Ensuring Data Integrity in a Regulated Environment
10 essential chromatography data system compliance areas
This article explores the steps necessary to ensure the integrity of data generated and maintained by chromatography data systems (CDS) in a regulated GXP environment. It has been driven partly by recent content of some U.S. Food and Drug Administration (FDA) warning letters and the publication of the new European Union (EU) GMP Annex 11 regulations.
Since the Able Laboratories 1,2 and Leiner Health Products 3 fraud cases, there has been a focus on the integrity of data generated in regulated quality control laboratories. This focus has been justified by at least one FDA warning letter where spectroscopic data were copied from one batch that passed to another one. 4 Therefore, the aim of this article is to present and discuss 10 compliance areas to ensure the integrity of data generated by CDS, especially in the light of recent regulatory changes and approaches.
Recent regulatory changes
There are three regulatory changes that have occurred already, or that will have an impact in the future, on the integrity of data in regulated laboratories:
FDA’s post inspection 483 program: Begun in September 2009, this program requires a complete response from a company to all 483 observations within 15 business days. 5, 6 This should mean a redefinition of “inspection ready” within companies, so that laboratories are working compliantly and do not need to respond in a panic to meet the 15-day deadline. However, as evidenced by the laboratory data integrity issues, this is not happening in a number of laboratories.
Part 11 inspection program: 7 In 2010, the FDA announced that they would be conducting Part 11 audits alongside normal GMP inspections of companies to assess how industry is interpreting 21 CFR 11 after the publication of the 2003 guidance on Part 11 scope and application. 8
New EU GMP regulations for computerized systems (Annex 11) and documentation (Chapter 4) were released in January 2011 and become effective on June 30, 2011. 9,10 At first sight, the focus should be on the increased requirements for computerized systems regulation in Annex 11. However, the sting in the tail is contained in the update for Chapter 4.
Here, the EU looks at records of activities and requires that raw data be defined formally for all systems generating data for batch release and specifically mentions hybrid and fully electronic systems. In this respect, we now have harmonization between the EU and FDA around management of electronic records.
These changes will inevitably impact all computer systems in regulated laboratories, including chromatography data systems.
Criteria for integrity of laboratory data
To help training staff, we need to know the basics of laboratory data integrity. The main criteria are listed below: 11
Attributable — who acquired the data or performed an action and when?
Legible — can you read the data and any laboratory notebook entries?
Contemporaneous — documented at the time of the activity
Original — written printout or observation or a certified copy thereof
Accurate — no errors or editing without documented amendments
Complete — all data including any repeat or reanalysis performed on the sample
Consistent — all elements of the analysis, such as the sequence of events, follow on and are dated or time stamped in expected sequence
Enduring — not recorded on the back of envelopes, cigarette packets, Post-it notes or the sleeves of a laboratory coat, but in laboratory note books and / or electronic media in the CDS or LIMS
Available — for review and audit or inspection over the lifetime of the record
Analytical scientists need to understand these criteria and apply them in their respective analytical methods. So, let us interpret these criteria for a CDS in light of regulations and warning letter citations.
10 areas for ensuring CDS data integrity
Below, I suggest 10 areas that are essential to ensure the integrity of data within the boundaries of a chromatography data system.
These are:
1. Identify each user uniquely
2. Implement adequate password controls
3. Establish different user roles / access privileges
4. Establish and maintain a list of current and historical users
5. Control changes to the system
6. Use only trained staff to operate the system
7. Understand predicate rules for laboratory records
8. Define and document e-records for the system
9. Review the audit trails for each run
10. Back the system up regularly
We will now discuss each area in turn to see what controls are needed.
1. Identify each user uniquely
Attributing work to an individual is a key GMP compliance requirement. In the paper world, identification of each analyst is easily achieved through each person’s initials or signature on a printout or laboratory notebook. However, this simple principle often is lost when we move into the electronic domain, as each individual needs a unique user identity to use the CDS.
However, the cost of user licenses for the CDS can be a deterrent to this and, although it appears to be sensible from a financial perspective, it is a compliance disaster waiting to happen. So, ensure that accounts are not shared, as the FDA rewards those laboratories with free entry to the agency’s wall of shame, better known as the warning letter pages of their Web site.
Notable entries on the wall of shame are:
Concord Laboratories: 12 Here, managers were observed to log onto the CDS and set up a chromatograph for analysis, and then the analyst who was actually doing the work accesses the system via manager accounts.
Ohm Laboratories: 13 The citation states that “One user account is established for two analysts to access the laboratory instrument’s software on the computer system attached to HPLC systems.”
