Content uploaded by Shmmon Ahmad
Author content
All content in this area was uploaded by Shmmon Ahmad on Oct 18, 2021
Content may be subject to copyright.
Content uploaded by Shmmon Ahmad
Author content
All content in this area was uploaded by Shmmon Ahmad on Jul 28, 2021
Content may be subject to copyright.
Content uploaded by Shmmon Ahmad
Author content
All content in this area was uploaded by Shmmon Ahmad on Jul 28, 2021
Content may be subject to copyright.
Content uploaded by Shmmon Ahmad
Author content
All content in this area was uploaded by Shmmon Ahmad on Jul 01, 2019
Content may be subject to copyright.
~ 306 ~
The Pharma Innovation Journal 2019; 8(1): 306-313
ISSN (E): 2277- 7695
ISSN (P): 2349-8242
NAAS Rating: 5.03
TPI 2019; 8(1): 306-313
© 2019 TPI
www.thepharmajournal.com
Received: 17-11-2018
Accepted: 20-12-2018
Shmmon Ahmad
Glocal School of Pharmacy,
Glocal University, Mirzapur
Pole, Saharanpur,
Uttar Pradesh, India
Ashok Kumar
Glocal School of Pharmacy,
Glocal University, Mirzapur
Pole, Saharanpur,
Uttar Pradesh, India
Dr. Abdul Hafeez
Assistant Professor, Glocal
School of Pharmacy, Glocal
University, Saharanpur,
Uttar Pradesh, India
Correspondence
Shmmon Ahmad
Glocal School of Pharmacy,
Glocal University, Mirzapur
Pole, Saharanpur,
Uttar Pradesh, India
Importance of data integrity & its regulation in
pharmaceutical industry
Shmmon Ahmad, Ashok Kumar and Dr. Abdul Hafeez
Abstract
Data integrity is an important current issue for regulators around the world. During inspections a
multitude of problems being found by the pharmaceutical regulatory agency because poor practices
develop the substandard product for patients. Collection of various types of information and results
collectively made in the form of data. This data becomes one of the most valuable assets of any
organization but without integrity, this data is not much useful. Accuracy and original data increase the
chances of stability and performance of an organization.
Data integrity is the extent to which all data are complete, consistent and accurate throughout the life
cycle of data. It includes Good Documentation Practice which leads to preventing data from being
altered, copied or moved. In data integrity, data means all original records including source data and
metadata which may be recorded in paper or electronic form. To assure the data integrity many
regulatory bodies such as USFDA, Health Canada, and EMEA recommended the use of ALCOA
(Attributable, Legible, Contemporaneous, Original and Accurate).
Keywords: Data integrity, ALCOA, regulatory body, USFDA, 21-CFR
Introduction
The data quality is referred to as “Data Integrity.” It is maintaining and assuring the accuracy
and consistency of data over its entire life-cycle. Data integrity means that the data is accurate
and reliable. Research and processing Information collected and resulting in an increasing
amount and varied types of data being collected. This data is very important, but without
integrity, this data not have much value. [1]. Data is information that has been translated into a
form that is efficient for movement or processing, It has become one of the most valuable
assets of any company project or research. The better data integrity a company has, the more
ethically successful it is likely to become growth. Poor data integrity practices and
vulnerabilities undermine the quality of records and evidence and may ultimately undermine
the quality of medicinal products. Data integrity applies to all elements of the Quality
Management System and the principles herein apply equally to data generated by electronic
and paper-based systems. The responsibility for good practices regarding data management
and integrity lies with the manufacturer or distributor undergoing inspection. They have full
responsibility and a duty to assess their data management systems for potential vulnerabilities
and take steps to design and implement good data governance practices to ensure data integrity
is maintained [1].
Data integrity is the issue of maintaining and ensuring the accuracy and consistency of data
over its lifecycle. This includes good documentation practice, good data management
practices, such as preventing data from being altered each time it is copied or moved. Data
integrity applies to both paper records and electronic records. Processes and procedures are put
in place for companies to maintain data integrity during normal operation [1].
As per MHRA, GMP data integrity guidance for industry March 2015. Data Integrity is
defined as “the extent to which all data are complete, consistent and accurate, throughout the
data lifecycle” and is fundamental in a pharmaceutical quality system which ensures that
medicines are of the required quality [1].
