to bias and assume a root cause rather than make a
thorough analysis. Assumption the equipment is broken etc.
• Companies to consider whether rewards are based on outcomes or
behaviors

3
Connecting People, Science & Regulation® Copyright @ PDA 2017
3
Data Integrity: Increased Focus of
Regulatory Agencies Worldwide
Increasing trend in Health
Authority Observations and
Actions related to Data A = Attributable
Integrity.
– US FDA Warning Letters & Import
Alerts L = Legible
– EU Non Compliance Reports
– WHO Notices of Concern and De- C = Contemporaneous
certification
Data integrity refers to the
O = Original
quality and accuracy of data
over the entire data lifecycle
A = Accurate

Connecting People, Science & Regulation® Copyright @ PDA 2017 4

Regulatory Guidance & Trends

Stay Current!

 MHRA Guidance, March 2015; Draft Revision, July 2016

 FDA Draft Guidance, April 2016
 WHO Annex 5, June 2016
 PIC/s Draft Guidance, August 2016

Connecting People, Science and Regulation® Courtesy of M. Gribbin 5

Regulatory Guidance & Trends

• Warning Letters/Untitled Letters

• FDA 483 Observations
• Import Alerts
• EU Non-Compliance Reports
• WHO De-Certification

Connecting People, Science and Regulation® Courtesy of M. Gribbin 6

High Quality Decisions Come From High Quality
Data
Every Step has
Data In and
Data Out

Is this product safe and effective for the patient?

Connecting People, Science & Regulation® Copyright @ PDA 2017 7
Operator Training Records
Quality Control Checks
Media Fill Results

High Quality Decisions Come From High Quality

Data
Raw Material Identity
Filter Integrity Testing
Potency Assay
Particulate Inspection

Is this product
safe and
effective for the
patient?

Equipment Cleaning Logs

Preventive Maintenance
Sterilization Cycle Validation

Connecting People, Science & Regulation® Copyright @ PDA 2017 8

 Examples of Data Integrity Problems

 Security Breaches of physical plant or information

systems
 Site access without secure ID.
 Uncontrolled and unrecorded access to restricted rooms
such as data centers, manufacturing suites, and
document storage centers
 Access to GxP computer applications not limited to
authorized personnel.
 Sharing of passwords and logon IDs
 Employees logged in to unattended computer terminals.
 No requirements for periodic password updates

Connecting People, Science & Regulation® Copyright @ PDA 2017 9

 Examples of Data Integrity Problems

• Lack of employee ownership and accountability

 Improper data manipulation
 Adjustment of time clocks
 Backdating of information
 Creating records after the fact
 Excluding adverse information
 Discarding or destroying original records
• Data systems not accurate, reliable, nor fit for their intended use.
 Uncontrolled or haphazard backup/restore, copying, and archiving of
data
 No review of electronic record by supervisory personnel
 Audit trails not maintained nor reviewed
 Poor process flow inhibits access to documentation systems
 Floor operators lack access to document process exceptions

Connecting People, Science & Regulation® Copyright @ PDA 2017 10

 Recent FDA Inspection Findings

• Poor Documentation Practices

 Batch records found in the trash which don’t match “official” records
 Photocopied labels with information filled out in advance of activity occurring
 Data recorded for a microbial test with no sample plates found in the incubator
 Microbial contamination recorded in an unofficial notebook but not found in any GMP
documentation
 Lack of second person verification of data
• Poor laboratory practices.
 Manipulation of integration settings to achieve passing results
 Retesting samples outside the quality system until a passing result is achieved.
 Using multiple “trial/setup/training injections” before recording a single result.
 Use of analytical methods not validated
 Results can not be reproduced on subsequent aliquots
• Security Breaches of physical plant or information systems
 Using Administrator access to override analyst results
 Deletion of raw data or unfavorable results
 Inspector denied access to view data recorded on a thumb drive

Connecting People, Science & Regulation® Copyright @ PDA 2017 11

 Elements of a Data Integrity Program

• Personnel and Training. Prevent

• Validation Program Detect

• Security
Correct
• Audits
• Data Review and Audit Trails
• Governance
• Data Integrity Findings and Investigations
• Corrective and Preventive Actions (CAPAs)

Connecting People, Science & Regulation® Copyright @ PDA 2017 12

Developing a Robust Quality System to Assure Data Integrity

Data Governance
Management should develop and implement a Data
Governance System to ensure Data Integrity Creation/Generation

principles, requirements, definitions and supporting

processes are clearly defined, and that Data is
managed in accordance with applicable Retention/Archival/Dest
ruction
Collection/Process

regulations, guidance and best practice throughout ALCOA

the Data Lifecycle

Risk management principles should be applied when Reporting Review/Analysis

developing and assigning resources for Data

Governance, ensuring an acceptable level of control
is in place based on the criticality and risk to data