Furthermore, you should not reuse user identities, even if a person leaves the laboratory or the company, but allocate a different identify to each individual.
2. Implement adequate password controls
Once a person has their unique user identity allocated to them, they will access the CDS by logging on using their user identity and password. The password needs to be strong enough so that it cannot be guessed by others, but not so strong that the user has to write it down to remember it (otherwise known as the password paradox). Regardless of the strength, it is essential that any rules for a password must be enforced by either the operating system or the CDS application software to ensure that the rules are followed.
So, some of the citations concerning passwords for CDS are:
common password shared between two or more users by Ohm Laboratories 13
passwords with a minimum of four characters that never expired by the Gaines Chemical Co. 14
An audit finding of mine, where both the user identity and password were written down and stuck on the front of the workstation. The user identity was “admin”. What was the password used? Yes, you’ve guessed it — “admin”!
A suggestion is that any default accounts are disabled, or at least the default password is changed, especially if it is documented in the user manual.
3. Establish different user types with different access privileges
U.S. GMP regulations in §211.68(b) require systems and equipment to be limited to authorized individuals only, which is fair enough. However, in today’s CDS, you can define user types with different access privileges allocated to each type. Why is this important? Let me ask you a question, do you to want allow the newest recruit in your laboratory the ability to do anything in the system including changing methods and reports without anybody knowing about it? Of course not, so we implement different user types in our CDS such as trainee, analyst, supervisor, power user and system administrator. To each user type, we allocate different access privileges based upon the role that they will perform in the system.
However, some people do not learn or even consider some basic integrity requirements:
Concord Laboratories 12 was cited in their warning letter: “In addition, data security protocols are not established that describe the user’s roles and responsibilities in terms of privileges to access, change, modify, create, and delete projects and data.”
Ohm Laboratories: 13 Each user account provides full system administrative rights, including editing of the methods and projects.
4. Establish and maintain a list of current and historical users
Regulations on both sides of the Atlantic Ocean in 21 CFR part 11 15 and Annex 11 9 require authorized users with different access privileges. However, the FDA guidance for industry: Computerized Systems in Clinical Investigations, 16 issued in 2007, requires a list of current and historic users of systems used for clinical trials and clinical investigations. Although this is guidance, it is a logical interpretation of the GMP regulatory requirements cited above. This list needs to be established and maintained, as it is easy for an inspector to ask to see the list of accounts and, if somebody has recently left, ask to see if the account is still active or has been disabled. Concord Laboratories, 12 for example, would need to generate such a list as a corrective action to the citation in the previous section.
5. Control changes to the system
Linked to the allocation of access privileges discussed earlier is the ability of a user to make changes to methods, integration parameters and also baselines. U.S GMP. in §211.68(b) requires that changes are only made by authorized individuals. However, when you share user identities, as happened at Concord Laboratories, 12 unattributed changes to methods were made as the laboratory could not identify individuals making changes to methods and, therefore, determine if they had the appropriate combination of training, education and experience.
6. Only trained staff must operate the system
Under GMP, there is the requirement for all staff to have the “combination of education, training and experience to perform their job” as stated in §211.25. This, you would think, would be a classic no-brainer. However, some companies appear to have had a frontal lobotomy instead:
In one of the citations from the Able Laboratories 483 observation form 1 it notes “failure to provide adequate training to analytical chemists.” Why was this important, you may ask? Here is the reason: “OOS results were substituted with passing results by Analysts and Supervisors. The substitution of data was performed by cutting and pasting of chromatograms, substituting vials, changing sample weights and changing processing methods.”
So, it is an important part of a user’s training to ensure data integrity of the data generated and that changes may only be made according to predefined procedures to prevent an accusation of falsification or fraud.
7. Understand predicate rules for laboratory records
Under the U.S. GMP regulations for laboratory records, there is a specific statement in the beginning of §211.194(a) that states: “Laboratory records shall include complete data derived from all tests necessary to assure compliance with established specifications and standards, including examinations and assays, as follows….” The key phrase in this is “complete data” i.e. everything warts and all — including the data you don’t want your supervisor to see. This is the key to establishing the integrity of data in a CDS. Why? Errors occur, mistakes happen, chromatographs malfunction and columns fail to work. So, include everything.
Notable exceptions to this have been:
Able Labs 483 1 with the citation “laboratory records do not include complete data derived from all tests, examinations and assays necessary to assure compliance with established specifications and standards.”
Cambrex Profarmaco 17 where the citation reads: “Your quality unit failed to maintain complete laboratory control records for the analysis of your APIs (including graphs, charts, and spectra from laboratory instrumentation derived from all tests conducted) to ensure compliance with established specifications and standards.
