Data Integrity for Electronic Records According to 21 CFR Part 11 - - BioPharm International


Data Integrity for Electronic Records According to 21 CFR Part 11

BioPharm International

The Role of MetaData Metadata is central to the trustworthiness of records and compliance with Part 11. Without metadata, the traceability of a record is extremely limited. The complete and uncorrupted package of raw data, metadata, and results represents a trustworthy and reliable set of information that helps generate knowledge that results, production processes, and product quality are under control. Without metadata, it is not possible to "replay" the original result using the original input parameters. Even though "instant replay" is subject to enforcement discretion according to the 2003 Part 11 guidance, it is important for data migration when replacing legacy systems. Theoretically, firms can get away with not carrying legacy data forward, especially since this is a tough technical challenge for the regulated industries and their suppliers. Practically, however, it is an unacceptable waste of resources if there is no electronic data transfer between the original system and its replacement. Can a pharmaceutical development or quality-control laboratory afford to manually re-enter hundreds or even thousands of analytical methods? How efficiently can they investigate a complaint if there is only a paper archive that is not keyword searchable? How do they judge a small unspecified impurity if only a paper printout of the original chromatogram is available with no possibilities for zooming, reintegrating, or inspecting the spectral data?

Instrument Control Metadata Electronic records generated by an analytical instrument can be regarded as trustworthy and reliable if there is evidence that the communication between the instrument and system controller is trustworthy and reliable.

In many cases, firms must rely on electronic raw data to perform regulated activities such as QA/QC testing of finished drug products for batch release or when investigating a suspected out-of-specification (OOS) result. For example, a regulatory agency may ask for documentation of instrument conditions to support the laboratory's conclusion that a certain result was not OOS due to a technical failure of the apparatus. It may be difficult to show evidence that a given measurement was in fact performed according to the defined procedure, unless there is detailed documentation of the metadata. Examples of such metadata are instrument setpoints used during the analysis and setpoints used for re-integration (including documentation of the previous setpoints and previous results). Without hard evidence like this, the regulatory agency may suspect attempts to test the results into compliance!

Level-4 instrument control employs techniques such as automatic tracking of instrument identification and configuration, early maintenance feedback (EMF), self diagnostics, real-time data acquisition and synchronization independent of the computer, and bi-directional handshake protocols between devices and controllers for reliable and traceable instrument communication. We discuss level-4 instrument control further in the Instrument Control article in this series.

Modern Implementations Object Database Management Systems (ODBMS) are specifically designed to manage and store complex objects and their complex relationships. Applications based on ODBMS are commercially available and suppliers have implemented data management systems based on ODBMS for several years.7 According to Loomis, one of the main benefits, apart from referential integrity and ease of system administration, is that "the storage of objects as objects, rather than fields of tables, not only maintains the inherent nature of the object, but can also eliminate 30-70% of a project's total code, which is typically used to map objects to tables."8

For analytical data management systems, a significant percentage of the entire data volume consists of instrument raw data. Due to the size of the raw data, it is typically stored in an efficient binary format. Binary objects in a database system are called binary large objects (BLOBs). Modern systems such as Oracle 9i allow BLOBs to be managed efficiently within the database. In contrast, older systems implemented their own hybrid data management structure: database schemas used a combination of relational tables managed in the database and binary objects managed in a flat file system.

Managing tables and objects within the database management system simplifies system maintenance significantly, as standard IT procedures for disaster recovery (backup) and data archiving can be used instead of specialized, two-fold procedures that have to synchronize processes on the database with processes on the file system.


  • Identify the systems and records that are critical from a product quality and business perspective.
  • Analytical data systems used in industries subject to 21 CFR Part 11 need to be evaluated in terms of data security, data integrity, and audit trails to comply with current regulations and guidelines. Database systems generally help but are not a guarantee of data integrity and security.
  • Assess the risks that affect data security and data integrity.
  • When assessing the risks in an existing system or when selecting a new one, consider not only raw data and results, but also metadata. If your system does not provide referential integrity for interdependent records, you may need a specific, paper-based operating procedure to collect the required evidence that your process and your data are intact.
  • When evaluating a data management system, verify that the system implements a tight link between results, raw data, and metadata that cannot be corrupted by ordinary means. Tight revision control of each data object is mandatory to achieve this goal.
  • Consider the administration and maintenance of the data management system. If the system manages critical records, you are responsible for appropriate maintenance and disaster recovery procedures. Ask your suppliers for help if you do not have the technical expertise in-house.
  • Standardization is a good way to manage complexity. Your user requirement specification should list the technical standards that you consider critical (operating systems, security policies, backup procedures, maintenance procedures).

References 1. McDowall RD. Operational measures to ensure the continued validation of computerised systems in regulated or accredited laboratories. Laboratory Automation and Information Management 1995; 31(1):25-34.

2. FDA. Code of Federal Regulations, Title 21, Part 11; electronic records; electronic signatures; final rule. Federal Register 1997; 62(54):13429-13466. (See sections 11.10(b) and 11.30.)

3. FDA. cGMP warning letter, File No.: 04-NWJ-02. Available at URL:

4. FDA. cGMP warning letter, File No. 2004-NOL-03. Available at URL:

5. FDA. cGMP warning letter, File No. 04-NWJ-01. Available at URL:

6. FDA. Human Drug CGMP Notes 1997; 5(4). Available at URL:

7. Loomis TP. The best of LIMS and object and relational DBMS can be combined. Scientific Computing and Automation 1998; Feb:73-76.

8. Guzenda L. 7 signs that you need an object database. Scientific Data Management 1999; Sep/Oct:30-33.

blog comments powered by Disqus



NIH Seeks to Improve Vaccine Response with New Adjuvants
September 30, 2014
Baxter International Plans to Open R&D Center for Baxalta
September 30, 2014
FDA Releases First-Ever Purple Book for Biosimilar Characterization
September 26, 2014
FDA and NIH Win Award for IP Licensing of Meningitis Vaccine
September 26, 2014
FDA Releases REMS Report
September 25, 2014
Author Guidelines
Source: BioPharm International,
Click here