Data integrity nishodh 01092016

“USFDA, MHRA and other Guidance

on Data Integrity and

What it means to your Enterprise”

Dr. Nishodh Saxena1

19-09-2016Copyright @NishodhSaxena

DEFICIENCIES IN GMP DATA INTEGRITY AND DATA MANAGEMENT

• Shared passwords

• Lack of enabled audit trails

• Failure to review electronic data

• Failure to review and investigate all failed testing results

• Failure to contemporaneously record information

And Many More …………..

2


WHAT WILL YOU LEARN?

• The regulatory enforcement background

• The applicable regulations and guidance

• The enforcement actions taken by global regulatory

authorities

• What actions you can take within your own company to begin

to address the topic

And you will have links to the relevant references

3


WHAT WILL YOU TAKE AWAY?

• Data management that ensures integrity of the associated

data requires more than risk-based computer system

validations

It requires understanding of

• The events that precipitated this focus

• The intent of the governing regulations, guidance &

enforcement actions

• Will remove some of the mystery and provide background on

the topic of data management and data integrity and

suggestions for how they might begin to address this issue

within your company

4


REGULATORY ENFORCEMENT BACKGROUND

• The “generics scandal” of the 1980’s raised the issue of

falsified data submitted to FDA in support of drug approvals

FDA focus shifted from pre-approval inspection (PAI) to evaluate

raw laboratory data included in the marketing application and

evaluate whether the site was capable of manufacture as

described in the application

• This scandal also prompted implementation of the

Application Integrity Policy in 1991 which “describes the

Agency's approach regarding the review of applications that

may be affected by wrongful acts that raise significant

questions regarding data reliability ”

5


REGULATORY ENFORCEMENT BACKGROUND - APPLICATION INTEGRITY POLICY

6


APPLICATION INTEGRITY POLICY 2

1-1-1 Background 2

1-1-2 Purpose 2

1-1-3 Definitions 2

1-1-4 Education Program 4

1-1-5 Responsibilities Of Agency Personnel And Organization 5

1-1-6 Administrative Considerations 9

1-1-7 Revoking The AIP As It Applies To A Firm's Application(S) 13

1-2 ATTACHMENTS AND EXHIBITS 15

REGULATORY ENFORCEMENT BACKGROUND - APPLICATION INTEGRITY POLICY

LIST• Five firms are on the current CDER Application Integrity Policy List

effective October 1, 2015 for deferring substantive scientific review

7


• CENTER FOR DRUG EVALUATION AND RESEARCH

• CENTER FOR BIOLOGICS EVALUATION AND RESEARCH

• Hill Dermaceuticals, Inc. • Sclavo, S.p.a.*

• Ranbaxy Laboratories, Ltd.• CENTER FOR DEVICES AND

RADIOLOGICAL HEALTH

• Biopharmaceutics Inc.* • Bionike, Inc.

• Solopak Pharmaceuticals, Inc. • Bioplasty, Inc.*

• Superpharm Corp.* • Endotec, Inc.

• Micro Detect, Inc.

• Sherman Pharmaceutical, Inc.*

• Syntron

• CENTER FOR FOOD SAFETY AND APPLIED NUTRITION

• Nil

• CENTER FOR VETERINARY MEDICINE

• Nil


• In parallel, FDA recognized the increased reliance on

computerized systems within the pharmaceutical industry

• They developed and published 21 CFR Part 11 , the final rule

on Electronic Records and Electronic Signatures in 1997

8



9


TITLE 21--FOOD AND DRUGS

CHAPTER I--FOOD AND DRUG ADMINISTRATION

DEPARTMENT OF HEALTH AND HUMAN SERVICES

SUBCHAPTER A--GENERAL

PART 11ELECTRONIC RECORDS; ELECTRONIC SIGNATURES

Subpart A--General Provisions

§ 11.1 - Scope.

§ 11.2 - Implementation.

§ 11.3 - Definitions.

Subpart B--Electronic Records

§ 11.10 - Controls for closed systems.

§ 11.30 - Controls for open systems.

§ 11.50 - Signature manifestations.

§ 11.70 - Signature/record linking.

