Thinking about data integrity in pharma

23 February 2022 11:30

Calvin Kim, senior director and head of IT Quality Systems & Validation at Samsung Biologics explores the fundamentals of data integrity and why a lack of critical strategic thinking could be affecting the success of implementing the technology.

Throughout every project, contract development and manufacturing organisations (CDMOs) will generate an abundance of data while relying on an array of computerised systems. These systems can assist CDMOs in their data management, security enhancement, human error reduction, and efficient execution of processes.

While advances in technology have enhanced and accelerated digitisation of processes, they have also highlighted the many complexities involved in safeguarding data integrity (DI) and maintaining regulatory compliance. Without fully understanding the intended use of the computerised systems utilised and the required mitigation of the associated risks, robust DI controls cannot be established.

Maintaining DI while generating an abundance of data

Heavily automated equipment and computerised systems used in development and manufacturing processes have led to generation and management of an abundance of data over a single project. Ensuring DI throughout the project–data lifecycle is essential, meaning the data should be complete, consistent, and accurate when they are collected, maintained, backed-up, transferred, and analysed throughout its retention time period.

With DI, the data generated can be used to make informed decisions to minimise the risk to product quality and patient safety. If DI cannot be assured, the data cannot be reliable and could result in safety risks, recalls, delays, and denied drug approvals.

The importance of DI and the potential risks involved in its absence have necessitated the introduction of guidance and regulations by regulatory bodies globally.

What does it mean to be compliant with the FDA and EMA regulations?

Following the initial introduction of DI regulations in the early 1960s by the FDA, there have been consistent updates corresponding to advancements in computerized systems and digitalised solutions over time. FDA’s 21 CFR (Code of Federal Regulations) Part 11 (published in 1997) and EMA’s EudraLex Vol.4 Annex 11 (2011) provide the key regulatory requirements surrounding electronic records and electronic signatures (ERES), including DI controls and computerised system validation (CSV).

FDA, MHRA, and other regulatory guidelines also state that all data created in GxP operations should adhere to the ALCOA principles: ‘Attributable, Legible, Contemporaneous, Original, and Accurate’. Further DI assurance is achieved through following the additional ALCOA+ principles: ‘Complete, Consistent, Enduring, and Available’.

Being compliant with the FDA and EMA DI regulations requires CDMOs to establish a strong understanding of ERES/CSV regulatory requirements, especially the implementation of ALCOA+ principles in various digitised solutions. This starts with benchmarking the industry for the robust user requirements; in particular, those that lead to the implementation of the system features/functions that meet the latest industry standard on regulatory requirements such as security, audit trail, and DI controls.

However, in the past few years, compliance with FDA regulations has been a particular challenge for many CDMOs. Despite the increased efforts by the regulatory authorities to publish various DI related regulatory guidelines, DI related inspection findings persist. Between 2014 and 2018, 79% of global drug warning letters issued by the FDA cited that there were DI violations. This highlights the need for CDMOs to fully comprehend that regulatory compliance is not just about awareness of the regulations, but to continuously implement robust DI controls to meet or exceed the current industry standards.

A lack of strategy and critical thinking

Technologies that record, manage, and store data with robust DI controls can minimise human error and improve conformance with the ALCOA+ principles when implemented correctly. Consequently, digitised solutions are often equated to enhanced or improved processes.

However, for these digitised solutions to be able to offer the benefits outlined, CDMOs need to approach DI with a clear understanding and a strategy that:

Defines and optimises the processes of the digitised solutions being introduced.
Establishes the fundamental requirements of the process.
Identifies the requirements, limitations, gaps, challenges, and potentials of the solution to be used.

CDMOs that skip this interrogation and instead adopt a “technology-first” approach to quickly fix a problem can easily become dependent on a vendor and form an over-reliance on an ineffective digitised solution. In many cases, this becomes a working relationship that can be difficult to escape from.

Some CDMOs (as well as the solution providers) utilising a digitised solution may also not be aware of, or know how to be compliant with, the necessary regulatory requirements surrounding DI controls. This can lead to further complexities. When designing these solutions, it is important that regulatory requirements, such as audit trail, e-signature, security, and technical DI controls are adequately benchmarked for their latest industry standards and implemented with a streamlined CSV process.

Asking the right questions

The best approach to building robust DI controls is to implement a top-down approach. Those in management roles need to establish a robust governance programme incorporating appropriate organisational, procedural, and technical controls. Throughout, they need to remember what it means to be compliant with the regulatory requirements, as well as asking key questions:

What is the critical data that needs to be protected and maintained?

Not all data is of equal importance: DI controls on data that have a direct impact on patient safety and product quality are critical and should be a priority.

How can the validated computerised system enhance product quality or reduce risk to product quality?

Establishing an efficient risk-based computerised system validation (CSV) and change management processes can improve product quality. This requires:

Defining the intended use, requirements, and specifications of the computerised system.
Subjecting the computerised system to design enhancements based on a robust risk management process.
Improving the technical design and reducing potential human errors thereby mitigating risk to patients and product quality.
Carrying out validation activities based on the user requirements, with full traceability throughout.
Streamlining testing to verify the system design and risk mitigation measures.

Ensuring DI: A key lesson

CDMOs that employ digitised solutions without fully understanding the gaps in their DI controls are at risk of making decisions based on unreliable data and could face repercussions during regulatory inspections and client audits as a result. More importantly, robust DI controls are needed throughout product manufacturing and the lifecycle of the associated data to ensure patient safety and product quality. It is essential to identify a CDMO partner that is aware of the DI regulatory requirements and has implemented digitised solutions by building proactive and robust risk mitigation processes with a quality design and data-centric mindset.

Calvin Kim, senior director and head of IT Quality Systems & Validation at Samsung Biologics explores the fundamentals of data integrity and why a lack of critical strategic thinking could be affecting the success of implementing the technology.

Related

Samsung Biologics and Pfizer announce strategic collaboration for long-term manufacturing of biosimilars portfolio

Samsung Biologics Announce Agreement with Bristol Myers Squibb to Manufacture an Antibody Cancer Drug Substance

Samsung Biologics Partners with LegoChem Biosciences

Samsung Biologics and Kurma Partners Announce Strategic Partnership