Connecting People, Science and Regulation® Courtesy of M. Gribbin 13

Developing a Robust Quality System to Assure Data Integrity

Data Governance: Key Attributes

• Management should be responsible for the design, implementation,
monitoring and maintenance of the data governance system to ensure
systems and processes are compliant with data integrity requirements and
principles.
• Appropriate resources should be in place to demonstrate support for the
data governance system, and to ensure compliance with data integrity
principles, procedures, and applicable regulations.
• Roles, responsibilities and the ownership of data should be established
throughout the data lifecycle
• Procedures and controls should be established to ensure data integrity,
including such that define accountability for individuals who breach such
requirements

Connecting People, Science and Regulation® Courtesy of M. Gribbin 14

Developing a Robust Quality System to Assure Data Integrity

Data Governance
• Effective process and product monitoring provide early warning of
emerging quality issues
• Training should be established in data integrity principles, elements and
practices for all individuals responsible for data in the testing and
manufacturing of drug product
• Data integrity issues should be communicated and/or escalated
commensurate with criticality – to include establishing appropriate
timelines to address Data Integrity compliance gaps
• Data integrity principles should be applied to outsourced activities,
including contract givers and suppliers
• Self inspection should include a review of the effectiveness of the data
governance system

Connecting People, Science and Regulation® Courtesy of M. Gribbin 15

Developing a Robust Quality System to Assure Data Integrity

Quality Culture
• Management controls should be established,
communicated and followed to:
• Promote transparency and timely escalation of possible
data integrity gaps
• Provide incentives and amnesty for communication of
possible gaps
• Provide a no-retaliation environment to allow for
individuals to raise and investigate concerns without fear
of retaliation

Connecting People, Science and Regulation® Courtesy of M. Gribbin 16

Developing a Robust Quality System to Assure Data Integrity

Integration
A robust and effective QMS is intended to integrate
the objectives and requirements
(systems/processes/programs)
of GMP regulations and Data Integrity principles throughout the QMS
and
its associated systems
Production
Based on FDA’s Six System Inspection
Model, the QMS consists of the following systems:
Quality System Materials Management Facilities and Equipment
Production System
Facilities and Equipment System Quality
Laboratory Controls System
Materials System
Packaging and Labeling System
System
Packaging and Labeling Laboratory Controls

Connecting People, Science and Regulation® Courtesy of M. Gribbin 17

 Developing a Robust Quality System to Assure Data Integrity

Indicators of Potential Data Integrity Gaps

• Discrepancies between Workload, Capacity and Output
– Equipment
– Materials Management
– Resourcing
• Quality Metrics show delays in closure of quality records
• Lack of documented deviations/incidents/OOS reports/Data integrity
issues
• Separate quality system or laboratories for “other” markets
• Lack of detailed procedures for review of electronic data
• Computerized and automated system risks not well understood/identified
and tested to confirm controls and configuration are appropriate
• Documents not submitted to Quality in timely manner (no time limits or
monitoring of this timeline)
• Documents found in trash/recycle/shredder bins (location of bins in areas
where documents should not need to be discarded)

Connecting People, Science and Regulation® Courtesy of M. Gribbin 18

 Data Integrity Continuum

System Individual Mistake Individual Institutional

Error Malfeasance Malfeasance

GMP regulations do not require determining intent while assessing Data Integrity, however
companies should determine intent. Even with deliberate falsification of records, companies
must understand the dynamics that drove and allowed the individual to do this if companies
are to truly fix the issue and prevent its reoccurrence.

Without an understanding of the true root causes for human misbehavior, companies may be
forced to take widespread actions that may not be indicated, especially when factored with
the preventive data integrity measures already in-place.

Unintended Error Deliberate Falsification

Connecting People, Science & Regulation® Copyright @ PDA 2017 19
 Data Integrity: Causes & Mitigation
Task Force is Working on the following …..
Quality Culture & Code of Conduct
•Elements of Code of Conduct for Data Integrity
Malfeasance

 Enforcement & Discipline built into CoC

•Speak-up Culture - Quality Culture Maturity
 Tone at the Top

Management Controls Elements Built into DI Tech Reports

 Auditing & Monitoring -
Sloppiness

 Accountability & Supervision

 Resource Allocation

Knowledge, Training, & Awareness

Ignorance

• Technical Reports
• Workshops
• Training program
Connecting People, Science & Regulation® Copyright @ PDA 2017
20
 Data Integrity

What is PDA doing?

