managing data integrity and compliance confidence · fehlerbehandlung und oos prozeduren ... a iskr...
TRANSCRIPT
©2017 Waters Corporation 1 COMPANY CONFIDENTIAL
Datenintegrität
Ralf Schröder Nov 2017, Separation Days
©2017 Waters Corporation 2 COMPANY CONFIDENTIAL
Quellen der Informationen in dieser Präsentation
Regulatory
Bodies FDA/MHRA etc
Industry Groups
ISPE/GAMP
Customer & QA
Sales and Specialists
Professional
Services
Product
Functionality and Design
Within
©2017 Waters Corporation 3 COMPANY CONFIDENTIAL
This presentation is for informational purposes only and should not be taken as advice regarding any particular course of action to be followed.
Waters does not make any representations or warranties, express or implied, to any party, regarding use of the information contained in this presentation to make decisions regarding the implementation and maintenance of effective quality control systems and quality assurance testing programs, including but not limited to the applicable Good Manufacturing Regulations that apply to the manufacture of regulated products.
Disclaimer
©2017 Waters Corporation 6 COMPANY CONFIDENTIAL
Interfacing
Geräte Audit Trail Prüfen
Daten Management GxP
Backup Archiv
Kultur Verantwortung Validation CSV SOP Compliance
Datenqualität
Training Regulatorien
Datenintegrität
Was verbinden Sie mit Datenintegrität?
©2017 Waters Corporation 7 COMPANY CONFIDENTIAL
Was beinhaltet Data Integrity? Menschen – ‘Data Integrity’ Kultur – Überwachung und Datenkontrolle – Eindeutige Accounts – Wissenschaftliche Kenntnisse – Training – Schutz vor Betrug
Qualitativ hochwertige Trennung – Geeignete Standards & Reagentien – Instrument Kalibrierung & Wartung – Qualifizierung – Methodenvalidierung – System Suitability Tests – Geeignete Säulen
IT Komponenten – Sichere zentrale Datenablage – Qualifizertes Netzwerk – Disaster Recovery Plan – Backup und Restore Prozess – Archivierung elektronischer Daten
Computersysteme für das Labor – Eingebaute Kontrollmechanismen – Computer System Validierung – Nachvollziehbarkeit – Regelmäßige Kontrolle
©2017 Waters Corporation 8 COMPANY CONFIDENTIAL
Woher kommt der neue Focus auf Datenintegrität?
Sie können unerwünschte Aktionen verhindern und/oder Sie aufdecken Werkzeuge für QA und Auditoren
– Zugriffskontrolle – System policies – Audit Trails
Elektronische Systeme bieten neue Möglichkeiten
Auditoren haben das Vertrauen
in die Ehrlichkeit und Integrität
der Analytiker verloren
©2017 Waters Corporation 9 COMPANY CONFIDENTIAL
Able Laboratories, Inc. FDA 483 Inspectional Observations (May 2005)
http://www.fda.gov/aboutfda/centersoffices/officeofglobalregulatoryoperationsandpolicy/ora/oraelectronicreadingroom/ucm061813.htm
©2017 Waters Corporation 10 COMPANY CONFIDENTIAL
Woher kommt der neue Focus auf Datenintegrität? Verschiebung der Datenintegritätsproblematik
Papier Dokumente Computer Systeme
Labortagebücher E-Lab Notebook Zugriffskontrolle
Gebundene Arbeitsvorlagen Lab Execution Systems Dokumentation der Aktionen mit Audit Trail
Zeitstempel Audit Trail ALCOA (keine Rückdatierung) Initialien, Datum,
Korrekturkommentare Audit Trail ALCOA (Attribute, Change Control)
Review - Prozess Metadaten beschreiben Daten Erleichterter Review Manuelle Unterschrift Elektronische Unterschrift ALCOA (Zeitstempel)
Papierarchiv im klimaüberwachten Lager Elektronische Archivierung Schneller Zugriff auf Daten
Disaster Recovery mittels PDF?
