Data integrity is an essential aspect of current Good Manufacturing Practice (CGMP) and is required by 21 CFR 210, 211, and 212. The FDA expects Life Sciences companies to implement effective practices that efficiently manage any data integrity risks and result in accurate data that the FDA can reliably inspect.
Any data created and retained as a CGMP record must be evaluated by the Quality department as part of release criteria and maintained for CGMP purposes. Furthermore, there must be a valid, documented, scientific justification for excluding data from the release criteria decision-making process (see guidance for industry Investigating Out-of-Specification (OOS) Test Results for Pharmaceutical Production, and 21 CFR 211.188, 211.192, and 212.71(b)). The requirements for record retention and review are independent of the data format. Therefore, paper-based and electronic data record-keeping systems are equally subject to the provisions of the data integrity requirement.
Defining Data Integrity
The Data Integrity and Compliance with cGMP Guidance for Industry defines data integrity as completeness, consistency, and accuracy of the data. The guidance also mentions the ALCOA principle for data integrity.
How Data Integrity Principles Apply to Static and Dynamic Records
In the context of data integrity, the term ‘static’ is used to indicate a fixed-data document, such as a paper printout record or an electronic image. The term ‘dynamic’ is used to imply the record format that allows interaction between the user and the record content.
An example of a static record are the results extracted from instruments like pH meters or weighing balances. For these instruments, a paper printout or static image may be treated as the original record captured during data acquisition. In such cases, the paper printout or static image created during acquisition (or a true copy) needs to be retained to fulfill data integrity requirements.
An example of a dynamic record is a chromatographic record with a user interface to change the baseline and reprocess chromatographic peaks to change the peak area size. A dynamic record allows the user to modify formulas or entries in a spreadsheet used to calculate test results or other information, e.g., calculated yield. The electronic records from such chromatographic laboratory cannot be retained in static form as a printout, or a static record is simply insufficient to preserve the dynamic information that is part of the complete record: The spectral file created by the instrument can be reprocessed, but a static record or printout would be fixed and could not fulfill the CGMP requirements to retain original records or true copies. Additionally, if the entire spectrum is not displayed, contaminants may be excluded making the record incomplete. Therefore, control strategies must ensure that original laboratory records – including paper and electronic records – are subjected to a second-person review to ensure that all test results are appropriately reported.
Why Metadata Matters for Data Integrity
Metadata can be defined as structured information that describes, explains, or makes it easier to retrieve, use, or manage digital data. Therefore, electronic data generated to fulfill CGMP requirements should include such relevant metadata. In simpler words, metadata is data about the data – and digital data is meaningless without metadata. For example, the value “200” is pointless without its metadata, such as a description of the accompanying unit- “milligram.” Therefore, the FDA requires manufacturers to maintain metadata according to the relevant record retention period as defined in 21 CFR 211.188 90 and 211.194. Additionally, the relationship between data and their metadata should also be preserved. Metadata should include:
- Date and time of data acquisition
- User ID of who acquired or generated the data
- Instrument ID with which information was generated
- Audit trails
The Importance of the Audit Trail for Data Integrity
An audit trail is a secure, computer-generated, time-stamped, electronic record that allows for the reconstruction of the sequence of events of the creation, modification, or deletion of an electronic record. In other words, an audit trail is a chronology of the “who, what, when, and why” of a record. Electronic audit trails include a track of:
- Data creation
- Modification
- Deletion
- Attempts to access the system
- Attempts to rename a file
- Attempts to delete a file
CGMP-compliant record-keeping practices are helpful in preventing data from being lost or obscured. Audit trails can fulfill these cGMP requirements. Hence, they form an essential part of data integrity requirements as well.
Since audit trails capture changes to critical data, the FDA recommends that the audit trail should be reviewed regularly (based on the complexity of the system and its intended use) along with each record and before the record’s final approval. Audit trails that are subject to routine review include but are not limited to the following:
- Change history of finished product test results
- Changes to sample identification
- Changes to sample run sequences
- Changes to critical process parameters
Audit trails are considered an associated part of the records. Therefore, the record reviewer should review the audit trails that capture changes to critical data associated with the record. For example, the Quality department must review and approve all production and control records, including audit trails. This process is similar to the expectation that traditional cross-outs on paper documents are also assessed when reviewing data.
