For any software implemented, regulatories in their audit look for adherence to regulatory and quality standards.
These standards would include the following:
- US FDA’s 21 CFR Part 11/EU Annex 11 (Electronic records and signatures)
- US FDA GMP (211.68)
- Automatic, mechanical, or electronic equipment or other types of equipment, including computers, or related systems that will perform a function satisfactorily, may be used in the manufacture, processing, packing, and holding of a drug product
- If such equipment is so used, it shall be routinely calibrated, inspected, or checked according to a written program designed to assure proper performance. Written records of those calibration checks and inspections shall be maintained
Data integrity in CSV audits is one of the biggest reasons for non-compliance and owing to which warning letters/483s, heavy fine, ban on products, etc. are issued to companies.
US FDA’s definition to avoid data integrity issues are:
- ALCOA (C)
- Attributable: the data should be attributed to a specific user; Who acquired the data and when
- Legible: the details of which should be loud and clear; Can you read the data (e.g., handwriting, durable ink)
- Contemporaneous: nothing can be done in hindsight, and date & time of capture is important; Are data record at the time of observation
- Original: the details of which would be as received; Are data presented the same as originally recorded
- Accurate: owning to the accuracy of the data received; Are presented test result what is in the test sample
- Complete: all the details to be captured and recorded; Does the record include everything as required by regulations
Owing to ALCOA(C), the observations are generally:
- Failure to maintain complete data (lab tests, even raw data, etc.)
- Failure to capture data at the very time when the activities were performed
- Failure to record failed instances
- Changes in data without them getting recorded in the system
- Incomplete or unclear data/information
- Backdating the records
- Non-conclusive, incomplete, inaccurate data capture
For every Electronic record that are created, modified, maintained, archived, retrieved, or transmitted and, also, the Computerized systems, controls, and ANY documentation subject to inspection – all are subject to CSV compliance.
Also, all records with controlled GxP data or records used to make quality decisions or records containing data that will be reported/submitted to regulatory agency/s are also subject to regulatory inspections.
To ensure Data Integrity is utmost important.
Changes should be noted, reasoned and non-reverted with audit trails with change information; evidence should be available as proof.