The word integrity evolved from the Latin adjective integer, meaning whole or complete [2].
Integrity is the qualifications of being honest and having strong moral principles; moral
uprightness. It is generally a personal choice to hold oneself to consistent moral and ethical
standards [3]. In ethics, integrity is regarded by many as the honesty and truthfulness or
accuracy of one's actions. Integrity can stand in opposition to hypocrisy. It’s the inner sense of
"wholeness" deriving from qualities such as honesty and consistency of character as such, one
~ 307 ~
The Pharma Innovation Journal
May judge that others "have integrity" to the extent that they
act according to the values, beliefs, and principles they claim
to hold [2]. So integrity is the “Doing the Right Thing for the
Right Reason". It is a personal choice, an uncompromising
and predictably consistent commitment to honour moral,
ethical spiritual and principles" [3].
Significant attention is given to the subject of integrity in law
and the conception of law in 20th century philosophy of law
and jurisprudence centering in part on the research of “Ronald
Dworkin” as studied in his book Law's Empire. Dworkin's
position on integrity in law reinforces the conception of
justice viewed as fairness [2].
Before a pharmaceutical product available for a patient, the
manufacturing company has to present evidence of efficacy
and safety. For this, they have to run trial studies and lab
testing. ALCOA in pharmaceuticals is used to ensure that the
quality of the evidence collected is maintained as per
regulatory guidelines. Many regulatory bodies as the FDA,
Health Canada and the EMEA recommend the use of ALCOA
to ensure good documentation practices in pharmaceuticals [4].
ALCOA: ALCOA is defined by US FDA guidance as
Attributable, Legible, Contemporaneous, Original and
Accurate. It relates to data, whether paper or electronic and
these simple principles should be part of your data lifecycle,
GDP, and data integrity initiatives [4]. It helps in developing
strategies so that the integrity of the evidence is maintained
both in research and manufacturing. The aspects of ALCOA
in pharmaceuticals have been discussed below:
Attributable: Attributable means that the evidence or every
piece of data entered into the record must be capable of being
traced back to the person collecting it. This ensures
accountability. This contains a record of who performed an
action and when. This could be a paper or electronic record [4].
It requires the use of secure and unique user logins and
electronic signatures. Using generic login IDs or sharing
credentials must always be avoided. Unique user logons allow
for individuals to be linked to the creation, modification, or
deletion of data within the record [6]. It should be possible to
demonstrate that the function was performed by trained and
qualified personnel. This applies to changes made to records
as well: corrections, deletions, changes, etc [1].
Legible: The record created, especially the paper-based
records should be legible. The records should be permanent
and not erasable so that they are reliable throughout the data
lifecycle [4]. The terms legible and traceable and permanent
refer to the requirements that data are readable,
understandable, and allow a clear picture of the sequencing of
steps or events in the record [8]. This is very important in the
pharmaceutical industry as a mistaken spelling could result in
the administering of a completely different drug [4]. For an
electronic record to be considered legible, traceable and
permanent. Prohibit the creation of data in temporary memory
as well as immediately committing data to a permanent
memory before moving on [6].
Contemporaneous: Contemporaneous is the evidence of
actions, events or decisions should be recorded as they take
place or generated [8]. This documentation should serve as an
accurate attestation of what was done, or what was decided
and why i.e. what influenced the decision at that time [5]. If
executing a validation protocol, tests should be performed and
their results recorded as they happen on the approved protocol
[8].
Original: The original data sometimes referred to as source
data or primary data whether recorded on paper (static) or
electronically. Information that is originally captured in a
dynamic state should remain available in that state [1]. This
could be a database, an approved protocol or form, or a
dedicated notebook. It is important where your original data
will be generated so that its content and meaning are
preserved. For example: Ensure validation test results are
recorded in the approved protocol. Recording results in a
notebook for transcription later can introduce errors and if
your original data is handwritten and needs to be stored
electronically, ensure a “true copy” is generated, the copy is
verified for completeness and then migrated into the
electronic system. [3]
Accurate: The recorded data should be correct, truthful,
complete, valid, reliable, free from errors and reflective of the
observation [7]. Editing should not be performed without
documenting and annotating the amendments. For example, if
witness checks are used for critical data collection. Videos of
the record making process are also gaining acceptability in
this regard. These standards make sure that the data is
collected and processed with integrity [4]. ALCOA in
pharmaceuticals helps both the companies and the users
making it sure that there are no record-keeping errors due to
which some sub-standard product is released onto the market.