Subpart C--Electronic Signatures

§ 11.100 - General requirements.

§ 11.200 - Electronic signature components and controls.

§ 11.300 - Controls for identification codes/passwords.

http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11&showFR=1

http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11&showFR=1&subpartNode=21:1.0.1.1.8.1

http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?fr=11.1













• Electronic signatures were reasonably well understood

• Confusion remained regarding the interpretation and

enforcement of requirements for electronic records

• In 2003 FDA published a Guidance for Industry , Part 11,

Electronic Records; Electronic Signatures – Scope and

Application to address enforcement priorities

10



11


• In 2000, a warning letter issued to Schein Pharmaceuticals

cited lack of control over computerized laboratory systems

including lack of password control and broad ranging staff

authority to change data

• FDA issued a form 483 to Able Laboratories in New Jersey in

2005. Failing laboratory results were identified that were not

reported, and among the observations was failure to review

electronic data including audit trails

• Warning letters citing deficiencies in the broad area of data

integrity were issued to Actavis Totowa LLC site in the US, in

2007

• Three warning letters were issued to two Ranbaxy sites in 2006

and 2008


12


Telephone (973) 526-6004

February 1, 2007

REVISED WARNING LETTER

CERTIFIED MAIL

RETURN RECEIPT REQUESTED

Divya Patel, President

Actavis Totowa, LLC

101 East Main Street

Little Falls, New Jersey 07424

FILE NO.: 07-NWJ-06

Dear Mr. Patel:

On July 10, 2006, through August 10, 2006, the U.S. Food and Drug Administration

conducted an inspection of your facility located at 101 East Main Street, Little Falls,

New Jersey. During the inspection, our investigators documented significant

deviations from the current Good Manufacturing Practice (cGMP) regulations set forth

in Title 21, Code of Federal Regulations, Parts 210 and 211, in conjunction with your

firm's manufacture of prescription drug products.


13


Warning Letter

WL: 320-06-03

Via FedEx

June 15, 2006

Mr. Ramesh Parekh

Vice President, Manufacturing

Ranbaxy Laboratories Limited

Paonta Sahib, Simour

Himachal Pradesh 173 025 India

Dear Mr. Parekh:

We are writing regarding an inspection of your. pharmaceutical manufacturing facility

in Paonta Sahib, India, during the period of February 20-25, 2006. The inspection

revealed significant deviations from U.S. Current Good Manufacturing Practice

(CGMP) Regulations (Title 21 Code of Federal Regulations (CFR), Parts 210 and 211) in

the manufacture of drug products.


14


Warning Letter

Via FedEx

September 16, 2008

WL: 320-08-03

Mr. Malvinder Singh, CEO and Managing Director


Corporate Office

Plot 90, Sector 32,

Gurgaon -122001 (Haryana), INDIA

Dear Mr. Singh,

This is regarding an inspection of your pharmaceutical manufacturing facility in

Dewas, India by Investigators Thomas J. Arista and Robert D. Tollefsen during the

period of January 28 - February 12, 2008. The inspection revealed significant

deviations from U.S. current good manufacturing practice (CGMP) Regulations (Title

21, Code of Federal Regulations, Parts 210 and 211) in the manufacture of sterile and

non-sterile finished products. In addition, violations of statutory requirements, Section

501(a)(2)(B) of the Act, were documented with respect to the manufacturing and

control of active pharmaceutical ingredients (APIs).


15


Warning Letter

September 16, 2008

Via FedEx

WL: 320-08-02

Mr. Malvinder Singh, CEO and Managing Director


Corporate Office

Plot 90; Sector 32,

Gurgaon - 122001 (Haryana), INDIA

Dear Mr. Singh,

This is regarding an inspection of your pharmaceutical manufacturing facility,

Batamandi (Unit II), in Paonta Sahib, India by Investigator Jose R. Hernandez and

Chemist Susanna E. Ford, during the period of March 3 -7, 2008. The inspection

revealed significant deviations from U.S. Current Good Manufacturing Practice

(CGMP) Regulations (Title 21, Code of Federal Regulations, Parts 210 and 211) in the

manufacture of finished drug products.


