Category Archives: Guidance from Regulators

Data Integrity – What is Means for You

data-integrityHello good people of the world! Data integrity is an important topic in the information age and has come into focus for regulatory agencies as more and more parts of manufacturing processes become automated. Agencies know that data integrity can directly affect drug quality.

This post covers the MHRA (UK) guidance on data integrity version 2, released March, 2015, which can be found here.

The guidance document defines data integrity as “the extent to which all data are complete, consistent, and accurate throughout the data lifecycle.”

Of course, the concept of data integrity also applies to paper records, but it is the novelty and complexity of computerized systems that makes data integrity applied to electronic records a subject worthy of discussion and exploration. While we’ve had generations to get used to maintaining paper records, electronic records are relatively new, and the best practices for assuring data integrity may still be maturing.

Raw electronic data typically comes from one of four sources:

  1. Direct data capture via instrument/device output (e.g. temperature transmitter, valve actuator feedback, etc.)
  2. Capture of data stream from another computerized system (e.g. electronic chart recorder, electronic scale, etc.)
  3. Automated import of data from another computerized system (e.g. event or alarm log, recipe, etc.)
  4. Manual entry via HMI (Human-Machine Interface)/OIT (Operator Interface Terminal)

Each of these methods is subject to qualification/validation. Method #4 is a unique case in that is may require secondary verification by a separate operator or, in some cases, a supervisor, for critical data or any case where data is being transcribed from another location (electronic or paper-based).

The rules that apply to paper-based data also apply to electronic data. Data must be (ALCOA):

  • Attributable – it must be clear who made the entry
  • Legible – it must be clear what the entry is
  • Contemporaneous – the data must be recorded at the time of action/event
  • Original – the data must be raw
  • Accurate – the data must be correct, complete, and accurate

In order to maintain electronic data integrity, the following concepts are applied:

  1. Access Control
    • Each user shall be uniquely identified
    • Password controls shall be adequate
    • User’s shall have only the permissions necessary to perform their job functions
    • A list of current and historic users shall be maintained
  2. Change Control
    • Changes to the system shall be controlled and only available to authorized users
  3. Training
    • All users shall have the training necessary to perform their job functions
  4. Record and Retain Data
    • Required data shall be recorded ALCOA and retained through the lifecycle
  5. Audit Trail
    • Modifications to raw data shall be recorded in an audit trail, with who made the change, the original data, the modified data, when the change was made, and why
    • The audit trail may also record system events, transactions, logins, etc.
  6. Review Data
    • Data shall be available for review
  7. Backup Data
    • Data shall be backed up to ensure redundancy and eliminate any single point of failure

Originally, audit trails only captured changes to raw data, the way a line-out would capture a correction on a paper record. Now, much more may be expected of the audit trail, and audit trail functionality may consist of multiple system reports, for example record of logins (attempted and successful), application transactions, any change to application data or metadata. In addition, the audit trail report is expected to:

  • Record the original and modified values of any data change with user and date/time stamp
  • Not be editable
  • Be viewable and understandable by end-users (that means no foreign key values or other coded/hex values please!)
  • Be reviewed as part of batch release
  • Be regularly backed up

Some more considerations around your audit trail:

  1. Do administrators have the ability to modify or disable the audit trail? If yes, how to control the added risk
  2. Does the audit trail contain enough data to allow robust data review?
  3. Do the items in the audit trail include enough relevant items that will permit the reconstruction of the process or activity?
  4. What is the process for audit trail review?

Some more considerations around your user access procedures:

  1. Is there a procedure that describes how access is granted to a user, defines each user group, and their access levels?
  2. Is user access granted only after a documented training has been completed?
  3. Do users have only access rights appropriate for their job role (tied to SOP ideally)?
  4. Is it clear what rights to a specific individual (e.g. via user rights report)?
  5. Is historical information regarding user access levels available?
  6. Are shared logins or generic user access accounts used? Should avoid these!
  7. Is administrator access restricted to the minimum number of people required? Don’t want excessive numbers of admins!
  8. Is the generic administrator account available for use? Don’t allow this!

How do you assure data integrity in your organization?

Like this MWV (Mike Williamson Validation) blog post? Be sure to like, share, and subscribe!

WHO’s Draft Guidelines on Validation May 2016

Hello good people of the world! On May 15, 2016, the World Health Organization released its draft Guidelines on Validation. It is available on the WHO website for download here.

This post covers my review of the guidance. Continue reading WHO’s Draft Guidelines on Validation May 2016

Controlled Room Temperature

Temperature

Hello good people of the world! Today’s post is about controlled room temperature, which is of importance for any space holding drug products, including manufacture, storage, and transportation. Storage temperature requirements are closely related to drug stability, so are an important focus of regulatory agencies.