Therefore, ALCOA is a necessity for maintaining quality in
the pharmaceutical field [4].
ALCOA-plus: It is an implicit basic ALCOA principle
commonly used an acronym for “attributable, legible,
contemporaneous, original and accurate”, which puts
additional emphasis on the attributes of being complete,
consistent, enduring and available [4].
Data: Data is the original records and true copies of original
records, including source data and metadata and all
subsequent transformations and reports of these data, which
are generated or recorded at the time of the GXP activity and
allow full and complete reconstruction and evaluation of the
GXP activity. Data should be accurately recorded by
permanent means at the time of the activity. Data may be
contained in paper records (such as worksheets and
logbooks), electronic records and audit trails, photographs,
microfilm or microfiche, audio- or video files or any other
media whereby information related to GXP activities is
recorded [9]. The data on which these decisions are based
should, therefore, be complete as well as be being attributable,
legible, contemporaneous, original and accurate, commonly
referred to as “ALCOA” [8]. Data retention may be classified
as archive or backup.
Archival: It is the process of protecting records from the
possibility of further alteration or deletion, and storing these
records under the control of dedicated data management
personnel throughout the required records retention period.
[10] Archived records should include, for example, associated
metadata and electronic signatures [4].
Raw Data: Raw data was described in 21 CFR 58.3 a “Raw
data means any laboratory worksheets, records, memoranda,
~ 308 ~
The Pharma Innovation Journal
notes, or exact copies thereof, that are the result of original
observations and activities of a nonclinical laboratory study
and are necessary for the reconstruction and evaluation of the
report of that study” [11]. Means it is an original record and
documentation, retained in the format in which they were
originally generated (i.e. paper or electronic), or as a ‘true
copy’.
Raw data must be contemporaneously and accurately
recorded by permanent bases. In the case of basic electronic
equipment which does not store electronic data, or provides
only a printed data output (e.g. balance or pH meter), the
printout constitutes as the raw data [5].
Meta Data: Metadata is the data that describes the attributes
of other data, and provides context and meaning [1]. Metadata
describe the structure, data elements, inter-relationships and
other characteristics of data. It is structured information that
describes, explains, or otherwise makes it easier to retrieve,
use, or manage data [10]. They also permit data to be
attributable to an individual. For example, in weighing the
number 8 is meaningless without metadata, i.e. the unit, mg.
Other examples of metadata may include the time/date stamp
of the activity, the operator ID of the person who performed
the activity, the instrument ID used, processing parameters,
sequence files, audit trails and other data required to
understand data and reconstruct activities [9]
Static Data: A static record format is a fixed data document
(e.g., paper record or an electronic image) [12], It is one that is
fixed and allows no or very limited interaction between the
user and the record content. For example, once printed or
converted to static pdf, chromatography records lose the
capabilities of being reprocessed or enabling more detailed
viewing of baselines or any hidden fields [9].
Dynamic Data: Many electronic records are important to
retain in their dynamic format, such as electronic records, to
enable interaction with the data. Data must be retained in a
dynamic form where this is critical to its integrity or later
verification. This should be justified based on risk [5].
Dynamic record format allows an interactive relationship
between the user and the record content [12]. For example,
electronic records in database formats allow the ability to
track, trend and query data; chromatography records
maintained as electronic records allow the user to reprocess
the data, view hidden fields with proper access permissions
and expand the baseline to view the integration more clearly
[9].
Electronic Data: This includes data from ERP software used
for controlling quality systems, laboratory electronic data and
records, etc [10].
Quality Risk Management (QRM): This refers to a
systematic process for the assessment, control,
communication and review of risks to the quality of the drug
(medicinal) product across the product life cycle [10]
Data Life Cycle: Data lifecycle is a planned approach to
assessing and managing risks to data in a manner
commensurate with potential impact on patient safety, product
quality and/or the reliability of the decisions made throughout
all phases of the process [9] include the life of the data
(including raw data) from initial generation and recording
through processing (including transformation or migration),
use, data retention, archive / retrieval and destruction [5, 1]
True Copy: True copy is an exact verified copy of an original
record (e.g. analytical summary reports, validation reports
etc.) of data [1, 5]. That has been certified to confirm it is an
exact and complete copy that preserves the entire content and
meaning of the original record, including in the case of
electronic data, all metadata and the original record format as
appropriate [10]. These records must be controlled during their
life cycle to ensure that the data received from another site
(sister company, contractor etc.) are maintained as “true
copies” [1].