Redundante Kopien der Orginaldaten Daten und Metadaten bleiben bei einem Disaster verfügbar
©2017 Waters Corporation 11 COMPANY CONFIDENTIAL
Grundvoraussetzung: Vertrauenswürdige Daten
Data Integrity Guidances: Fokus auf Chromatografie Review der Audit Trails Spezielle Inspektionen: Fokus auf Datenintegrität
– Mehrere Neue Guidances (mindestens fünf) – Unterscheidung zwischen statischen und dynamischen Daten (gedruckte Chromatogramme)
o Elektronische Daten werden angeschaut, nicht nur Ausdrucke – Training der Auditoren für elektronische Laboranwendungen
Überprüfung der ‘guten und schlechten’ Daten – Re-Analyse und Re-prozessierung
Fehlerbehandlung und OOS Prozeduren – Adäquate Handhabung
Datenintegrität: Der Schlüssel zur Qualitätssicherung
©2017 Waters Corporation 12 COMPANY CONFIDENTIAL
Website Q and A 2015, DRAFT Guidance April 2016 GMP Data Integrity, March 2015
GxP Data Integrity, DRAFT July 2016
Medicines & Healthcare Products Regulatory Agency (UK)
Pharmaceutical Inspection Co-Operation Scheme
PI-041-1 (DRAFT 2), August 2016
Released June 2016, as WHO_TRS_996 Annex 5 Q and A: August 2016
For GLP, April 2016
Data Integrity Guidances
Points to Consider Series: Conduct: March 2016
Fundamentals: Sept 2016 Data Integrity: In Progress
EPA QA/G-8, November 2002
GAMP: RDI Guide Published
April 4th 2017
Coming Soon
©2017 Waters Corporation 13 COMPANY CONFIDENTIAL
Definition of Data Integrity
Data Integrity is the extent to which all the data are complete, consistent and accurate throughout the data lifecycle.
Data Integrity refers to completeness, consistency and accuracy of data. That data should be ALCOA.
The collected data should be Attributable, Legible, Contemporaneously recorded, Original or a true copy, and Accurate (ALCOA).
Data Integrity is defined as the extent to which all data are complete, consistent and accurate, throughout the data lifecycle.
©2017 Waters Corporation 14 COMPANY CONFIDENTIAL
ALCOA+ Key Factor in Data Integrity
A Attributable Who acquired the data or performed an action?
L Legible Can you read and understand the data entries?
C Contemporaneous Were records documented at the time of the activity?
O Original Is it the first recorded observation (or a verified, true copy)?
A Accurate Is the result scientifically valid and error free?
+
Complete All data including any repeat or reanalysis performed Consistent All elements of the analysis are date/time stamped in the expected sequence Enduring Recorded in a permanent, maintainable form throughout its lifecycle Available For review, audit, or inspection over the lifetime of the record
Stan W. Woollen, Sr. Compliance Advisor
Wer, Wann, Was, Warum?
Verständlich
Zeitnah dokumentiert
Orginal
Wissenschaftlich korrekt
Komplett Konsistent Unveränderlich Verfügbar
©2017 Waters Corporation 15 COMPANY CONFIDENTIAL
…from initial generation and recording through processing
(including analysis, transformation or migration), use, data retention, archive / retrieval and destruction.
...assessing risk and developing quality risk mitigation
strategies for the data life cycle, including controls to prevent and detect risks throughout the steps of:
– data generation and capture; – data transmission; – data processing; – data review; – data reporting, including handling of invalid and atypical data; – data retention and retrieval; – data disposal.
What is Data Life Cycle?
©2017 Waters Corporation 16 COMPANY CONFIDENTIAL
Sichern und Prüfen der kompletten Daten: Statische und dynamische Daten
©2017 Waters Corporation 17 COMPANY CONFIDENTIAL
www.FDA.Gov Questions and Answers Level 2 Guidance - Records and Reports
©2017 Waters Corporation 18 COMPANY CONFIDENTIAL
www.FDA.Gov Questions and Answers Level 2 Guidance - Records and Reports
©2017 Waters Corporation 19 COMPANY CONFIDENTIAL
Papierdokumentation ist nicht ausreichend
Simple/Static
Complex/Dynamic
Printouts COULD
represent original data
Printouts are NOT Representative
pH Meter
UV Spec FTIR
HPLC GC
LIMS ERP
©2017 Waters Corporation 20 COMPANY CONFIDENTIAL
Data may be… – Static (e.g. a ‘fixed’ record such as paper or pdf) or – Dynamic (e.g. an electronic record which the user / reviewer can interact with).
Data must be retained in a dynamic form where this is critical to its integrity or later verification.
