Make Data Integrity Integral to CGMP Training

Susan Schniepp, distinguished fellow at Regulatory Compliance Associates, discusses training personnel on data integrity.
Jun 01, 2016
Volume 29, Issue 6, pg 57–58
Q: I saw where FDA released draft guidance on data integrity. In the guidance, the answer to question 16 says personnel should be trained in detecting data integrity issues as part of a routine current good manufacturing practice (CGMP) training program. Can you give me some advice on how this topic would be addressed in the annual CGMP training?
A: This is a great question. The draft guidance, titled Data Integrity and Compliance With CGMP, was released April 15, 2016 (1). In the introduction, FDA states, “The purpose of the guidance is to clarify the role of data integrity in current good manufacturing practice …” I don’t think the industry should be surprised by this guidance based on the number of recent warning letters issued with citations referencing questionable data integrity practices (2-4). The guidance itself says “… FDA has increasingly observed CGMP violations involving data integrity during CGMP inspections.” The guidance goes on to say, “This is troubling because ensuring data integrity is an important component of industry’s responsibility to ensure the … quality of drugs, and FDA’s ability to protect the public health.”
Specifically question 16 asks, “Should personnel be trained in detecting data integrity as part of a routine CGMP training program?” The answer in the guideline is, of course, yes and cites 21 Code of Federal Regulations (CFR) 211.25 and 212.10, which require that employees have the “education, training, and experience, or any combination thereof, to perform their assigned duties.” From an industry perspective, the requirement for data integrity training seems new, but it isn’t. It is normally referred to as good documentation practices (GDP), annual GMP training, and investigations and corrective action and preventive action (CAPA) training. The question is how does one communicate to others that this training regimen relates to proper data handling, which in turn helps eliminate data integrity issues.
Annual GMP training is integral to avoiding data integrity problems because it delineates what documents need to be maintained. If the GMPs require a document be preserved, one can assume it is a document that is subject to review and critique during an audit. Focusing on the forms and records required allows one to direct their review efforts on the essential rather than on the superfluous documents that support the safety, efficacy, and quality of the products being manufactured. Once the company’s quality assurance (QA) department has identified these critical documents, the documentation group can then direct their efforts towards appropriately maintaining those documents.
GDP training
A critical element in preserving the integrity of the information contained in these records is related to GDP training. GDP training should explain to the employees the necessity of the document in relationship to the quality of the product. GDP training should focus on the importance of the data being recorded, how to correct an error, how to document the reason for the error, explain the timeliness of the signature and date of the person who performed the operation and recorded the necessary information, as well as the role of the verifier’s signature for those steps in the operation that require a witness. GDP training should also include an explanation of the review process and what the operator’s, verifier’s, and reviewer’s signatures means. 
The reviewer’s signature should be regarded as complementary to the original operator’s signature. It is there to support that the recording of the data was complete, accurately reflected the function or activity being documented, and that any errors that occurred during the operation were investigated and corrected appropriately. If you are operating with electronic signatures and data collection systems, training should include discussion on the importance of password protection and the reason and rationale for not sharing passwords and accounts so that the integrity of the electronic system is not compromised.
CAPA training
Investigation and CAPA training should be taught to staff involved in the recording and reviewing of the documentation. It is important for these individuals to understand how deviations are investigated, if the investigation resulted in a CAPA, and what impact the investigation/CAPA results might have on the product. It should also address how changes made to documentation as a result of the investigations/CAPA have been implemented in the system. Documentation changes made as a result of investigation/CAPA conclusions should prompt retraining on the activity and should encompass any new documentation practices identified.
Once the employees are trained in GMP, GDP, and investigations/CAPA training, the QA group should confirm the organization’s understanding of what they were taught through the internal audit review process. This should be viewed as a confirming activity that will strengthen the records, forms, reports, and manufacturing documents that support the product’s manufacturing and release. Issues in documentation procedures identified through the internal audit process should be responded to and tracked in a similar manner, as the company would do for an external audit by a client or a regulatory agency.
The information collected during the manufacturing of the product from the receipt of the raw materials, the maintenance of the facility, the testing of the product up to the release of the product, and everything in between is crucial to defending the product once it has been released for patient use. It is crucial that this information be indisputable, whether it is electronic or paper. Bottom line, don’t over react to the guidance by sending your QA staff to criminal investigation training. Instead, utilize the tools you already have in your quality system to reinforce the concept of data integrity throughout your training and audit processes. The best way to combat poor documentation is through the proactive inclusion of data integrity concepts, design, and implementation into your data collection systems whether they are manual or electronic in nature.
1. FDA, Data Integrity and Compliance With CGMP Guidance for Industry, Draft Guidance (CDER, CBER, CVM, April 2016),
2. FDA, Warning Letter to Chan Yat Hing Medicine Factory, Dec. 15, 2015,
3. FDA, Warning Letter to Zhejiang Hisun Pharmaceutical Co., Ltd., Dec. 31, 2015,
4. FDA, Warning Letter to Sun Pharmaceuticals Industries Ltd., Dec. 17, 2015, 
Article Details
Pharmaceutical Technology
Vol. 40, No. 6
Pages: 57–58
When referring to this article, please cite it as S. Schniepp, "Make Data Integrity Integral to CGMP Training," Pharmaceutical Technology 40 (6) 2016.
lorem ipsum