Data Governance System: The data governance system
should be integral to the pharmaceutical quality system
described in EU GMP [5]. The rationale for this is based on
MHRA’s interpretation of ICH Q10 on Pharmaceutical
Quality Systems (PQS) [13]. as per MHRA guidance, the data
governance system is “The sum total of arrangements to
ensure that data, irrespective of the format in which it is
generated, is recorded, processed, retained and used to ensure
a complete, consistent and accurate record throughout the data
lifecycle” [9, 13]. The totality of arrangements to ensure that
data, irrespective of the format in which they are generated, is
recorded, processed, retained and used to ensure a complete,
consistent and accurate record throughout the data life cycle
[1].
The effort and resource assigned to data governance should be
commensurate with the risk of product quality and should also
be balanced with other quality assurance resource demands.
As such, manufacturers and analytical laboratories are not
expected to implement a forensic approach to data checking
on a routine basis, but instead design and operate a system
which provides an acceptable state of control based on the
data integrity risk, and which is fully documented with
supporting rationale [5]. The organization shall appoint a task
force to govern the overall data reliability process. A robust
data governance approach will ensure that the data is
complete, consistent and accurate, irrespective of the format
in which data is generated, used or retained [10].
GxP: GxP is an acronym for the group of Good Practice
Guides governing the preclinical, clinical, manufacturing and
post-market activities for regulated pharmaceuticals,
biologics, medical devices, such as good laboratory practices,
good clinical practices good manufacturing practices and
good distribution practices [9].
Importance of Data Integrity: Regulators increased
attention to data integrity for several years, the FDA and other
global regulatory bodies have emphasized the importance of
accurate and reliable data in assuring drug safety and quality
[14]
World Regulatory Guidance on Data Integrity
USFDA: 21-CFR: 21-CFR (Code of Federal Regulation) is a
codification of the general and permanent rules published in
the federal register by the executive departments and agencies
of the Federal Government. Title 21 of the CFR is reserved
for rules of the Food and Drug Administration. Each
title/volume of the CFR is revised once each calendar year on
approximately April 1st of each year [15].
~ 309 ~
The Pharma Innovation Journal
MHRA: MHRA guidance on GMP data integrity
expectations for the pharmaceutical industry the guidance is
intended to complement existing EU GMP relating to active
substances and dosage forms. Data integrity is fundamental in
the pharmaceutical quality system which ensures that
medicines are of the required quality [5].
TGA: Australian regulatory body Therapeutic Goods
Administration (TGA) give the requirement of data integrity
in the form of deficiency. A deficiency in a practice or
process that has produced, or may result in, a significant risk
of producing a product that is harmful to the user. Also occurs
when it is observed that the manufacturer has engaged in
fraud, misrepresentation or falsification of products or data
[16].
cGMP: As a reflection of the importance of this issue FDA
released guidance on Data Integrity and Compliance with
cGMP within the guidance itself the FDA notes the trend of
increasing data integrity violations. [14]. cGMP compliant
record-keeping practices prevent data from being lost or
obscured. FDA’s authority for cGMP comes from FD&C Act
section 501 a drug shall be deemed adulterated if “the
methods used in, or the facilities or controls used for, its
manufacture, processing, packing, or holding do not conform
to or are not operated or administered in conformity with
current good manufacturing practice to assure that such drug
meets the requirement of the act as to safety and has the
identity and strength, and meets the quality and purity
characteristics, which it purports or is represented to possess”
[12].
Good Documentation Practices. In the context of these
guidelines, good practices are those measures that collectively
and individually ensure documentation, whether paper or
electronic, is attributable, legible, traceable, permanent,
contemporaneously recorded, original and accurate [10].
WHO: Essential medicines and health products, WHO
launches data integrity guidelines to protect patients all over
the world. WHO proposed a guideline on international good
practice for regulatory authorities and inspectors that can help
reduce incidents of incomplete presentation of data by
manufacturers or deliberate data falsification? While us
developing a medicine and bringing it to market. It involves a
multitude of actors and activities, a fundamental step is linked
to the robustness and accuracy of the data submitted by
manufacturers to national regulatory authorities. That data
must be comprehensive, complete, and accurate and true to
assure the quality of studies supporting applications for
medicines to be put on the market. It also must comply with a
number of standards, namely: good manufacturing practices
(GMP), good clinical practice (GCP) and good laboratory
practices (GLP) [17].
