PDA TR 84 Presentation
PDA TR 84 Presentation
PDA TR 84 Presentation
Date: Nov2020
Speaker: Pichiang Hsu (許弼強)
Email: [email protected]
REFERENCES
• Compliance Online Conference in 2016 and 2019
• MHRA: GxP Data Integrity Guidance and Definitions (2018)
• FDA: Data Integrity and Compliance with Drug CGMP Questions and Answers Guidance for
Industry (2018)
• WHO: Guidance on Good Data and Record Management Practices, WHO Technical Report Series,
No. 996, Annex 5 (2016)
• WHO: Good Chromatography Practices, Draft for Comments (2019)
• PIC/S: Draft PIC/S Guidance: Good Practices for Data Management and Integrity in Regulated
GMP/GDP Environment (2018)
• PDA: Elements of a Code of Conduct for Data Integrity (2016)
• PDA: Technical Report No. 80: Data Integrity Management System for Pharmaceutical
Laboratories (2018)
• ISPE: Good Practice Guide: Data Integrity – Manufacturing Records (2019)
• PDA: Technical Report No. 84: Integrating Data Integrity Requirements into Manufacturing &
Packaging Operations (2020)
• TFDA: 國內藥廠數據完整性專案查核結果研析 (2018)
1
2020/11/17
AGENDA
2
2020/11/17
3
2020/11/17
1993
4
2020/11/17
RANBAXY
In 2012, generics manufacturer Ranbaxy was found to have
falsified data in a number of its applications
In July 2013, the FDA issued draft guidance for industry on
circumstances that constitute delaying, denying, limiting or refusing
a drug inspection
– Food and Drug Administration Safety and Innovation Act
(FDASIA) 2012
10
5
2020/11/17
WOCKHARDT
Wockhardt …. repeatedly delayed, denied and limited an FDA
inspection (2013)
• 75 shredded raw data records in a waste area; a different 20
shredded records were produced when the inspector returned
• QC analyst poured the contents of unlabeled vials down the
sink when an inspector asked what they contained
• Making “trial” HPLC injections prior to conducting the “official”
tests
• The trial analyses were not recorded in the instrument use logs
and data associated with these assays were destroyed
11
FRESENIUS KABI
Using “test” HPLC injections before the “official” test
Failed API batch combined with a passing batch, retested
and released
Retesting was conducted until the batch was within
specification without a record of the reason for the retest or
an investigation
Only passing results were considered valid
12
6
2020/11/17
14
7
2020/11/17
EU NON-COMPLIANCE REPORT
15
16
8
2020/11/17
ALCOA +
Complete: All information that would be critical to recreating
an event is important when trying to understand the event.
Consistent: Good Documentation Practices should be
applied throughout any process
Enduring: Part of ensuring records are available is making
sure they exist for the entire period during which they might
be needed.
Available: Records must be available for review at any time
during the required retention period
18
9
2020/11/17
19
MHRA GUIDANCE
Data criticality may be determined by considering the type of decision
influenced by the data
Validation effort increases with complexity and risk (determined by
software functionality, configuration, the opportunity for user
intervention and data life cycle considerations)
Data risk reflects its vulnerability to unauthorised deletion or
amendment, and the opportunity for detection during routine review
Recognizes that manual operations carry a high data integrity risk
No audit trail – routinely quality-critical results (e.g. sterility test)
Focus effort on high risks
20
10
2020/11/17
11
2020/11/17
FDA REQUIREMENTS
Any data created as part of a cGMP record must be evaluated by
the quality unit as part of release criteria
Computer access controls (OS and application), including unique
logons and restricted access to administrator rights
Control of blank forms
Audit trail review before result sign-off
Paper copies of dynamic records are unacceptable
Samples may not be used in test, prep, or equilibration runs
If chromatography is reprocessed, written procedures must be
established and followed and each result retained for review
Data integrity problems must not be handled informally
23
24
12
2020/11/17
25
26
13
2020/11/17
27
28
14
2020/11/17
29
30
15
2020/11/17
31
32
16
2020/11/17
33
34
17
2020/11/17
36
18
2020/11/17
ADMINISTRATOR RIGHTS
System administrator rights (permitting activities such as
data deletion, amendment or configuration changes) must
not normally be assigned to individuals who create, review
or approve data
Where this is unavoidable, a similar level of control may be
achieved by the use of dual user accounts with different
privileges (MHRA)
All changes performed by administrators must be visible to
and approved within the quality system
37
38
19
2020/11/17
SAMPLING: RISKS
Sampling is the first step in the analytical process
Manipulation of chemical analysis is possible, for example, by
selecting individual dosage units by weight so that they fall within
the range likely to pass content or weight uniformity testing
39
SAMPLING: CONTROLS
Sampling products in their final packaging reduces or
eliminates the risk of sample bias
Technically sound sampling plans must exist that tell the
sampler how to take a random sample
Methodology
Equipment
e.g. see ISO 2859 series: sampling procedures for
inspection by attributes (Data reliability concern)
40
20
2020/11/17
41
42
21
2020/11/17
43
Images & information courtesy of Mettler Toledo
44
22
2020/11/17
45
46
23
2020/11/17
47
RESULTS REPORTING
Risks and controls are similar to results calculation (i.e. a
check on any manually-performed calculation or data
transcription)
Electronic audit trails are an important tool in safeguarding
the integrity of automatically-calculated results, but they
must be reviewed periodically!
Never make hand-written corrections to automatically
calculated data (no audit trail)
48
24
2020/11/17
QUALITY CULTURE
Management should create a culture in which staff can
communicate failures and mistakes, including data reliability issues,
so that corrective and preventive actions can be taken
This includes ensuring adequate information flow between staff at
all levels
Senior management should discourage any management practices
that might inhibit the reporting of such issues, e.g. hierarchies and
blame cultures
50
25
2020/11/17
QUALITY CULTURE
The proper use of risk controls should be described in SOPs.
Administrative procedures should ensure that personnel
understand the practical implications of the risks set out in the
SOPs.
51
ISPE Risk-MaPP Volume 7
COMPUTERIZED SYSTEMS
52
26
2020/11/17
53
54
27
2020/11/17
55
APPLICATION CONFIGURATION
The application (data acquisition software) must store data
(including audit trails) in a directory or database that cannot
be accessed or tampered with by users
On older systems, make sure that data cannot be deleted by
users via the operating system file manager
The same rules regarding unique user log-on accounts for
operating systems also apply to the application software
Audit trail functionality must be (and must remain) enabled
Access controls (user log-on, privileges, account lockout and
requirement to log on following a period of inactivity) must be
verified periodically
56
28
2020/11/17
58
29
2020/11/17
59
Questions?
60
30