Data integrity and compliance with drug current good manufacturing practices
The FDA has provided guidance on data integrity and compliance; two areas extremely important for pharmaceutical businesses and manufacturers to adhere to…
The US Food and Drug Administration has released guidance for the pharmaceutical industry on CGMP and compliance and data integrity to advise on approaches that could be used to meet the required regulations and applicable statutes.
The FDA stated that the purpose of this guidance is to clarify the role of data integrity in current good manufacturing practice (CGMP) for drugs, as required in 21 CFR parts 210, 211, and 212. The FDA expects that all data be reliable and accurate (see the “Background” section). CGMP regulations and guidance allow for flexible and risk-based strategies to prevent and detect data integrity issues. Firms should implement meaningful and effective strategies to manage their data integrity risks based on their process understanding and knowledge management of technologies and business models.
Meaningful and effective strategies should consider the design, operation, and monitoring of systems and controls based on risk to patient, process, and product. Management’s involvement in and influence on these strategies is essential in preventing and correcting conditions that can lead to data integrity problems. It is the role of the management within the company and with executive responsibility to create a quality culture where employees understand that data integrity is an organisational core value and employees are encouraged to identify and promptly report data integrity issues. In the absence of management support of a quality culture, quality systems can break down and lead to CGMP noncompliance.
In general, the FDA’s guidance documents do not establish legally enforceable responsibilities. Instead, guidances describe the Agency’s current thinking on a topic and should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited. The use of the word ‘should’ in Agency guidances means that something is suggested or recommended, but not required.
The guidance suggests that companies should ask the following questions when considering the regulatory requirements:
- Are controls in place to ensure that data is complete?
- Are activities documented at the time of performance?
- Are activities attributable to a specific individual?
- Can only authorised individuals make changes to records?
- Is there a record of changes to data?
- Are records reviewed for accuracy, completeness, and compliance with established standards?
- Are data maintained securely from data creation through disposition after the record’s retention period?
The full guidance helps to answer these questions, enabling an understanding of key concept behind the regulatory requirements.