Data Integrity: A

Regulator’s Perspective

Ciara Turley – Health Products Regulatory Authority

2015 PDA Data Integrity Seminar

12th May 2015, The Hilton Hotel, Charlemont Place, Dublin 2

Presentation Content
• What is Data Integrity
• Elements in inspection focus
• Sample deficiencies

59
 What is Data Integrity?
• Refers to maintaining and assuring the accuracy and
consistency of data over its entire life-cycle and is a
critical aspect to the design, implementation and usage
of any system which stores, processes or retrieves data
• Data is recorded exactly as intended, and upon later
retrieval, the data is the same as it was when it was
originally recorded

60
Data should be:
A – attributable to the person generating the data
L – legible and permanent
C – contemporaneous
O – original record or true copy
A – accurate

‘Metadata’ is the data about data and provides context

and relationship to the primary data thus preserving the
accuracy, completeness, content, and meaning.

61
Inspection focus
• EU Regulatory Requirements – Part I Chapter 4 and
Annex 11 and Part II
• Data integrity requirements applicable to:
– API and FP manufacturers, including contract
manufacturing
– Testing units, including contract laboratories
– Outsourced GMP activities such as equipment
qualification and calibration

62
Inspection focus - general
• Company understanding of computerised system
capabilities and transfer of data between systems
• Up to date listing of all relevant systems and GMP
functionality
• Control of networked & standalone instruments
• Policies and procedures detailing processing and
control of data

63
Inspection focus - qualification
• User Requirement Specification - should describe
the required functions of the computerised system
and be based on documented risk assessment and
GMP impact.
• Evidence of appropriate test methods and test
scenarios for parameter limits, data limits and
error handling
• Justification on the extent of validation and data
integrity controls documented through risk
assessment of the computerised system.

64
Inspection focus – system administration
• Configuration of systems – GxP functions
• Security of the system and user access levels –
appropriate segregation of duties
• Electronic signatures – use of individual and
generic passwords

65
Inspection focus - data
• Data processing and review
• Accuracy checks
• Potential for data manipulation and deletion
• Repeat testing / replicate data
• Date / time stamp manipulation
• Criteria used to invalidate data
• Data transfer to systems - Checks that data are not altered
in value and/or meaning (primary and meta data). Level of
checking should be statistically sound

66
Inspection focus – storage of data
• Regular back-ups of all relevant data should be
done. Integrity and accuracy of backup data and
the ability to restore the data should be checked
during validation and monitored periodically.
• Archived data should be checked for accessibility,
readability and integrity. If changes are to be
made to the system, then the ability to retrieve the
data should be ensured and tested

67
Inspection focus
• Audit trails - Consideration should be given, based
on a risk assessment, to building into the system
the creation of a record of all GMP-relevant
changes and deletions
• Vendors - Subject to Chapter 7 requirements,
assessment of competency of contractor to deliver
expectations.
• Change management - Changes to a part of the
system may pose a risk due to interdependencies.

68
Inspection focus
• Data Integrity included in risk assessments
• Data Integrity included in training programme
• Data Integrity included in self inspection
programme - justify frequency of periodic
evaluation based on system criticality and
complexity

69
Deficiencies - Computerised Systems
• A listing of GMP computerised systems was not maintained.
• The software utilised to control [equipment] had not been
categorised.
• Not all critical GxP systems were present. For example the
[Equipment] Program and Review software.
• While a statement of GxP or non-GxP was documented for Global
Systems, there was no associated documentation justifying the
statement.
• Computerised System Risk Assessments for critical systems were
not in place.
• There was no system description/boundary despite the critical
system being ‘live’.

70
Deficiencies - User Accounts
• It was possible for administrators to verify their own test result
recording in ERP. There were no procedural restrictions around this
and was hence considered to increase the overall risk of the
associated testing processes.
• The ‘system owner access level’ was not described.
• The removal of test accounts had not been considered by the
company prior to the system going ‘live’.
• [ERP] access configurations for the job roles within the site was not
adequately defined in that there was no documented correlation of
roles to the user access elements defined by the Global [ERP] group.
• System authorization concepts were not always considered in that
Users could be administrators with full system access and also have
batch manufacturing responsibilities.