Connecting People, Science & Regulation® Copyright @ PDA 2017 21

PDA Data Integrity Resources Page

pda.org/dataintegrity

Connecting People, Science & Regulation® Copyright @ PDA 2017

 2016 PDA Data Integrity Deliverables :
Workshops, Tools & Training Courses
Date Venue Location

April 19-20 Millennium Gloucester Hotel London, UK

Sept 14-15 Renaissance Washington DC, Washington,
Hotel DC
Nov 8-9 Titanic Chaussee Berlin Berlin,
Germany
Dec 7-8 Manchester Grand Hyatt San Diego, CA

TOOLS AND TRAINING

Root Cause/Risk Assessment Matrix
PDA Education Course 23
Connecting People, Science & Regulation® Copyright @ PDA 2017
 PDA Data Integrity Deliverables:
Publications
Publication Title Status
Published
Points To Consider Elements of a Code of Conduct for Data
(>1000
Integrity in Pharmaceutical Industry
downloads)

Points To Consider Fundamental Concepts for Data Integrity Published

Book Assuring Data Integrity for Life Sciences Published

Technical Report Data Integrity in Laboratories Systems

Q3/Q4 2017

Technical Report Data Integrity: Integration into QMS Q3 2018

Technical Report Data Integrity in Manufacturing Systems Q2 2018

Connecting People, Science & Regulation® Copyright @ PDA 2017 24

Connecting People, Science & Regulation® Copyright @ PDA 2017 25
 Elements of a Code of Conduct
for Data Integrity

Scope and Purpose

• Developed by a team of quality and regulatory experts with input
from attorneys.
• Ready to use language that can be incorporated into existing
company codes of conduct or supplier quality agreements.
• Written to apply to GXP activities for drug and biological products

Connecting People, Science & Regulation® Copyright @ PDA 2017 26

 Elements of a Code of Conduct
for Data Integrity
Key Elements and Sections
• Senior Management must establish quality standards and
requirements.
• Every employee has a duty to engage in conduct which results in
data that are accurate, truthful and complete.
• Data Collection, Analysis, Reporting and Retention
• Electronic Data Acquisition Systems and Access Security
• Auditing and Investigations
• Internal Reporting Responsibility and Disciplinary Actions
• Notifying Regulatory Authorities
• Outsourced Services and Purchased Raw Materials
• Employee Training
• Glossary of Terms

Connecting People, Science & Regulation® Copyright @ PDA 2017 27

Connecting People, Science & Regulation® Copyright @ PDA 2017 28
 Key Elements
• Executive Summary Integrity Program through
• Purpose the Data Lifecycle
• The Importance of Data • Personnel and Training.
Integrity throughout the • Validation Program
Product Lifecycle • Security
• Current Regulatory Trends • Audits
and Recent Issues in Data • Data Review and Audit Trails
Integrity
• Governance
• Data Management Systems
Considerations • Data Integrity Findings and
Investigations
• Globalization and Cultural
Factors • Corrective and Preventive
Actions (CAPAs)
• Elements of Data Integrity
• Conclusion
• Holistic Approach to a Data
Connecting People, Science & Regulation® Copyright @ PDA 2017 29
 Executive Summary
• The purpose of this document is to describe
behaviors, including the elements and controls, to
ensure the integrity of GxP data in pharmaceutical
manufacturing operations. Fundamental concepts
such as ALCOA (attributable, legible,
contemporaneous, original, and accurate)and the
prevent/detect/respond approach to a data
integrity program are defined and discussed. This
paper was developed through the Parenteral Drug
Association (PDA) Data Integrity Task Force and
reviewed and approved by the PDA Regulatory and
Quality Advisory Board as well as the PDA Board of
Directors.
Connecting People, Science & Regulation® Copyright @ PDA 2017 30
 Executive Summary (cont.)
Data integrity is a significant component of a company’s Quality
System, providing foundational assurance of the data a company
uses to operate in compliance with regulatory requirements and to
demonstrate its products are safe and effective for their intended
use. Through data integrity the company recognizes its
responsibility to prove the origin, transmission, and content of the
company’s data and that data is what it is purported to be. To
holistically address Data Integrity, the PDA is developing a set of
tools in the form of PDA Technical Reports, PDA Training, Data
Integrity Workshops, and Points To Consider documents that can
be used by industry to address this serious issue. This document
serves as an introduction to that suite of tools to follow.

Connecting People, Science & Regulation® Copyright @ PDA 2017 31

 PDA/DHI Book

Connecting People, Science & Regulation® Copyright @ PDA 2017 32

 Data Integrity Task Force:
Expected Outcomes
• Harmonized standards to comply with regulatory
expectations for maintaining data integrity,
• Defining mechanisms for detecting non-compliance and
outlining a clear methodology for remediating gaps.
• Serves both industry and regulators in creating and
defining solutions for the increasing number of failed
inspections where firms lack the needed controls to ensure
data integrity and lack the expertise to detect and resolve
non-compliance
• Methodology for restoring confidence in a system and
organization to avoid revenue loss and regulatory impacts.

Connecting People, Science & Regulation® Copyright @ PDA 2017 33

 Acknowledgements

• Anil Sawant, J&J and the PDA Data Integrity

Task Force
• Maryann Gribbin
– Chief Compliance Officer, Faith & Royale
Consultants
– Co-Chair PDA Data Integrity Task Force

Connecting People, Science & Regulation® Copyright @ PDA 2017 34

 Questions?

• Richard M. Johnson
• E: [email protected]
• P: +1.301.656.5900

• More Info.:
https://www.pda.org/scientific-and-regulatory-
affairs/regulatory-resources/data-integrity

Connecting People, Science & Regulation® Copyright @ PDA 2017 35