EME: The European Medicines Agency (EMA) has released
new Good Manufacturing Practice (GMP) guidance to ensure
the integrity of data that are generated in the process of
testing, manufacturing, packaging, distribution, and
monitoring of medicines. Regulators rely on these data to
evaluate the quality, safety, and efficacy of medicines and to
monitor their benefit-risk profile throughout their life cycle.
Good controlling of data records helps to ensure that the data
generated are accurate and consistent and help to take good
decision making by pharmaceutical manufacturers and
regulatory authorities [18].
Management Responsibility: It is common observation
management using ‘Rule by Fear’ method with employees
(for example- employee do what employer are told him). This
leads to a culture of fear and blame and an inability of
employees to challenge and not follow regulatory guidelines.
Poor education could lead to bad decisions or
inappropriate behaviour based on knowing ‘How’ but not
‘Why Complex systems and systems with inappropriate
design can encourage and, at times, even force bad
practices.
An employee should be encouraged to take advantage of
an open-door route to organization top management when
it comes to raising compliance issues and discussing
potential compliance concerns pertaining to data
reliability [10].
Fig 1: Role of employee and management in Data integrity
Warning Letter and Compliance Issue: The risks of non‐
compliance increase with the number of NDAs/ANDAs and
facilities, as increased scrutiny comes with scale and
regulatory authorities are willing to send warnings to multiple
sites based on the review of one site. A pharmaceutical
manufacturer’s lever to pull to reduce the risk of regulatory
action is in improving Data Integrity. Doing so may provide a
sustainable advantage in a highly competitive market [2].
As Jan 2018 analysis by GMP (good manufacturing practices)
intelligence expert, Barbara Unger, approximately 65 percent
of all US Food and Drug Administration (USFDA) warning
letters issued in FY2017 (October 1, 2016, until September
30, 2017) included a data integrity component. [19]. In 2017,
FDA released 476 warning letters. Top FDA warning letter
violations were (1) adulterated products, (2) misbranded
products, (3) unsanitary conditions and (4) unapproved new
drugs [20]. Out of which 32% issued to China and 28% to
India. China and India, taken together, account for 80 percent
of the import alerts associated with warning letters. They are
prevented from selling product from these sites in the U.S [21].
~ 310 ~
The Pharma Innovation Journal
Fig 2: Drug GMP warning letters issued from FY2013 to 2017 regarding Sites
From the stating days of discovery of issues relating to data
validity and reliability, it is important that their potential
impact on patient safety and product quality and on the
reliability of the information used for decision-making and
applications are examined as matters of top priority.
Respective health authorities shall be notified if the
investigation identifies the material impact on patients,
products and reported information or on application dossiers
[10]. Data Reliability Auditors are responsible for performing
scheduled and unscheduled data reliability assessments
(DRAs) and inspections at sites as per authorized data
reliability checklists with the help of trained data reliability
auditors
Auditors are responsible for ensuring compliance related to
the discrepancies identified during the inspection
Common Data Integrity Issues
User privileges: The system configuration for the
software does not adequately define or segregate user
levels and users have access to inappropriate software
privileges such as modification of methods and
integration.
Common passwords: Where analysts share passwords, it
is not possible to identify who creates or changes records,
thus the A in ALCOA is not clear.
Computer system control: Laboratories have failed to
implement adequate controls over data, and unauthorized
access to modify, delete, or not save electronic files is not
prevented; the file, therefore, may not be original,
accurate, or complete. [1]
Audit Trail capture: FDA recommends that audit trails
capturing changes to critical data be reviewed with each
record and before final approval of the record.
Audit trails subject to regular review should include, for
example, changes to finished product test results, sample
run sequences, sample identification, critical process
parameters [12].
Overwriting
Runs that have been aborted
Testing into compliance
Deleting data
Backdating
Altering data
Expected Approach: Expectations have been communicated
by the regulatory agencies in a variety of forms, including
regulations and guidance documents from the USFDA,
MHRA, EMA, and WHO [23].