“Raw data (e.g., chromatograms, standard and sample weights, calculations, standards, reagents, and instrument information) for the Albuterol Sulfate (June 2001) and Lorazepam (June 2006) related substances, method validation were not available during the inspection. The failure to have this data available during the inspection prevented the investigators from confirming the authenticity and reliability of data submitted to support drug application.”
I have included the Cambrex Profarmaco citation at length to illustrate how data integrity problems in the laboratory can create problems for the business as a whole. The company has applied for a license to sell a product, yet there is no data available from the CDS to support statements in the submission to the agency — lack of CDS data integrity can seriously damage a company’s wealth.
8. Define and document electronic records for the system
Since 2003, the Part 11 Scope and Application guidance 8 has recommended that companies define the electronic records for their systems. However, on June 30, 2011, this also will be the law in Europe for those working to GMP, as this is when the new version of Chapter 4 on documentation becomes effective. The Principle states for Records: 10 “For electronic records regulated users should define which data are to be used as raw data. At least, all data on which quality decisions are based should be defined as raw data.”
There are two issues to look at here. First is the fact that EU GMP considers that documentation includes a record that is the evidence of an activity; therefore, the data files created during an analytical run are records. Second, when a CDS is used for batch release, the users must define what the raw data are for the system. I have discussed this for a CDS in an earlier publication. 18
However, Chapter 4 10 goes into greater scope and more detail in clause 4.1. (Note that only the parts of this clause relevant to this discussion are presented here, and you should read the whole clause to understand the whole picture.):
“The requirements apply equally to all forms of document media types.” Similar to the definition of electronic record in 21 CFR Part 11, it does not matter that a media type has not been invented: when it is and you use it, this regulation covers it. This is a broad-scope definition and is not limited by any specific technology.
“Many documents (instructions and/or records) may exist in hybrid forms, i.e. some elements as electronic and others as paper based.” It does not matter if a record is generated on paper, exists as handwritten signatures following a printout of the electronic record (hybrid system) or is maintained fully electronically, this regulation covers it.
“Relationships and control measures for master documents, official copies, data handling and records need to be stated for both hybrid and homogenous systems.” This means that a document that has been reviewed and approved, which defines relationships between the records in the CDS and how they are controlled, including access by users, etcetera, is needed.
“Appropriate controls should be in place to ensure the integrity of the record throughout the retention period.” We have to maintain the records and integrity of the data throughout the record retention — period.
Furthermore, in clause 4.10, 10 it states: “It should be clearly defined which record is related to each manufacturing activity and where this record is located. Secure controls must be in place to ensure the integrity of the record throughout the retention period and validated where appropriate.” So, life has just gotten a lot more formal for a CDS. Laboratories must define the raw data (records), if they have not already done so, and also state where the records are located. Furthermore, the integrity of the records must be retained throughout the retention period (reiterating 4.1 above) and, if electronic records are involved, validation will be involved in any archiving or application software updates.
However, here is where the problem begins, from audits that I have conducted in many laboratories over the years, there is still a problem of defining raw data in a CDS as anything other than paper. Now, with the publication of the EU Chapter requirements, there is no room for maneuver: CDS records are either hybrid or electronic. No discussion and no debate: the argument of raw data as paper has just joined the dodo as extinct.
Now, if you think the FDA has been sleeping on the job, there is a little snippet from the Administration’s Web site19 that is available for all to see: “The printed paper copy of the chromatogram would not be considered a “true copy” of the entire electronic raw data used to create that chromatogram, as required by 21 CFR 211.180(d). The printed chromatogram would also not be considered an ‘exact and complete’ copy of the electronic raw data used to create the chromatogram, as required by 21 CFR 211.68. The chromatogram does not generally include, for example, the injection sequence, instrument method, integration method, or the audit trail, of which all were used to create the chromatogram or are associated with its validity. Therefore, the printed chromatograms used in drug manufacturing and testing do not satisfy the predicate rule requirements in 21 CFR Part 11. The electronic records created by the computerized laboratory systems must be maintained under these requirements.” I could not write this better — but I could make it more entertaining.
9. Review the audit trail entries for each batch
Part of the “complete data” for a CDS analytical run includes the audit trail, and there is the requirement under US GMP §211.194(a)(8) for the “initials or signature of a second person” to show that work has been done correctly and conforms to standards. This implies that the audit trail should be checked. In contrast, in Europe under Annex 11, it will be the law to review the audit trail for batch release from June 30, 2011.