16


• FDA announced a pilot program in 2010 to evaluate data

integrity as part of routine GMP inspections. FDA planned to

use the information gained from these inspections to

determine whether revisions to Part 11 or additional guidance

on the topic were necessary

• FDA stresses that they will “ continue to enforce all predicate

rule requirements, including requirements for records and

recordkeeping ”

• FDA found the problems were widespread during this pilot

evaluation, and enforcement actions in this area continue

APPLICABLE REGULATIONS AND GUIDANCE

17


• An official definition of “data integrity” is not found in the

regulations

• Expect that data will have attributes described in the acronym

ALCOA

• This acronym was first referenced in the September 2013 as

Guidance for Industry, Electronic Source Data in Clinical

Investigations and addresses the attributes of clinical “source

data.” As applied to GMP, that means data are expected to

be


18


Year Regulatory Development

1980 Generics Scandal

1991 Application Integrity Policy

1997 Regulation 21 CFR Part 11

2003 Guidance for Industry , Part 11, Electronic Records; Electronic Signatures –Scope and Application

2010 FDA announced a pilot program to evaluate data integrity as part of routine GMP inspections

2011 EMA revised and expanded Annex 11

2013 ALCOA-Guidance for Industry, Electronic Source Data in Clinical Investigations

Dec-13 MHRA expectation regarding self inspection and data integrity

Mar-15 MHRA GMP Data Integrity Definitions and Guidance for Industry

Sep-15 WHO GUIDANCE ON GOOD DATA AND RECORD MANAGEMENT PRACTICES

Oct-15 Current Application Integrity Policy List

Jul-16 MHRA GxP Data Integrity Definitions and Guidance for Industry

Aug-16 PICS-GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP ENVIRONMENTS

Aug-16 Q & As by EMA-23 questions on Data Integrity


19


Accurate Data must be accurate. Where appropriate,

correctness should be 2nd person verified. This

extends, for example, to data / information that are

presented in multiple locations such as an equipment

log, laboratory notebook, and electronic

chromatography data where data should be in

agreement.

Legible Data and results must be legible / readable. Electronic

data must also have the capability to be made human

readable.

Contemporaneous Thus, data are recorded at the time of the event /

action, not transcribed at a later date. Data are not

transcribed from post-it notes or scrap paper to the

official documents such as batch records or laboratory

notebooks.


20


Original Original data are similar to “raw data”. The following is taken from

the MHRA guidance and appears to also represent FDA’s opinion:

“Original record: Data as the file or format in which it was originally

generated, preserving the integrity (accuracy, completeness,

content and meaning) of the record, e.g. original paper record of

manual observation, or electronic raw data file from a

computerized system.” The paper print out of a chromatogram is

no longer considered the official raw GMP data because it does

not include the complete information, including but not limited to

meta-data, audit trails, and system configuration for the analysis in

question. FDA addresses this in their GMP Q&A.

Attributable This term requires the ability to determine who collected the data,

when it was collected, from which instrument it was collected and

who made any data modification or data manipulations. For

example, for HPLC chromatography, this includes all integration

events. Use of shared passwords renders makes it impossible for

the reviewer to attribute the data to a specific person.


21


• Following regulations that are most frequently cited in warning

letters

• 21 CFR 211.194 Maintenance of complete laboratory records

• 21 CFR 211.68 Adequate controls over computer systems

• 21 CFR 211.188 Production and control records shall include

complete information

• 21 CFR 100(b) Actions are documented at the time they are

performed


22


• EMA revised and expanded Annex 11 of their GMP Guide in

2011 to provide additional clarification for computer system

requirements

EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL

Public Health and Risk Assessment Pharmaceuticals Brussels,

SANCO/C8/AM/sl/ares(2010)1064599

EudraLex

The Rules Governing Medicinal Products in the European Union

Volume 4

Good Manufacturing Practice Medicinal Products for Human and Veterinary

Use

Annex 11: Computerised Systems


23


MHRA expectation regarding self inspection and data integrity

News and hot topics

16 December 2013

The MHRA is setting an expectation that pharmaceutical manufacturers, importers and

contract laboratories, as part of their self-inspection programme must review the

effectiveness of their governance systems to ensure data integrity and traceability.

