Complying with different regulatory agency guidelines for data integrity can be tricky, given the nuances of each agency in terms of its focus and expectations. Let’s take a quick look at where the three major global regulatory agencies stand with respect to their data integrity guidelines:
The FDA has focused exclusively on the GMP process and has placed special emphasis on the importance of validating individual workflows as opposed to validating just the core product. For example, validating the Manufacturing Execution System (MES) alone is not enough; the individual workflows utilized must be validated as well.
The pharmaceutical industry is fast adopting paperless labs using technology such as Electronic Lab Notebooks (ELN) for batch records, production and control records. The FDA data integrity framework mandates that the individual workflows created within these systems (e.g.: ELNs) are also validated to ensure that they fulfil the intended purpose. This is a gap area that we have also noticed in our Data Integrity Assessments of various labs.
The FDA’s guidelines are published in an easy-to-understand Q&A format, and primarily focus on:
1. Audit Trail and Reviews
2. Security and Restricted Access to Data
3. Paper Records and Electronic Records Storage and Retrieval
Like the FDA, the EMA has also focused on the GMP industry, but has approached it from a risk-based methodology – to foresee risks, analyse them and take measures to avoid them. It is important that we do not confuse this with system or functional risk assessment; it is rather a data risk assessment for reducing the risk and leveraging the available risk based methodologies to ensure data integrity. The EMA data integrity framework mandates the validation of third-party products, services and service providers. For example, calibration devices / services and their providers also need to be reviewed and qualified to achieve data integrity compliance with the EMA.
The EMA’s guidelines primarily focus on:
1. Assessing Data Risks and Data Criticality
2. Review of Data Life Cycle
3. Risk-based Decisions for Review of Data
The MHRA’s data integrity guidelines are more comprehensive and holistic, and focus on the complete spectrum of the GxP industry – in fact, the FDA and EMA guidelines can be seen as a subset of the MHRA guidelines. Interestingly, the MHRA has included a special focus on hybrid approaches, wherein the process includes both paper-based and paperless methods of data management. This has been a welcome move to the pharmaceutical industry which is transitioning to paperless labs, and is increasingly working on hybrid models in the process.
The MHRA’s guidelines primarily focus on:
1. Data Risks, Lifecycle and Review
2. Electronic Signatures
3. Audit Trail and Reviews
4. Security and Restricted Access to Data
Validation of Systems Deployed in the GxP Space
Understanding the different guidelines and translating those to ground-level checklists is a difficult but critical task. One of the pharma companies from the US, selling their products in EU and UK was discussing with us on how to take this forward and perform a Data integrity assessment.
Interestingly, we had to take the best of all to accommodate global compliance and we call it “Global Data Integrity Checklist“. Have a look at our easy-to-use checklist and address the Data Integrity gaps in your firm today!
Have any thoughts or questions on this? Please email us at firstname.lastname@example.org!