Data Integrity

Basic Concepts of Data Integrity in
Pharmaceutical Industry



What is Data?
Facts, figures and statistics collected together for reference or analysis. All original records and true copies of original records, including source data and metadata and all subsequent transformations and reports of these data, that are generated or recorded at the time of the GXP activity and allow full and complete reconstruction and evaluation of the GXP activity.
Data should be:

A - Attributable to the person generating the data
L – Legible and permanent
C – Contemporaneous
O – Original record (or true copy)
A - Accurate


What is Raw Data?

Raw data is defined as the original record (data) which can be described as the first-capture of information, whether recorded on paper or electronically. Information that is originally captured in a dynamic state should remain available in that state
Metadata:
Metadata is nothing but data about data which gives information about data.
Metadata is data that describe the attributes of other data, and provide context and meaning.

Simply, these are data that describe the structure, data elements, inter-relationships and other characteristics of data. It also permits data to be attributable to an individual (or if automatically generated, to the original data source).

Data Integrity:
The extent to which all data are complete, consistent and accurate throughout the data lifecycle all its forms, i.e. paper and electronic Data integrity arrangements must ensure that the accuracy, completeness, content and meaning of data is retained throughout the data lifecycle.

It can describe the state of data E.g., data valid or invalid—or the process of ensuring and preserving the validity and accuracy of data. Error checking and validation

Data Lifecycle
All phases in the life of the data (including raw data) from initial generation and recording through processing (including analysis, transformation or migration), use, data retention, archive / retrieval and destruction

Data Transfer / Migration
Data transfer is the process of transferring data and metadata between storage media types or computer systems. Data migration changes the format of data to make it usable or visible on an alternative computerized system. Data transfer/migration should be designed and validated to ensure that data integrity principles are maintained.

Data Processing
A sequence of operations performed on data in order to extract, present or obtain information in a defined format. Examples might include: statistical analysis of individual patient data to present trends or conversion of a raw electronic signal to a chromatogram and subsequently a calculated numerical result

Recording of Data
Companies should have an appropriate level of process understanding and technical knowledge of systems used for data recording, including their capabilities, limitations and vulnerabilities. The selected method should ensure that data of appropriate accuracy, completeness, content and meaning is collected and retained for its intended use. Where the capability of the electronic system permits dynamic storage it is not appropriate for low-resolution or static (printed / manual) data to be collected in preference to high resolution or dynamic (electronic) data.

Original record:
Data as the file or format in which it was originally generated, preserving the integrity (accuracy, completeness, content and meaning) of the record, e.g. original paper record of manual observation, or electronic raw data file from a computerised system

True Copy:
A copy of original information that been verified as an exact (accurate and complete) copy having all of the same attributes and information as the original. The copy may be verified by dated signature or by a validated electronic signature. A true copy may be retained in a different electronic file format to the original record, if required, but must retain the equivalent static/dynamic nature of the original record.

Computer system transactions:
A computer system transaction is a single operation or sequence of operations performed as a single logical ‘unit of work’. The operation(s) that make up a transaction may not be saved as a permanent record on durable storage until the user commits the transaction through a deliberate act (e.g. pressing a save button), or until the system forces the saving of data.


Audit Trail:
Audit trails are metadata that are a record of critical information (for example the change or deletion of relevant data) that permit the reconstruction of activities.
Where computerized systems are used to capture, process, report, store and archive raw data electronically, system design should always provide for the retention of audit trails to show all changes to the data while retaining previous and original data. It should be possible to associate all changes to data with the persons making those changes, and changes should be time stamped and a reason given. The items included in the audit trail should be those of relevance to permit reconstruction of the process or activity

Electronic signatures:
The use of electronic signatures should be compliant with the requirements of international standards such as Directive 1999/93/EC (requirements relevant to ‘advanced electronic signature’). Where a paper or pdf copy of an electronically signed document is produced the metadata associated with an electronic signature should be maintained together with the associated document.

Data Review:
There should be a procedure that describes the process for the review and approval of data. Data review should also include a review of relevant metadata, including audit trails. Review should be based upon original data or a true copy. Summary reports of data are often supplied between companies (contract givers and acceptors). However, it must be acknowledged that summary reports are limited, in that critical supporting data and metadata are often not included.

