Data integrity: a regulatory perspective

Published: 16-Feb-2017

How does your lab stand up to increased scrutiny?

You need to be a subscriber to read this article.
Click here to find out more.

New guidance in 2016 under the auspices of the US Food and Drug Administration (FDA), the European Medicines Agency (EMA) and the Pharmaceutical Inspection Co-operation Scheme (PIC/S) will go a long way toward ensuring data integrity throughout the processes of testing, manufacturing, packaging, distributing and monitoring medicines. Ultimately, the goal is to encourage current good manufacturing processes (cGMPs) globally.

In recent years, industry has squarely fixated on the word “current.” It’s not enough for pharmaceutical companies to understand basic data integrity principles: to avoid deficiencies and possible penalties, they must embrace the most current technologies available today. Otherwise, it will be increasingly difficult to comply with enhanced data integrity requirements and prevent lapses.

To ensure that labs are current and in line with good data governance practices, they must achieve excellence in seven core areas.

Below is a review of those seven key areas and the current technologies that the most up-to-date industry players are deploying.

Validation documentation

In the US, FDA recommends that companies implement appropriate controls to manage risks associated with each element of a system, including software, hardware, personnel and documentation.

Validation of chromatography systems, for example, generally includes the installation qualification (IQ) and operational qualification (OQ) of instruments and software, as well as ongoing performance qualification (PQ).

As data becomes increasingly complex, however, labs are finding it much easier to manage validation using laboratory information management systems (LIMS) and chromatography data systems (CDS). Although software on its own cannot help labs to achieve full compliance, a combined LIMS and CDS can provide a key piece of the validation picture that regulatory bodies expect pharmaceutical companies to have in place.

A CDS provides certificates of software validation and supports documentation for onsite validation, offering fully automated software IQ and OQ and semi-automated templates for instrument IQ and OQ/PQ.

Meanwhile, the LIMS will have its own validation toolkit, controlling user training records and providing electronic standard operating procedure control.

Data transfer between systems

Data must be readable in its original form throughout the data lifecycle. This means that data must always be accessible and readable, even that from older software solutions.

A CDS is crucial here, offering built-in file transfer so that all relevant raw data, corresponding methods, sequence data, report formats and audit trails are included in the transfer. In addition, when a CDS and LIMS are integrated, labs can create multiple lifecycles to separately manage both compliant and non-compliant processes within the same system.

Data management software can also play a critical role in long-term data archiving and storage in vendor-neutral formats. When data are generated from multiple instruments across multiple labs, it becomes difficult to search, share and access that data. Without access, labs risk duplicating efforts or losing valuable time in translation.

A good data software management tool eliminates the need for manual and paper-based data handling, enabling operators to integrate instruments across the lab and centralise data capture.

Unlike simple data backup and archiving products, data manager software facilitates collaboration by allowing colleagues to share data for mining, comparison and visualisation without the need to restore the data to the original instrument workstation or install the instrument software separately on every computer.

Audit trails

New guidelines call for secure, computer-generated, time-stamped electronic records that allow for reconstruction of the “who, what, when and why.” Electronic record-keeping systems, which include audit trials, can fulfil these cGMP requirements.

For example, the Chromeleon CDS contemporaneously tracks and automatically generates data audit trails by capturing all changes made to data objects that are done within the application.

If, and only if the system administrator allows modifications to be made, then the data audit trail tracks changes and retains details for all versions, providing users with a means to quickly and easily compare all changes, deletions and additions. When needed, users can also reconstruct and revert back to prior versions.

Data capture/entry

Data integrity: a regulatory perspective

There are two primary types of data capture: static and dynamic. Static indicates a fixed-data document, such as a paper record or electronic image. Electronic records from certain lab instruments are dynamic, meaning the record format allows interaction between the user and record content. A CDS will capture data from instruments at the source, providing bidirectional communication and full audit trailing.

Labs may elect to implement a LIMS in addition to their CDS to enable fine control over samples and capture more granular data for compliance. And, to meet the latest regulatory requirements labs must also capture data from non-chromatographic instruments.

By bringing in data management software capability within a CDS and LIMS, labs can have a solution for every instrument — from balances and pH measures to inductively coupled plasma mass spectrometry (ICP-MS).

Review of electronic data

FDA recommends that audit trails are reviewed with each record and before final approval of the record. In addition, FDA recommends routine scheduled audit trail reviews based on the complexity of the system and its intended use, for which a CDS is instrumental. Within the CDS, users can review any instrument’s daily audit trail, search and filter for events, and add audits to reports for review.

Labs that rely on an advanced LIMS can also view any data at any time: SampleManager LIMS offers built-in scientific data management system (SDMS) functionality for this very purpose. It uses rapidly configured, sophisticated paperless review and approval procedures and has advanced datamining tools to review chromatography and mass spectrometry data, giving labs a complete overview and showing when processes are drifting toward non-conformance.

Storage, archival and disposal of electronic data

All data generated to satisfy a cGMP requirement become a cGMP record and must be documented at time of performance to create a compliant record. Chromatograms, for example, should be sent to long-term storage upon completion. Saving electronic data automatically into temporary memory does not meet documentation or retention requirements. A modern CDS will place acquired chromatographic data immediately into a secure database that supports long-term storage.

In addition, with a LIMS, labs can automatically save records after each separate entry to meet cGMP documentation practices. Labs can also capture simple data, such as weights from a balance or readings from a pH meter, directly in the LIMS record.

System security

Changes to records should only be made by authorised personnel. FDA recommends restricting the ability to alter specifications or methods to authorised individuals with access privileges for each cGMP computer system in use.

Although lab managers may have reservations about entrusting software with system security, using a LIMS and CDS actually gives labs the ability to control what users can do and access, monitoring users’ instruments and runs through e-signatures, e-reports, auditing and versioning. E-signatures are linked to electronic records, ensuring the signature cannot be excised, copied or otherwise transferred, prohibiting the falsification of electronic records.


As data become more complex, pharmaceutical companies must constantly upgrade their systems and processes to ensure data integrity. They must endeavour to always be current. Although software and related technologies are just part of a company’s compliance strategy, they are critically important.

Ensuring data integrity isn’t a one-and-done exercise, there are many boxes to check, including those described in the seven areas above. Meeting increasingly more complex cGMP requirements around the world won’t get any easier; but, thanks to technologies such as LIMS and CDS, especially when tightly integrated, the road ahead might be easier than many think.

You may also like