71
Deficiencies - Audit Trails
• Audit trail comments on [the CDS] were not always sufficiently
detailed. For example, a number of changes were observed to have
been made to the integration method utilised on [a test] on [a date]
and these had a comment of ‘save’ documented.
• Operating System User Accounts were utilised to access the
<system>. There was no periodic review of Operating system audit
trails (logs) as appropriate and this was not justified.

72
Deficiencies - Qualification
• The qualification of the ERP system was considered deficient in that:
– The independent code review was not available for review
during the inspection.
– The actual observed results were not always documented within
the qualification records
– The procedure for electronic signatures data transfer to the ERP
system was not described in a procedure and was not qualified.
– There was no assessment of ERP database integrity.
• The decision not to test requirement [Electronic Signatures]
documented in [Rationale] was not considered to be justified in that
the referenced documents disclaimer stated that the information
should not be relied upon.

73
Deficiencies - Qualification
• The Virtual Private Network software had not been subject to GxP
assessment or qualification as appropriate.
• In relation to the back up and restoration of data
– There was no process for logging of media used to back up the
server systems.
– The maximum number of uses for the magnetic tapes was not
defined or the number of uses controlled.
– All backup activities on the site were not procedurised. For
example back up of the [Program] data from [Equipment] and
back up of certain [Equipment] PLC code was performed on an
ad-hoc basis using HDDs which were not stored in an
appropriate location.

74
Deficiencies - Periodic Evaluation
• The periodic assessment of computerised systems had not been
completed for all equipment. For example, [computerised system]
was installed [a long time ago] and at the time of the inspection
had not been reassessed.
• Periodic review of global applications was not performed and there
was no procedure in place for periodic review.
• The periodic system review of the <system> was <documented>.
The review stated that there was no requirement for audit trail
review as they were “displayed on the screen”. This was not
considered to justified. Further to this, there was no procedure in
place for periodic audit trail review.

75
Deficiencies - Change Management
• In relation to the testing associated with <IT Change Control
System>, the evidence for the appropriate test scenario was not
available for review. The system permitted only the most recent test
scenario for the process to be viewed. There was no evidence that
the system level risk assessment had been critically assessed prior
to this change in order to determine the appropriate test scenarios.
Further to this, the change to this production parameter had been
assigned as a non regulatory change i.e. not subject to GxPs.
• Change logs for <ERP> user access sub-role profiles were
maintained in an uncontrolled manner. E.g Z_XXX_XXX_XX_DATA,
the associated text box change log had three entries post
implementation of <IT Change Control System> whereas <IT
Change Control System> listed four valid changes for this profile

76
Deficiencies - Production
The following deficiencies were noted with regards to the blister
packaging machine
– There was no controlled recipe in place to confirm that parameter
settings on the machine were those approved.
– The time on the HMI was incorrect – the actual time (taken from the
wall clock in the packaging area was recorded at 12:15, the machine
time was displayed as 11:08.
– A generic operator password was in use
– Audit trails were not reviewed.
– The print out function was not enabled and there was no
assessment to determine if stored data could be securely
transferred or downloaded to storage media in an intelligible
format for review
– Manufacturing data since 2003 from a previous manufacturer /
owner was retained on machine.

77
Deficiencies - Production
The qualification and data integrity controls for the filling
machine were considered inadequate in that:
– There was no technical agreement with the vendor
– A single generic user name and password was used to access
and operate the equipment.
– The time setting on the software control was inaccurate.
– The audit trail could not be generated at the time of
inspection.
– The system and security for archiving of data was not known
– The User Requirement Specification did not specifically state
all the requirements for the machine and was not linked to
any critical process parameters / variables

78
Deficiencies - Production
• The company is advised that manufacturing
controls should be updated in line with technical
progress (ref. Directive 2003/94/EC, Article 5 (2)). In
particular fluid bed dryers should be equipped
with chart recorders to facilitate monitoring and
recording of the granulate drying process.
• The qualification / revalidation was deficient in
that there was no consideration of the impact of
updated requirements since the initial IOQ,
specifically Annex 11.