(Once printed) chromatography records lose the capability of being reprocessed and do not enable more detailed viewing of baselines or any hidden fields.
Some data generated by electronic means to be retained in an acceptable paper or PDF format
– Where it can be justified that a static record maintains the integrity of the original data. – Verified copies of all raw data, meta data, audit trail, result files, software/system configuration settings
for each record, all data processing runs including methods and audit trails for a reconstruction …. and verification
This approach is likely to be onerous to enable a GxP compliant record
MHRA Draft GxP Guidance: Reviewing Electronic Records Summary
GxP Data Integrity Definitions and Guidance for Industry DRAFT July 2016
©2017 Waters Corporation 21 COMPANY CONFIDENTIAL
Static is used to indicate a fixed-data document (such as a paper record or an electronic image), and
Dynamic means that the record format allows interaction between the user and the record content. – But defines as allowing the reviewer to change/edit things…???
(Printouts allowed if) includes associated metadata and the static or dynamic
nature of the original records
Electronic records from certain types of laboratory instruments are dynamic records, and a printout or a static record does not preserve the dynamic format
FDA Guidance: Reviewing Electronic Records Summary
Data Integrity and Compliance with CGMP Guidance for Industry DRAFT April 2016
©2017 Waters Corporation 22 COMPANY CONFIDENTIAL
A PDF or printout is fixed or static and the ability to expand baselines, view the full spectrum, reprocess and interact dynamically with the data set would be lost in the PDF or printout
Data integrity risks may occur when persons choose to rely solely upon paper printouts or PDF reports – If the reviewer only reviews the subset of data provided as a printout or PDF, these risks may go
undetected
Paper printouts of original electronic records from computerized systems may be useful as summary reports… verify that the printed summary is representative of all (electronic)results.
A risk-based approach to reviewing data requires process understanding and knowledge of the key quality risks… requires understanding of the computerized system, the data and metadata and data flows.
WHO Guidance: Reviewing Electronic Records Summary
Guidance on Good Data and Record Management Practices Released June 2016 As WHO_TRS_996 Annex 5
©2017 Waters Corporation 25 COMPANY CONFIDENTIAL
Wie archivieren Sie? – Projekte? System Audit Trail? – Warum? Wer? Wann? Wo? – Audit Trail für die Archivierung? – Bleiben die Metadaten erhalten ? – Überprüfen Sie den ‘restore‘ Prozess? – Löschen Sie die Daten nach x Jahren? – Ist dies beschrieben in einer SOP?
Richtlinien zur Archivierung
– EU und PIC/S Annex 11: Section 17 Archiving – MHRA guidance: in Data Retention section, Archive – FDA guidance: in Question 1 (a), a bit cryptic – WHO guidance: in Annex 5 Retention of Original Records
Sichern sie Ihre Empower Daten?
©2017 Waters Corporation 33 COMPANY CONFIDENTIAL
21 CFR Part 211.194: Laboratory Records
Sample Description
Method Description Sample
Weight All Test Data Created All Test Data Created All Test Data Created All Test Data Created All Test Data Created
All Test Data Created All Calculations
Performed Results, Pass/Fail Signature Performer Signature Reviewer
Lab Book or forms Lab Book or forms
Various PC’s in Lab
Analytical Applications or
Excel
All laboratory records required to be kept
©2017 Waters Corporation 36 COMPANY CONFIDENTIAL
Failure to prevent unauthorized access or changes to data, and to provide adequate controls to prevent manipulation and omission of data.
During the inspection, an FDA investigator discovered a lack of basic laboratory controls to prevent changes to your firm’s electronically stored data and paper records. Your firm relied on incomplete records to evaluate the quality of your drugs…
Our investigator found that your firm routinely re-tested samples without justification, and
deleted analytical data. We observed systemic data manipulation across your facility, including actions taken by multiple analysts and on multiple pieces of testing equipment.
Specifically, your Quality Control (QC) analysts used administrator privileges and passwords to manipulate your high performance liquid chromatography (HPLC) computer clock to alter the recorded chronology of laboratory testing events.
Chinese Company | May 2016
©2017 Waters Corporation 37 COMPANY CONFIDENTIAL
Failure to ensure that test procedures are scientifically sound and appropriate to ensure that your API conform to established standards of quality and/or purity. Our investigators observed that the software you use to conduct high performance liquid chromatography (HPLC) analyses of API for unknown impurities is configured to permit extensive use of the “inhibit integration” function without scientific justification.
