Enterprise-wide processes, procedures, and systems are the keys to data integrity and peace of mind, according to Siegfried Schmitt, PhD, principal consultant at PAREXEL.
Q: Given the current focus on the subject of data integrity in regulatory inspections, we have performed an internal assessment. We found several pieces of equipment, in particular analytical instruments, which do not meet the requirements (e.g., shared user access). We are concerned whether we can continue using this equipment under these circumstances. Can you advise?
A: Although data integrity is not a new concept, it is true that there has been an increased focus on data integrity in inspections by regulatory agencies globally, and this is very likely to continue unabated. You certainly did the right thing by assessing your current compliance level, which, it turns out, is not in substantial compliance with the regulations.
First, you must determine whether is it acceptable to continue to use these non-compliant systems for the manufacture of pharmaceutical products, and if so, under which circumstances. The regulators encourage a risk-based approach to compliance, though this must not be misinterpreted as being allowed to be non-compliant, rather, this compliance approach requires you to perform a risk assessment (i.e., you need to ascertain the risk to the patients should you continue using your out-of-compliance equipment).
Take for example, a tablet press that has been in operation for 15 years, which is in perfect working order and has no access controls. Anyone working on the machine can change the parameters and edit the stored data. This is not an acceptable situation. Preferably, one would implement technical solutions (perhaps a software upgrade), but where this is not an option or would take too long, one needs to consider procedural remedial actions. In this instance, this could include the verification of the settings by a second person, plus an amendment to the operating procedure, which would clearly define acceptable and unacceptable data handling (e.g., changing parameters). If neither technical nor procedural solutions lead to an acceptable risk level, I’m afraid, this piece of equipment must no longer be used.
Another example would be the use of a laboratory information management system (LIMS) by several operators sharing a user ID and password. If this is the case because of cost savings (purchasing a minimum number of licenses only), then this issue can be remedied almost immediately by purchasing the appropriate number of licenses and revising the operating procedure to mandate individual user IDs and passwords for all LIMS operators.
You did the right first step (i.e., assessing the as-is situation); however, you should not stop there. Now you must implement a company-wide data integrity policy and embed data integrity into your quality management system. Only by taking data integrity seriously, and implementing the appropriate processes, procedures, and systems within your company, will you be able to achieve full compliance with the data integrity requirements. This will give you peace of mind when an agency inspector calls next time.
BioPharm International
Vol. 31, No. 1
January 2018
Page: 54
When referring to this article, please cite it as S. Schmitt, “Meeting Data Integrity Requirements," BioPharm International 31 (1) 2018.
Regeneron Treatment for Multiple Myeloma Gets Conditional Marketing Approval from EC
April 29th 2025The indication is specific to patients who have received at least three prior therapies, including a proteasome inhibitor, immunomodulatory agent, and anti-CD38 monoclonal antibody, and have demonstrated disease progression on the last therapy.
MHRA Approves GSK Therapy Combinations for Multiple Myeloma
April 21st 2025Belantamab mafodotin is approved in combination with bortezomib plus dexamethasone in patients who have had at least one prior therapy, and in combination with pomalidomide plus dexamethasone for those who have had a prior therapy including lenalidomide.