Data integrity requirements equal to paper (manual) and
electronic data. Manufacturers and analytical laboratories
should be aware of reverting from automated/computerized to
manual/paper-based systems will not in itself remove the need
for data integrity controls. This may also constitute a failure
to comply with Article 23 of Directive 2001/83/EC, which
requires an authorization holder to take account of scientific
and technical progress and enable the medicinal product to be
manufactured and checked by means of generally accepted
scientific methods. Designing systems to assure data quality
and integrity systems should be designed in a way that
encourages compliance with the principles of data integrity.
For examples: Attribution of actions in paper records should
occur, as appropriate, through the use of Initials, full
handwritten signature or personal seal [5]
Expectations for Electronic: Designing and configuring
computer systems and writing standard operating procedures
(SOPs), as required, that enforce the saving of electronic data
at the time of the activity and prior to proceeding to the next
step of the sequence of events (e.g. controls that prohibit
generation and processing and deletion of data in temporary
memory and that instead enforce the committing of the data at
the time of the activity to durable memory prior to the next
step in the sequence),
Use of secure, time-stamped audit trails that
independently record operator actions,
Unique user logons that link the user to actions that
create modify or delete data or electronic signatures,
(either biometric or non-biometric).
Electronic signature and record-keeping requirements in
21 CFR part 11 apply to certain records subject to record
requirements set forth in the regulations (i.e., 210, 211,
and 212) [12].
Outline back-up copies of original electronic records
stored in other location as a safeguard in case of a
disaster that causes loss of the original electronic records,
controlled and secure storage areas, including archives,
for electronic records;
~ 311 ~
The Pharma Innovation Journal
Access to clocks for recording timed events
Accessibility of batch records at locations where
activities take place so that ad hoc data recording and
later transcription to official records is not necessary
Control over blank paper templates for data recording
User access rights which prevent (or audit trail) data
amendments
Automated data capture or printers attached to equipment
such as balances
Proximity of printers to relevant activities
Access to sampling points (e.g. for water systems)
Access to raw data for staff performing data checking
activities.
Sharing login ID: Use of authority checks to ensure that only
authorized individuals can use the system, electronically sign
a record, access the operation or computer system input or
output device, alter a record, or perform the operation at hand.
[22]
Electronic signature: Determination that persons who
develop, maintain, or use electronic record/electronic
signature systems have the education, training, and experience
to perform their assigned tasks. Persons who use closed
systems to create, modify, maintain, or transmit electronic
records shall employ procedures and controls designed to
ensure the authenticity, integrity, and, when appropriate, the
confidentiality of electronic records, and to ensure that the
signer cannot readily repudiate the signed record as not
genuine. Such procedures and controls shall include the
following:
a) Validation of systems to ensure accuracy, reliability,
consistent intended performance, and the ability to
discern invalid or altered records.
b) The ability to generate accurate and complete copies of
records in both human readable and electronic form
suitable for inspection, review, and copying by the
agency. Persons should contact the agency if there are
any questions regarding the ability of the agency to
perform such review and copying of the electronic
records.
c) Protection of records to enable their accurate and ready
retrieval throughout the records retention period.
d) Limiting system access to authorized individuals. [22]
Expectations for Paper: Paper record should be legible,
traceable and permanent controls it includes.