79
Deficiencies - Production
• In relation to Filter Integrity Testing:
– There were no controls around the number of
repeat FITs that could be performed in the
event of a filter failure for either product or vent
filters.
– There was no requirement to reconcile the
number of tests reported versus the number of
tests performed on the Pall units.
– Failed FIT runs were not recorded on form X
although the form required a ‘Pass/Test’ result
to be recorded.

80
Deficiencies - QC data
• There was no justification for the test injections of
samples including stability samples being run prior
to system suitability.
• There was no explanation for why areas changed
for test injections from test, test 1 and test 2, prior
to running the sample set. It was noted that when
the assay for test was calculated that this resulted
in an OOS result, whereas the result for test 2 was
within specification.
• The Empower list of users and user types did not
reflect the highest level of access a user had.
• Analysts with System Administrator access had the
ability to change custom fields including
calculations and sample names.
81
Deficiencies - QC data
• The company stated that sample injections were
being run as there were problems with the
systems, however; no evidence of this was
presented.
• The results of a processed test injection had been
deleted by an analyst with administrator access.
• There was no requirement to review raw data on
electronic systems.
• There was no requirement to review audit trails.
• Projects were not locked and it was possible to
reprocess results

82
Deficiencies - QC data
• There was no date / time stamp of printing on
analytical reports from ‘system’ (chromatograms,
methods and sample set data) to facilitate
traceability and ensure integrity of the data
• The procedure for test performance and review of
documents did not make reference to review of
the audit trail or review of soft copies of the
chromatograms on the ‘system’ network
• A number of sample sets and their associated
injections on the ‘X system’ in the stability
laboratory, were not all appropriately identified
and carried non descriptive titles, such as “trial”

83
Deficiencies - QC data
• No deviations or explanations had been documented for a
number of ‘altered sample’ incidences which were evident
from ‘X system’ project audit trails
• There was no date / time stamp of printing on analytical
reports from ‘X system’ (chromatograms, methods and
sample set data) to facilitate traceability and ensure integrity
of the data
• The procedure for test performance and review of
documents did not make reference to review of the audit
trail or review of soft copies of the chromatograms on the ‘X
system’ network
• Alterations to runs were frequently performed to add an
extra test or blank sample but there was no procedure in
place for this and the reason for the changes was generally
not recorded to a level of detail enabling the true reason for
the change to be determined
84
Deficiencies - QC data
• A number of sample sets and their associated injections on
the ‘X system’ in the stability laboratory, were not all
appropriately identified and carried non descriptive titles,
such as “trial”
• Management of the ‘X system’ was considered deficient as a
number of GxP functions were observed as not switched on
(e.g. Allow lock channels after sign off, Disallow use of
Annotation Tools etc). In addition, it was observed that a
statement by ‘X company’ reflected below the GxP function
window indicated that they recommended all GxP functions
to be switched on
• The LC Solution system (version ‘y.yyy’) for the ‘X’ HPLC
system was considered deficient in that all users could gain
‘Administrator’ access to the application system by using a
common username ‘Admin’ and no password

85
Deficiencies - QC data
• Raw data for HPLC/GC runs which had been invalidated due
to failed system suitability criteria were stored separately to
the QC raw data packages and were not included in the
review process. The ‘log for record of invalidated runs’ was
not incorporated under the quality management system and
invalidated runs were not always evaluated and documented
• Original run sequences which had been amended during
HPLC/GC runs were not printed and retained with the QC
raw data packages
• Full Audit Trail did not appear to be available for the ‘X’ data
acquisition system in that the different version numbers of
the processing methods were not all visible in the audit trail
(e.g. the current version of ‘Y’ method was 18 and only 7
lines were visible on the audit trail). In addition, there were
no data audit trails available on this system

86
Deficiencies - QC data
• For IT personnel with administrator rights it was possible to
copy, rename or delete files (i.e. chromatograms and
metafiles) in the system without it being tracked in an Audit
Trail
• The process of review of HPLC analytical data packages by
the QC checker does not require a formal review of the
electronic raw data or a review of the audit trails for the
processing method and instrument method associated with
the analysis sequence. In the examples reviewed printouts of
processing methods were not included with the QC raw data
packages for review
• There was no requirement for electronic review of GC
analytical data & relevant audit trails to be conducted during
the review and approval of QC data. In addition, the QC/QA
reviewers did not have access rights to the ‘X’ systems in
order to conduct such reviews

