FDA Data Integrity Audit Checklist

Recent cGMP inspection trends have demonstrated an emphasis on data integrity violations; more than 60% of warning letters sent out last year mentioned this area as being problematic.

Health authority regulations and guidance set clear expectations in this area, making these resources readily available and reviewing them by staff to ensure compliance.

Audit Trails
Audit trails provide many benefits when applied to computer systems, including providing crucial “who, what, when, and why” details about events that have taken place within them and assisting with investigating IT incidents and combatting cybersecurity threats.

An audit trail is an electronic record that documents changes made to data sets step-by-step over time, similar to paper records with line-out, initial, date and explain processes. Without one fully functioning audit trail it would be impossible for an inspector to review all changes made by changes made on these datasets.

Audit trails can also serve as an invaluable asset in investigating employee whistleblowing. Employees should feel safe reporting quality issues to you and that these reports are thoroughly investigated – whether via internal tips or a whistleblower hotline, it’s recommended that any potential issue is probed thoroughly within your cGMP quality system.

Backups
Backups are an integral component of effective data management strategies, providing peace-of-mind if files are deleted or overwritten and restore from an older copy. But backups only become useful if they can be successfully recovered; so to make the most of your efforts in performing backups and testing them regularly is key to keeping data safe and sound.

The FDA regulations regarding electronic records and signatures, more commonly referred to as “Part 11”, mandate that critical systems maintain data integrity during their entire lifecycle by employing an effective validation process.

This involves conducting an exhaustive evaluation of your software, hardware, and peripherals to ensure they meet cGMP processes. Furthermore, establishing appropriate documentation and training to support data governance practices must also be put in place and should be periodically assessed as part of self-inspection or quality assurance audits. Furthermore, having a formal procedure in place for identifying potential data integrity issues as soon as they arise should also be implemented immediately in order to take remedial actions against them.

Remediation
Failure to address CGMP requirements related to data governance and integrity has become an increasing source of concern for FDA inspectors, prompting both domestic and foreign inspections as well as numerous warning letters in recent years.

This new guidance provides firms with a roadmap for how they can meet compliance and avoid incurring potentially expensive warning letters. The first step should be conducting an in-depth gap analysis and creating a remediation plan, such as interviewing current and former employees, identifying all operations with data integrity lapses, conducting retrospective evaluation by an impartial third-party with expertise, etc.

Take proactive steps, such as upgrading to an advanced electronic compliance system, to protect your firm and demonstrate you are committed to meeting regulatory requirements. Doing this requires dedicating both time and resources in identifying the ideal solution, conducting relevant qualification/validation tests, and smoothly integrating it into existing operations.

Training
As demonstrated by FDA Warning Letters documenting data integrity violations, it has become abundantly clear that data governance practices must become a focal point across pharmaceutical manufacturing and supply chains. Therefore, management must recognize this and incorporate such policies and practices into company philosophy and practice.

Training is of critical importance here. Participants in this session will learn to conduct a scientifically sound risk analysis and devise an action plan for mitigating those risks, including identifying and dismissing individuals responsible for data integrity breaches from positions at your firm that control cGMP or drug application data.

This course offers attendees a framework for validation planning that will enable them to better comprehend the phases and deliverables required to validate an FDA-regulated computer system, thus helping them create programs which will stand up against FDA inspection and ensure data stored and processed on that validated system will have high integrity.