Top 7 Queries Addressed: Data Integrity and CGMP Compliance


This article provides a clear insight into the significance of data integrity within the framework of current good manufacturing practice (CGMP) for pharmaceuticals, as mandated by 21 CFR parts 210, 211, and 212. These parts encompass the regulations for Current Good Manufacturing Practices in Manufacturing, Processing, Packing, or Holding of Drugs in general (part 210), Current Good Manufacturing Practices for Finished Pharmaceuticals (part 211), and Current Good Manufacturing Practices for Positron Emission Tomography Drugs (part 212). This guidance outlines the Agency’s perspective on the creation and management of data in accordance with CGMP requirements.

Therefore, the core principle this guidance upholds is the insistence on reliability and accuracy in data. The FDA emphasizes the need for data to be dependable and precise. To address data integrity concerns, the CGMP regulations and associated guidance advocate for adaptable and risk-based approaches. These approaches are intended to prevent and detect issues related to data integrity. In doing so, pharmaceutical firms are encouraged to implement strategies that effectively manage data integrity risks, leveraging their comprehension of processes, technological insights, and business models.

It’s important to note that the guidance documents issued by the FDA express the Agency’s current perspectives and beliefs. These documents do not establish legally binding obligations. Rather, they offer recommendations based on the FDA’s present understanding. However, using terms like “should” in these guidances indicates suggestions and recommendations, but they are not obligatory unless specific regulatory or statutory mandates are explicitly cited.

Let’s take a deep dive into the top 7 questions below

1. When is it permissible to exclude CGMP data from decision-making?  

Every data formed within the context of a CGMP record needs to be evaluated by the quality unit for release criteria and preservation per CGMP objectives. Electronic data generated to satisfy CGMP obligations should encompass pertinent metadata. To omit data from the decision-making process for release criteria, a valid and well-documented for its exclusion should exist. The prerequisites for retaining and reviewing records remain consistent irrespective of the data format; paper-based and electronic data record-keeping systems are subject to identical stipulations.

2. Why is the FDA concerned with using shared login accounts for computer systems? 

It is essential to enforce suitable measures to guarantee that alterations to computerized Master Production and Control Records (MPCRs) or other records and the inputting of laboratory data into computerized records are conducted solely by authorized personnel. Concurrently, implementing documentation controls is imperative to ascertain that actions can be unequivocally attributed to specific individuals. In instances where login credentials are shared, the distinct identification of an individual through the login is rendered unfeasible, resulting in non-conformance with the CGMP requisites delineated in parts 211 and 212. FDA mandates that the design of system controls, including documentation controls, adhere to CGMP principles to ensure the preservation of product quality.

3. How often should audit trails be reviewed? 

FDA advises conducting reviews of audit trails that document alterations to vital data for every record before granting final approval to the record. Audit trails that necessitate consistent reviews should encompass various aspects, such as:

  1. Modification history of test results for finished products
  2. Amendments to sample run sequences
  3. Revisions to sample identification and significant alterations to process parameters

To ensure effective oversight, the FDA advocates for scheduled, routine audit trail evaluations, which should be determined based on factors like the system’s complexity and its designated purpose.

4. Who should review audit trails?

Audit trails are integral components of the correlated records. Those tasked with reviewing records in accordance with CGMP should concurrently examine the audit trails that document modifications to vital data linked with the record. To illustrate, the quality unit is responsible for scrutinizing and endorsing all production and control records, encompassing audit trails. This parallels the anticipation that handwritten alterations on paper records should be evaluated during data reviews.

5. Can electronic copies be used as accurate reproductions of paper or electronic records? 

Certainly, electronic duplicates can function as authentic replicas of paper or electronic records, assuming they retain the substance and significance of the initial data, encompassing linked metadata and the constant or fluctuating attributes of the original records. For dynamic electronic records, authentic reproductions may be generated and upheld in either the original or a compatible format, contingent upon the conservation of the content and meaning of the primary records. Appropriate reader and copying equipment (such as software, hardware, and media readers) must remain conveniently accessible.

Note: “Static” denotes an unchanging data document, such as a paper-based record or an electronic image. In contrast, “dynamic” refers to a record format that enables interaction between the user and the record’s content. For instance, a dynamic chromatographic record might permit the user to alter the baseline and reprocess chromatographic data, potentially causing adjustments in the appearance of resulting peaks. Additionally, it might enable users to amend formulas or input within a spreadsheet used for calculating test outcomes or other data, such as calculated yields.

6. When does electronic data become a CGMP record?

When data is generated to meet CGMP requirements, it becomes a CGMP record. It’s important to save or document this data during creation, following CGMP rules. Quality data must not be changed, so processes should ensure that. For example, save chromatograms right after a run. Using temporary paper or storing data electronically manipulably isn’t allowed. Use a mix of technical and procedural controls. Computer systems like LIMS can auto-save after each entry, like recording on paper. This keeps CGMP practices intact.

7. How does FDA recommend data integrity problems identified during inspections, in warning letters or other regulatory actions be addressed? 

FDA advises demonstrating effective problem resolution by:

  1. Engaging a third-party auditor.
  2. Identifying the issue’s extent.
  3. Executing a global corrective action plan.
  4. Replacing those responsible for problems in CGMP roles.

FDA could inspect to confirm data integrity CGMP violations are resolved. These align with Application Integrity Policy standards. For detailed guidance, refer to the “Points to Consider for Internal Reviews and Corrective Action Operating Plans” public document on the FDA website.

Schedule a Free Consultation
Request a Demo

See More Articles