This aspect will be covered during inspections from the start of 2014, when reviewing the

adequacy of self inspection programmes in accordance with Chapter 9 of EU GMP.

It is also expected that in addition to having their own governance systems, companies

outsourcing activities should verify the adequacy of comparable systems at the

contract acceptor.

The MHRA invites companies that identify data integrity issues to contact:

[email protected]

mailto:[email protected]


24


MHRA GMP Data Integrity Definitions and Guidance for Industry

March 2015

Eudralex volume 4

Introduction: Data integrity is fundamental in a pharmaceutical quality system which

ensures that medicines are of the required quality. This document provides MHRA

guidance on GMP data integrity expectations for the pharmaceutical industry. This

guidance is intended to complement existing EU GMP relating to active substances

and dosage forms, and should be read in conjunction with national medicines

legislation and the GMP standards published in Eudralex volume 4.


25


Working document QAS/15.624 September 2015 Draft document for comment

GUIDANCE ON GOOD DATA AND RECORD MANAGEMENT PRACTICES

(SEPTEMBER 2015)

DRAFT FOR COMMENT

© World Health Organization 2015

Should you have any comments on the attached text, please send these to Dr

S. Kopp, Group Lead, Medicines Quality Assurance, Technologies, Standards

and Norms ([email protected]) with a copy to Ms Marie Gaspard

([email protected]) by 30 November 2015.


26


MHRA GxP Data Integrity Definitions and Guidance for Industry

Draft version for consultation July 2016

Background

The way in which regulatory data is generated has continued to evolve in line

with the introduction and ongoing development of supporting technologies,

supply chains and ways of working. Systems to support these ways of working

can range from manual processes with paper records to the use of

computerised systems. However the main purpose of the regulatory

requirements remains the same; having confidence in the quality and the

integrity of the data generated and being able to reconstruct activities

remains a fundamental requirement.


27


PHARMACEUTICAL INSPECTION CONVENTION PHARMACEUTICAL INSPECTION CO-

OPERATION SCHEME

PI 041-1 (Draft 2) 10 August 2016

DRAFT PIC/S GUIDANCE

GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP

ENVIRONMENTS

© PIC/S August 2016 Reproduction prohibited for commercial purposes.

Reproduction for internal use is authorised, provided that the source is

acknowledged.

Editor: PIC/S Secretariat e-mail: [email protected] web site:

http://www.picscheme.org


28


Now, European Medicines Agency's answers to frequently

asked 23 questions on Data Integrity, as discussed and agreed

by the Good Manufacturing Practice (GMP) / Good Distribution

Practice (GDP) Inspectors Working Group

The Q & As have now been published on their website in

August 2016

at http://www.ema.europa.eu/ema/index.jsp?curl=pages/reg

ulation/q_and_a/q_and_a_detail_000027.jsp#section16

An important statement in the guidance is that manufacturers

“… are not expected to implement a forensic approach to

data checking …”

http://www.ema.europa.eu/ema/index.jsp?curl=pages/regulation/document_listing/document_listing_000161.jsp&mid=WC0b01ac05800296c9

http://www.ema.europa.eu/ema/index.jsp?curl=pages/regulation/q_and_a/q_and_a_detail_000027.jsp#section16

INSPECTION OBSERVATIONS, WARNING LETTERS, WHO NOTICES OF CONCERN, AND EU INSPECTIONS

29


Report Number EudraGMDP

Document

Reference

Number

MIA

Number

Site Name Site Address City Postcode Country Inspection End Date

UK GMP 36736

Insp GMP

36736/1707035-

0003 - NCR

37171 HOSPIRA HEALTHCARE

INDIA PRIVATE LIMITED

PLOT NOS: B3-B4,

B5 (PART OF), B6

(PART OF), B11-

B18, SIPCOT

INDUSTRIAL PARK,

IRUNGATTUKOTTAI

SRIPERUMBUDUR IN-602 105 India 01-07-2016

DE_SH/NCS/API/0

1/2016

36996 Artemis Biotech (A

Division of Themis

Medicare Limited)

