Challenges, Tools, and Strategies for Data Integrity Protection

With violations in data integrity that FDA has found during facility inspections in recent years (1), biopharma companies are tasked with implementing meaningful and effective strategies to manage data integrity risks. Various tools are being explored for their ability to enhance data integrity protection.

FDA’s Data Integrity and Compliance with Drug CGMP, Questions and Answers, Guidance for Industry (1), finalized in December 2018, clarifies the role that data integrity plays in current good manufacturing practices (CGMP). In the guidance, FDA states that “meaningful and effective strategies” will have to take into consideration the design, operation, and monitoring of systems and controls. These strategies must be based on the risk to the patient, to the process, and to the product. The agency also emphasizes that it is essential for the company’s management to be involved in and have influence on these strategies to prevent and correct conditions that can lead to data integrity problems (1).

To gain insight into some of the challenges, tools, and strategies important to consider for establishing data integrity protection, BioPharm International spoke to Heather Longden, Pharmaceutical Regulatory Intelligence at Waters Corporation.

Challenge and risk

BioPharm: What are the most difficult challenges in managing data integrity?

Longden: The first challenge is embracing the concept that data integrity is not just about the electronic data. Where problems tend to occur most often is when operators interact with equipment and the software that may be monitoring or controlling it. Another challenge for manufacturers is when electronic systems are recording manufacturing data in real time and decisions have to be made about how much of that data is really critical to support product quality and batch records.

BioPharm: At what point(s), or steps, in the biomanufacturing process (for a monoclonal antibody [mAb], a cell therapy, or a gene therapy) are breaches of data integrity most at risk (i.e., where’s the weak spot)?

Longden: For any process, data integrity can be compromised either at the interface between two electronic systems where data are exported or imported, or where someone is involved in either recording or acting on the data. This is where extra care and solid processes with oversight and review are important.

When algorithms are used to automate a process (e.g., cell feeding by feedback) or inform a user to manually take an action from processed results, then it’s critical that they be validated and maintained with the same data integrity measures as any other records.

Tools to minimize risk

BioPharm: How can tools, such as manufacturing execution systems, artificial intelligence, and/or software innovations/updates, mitigate risks to data integrity?

Longden: Obviously, data integrity issues can exist in any process, even paper-based processes. For example, forgetting to document a change to a record according to good documentation practice (GDocP) is a data integrity issue. With electronic systems, the mundane record keeping is done automatically, recording data in an attributable and contemporaneous way that accounts for who changed a record (based on the logged-in user), what they changed, the before and after values of the change along with secure time stamps of the changes. Reliable time stamps and user authentication are essential to ensure the traceability of the manufacturing process. 

Problems can occur when biopharmaceutical manufacturers install new and innovative sensors or other devices, and associated software but forget to subject them to the traditional oversight for compliance of the electronic records they may create. For example, many automated tools do not even have basic operator log-in capabilities, which makes the creation of compliant audit trails impossible. In addition, with so much manufacturing data being recorded in real time, it is incumbent upon manufacturers to make sure that all data supporting batch records are properly secured and archived. 

Calculations performed electronically should always be validated. Once they have been validated, there is no need for a reviewer to double check each calculation. To avoid problems later, it is important that software applications for manufacturing uses are properly validated. 

Validation of AI or machine learning programs presents some interesting and novel challenges, so while these might be extremely promising, deploying them to support GMP processes demands serious validation considerations.

BioPharm: What other analytical tools are effective at mitigating this risk?

Longden: As important as analytical tools are, just as important is a culture of excellence. The International Society of Pharmaceutical Engineers (ISPE) GAMP community of practice issued a maturity model for data integrity (2), which may be useful in setting up a data integrity governance program and which encourages operators to record data accurately and contemporaneously as well as how to deal with errors and mistakes without the threat of retaliation.

When operators, and, specifically, lab staff, work remotely, additional tools, such as the ability to securely log into enterprise software applications from home, may be critical to preserve data integrity.

Strategic approach

BioPharm: What best practices, if any, do you have in place or recommend to biomanufacturers for ensuring their manufacturing data are secure and well documented?

Longden: Before implementing the right controls to preserve the integrity of data related to the manufacturing and the quality of biopharmaceutical products, it is essential to fully document all relevant data that supports product quality and understand how and where (in which software or devices) data are created and shared. Once the flow of data is diagrammed, it is easier to identify the gaps or potential gaps where data could be lost or changed. 

Manufacturers should also take inspiration from the data integrity practices and processes deployed by laboratories which tend to be more experienced in electronic data compliance. 

BioPharm: What is a data-integrity-by-design approach and how can it be coordinated/integrated with an overall quality-by-design strategy for a biomanufacturing process (either mAb, cell therapy, or gene therapy)?

Longden: Data integrity by design involves mapping out the manufacturing process from the initial seed train through to the commercial-scale bioreactors and on through to the diafiltration and concentration steps, and finally onto any terminal sterile filtration before aseptic filling. 

Mapping the data flows throughout the process allows the company to identify the regulated data. Biopharmaceutical manufacturing companies should select computerized systems for maximum automation and interfacing so that regulated data are collected automatically and transferred by validated interfaces into the manufacturing execution systems for the batch report and disposition. It’s important to know which metadata are transferred and what is reapplied.

Of course, these computerized systems should be evaluated for compliance to the relevant electronic record and signature regulations before purchase and deployment.

Other questions to consider include: 

• Where are audit trails reviewed and how can you include that step in your data review process?

• Is the system so thoroughly automated that exception reporting can be relied on to drive the data review process?

• Or are there still manual processes requiring a risk-based second-person review of all of the data?

References

1. FDA, Data Integrity and Compliance with Drug CGMP Questions and Answers Guidance for Industry (CDER, CBER, December 2018).  
2. ISPE,

, ispe.org (2017).

Article Details

BioPharm International
Vol. 33, No. 6
June 2020
Pages: 22–23

Citation

When referring to this article, please cite it as F. Mirasol, “Challenges, Tools, and Strategies for Data Integrity Protection,” BioPharm International 33 (6) 2020.