Use of permanent, indelible ink, use of single-line cross-
outs to record changes with name, date, and reason
recorded and
No use of pencil or erasures,
No use of opaque correction fluid or otherwise obscuring
the record;
Controlled the issuance of bound, paginated notebooks
with sequentially numbered pages (e.g. that allow persons
to detect missing or skipped pages)
Controls for retention of original paper records or
certified true copies of original paper records include, but
are not limited to:
Expectations for paper controlled and secure storage
areas, including archives, for paper records;
Designated paper archivist(s) who is independent of GxP
operations as is already required by GLP guidelines;
Back up of data: A backup means a copy of one or more
electronic files created as an alternative in case the original
data or system are lost or become unusable (for example, in
the event of a system crash or corruption of a disk). It is
important to note that backup differs from archival in that
backup copies of electronic records are typically only
temporarily stored for the purposes of disaster recovery and
may be periodically over-written. Backup copies should not
be relied upon as an archival mechanism [9]
It is a true copy of the original data that is maintained securely
throughout the records retention period. For example, the
backup file shall contain data (including associated metadata)
and shall be in the original format or in a format compatible
with the original format and shall be maintained for the
purpose of disaster recovery. The backup and recovery
processes must be validated disposal of original record [10]
Audit trial reviewed: An audit trail is a process that captures
details such as additions, deletions, or alterations of
information in a record, either paper or electronic, without
obscuring or over-writing the original record. An audit trail
facilitates the reconstruction of events relating to the creation,
modification, or deletion of an electronic record, Chronology:
who, what, when, and why of a record. Track actions at the
record or system level [12]. For example, in a paper record, an
audit trail of a change would be documented via a single-line
cross-out that allows the original entry to be legible and
documents the initials of the person making the change, the
date of the change and the reason for the change, as required
to substantiate and justify the change. Whereas, in electronic
records, secure, computer-generated, time-stamped audit trails
at both the system and record level should allow for
reconstruction of the course of events relating to the creation,
modification and deletion of electronic data. Computer-
generated audit trails shall retain the original entry and
document the user ID, time/date stamp of the action, as well
as a reason for the action, as required to substantiate and
justify the action. Computer-generated audit trails may
include discrete event logs, history files, database queries or
reports or other mechanisms that display events related to the
computerized system, specific electronic records or specific
data contained within the record [9].
Process flow mapping in data integrity: To balance the
focus on electronic data that data integrity tends to drive, a
useful approach is to map the workflow within the laboratory,
to identify and list all the steps performed for each analytical
technique (from sample receipt to approval of results) and
each laboratory operation. For each step [1], the mapping
should identify:
What actions are performed
How those actions are performed
How they are recorded
Any decisions made
The extent to which the process is manual or automated
The possible risks associated with the step (e.g., how
could fraud be prevented or detected).
Types of Error: Overwriting of electronic raw data and paper
document is common error until acceptable results not found
[16]. Human errors may be a data entered by mistake ignorance
(not being aware of regulatory requirements or poor training)
willfully (falsification or fraud with the intent to deceive).
Selection of good or passing results to the exclusion or poor
~ 312 ~
The Pharma Innovation Journal
or failing results, unauthorised changes to data post-
acquisition, errors during transmission from one computer to
another, changes due to software bugs or malware of which
the user is unaware, Hardware malfunctions, technology
changes making an older item useless, old records may
become unreadable or difficult to understand [16].
The reason of issue: There is various reason for data integrity
issue some of them write the following:
1. No raw data to support records or loss of data during
changes to the system
2. Creating inaccurate and incomplete records
3. Test results for one batch used to release other batches
4. Backdating
5. Discarding data repeated tests, trial runs, sample runs
(testing into compliance)
6. Changing integration parameters of chromatography data
to obtain passing results
7. Deletion/manipulation of electronic records or fabricating
of data
8. Turning off audit trail
9. Sharing password
10. Inadequate controls for access privileges
11. Inadequate/incomplete computer validation.
12. Activities not recorded contemporaneously
13. Employees that sign that they completed manufacturing
steps when the employees were not on premises at the
time the steps were completed
Conclusion
In the pharmaceutical industry, data integrity play an
important role to maintain the quality of a final product
because the poor practice can allow the substandard product
to reach patients, so it’s necessary for an existing system to
ensure the data integrity, data traceability, and reliability. On
quality bases, data integrity is a critical component of a
Quality System. Quality data provides the base for the
confidence of the company to utilize correct data to operate in
accordance with regulatory requirements.
Data integrity is critically important to regulators for various
reasons, including patient safety, process, and product quality.
The integrity and trustworthiness of the data provide a
baseline for the regulators' opinion about the company.
It’s also the responsibility of the manufacturer to prevent and
detect poor data integrity practices which occur due to the
lack of quality system effectiveness. Quality Risk
Management (QRM) approach can prevent, detect and control
potential risks where data is generated and used to make
manufacturing and quality decisions, ensure it is trustworthy
and reliable.