Failure to prevent unauthorized access or changes to data, and to provide adequate controls to prevent manipulation and omission of data. During the inspection, an FDA investigator discovered a lack of basic laboratory controls to prevent changes to your firm’s electronically-stored data in laboratories where you conduct CGMP activities. Specifically, audit trail functionality for some systems you used to conduct CGMP operations was enabled only the day before the inspection, and there were no quality unit procedures in place to review and evaluate the audit trail data.
Indian Company - April 2017
©2017 Waters Corporation 38 COMPANY CONFIDENTIAL
EU GMP Certificates have been publicized for some time – http://eudragmdp.ema.europa.eu/inspections/gmpc/index.do – Recently opened a database of Non Compliance Reports
(or statements of non compliance)
SUMMARY – Deliberate falsification of results / hiding non conformities – Failed injections deleted – Discrepancies in raw data / lack of raw data – Inadequate review and control of computerized laboratory results and systems – Insufficient Qualification of Equipment – Quality Control deficiencies including; inadequate records, lack of specificity in analytical
methods, failure to investigate unknown peaks
Statements of EU Non GMP Compliance
©2017 Waters Corporation 39 COMPANY CONFIDENTIAL
Italian Medicines Agency Statement of Non-Compliance with GMP
Nature of non-compliance: Major deficiencies were found in the following areas: – electronic and paper analytical data integrity, – QC activities, – computerized systems security, – analytical and process data manipulation, – personnel, and – deviations and OOS management
leading to a serious risk for public health.
Indian Company | March 2017
©2017 Waters Corporation 40 COMPANY CONFIDENTIAL
Werden alle Daten betrachtet – auch die nicht verwendeten (orphan data) – Werden nur die guten Resultate gewählt? – Was passiert mit schlechten Resultaten?
o gelöscht, versteckt, ignoriert? o mit Begründung und Signatur?
– Werden die Proben ‘tested into compliance’ o Solange analysiert bis das Ergebnis passt? o An anderer Stelle verändert bis das Ergebnis passt?
Sind die Daten sicher? – Zugriffsrechte korrekt? – Archiv, regelmäßige Prüfungen, Disaster Recovery – Sind Daten versteckt oder gelöscht?
Kann die Erstellung der Daten nachvollzogen werden? – Audit Trail, Metadaten, Versionen
Auditoren prüfen die Datenintegrität
©2017 Waters Corporation 41 COMPANY CONFIDENTIAL
Inspection Themes
CSV
Technical Controls Sharing
Accounts
Delete Privileges
Unsecured Data
No Audit Trail
Procedural Controls
All Data: Good and Bad
Poor Review of Electronic Data
including audit trails Poor OOS or
Lab Error Investigations OOS found in
orphan data
DATA MANIPULATION
Periodic Review
©2017 Waters Corporation 42 COMPANY CONFIDENTIAL
Impact: Investigation into suspected Data Integrity problem (an example)
14 people for 4.5 months
600 PAGE REPORT into investigation
35,000 chromatograms, all related methods, and paper records to review AGAIN
Outside laboratories engaged to cover urgent testing
Remediation projected cost CA$18m Currently at CA$35m and still going
Hiring outside consultants
Product Quarantined until end of investigation EXPIRED: tons of product lost
©2017 Waters Corporation 43 COMPANY CONFIDENTIAL
Impact: Investigation into suspected Data Integrity problem (an example)
14 people for 4.5 months
Hiring outside consultants
600 PAGE REPORT into investigation
Product Quarantined until end of investigation EXPIRED: tons of product lost
35,000 chromatograms, all related methods, and paper records to review AGAIN
Outside laboratories engaged to cover urgent testing
Remediation projected cost CA$18m Currently at CA$35m and still going
AND NOTHING WAS WRONG.
©2017 Waters Corporation 45 COMPANY CONFIDENTIAL
“Den Überblick behalten” und regelmäßig prüfen – Kritische Bereiche identifizieren, analysieren und Kontrollmechanismen etablieren
Schulen und bestärken der Mitarbeiter – Firmenkultur ist ein wichtiger Faktor
Überprüfen was Sinn macht – Wo liegen die größten Risiken? – Wieviel Zeit und Geld können Sie auf die Verbesserungen verwenden?? – Was können Sie sofort verbessern? Was in der Zukunft?