Industrial

Development

Area, Plot No. 1 &

5 Jeedimetla

Hyderabad 500 055 India 29-06-2016

DICM/INSP/SM-

MASA- PE010-

1216

36981 ALCOR, S.L. Poligono Industrial

del Henares, Juan

de Austria 142

Guadalajara 19004Spain 15-06-2016

INSP 2015-026-

0869333

36670 JINAN JINDA

PHARMACEUTICAL

CHEMI. CO LTD

No. 6121

Longquan Road

Zhangqiu,

Shandong

250200China 01-06-2016

MHRA and other EU authorities are published in Eudra GMDP

http://eudragmdp.ema.europa.eu/inspections/gmpc/searchGMPNonCompliance.do;jsessionid=FJbfDhXmktd8w8l0D20OsiJPUCiFzCH9lslIZARcA7q5su2PQB-K!1336814086?ctrl=searchGMPNCResultControlList&action=Sort&param=certificateNumber&param=asc

http://eudragmdp.ema.europa.eu/inspections/gmpc/searchGMPNonCompliance.do;jsessionid=FJbfDhXmktd8w8l0D20OsiJPUCiFzCH9lslIZARcA7q5su2PQB-K!1336814086?ctrl=searchGMPNCResultControlList&action=Sort&param=miaAuthNum&param=asc

http://eudragmdp.ema.europa.eu/inspections/gmpc/searchGMPNonCompliance.do;jsessionid=FJbfDhXmktd8w8l0D20OsiJPUCiFzCH9lslIZARcA7q5su2PQB-K!1336814086?ctrl=searchGMPNCResultControlList&action=Sort&param=siteName&param=asc

http://eudragmdp.ema.europa.eu/inspections/gmpc/searchGMPNonCompliance.do;jsessionid=FJbfDhXmktd8w8l0D20OsiJPUCiFzCH9lslIZARcA7q5su2PQB-K!1336814086?ctrl=searchGMPNCResultControlList&action=Sort&param=siteCity&param=asc

http://eudragmdp.ema.europa.eu/inspections/gmpc/searchGMPNonCompliance.do;jsessionid=FJbfDhXmktd8w8l0D20OsiJPUCiFzCH9lslIZARcA7q5su2PQB-K!1336814086?ctrl=searchGMPNCResultControlList&action=Sort&param=sitePostCode&param=asc

http://eudragmdp.ema.europa.eu/inspections/gmpc/searchGMPNonCompliance.do;jsessionid=FJbfDhXmktd8w8l0D20OsiJPUCiFzCH9lslIZARcA7q5su2PQB-K!1336814086?ctrl=searchGMPNCResultControlList&action=Sort&param=inspectionDate&param=asc

http://eudragmdp.ema.europa.eu/inspections/gmpc/searchGMPNonCompliance.do;jsessionid=FJbfDhXmktd8w8l0D20OsiJPUCiFzCH9lslIZARcA7q5su2PQB-K!1336814086?ctrl=searchGMPNCResultControlList&action=Drilldown&param=37171





30


WHO has published at least two Notice of Concern announcements in 2015


31


WHO has published at least two Notice of Concern announcements in 2015


32


Warning Letters from US FDAFISCAL YEAR COMPANY COMMENT

2016 Unimark Remedies Limited Your firm routinely re-tested samples without documented justification and deleted analytical data.

2016 Sri Krishna Pharmaceuticals Ltd. Your firm failed to ensure that laboratory records included complete data derived from all tests necessary to assure compliance with established specifications and standards

2016 Emcure Pharmaceuticals Limited our firm failed to ensure that laboratory records included complete data derived from all tests necessary to assure compliance with established specifications and standards

2016 Ipca Laboratories Limited Failure to have computerized systems with sufficient controls to prevent unauthorized access or changes to data.