The FDA has cited laboratories over the years for failure to review the audit trails of CDS systems: Failure to review electronic data as part of batch release at Able Laboratories 1 Both Concord Laboratories 12 and Ohm Laboratories 13 also were cited for failing to review audit trails in their CDS systems e.g. “Review of audit trails is not required.”
The problem is that current CDS audit trails cannot demonstrate that a user has reviewed it — what a bummer!
10. Backup the system regularly
Part 11 requires record protection 15 and so does that new version of Annex 11. 9 The latter goes further than Part 11 and its predicate rule in clause 7.2 “Regular back-ups of all relevant data should be done. Integrity and accuracy of backup data and the ability to restore the data should be checked during validation and monitored periodically.” So, interpreting this, backups have to be done regularly. Typically, this will be daily. So, it will be the IT department doing this task, not laboratory personnel. When the backup is performed, the backup logs must be checked to see whether the backup worked or not and, if not, should be rescheduled to avoid the loss of data. Moreover, backup needs to be validated, and periodic restores should be performed to see that the tapes are still readable.
However, there is always somebody who is going to fail in a spectacular way, and our star in this section is Ohm Laboratories: 13 “Specifically, your firm does not have an adequate number of personnel to ensure that your firm’s manufacturing operations are adequately conducted and completed. For example, a. Your QCU personnel stated that no data back-up of the HPLC Systems has been performed since May 26, 2009 due to insufficient time to perform such activity. … your quality unit personnel informed the investigators that the computer software was upgraded and the raw data was lost during the software upgrade.
“We have serious concerns about your firm’s implementation of changes to your computerized systems (e.g., software upgrade). It is your responsibility to provide the means of ensuring data protection (e.g., back-up system) for your computerized systems to prevent the permanent loss of records. Please provide corrective actions to prevent similar recurrences.”
The problem is that leaving the backups to laboratory personnel means that there is a great risk that backups will not be performed regularly, will not be performed at all and probably will not be verified to see if data can be recovered before a disaster happens. However, losing data during the software upgrade is inexcusable and stupid.
The first thing anybody should do is backup the system securely, and this means verifying the backup — a check to read the data on the tape and verify it with the original data on the disk. This takes time but is essential to check the quality of the backup. If you are worried still, take a second backup using a tape from a different batch. Then, if there is a problem, you have a second life line. However, the bottom line is that analysts should analyze samples, and the IT department does the backups: right people for the right jobs. After all, you would not want the IT department analyzing your samples would you?
Conclusions
To ensure the integrity of the data generated by a chromatography data system, we have looked at 10 areas that, either by lack of control of the CDS or through new regulatory requirements, are essential. Failure to have these controls and procedures in place will result in compliance issues and also business problems that will adversely impact company performance.
References
1. Able Laboratories 483 Inspectional Observations (July 2005)
2. R.D.McDowall, Quality Assurance Journal, 10 (2006) 15-20
3. Leiner Health Products Warning Letter (August 2007)
4. Xian Libang Pharmaceutical Company, Warning Letter (January 2010)
5. Review of Post-Inspection Responses, Federal Register, August 11, 2009, 74 (153) 40211–40212
6. R.D.McDowall, Spectroscopy, Focus on Quality, November 2009
7. FDA To Conduct Inspections Focusing on 21 CFR 11 (Part 11) requirements relating to human drugs, http://www.fda.gov/AboutFDA/CentersOffices/CDER/ucm204012.htm, July 2010
8. FDA Guidance for Industry, Part 11 Scope and Application, 2003
9. EU GMP Annex 11 Computerised Systems: http://ec.europa.eu/health/documents/eudralex/vol-4/index_en.htm
10. EU GMP Chapter 4 Documentation: http://ec.europa.eu/health/documents/eudralex/vol-4/index_en.htm
11. R.D.McDowall, Spectroscopy, Focus on Quality, December 2010
12. Concord Laboratories Warning Letter (July 2006)
13 Ohm Laboratories, Warning Letter (December 2009)
14. Gaines Chemical Company 483 Inspectional Observations (December 1999)
15. 21 CFR 11, Electronic Records Electronic Signatures Final Rule, 1997
16. FDA Guidance for Industry, Computerized Systems in Clinical Investigations, 2007
17. Cambrex Profarmaco Warning Letter (August 2009)
18. R.D.McDowall, Validation of Chromatography Data Systems: Meeting Business and Regulatory Requirements, Royal Society of Chemistry, Cambridge, 2005
19. Questions and Answers on Current Good Manufacturing Practices, Good Guidance Practices, Level 2 Guidance – Records and Reports – see question number 3. http://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/ucm124787.htm
R.D. McDowall is Principal, McDowall Consulting. He may be contacted at [email protected].