Abbreviations
FDA: Food and Drug Administration
MHRA: Medicines and Healthcare Product Regulatory
Agency
PQS: Pharmaceutical Quality System
GMP: Good Manufacturing Practice
SISPQ: Strength, Identity, Safety, Purity, and Quality
SME: Subject Matter Expert
DRA: Data Reliability Assessment
ICH: International Conference on Harmonization
GLP: Good Laboratory Practice
GCP: Good Clinical Practice
GXP: Good Practice Guides
cGMP: Current Good Manufacturing Practice
IT: Information Technology
LIMS: Laboratory Information Management System
SAP: Systems, Applications, and Products
WHO-NOC: World health Organization – Notice of
Concern
BMR: Batch Manufacturing Record
BPR: Batch Packaging Record
SOP: Standard Operating Procedure
COTS: Computer Off-The-Shelf
CFR: Code of Federal Regulations
RPN: Risk Priority Number
CAPA: Corrective Action and Preventive Action
References
1. Data Integrity in the Analytical Laboratory.
PharmaTech.com Advance Devlopment and
Manufacturing.02 May 2014. http://www.pharmtech.
com/data-integrity-analytical-laboratory
2. Dorkin R. Law’s Empire Harvard University Press,
1987, 191.
3. Intgrity. Doing the right thing for the right reason,
McGill-Queen's University Press, 2010, 25.
4. Ankur C. ALCOA in Pharmaceuticals: a necessary tool
for quality. Pharmaceuticals Guidelines. Cited, 2018.
https://www.qiksolve.com/defining-data-integrity-alcoa/
5. MHRA. GMP Data Integrity Definitions and Guidance
for Industry Revision, 2015.
6. Review of Good Data Integrity Principles Of ni system,
808 Salem Woods Drive Suite, 103:1-11. http://www.
ofnisystems.com/media/Data_Integrity_Article.pdf
7. World Health Organization, Guidance on good data and
record management practices, 2016. http://www.who.int/
medicines/publications/pharmprep/WHO_TRS_996_ann
ex05.pdf
8. Guidance on good data and record management
practices, WHO Technical Report Series. 2016; 5:165-
209
9. World Health Organization, Guidance on good data and
record management practices, (‘Draft for comment),
2015.
10. Review of Good Data Integrity Principles, Ofni Systems,
1-11
11. McDowall RD, LCGC Europe, RD McDowall Ltd, UK.
2017; 30(2):84-87.
12. Sharon K. Pederson (PharmD National Expert of
Pharmaceutical Inspections Food and Drug
Administration). Data Integrity Issues & Concerns PDA
Meeting St. Louis, MO, 2017. ISBN 9780773582804.
2nd edition, writer, Barbara Killinger, 2013.
13. Pharmaceutical manufacturing. By Ashley Ruth, Senior
Consultant, Analytical Services, Bio Tech Logic, Inc,
2017.
14. US Food and Drug Administration, Code of Federal
Regulations - Title 21 - Food and Drugs, Medical Device
Databases, 2018. https://www.fda.gov/MedicalDevices/
DeviceRegulationandGuidance/Databases/ucm135680.ht
m
15. Stephen Hart, Data Integrity TGA Expectations, PDA
conference, 2015.
16. WHO Expert Committee on Specifications for
Pharmaceutical Preparations Fiftieth report, 165-209,
WHO Technical Report Series No. 996, 2016, 06-06-
~ 313 ~
The Pharma Innovation Journal
2018. http://www.who.int/medicines/news/emp-data-inte
grity-guide/en/
17. Data integrity: key to public health protection, European
Medicines Agency (EMA) http://www.ema.europa.eu/e
ma/index.jsp?curl=pages/news_and_events/news/2016/0
8/news_detail_002589.jsp&mid=WC0b01ac058004d5c1
18. Pharma Compass, 2017 Recap of Warning Letters,
Import Alerts and Non-Compliances, Jan 11,
2018,https://www.pharmacompass.com/radio-compass-
blog/2017-recap-of-warning-letters-import-alerts-and-
non-compliances
19. Assur X. In Quality Management, Regulatory
Compliance Management, February 7, 2018, online
https://www.assurx.com/fda-warning-letter-trends-2017-
2/
20. Barbara Unger, An Analysis Of FDA FY2017 Drug
GMP Warning Letters, January 10, 2018 pharmaceutical,
https://www.pharmaceuticalonline.com/doc/an-analysis-
of-fda-fy-drug-gmp-warning-letters-0002
21. CFR FDA CFR - Code of Federal Regulations Title 21,
FDA Home Medical Devices Databases, and the
information on this page is current as of April 1 2017.
The Electronic Code of Federal Regulations (eCFR).
https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr
/CFRSearch.cfm?CFRPart=11&showFR=1&subpartNod
e=21:1.0.1.1.8.2