Access Level:
Computerized system user access / system administrator roles Full use should be made of access controls to ensure that people have access only to functionality that is appropriate for their job role, and that actions are attributable to a specific individual. Companies must be able to demonstrate the access levels granted to individual staff members and ensure that historical information regarding user access level is available. Controls should be applied at both the operating system and application levels.
Shared logins or generic user access should not be used. Where the computerised system design supports individual user access, this function must be used. This may require the purchase of additional licences

Data retention:
Data retention may be classified as either archive (protected data for long term storage) or backup (dynamic data for the purposes of disaster recovery).
Data and document retention arrangements should ensure the protection of records from deliberate or inadvertent alteration or loss. Secure controls must be in place to ensure the data integrity of the record throughout the retention period, and validated where appropriate. See also data transfer /migration.


Archive:
A designated secure area or facility (e.g. cabinet, room, building or computerised system) for the long term, permanent retention of complete data and relevant metadata in its final form for the purposes of reconstruction of the process or activity

Backup:
A designated secure area or facility (e.g. cabinet, room, building or computerised system) for the long term, permanent retention of complete data and relevant metadata in its final form for the purposes ofreconstruction of the process or activity

File structure:
Flat files:
A ‘flat file’ is an individual record which may not carry any additional metadata with it, other than that included in the file itself Flat files may carry basic metadata relating to file creation and date of last amendment, but may not audit trail the type and sequence of amendments. When creating flat file reports from electronic data, the metadata and audit trails relating to the generation of the raw data may be lost, unless these are retained as a ‘true copy’.



Relational database:
A relational database stores different components of associated data and metadata in different places. Each individual record is created and retrieved by compiling the data and metadata for review using a database reporting tool

Validation:

Validation - for intended purpose computerized\ systems should comply with regulatory requirements and associated guidance and be validated for their intended purpose. This requires an understanding of the computerized system's function within a process. For this reason, the acceptance of vendor-supplied validation data in isolation of system configuration and intended use is not acceptable. In isolation from the intended process or end user IT infrastructure, vendor testing is likely to be limited to functional verification only, and may not fulfill the requirements for performance qualification.

Comments

Post a Comment

Popular posts from this blog

What is CSV, Its Need, Purpose & Benefits in pharma Industry.

Image
History of CSV:  The concept of validation was derived from engineering principles of validation of mechanical system that has been extended to the software industry. To extend it further during mid-1970’s, Ted Byers and Bud Loftus, two Food and Drug Administration (FDA) officials first proposed the concept of validation in order to improve the quality of pharmaceuticals (Agalloco 1995).  In 1987 the FDA published a document entitled ‘FDA Guidelines on General Principles of Process Validation’.  It state that  "Process validation is establishing documented evidence which provides a high degree of assurance that a specific process will consistently produce a product meeting its predetermined specifications and quality attributes."   Feeling the necessity of Validation, FDA published a guide to the inspection of Computerized Systems in Pharmaceutical Processing, also known as the ‘bluebook’ (FDA 1983).  For MHRA this is Annex 11 of the EU GMP regulations (EMEA 19
Read more

What is Project Validation Plan (PVP) in Computer System Validation?

Image
In Earlier post we understood what is Design Specification, Its Type & Elements in Computer System Validation. Now in this article we are going to understand what is project validation plan(PVP) & What Content should include in PVP?. What is Project Validation Plan(PVP): CSV processes should be guided by a good plan that is created before the project starts. Project Validation Plan should be developed during this planning phase of the SLC Validation plan will define the objectives of the validation, the approach for maintaining validation status over the full SDLC & satisfy all regulatory policies & industry best practices (e.g., GAMP 5). It also defines roles and responsibilities along with the most important part, the Acceptance Criteria. A project validation Plan shall be created to identify and define the Validation strategy and deliverables generated as an outcome of the execution of the strategy. The PVP should be project specific and describes the appr
Read more

GxP Assessment & Categorization of Computerized System

Image
The first stage of whether a system requires a validation is to identify whether the system has a GxP impact. The result of the GxP Assessment and system Category checklist decided whether Validation required for computerized system. If Outcome is “GxP Applicable” then follow Computer system validation procedure and other risk assessment for validating the system. All systems which handle data or processes which fall under the impact of GxP or any other regulatory requirements must be validated Determine whether the application has been validated elsewhere you in organization. The amount of work required may be significantly reduced by referring some of the deliverables in as in state or with slight changes. The details must be addressed in the change control. If required any “Non GxP Applicable “systems that process data critical to operations of the business such as those involving financial, certain personal data etc. Quality assurance, IT, CSV responsibility person, HOD of
Read more