2015 Svizera Labs Private Limited This WHO Notice of Concern addressed deficiencies in documentation Now

2015 Quest Lifesciences Pvt. Ltd. This WHO Notice of Concern addressed deficiencies in documentation in the GCP clinical trials area

2015 GVK Biosciences The French Medicines Authority inspected this site in Hyderabad, India and identified apparent data manipulations conducted in

2015 Apotex Research Private Li mited Data used to release product did not agree with the original data; “trial” injections were identified; failure to document activities as they occurred; failure to investigate and report OOS results

2015 Hospira S.p.A Chromatography systems did not have adequate controls to prevent deletion or modification of raw data files; audit trails were not enabled for the “Test” folder and the firm was unable to verify what types of test injections were made, who made them or the date or time of deletion.


33



2014 Apotex

Pharmachem

India Pvt Ltd.

Lack of raw data; batches were tested until they passed; OOS events were not reported nor were

they investigated.

2014 Tri farma S.p.A. The firm does not retain laboratory raw data; there is a lack of access control to computer

systems.

2013 Fresenius Kabi

Oncology

This represents the first warning letter to cite the FDASIA definition of adulteration to include

products made in a facility that “delays, denies or limits” an inspection; electronic data could be

altered or deleted; use of “test” or “trial” injections.

2013 Wockhardt Ltd Practice of performing trial injections before the “official” injection; documentation entries not

made as the activities were performed; HPLC data could be deleted from standalone

instruments.

2013 Wockhardt Ltd This letter was the second one in 2013 to cite the new FDASIA power to deem product

adulterated if they are manufactured at a site that “delays, denies or limits” an inspection;

investigators found batch records for 75 lots torn in half in the waste area; HPLC raw data files can

be deleted from the hard drive using the common PC login used by all analysts

2011 Cetero Research This untitled letter was issued to a firm located in the US that conducted BA/BE studies in support

of NDAs and ANDAs. As part of follow up, FDA sent a letter to the firms that contracted with

Cetero Research for BA/BE studies requesting specific information to establish validity of the

BA/BE information in the drug application. We also include one of the forms 483 .


34



2009 Ranbaxy, Ohm Laboratories in

Gloversville NY

Analysts were given access to delete data, user account privileges were

inadequate

2008 Ranbaxy, Paonta Sahib Written records were signed by individuals who were not present in the facility on

the day of the signing;

2007 Actavis Totowa LLC, NJ Electronic data files are not checked for accuracy; data discrepancies between

electronic data and data documented in laboratory notebooks.

2006 Wockhardt Failure to maintain complete and accurate records is a repeat deficiency cited at

previous inspections; Logbook did not contain complete and accurate information;

data were not documented at the time of performance.

2006 Ranbaxy, Paonta Sahib Failure to maintain documentation of operation conditions and settings, nor were

complete raw data retained; SOP provides for discarding of data.

2005 Able Laboratories, Cranbury NJ The 15-page form 483 was among the early forms 483 addressing the broad

category of data integrity. The inspection resulted in withdrawal of ~ 50 ANDAs and

the firm is no longer in business.

2000 Schein Pharmaceuticals Warning letter to Schein Pharmaceuticals cites inadequate control over laboratory

computer systems including password control and authority to change data.

WHAT ACTIONS COULD FIRMS TAKE?

35


• Firms should not assign all computer and software system

responsibilities to the IT groups without engaging a

knowledgeable Quality Unit and other stakeholders as active

partners

• Data management that ensures security and reliability of the

data must be effectively incorporated into the

Pharmaceutical Quality System

• Part 11 is a regulation, just as Parts 210 and 211 are

regulations


36


• Computer systems should be appropriately developed,

qualified, tested and periodically assessed to ensure they

remain in a validated state

• As part of system validation / re-validation, firms should

perform gap assessments for each GXP computer system

against the requirements of Part 11

• Internal GMP audit programs should always incorporate

assessments of data integrity


37


• For the QC laboratories, specifically: Laboratory instrument

associated computer systems and other computer systems

should be identified, assessed for their risk to the GMP area,

requirements defined and validated appropriately. Periodic

evaluations should be performed and documented to ensure

they remain in a validated state

• Firms should ensure they are informed regarding current

regulations, guidance and the enforcement environment


38

THANKS


39

QUALITY IS THE RESPONSIBILITY OF EACH AND EVERY INDIVIDUAL OF THE ORGANIZATION.

Healthcare

Data integrity nishodh 01092016