87
Deficiencies - QC records
• Entries made in training records, production logbooks and
QC records were made by staff that the company biometric
logging in record showed were not on site at the time that
the entry was purported to have been made
• QC equipment records logged the use of a specific HPLC
column for testing performed on site at a time when other
records showed that the same column had been transferred
to a contract testing laboratory
• Evidence of deleted TOC data files were noted. An analysis
file from ‘xxx’ date was observed in the deleted files/recycle
bin of the computer. A duplicate analysis file for the same
samples on the same day was found within the file structure.
There was no reference to the second file or any file deletion
either in the test records or the system logbook and no
explanation was offered during the inspection

88
Deficiencies - QC equipment
• The control of un-networked equipment (UV and
TOC) in the QC laboratory was deficient in that:
– A number of data discrepancies were noted in
the system file structure
– Repeated and unlabelled testing data folders
and test packages were observed
– At the time of the inspection the company
could not fully explain the discrepancies noted
– Software had not been qualified or validated to
demonstrate that the key functionality of the
system functioned as required

16th April 2015 89

Deficiencies - stability
• Stability data had discrepancies including:
– Initial records of secondary spots for TLC related substance tests
were later re-annotated to indicate that no secondary spot had
been identified
– Data recorded in summary reports were not reflective of the raw
data
– Summary reports were presented to the inspector for which the
supporting raw data could not be provided
– Missing raw data and summary report for batch of ‘X’ Tablets
where stability data had been used to support the risk
assessment of product remaining on the market in the EU
– Missing raw data and incorrect entries that were reviewed and
authorised as correct
– Some stability data presented to the inspector was from
product packed in different packaging to that supplied to the
market and therefore not relevant

90
Deficiencies - stability
• Stability data had discrepancies including:
- Initial records of secondary spots for TLC related
substance tests were later re-annotated to indicate
that no secondary spot had been identified
- Data recorded in summary reports were not
reflective of the raw data
- Summary reports were presented to the inspector
for which the supporting raw data could not be
provided

91
Deficiencies - stability
• Stability data had discrepancies including (cont’d):
- Missing raw data and summary report for batch of
‘X’ Tablets where stability data had been used to
support the risk assessment of product remaining
on the market in the EU
- Missing raw data and incorrect entries that were
reviewed and authorised as correct
- Some stability data presented to the inspector was
from product packed in different packaging to that
supplied to the market and therefore not relevant

92
EudraGMDP – Statements of Non-compliance
• Issues identified which compromised the integrity of
analytical data
– Evidence seen of data falsification
– Significant number of product stability data results
reported in the Product Quality Reviews had been
fabricated
– Neither hard copy nor electronic records available
– Issues seen with HPLC electronic data indicating
unauthorised manipulation of data and incidents of
unreported trial runs prior to reported analytical runs
– Record integrity and veracity - some records made up or
altered
– Lack of mechanisms to ensure integrity of analytical data

93
EudraGMDP – Statements of Non-compliance
• Critical deficiency cited with regards to testing of
finished product and stability testing related to
data integrity
– Deleted electronic files with no explanation
– The running of “trial testing” prior to
performing system suitability and the formal
testing
– Loss of control of reconciliation of samples -
those used for additional testing could not be
traced
– Manipulation and falsification of documents
and data observed in different departments

94
Summary
• You don’t need to be an IT expert, but you need to
know GMP requirements
• Understand the capability of your equipment,
know if it stores electronic data, assess if
parameters are changed what impact it will have.
• Integrity of data is not a ‘new’ regulatory
requirement.

95
References:
• EU Guidelines to GMP Part I and II
• EMA Questions and Answers: Good manufacturing
practice
• MHRA GMP Data Integrity Definitions and
Guidance for Industry March 2015
• HPRA presentations
- GMP information Day November 2014,
- Trinity QP Forum 2014 and 2015,
- ISPE GAMP Seminar April 2015

96