Führen Sie keine ‘unmöglichen’ SOPs und Vorschriften ein – Überprüfen Sie die Einhaltbarkeit der SOP
Was können Sie tun?
©2017 Waters Corporation 46 COMPANY CONFIDENTIAL
Um das richtige Maß zu finden, macht es Sinn die Arbeitsabläufe im Labor zu dokumentieren. Beschreiben Sie die Schritte der unterschiedlichen Analyse (Von der Probennahme bis zur Resultaterstellung) und der übrigen Laborprozesse
Die Dokumentation sollte aufzeigen: – Welche Schritte durchgeführt werden – Wie die Schritte durchgeführt werden – Wie sie dokumentiert werden – Wo Entscheidungen getroffen werden – Sind Prozesse automatisiert oder manuell durchzuführen – Welches sind die Risiken eines jeden Schrittes
(Würden Sie merken, wenn die Datenintergrität verletzt wäre?)
Der Zweck eines Datenintegritäts Audits ist die aktive Suche nach Betrug!
Data Integrity OK? Überprüfen Sie Ihre Prozesse
©2017 Waters Corporation 47 COMPANY CONFIDENTIAL
A stand-alone guide, that is aligned and can be used in parallel with GAMP® 5 and the Good Practise Guides – Based upon life science regulations and guidance (GCP, GMP, GLP and medical Devices),
including recent Data Integrity guidances, 21 CFR part 11, Chapter 4 Annex 11, ICH Q9 & ICH Q10
– Main Body Consists of 5 main chapters o Introduction o Regulatory Focus o Data Governance Framework o Data Life Cycle o Quality Risk Management
– & 16 Appendices: o Management o Development o Operations
ISPE GAMP® Guide: Records and Data Integrity
M2: Data Integrity Maturity Level
©2017 Waters Corporation 48 COMPANY CONFIDENTIAL
Der Kunde ist letztendlich verantwortlich für Compliance Validierung und Compliance können nicht “outsourced” werden, aber man kann
sich Unterstützung verschaffen Im Audit müssen Sie Ihre Arbeitsabläufe und Vorgehensweisen verteidigen
Es ist Ihre Verantwortung
©2017 Waters Corporation 49 COMPANY CONFIDENTIAL
Your vendor is the BEST resource for Training – The WHOLE application, not just the bits you think you will use – Regular review with updates for new versions – Attend User Meetings regularly – Release Notes are essential to read very carefully
o Defects addressed, New features, New OS and instrument support
SOPs need to address your business needs – But ask your vendor for advise or to review
Talk to your Vendor long before your Audit
©2017 Waters Corporation 50 COMPANY CONFIDENTIAL
Summary
DON’T share accounts or passwords DON’T provide delete privileges to users DON’T disable the audit trails DON’T hide or exclude data DON’T forget to backup your data
DO review data and audit trails DO perform and record training DO use a change control process DO create Standard Operating Procedures DO select compliance-ready systems DO archive your data DO train users and prepare your response for Multiple Analyses & Multiple Results
©2017 Waters Corporation 51 COMPANY CONFIDENTIAL
Waters products are there to help you!
Control your Instruments Process/Report your data Streamline your workflow Confidence in Data Integrity
Archive your e-data Streamline your workflow Electronic Lab Notebook Sample Management Stability Testing Inventories Confidence in Data Integrity
Control MS Instruments Process/Report your Data Data traceability Screening application Confidence in Data Integrity
©2017 Waters Corporation 52 COMPANY CONFIDENTIAL
Maximize the value of your Waters’ software and join us for: Latest product updates and case studies in the Plenary sessions
Deep dives on Waters' core Informatics products
Guidance on Waters' services and product features, including technical tips and tricks
Hands-on training and Tutorial tracks to ensure your team is up to date with Waters’ Products
Workshops focusing on hot topics, such as Data Integrity and the Cloud
Fun with the Waters community at our networking activities
WHEN: May 14–17
WHERE: Copenhagen Marriott Hotel
SAVE THE DATE!
Choose from over 35 workshops and demonstrations on everything from the basic foundations of Data Integrity and hot topics like Cloud, to Empower practical tips and techniques.
Copenhagen, Denmark