US pharmacopeia has at least two applicable monographs:

Good Storage and Shipping Practices

and

Pharmaceutical Stability

ISPE summarizes the general industry approach nicely in the Good Practice Guide on Cold Chain Management (not free but available here):

“‘Controlled room temperature’ indicates a temperature maintained thermostatically that encompasses the usual and customary working environment of 20° to 25°C (68° to 77°F); that results in a mean kinetic temperature calculated to be not more than 25°C; and that allows excursions between 15° and 30°C (59° and 86°F) that are experienced in pharmacies, hospitals, and warehouses.”

How do you control your room temperature space? Leave a comment below and please share this post with whomever you think would benefit.

Like this MWV (Mike Williamson Validation) blog post? Be sure to like, share, and subscribe!

Revision to EudraLex Volume 4 August 2014

EU

Hello good people of the world! Another short post today, this one on the revision to EudraLex Volume 4 (GMPs) dated 13 August 2014. The revision is here. A short revision, the changes include updates to Chapter 3 (Premises and Equipment) and Chapter 5 (Production) around prevention of cross-contamination and qualification of suppliers.

Of note is the increased guidance around the use of quality risk management principles.

The revision will come into affect in March 2015.

What do you think of these changes? How will you adjust your quality program, if at all?

Like this MWV (Mike Williamson Validation) post? Be sure to like, share, and subscribe!

Environmental Control and Monitoring for Aseptic Processing

Petri dish

Hello good people of the world! Today’s post is an overview of environmental control and monitoring for aseptic processing.

Applicable references for the US are:

  • FDA Guideline for “Sterile Drug Products Produced by Aseptic Processing” September, 2004
  • FDA Guideline for the submission of “Documentation for Sterilization Process Validation in Applications for Human and Veterinary Drug Products”
  • 21 CFR Part 211 — Current Good Manufacturing Practices for Finished Pharmaceuticals

Purpose:

Environmental control is designed to prevent microbiological contamination of sterile products.

Environmental monitoring is designed to detect microbiological contamination in aseptic processing areas.

Scope: Environmental control and monitoring is a required part of aseptic processing, i.e. where “terminal” sterilization is not possible. Terminal sterilization means the finished drug product is sterilized at the last step of the process via heat, radiation or other. Many pharmaceuticals and most biologics do not tolerate terminal sterilization, thus the importance of aseptic processing.

Control Considerations:

  1. Air particle count: maintaining air particle counts is critical to aseptic processing, because particles themselves can be harmful, and likely carry microorganisms.
  2. Cleanroom design: for the aseptic core (where critical aseptic process steps occur, e.g. where product is open to the environment) the FDA recommends class 100. The core should surrounded by class 1,000 or class 10,000 areas.
  3. Air pressure differentials: the FDA recommends a 10-15 Pascal pressure differential between rooms of differing classification, with the higher pressure in higher-class rooms, so that air naturally flows outward to the lower class rooms.
  4. HEPA filtration: High Efficiency Particulate Air (HEPA) filters should be used in class 100 rooms to aid in particle removal
  5. Equipment: should be cleanable and non-shedding. Stainless steel is the preferred material of construction for equipment surfaces.
  6. Process design: processes should be designed with minimizing contaminate risks in mind (e.g. don’t force operators to reach over open product)
  7. Process Validation: media runs should be performed to demonstrate the process can run aseptically

Monitoring Considerations:

  1. Air quality measurements should look at viable and nonviable particulate levels
  2. Particle counting: ongoing monitoring should look at particle counts in critical areas
  3. Active sampling: devices such as impaction and membrane samplers should be used to evaluate aseptic processing areas
  4. Passive sampling: settling plates should be used to collect microbial information
  5. WFI and other excipients: should be routinely tested for microbial/particulate load
  6. Personnel: the greatest single contributor of particulates and microbes in a cleanroom. Steps (training, gowning, testing) must be taken to minimize risk

Like this MWV (Mike Williamson Validation) post? Be sure to like, share, and subscribe! 

EU Guidance Revision: EudraLex Volume 4, Annex 15, Qualification and Validation

 

European Commission

Hello good people of the world! On February 6, 2014 the European Commission released a draft revision of EudraLex Volume 4, Annex 15 “Qualification and Validation” for comments.

The previous version (latest approved at the time of this blog post) is available here.

The new draft version is here.

Differences:

General: the guidance has increased from 11 pages to 17, with added sections on “Verification of Transportation,” “Validation of Packaging,” “Qualification of Utilities,” “Validation of Test Methods,” and “Cleaning Validation.”

Detailed differences in each section are highlighted below. Continue reading EU Guidance Revision: EudraLex Volume 4, Annex 15, Qualification and Validation