Sie sind auf Seite 1von 50

Datenintegrität

Ralf Schröder
Nov 2017, Separation Days

©2017 Waters Corporation COMPANY CONFIDENTIAL 1


Quellen der Informationen in dieser Präsentation

Regulatory Industry
Bodies Groups Customer & QA
FDA/MHRA etc ISPE/GAMP

Within

Sales and Professional Product


Specialists Services Functionality and
Design
©2017 Waters Corporation COMPANY CONFIDENTIAL 2
Disclaimer

 This presentation is for informational purposes only and should not be taken as
advice regarding any particular course of action to be followed.
 Waters does not make any representations or warranties, express or implied, to
any party, regarding use of the information contained in this presentation to make
decisions regarding the implementation and maintenance of effective quality
control systems and quality assurance testing programs, including but not limited
to the applicable Good Manufacturing Regulations that apply to the manufacture
of regulated products.

©2017 Waters Corporation COMPANY CONFIDENTIAL 3


Datenintegrität

©2017 Waters Corporation COMPANY CONFIDENTIAL 4


Was bedeutet Datenintegrität?

Quelle: www.duden.de

©2017 Waters Corporation COMPANY CONFIDENTIAL 5


Was verbinden Sie mit Datenintegrität?

Regulatorien
Audit Trail Prüfen Geräte Training

GxP Datenintegrität
Daten Management Interfacing Datenqualität
Backup
Validation CSV SOP Compliance
Archiv
Verantwortung Kultur

©2017 Waters Corporation COMPANY CONFIDENTIAL 6


Was beinhaltet Data Integrity?
Menschen Qualitativ hochwertige Trennung
– ‘Data Integrity’ Kultur – Geeignete Standards & Reagentien
– Überwachung und Datenkontrolle – Instrument Kalibrierung & Wartung
– Eindeutige Accounts – Qualifizierung
– Wissenschaftliche Kenntnisse – Methodenvalidierung
– Training – System Suitability Tests
– Schutz vor Betrug – Geeignete Säulen

Computersysteme für das Labor IT Komponenten


– Eingebaute Kontrollmechanismen – Sichere zentrale Datenablage
– Computer System Validierung – Qualifizertes Netzwerk
– Nachvollziehbarkeit – Disaster Recovery Plan
– Regelmäßige Kontrolle – Backup und Restore Prozess
– Archivierung elektronischer Daten

©2017 Waters Corporation COMPANY CONFIDENTIAL 7


Woher kommt der neue Focus auf Datenintegrität?

Elektronische Systeme bieten neue Möglichkeiten


Sie können unerwünschte Aktionen
verhindern und/oder Sie aufdecken
 Werkzeuge für QA und Auditoren
– Zugriffskontrolle
– System policies
– Audit Trails

Auditoren haben das Vertrauen


in die Ehrlichkeit und Integrität
der Analytiker verloren
©2017 Waters Corporation COMPANY CONFIDENTIAL 8
Able Laboratories, Inc.
FDA 483 Inspectional Observations (May 2005)

http://www.fda.gov/aboutfda/centersoffices/officeofglobalregulatoryoperationsandpolicy/or
©2017 Waters Corporation COMPANY CONFIDENTIAL a/oraelectronicreadingroom/ucm061813.htm 9
Woher kommt der neue Focus auf Datenintegrität?
Verschiebung der Datenintegritätsproblematik

Papier
Computer Systeme
Dokumente
Labortagebücher E-Lab Notebook Zugriffskontrolle
Gebundene Arbeitsvorlagen Lab Execution Systems Dokumentation der Aktionen mit Audit Trail
Zeitstempel Audit Trail ALCOA (keine Rückdatierung)
Initialien, Datum,
Audit Trail ALCOA (Attribute, Change Control)
Korrekturkommentare
Review - Prozess Metadaten beschreiben Daten Erleichterter Review
Manuelle Unterschrift Elektronische Unterschrift ALCOA (Zeitstempel)
Papierarchiv im
Elektronische Archivierung Schneller Zugriff auf Daten
klimaüberwachten Lager
Disaster Recovery mittels Redundante Kopien der
Daten und Metadaten bleiben bei einem Disaster verfügbar
PDF? Orginaldaten

©2017 Waters Corporation COMPANY CONFIDENTIAL 10


Datenintegrität:
Der Schlüssel zur Qualitätssicherung

Grundvoraussetzung: Vertrauenswürdige Daten


 Data Integrity Guidances: Fokus auf Chromatografie
 Review der Audit Trails
 Spezielle Inspektionen: Fokus auf Datenintegrität
– Mehrere Neue Guidances (mindestens fünf)
– Unterscheidung zwischen statischen und dynamischen Daten (gedruckte Chromatogramme)
o Elektronische Daten werden angeschaut, nicht nur Ausdrucke
– Training der Auditoren für elektronische Laboranwendungen
 Überprüfung der ‘guten und schlechten’ Daten
– Re-Analyse und Re-prozessierung
 Fehlerbehandlung und OOS Prozeduren
– Adäquate Handhabung

©2017 Waters Corporation COMPANY CONFIDENTIAL 11


Data Integrity Guidances

Medicines & Healthcare Products


Website Q and A 2015, Regulatory Agency (UK)
For GLP, April 2016
DRAFT Guidance April 2016 GMP Data Integrity, March 2015
GxP Data Integrity, DRAFT July 2016

Released June 2016, EPA QA/G-8,


as WHO_TRS_996 Annex 5 November 2002 Q and A: August 2016

Pharmaceutical Inspection
Co-Operation Scheme

Points to Consider Series: GAMP: RDI Guide Coming


PI-041-1 (DRAFT 2), Conduct: March 2016 Published
August 2016 Soon
Fundamentals: Sept 2016 April 4th 2017
Data Integrity: In Progress
©2017 Waters Corporation COMPANY CONFIDENTIAL 12
Definition of Data Integrity
Data Integrity is the extent to which all the data are
complete, consistent and accurate throughout the
data lifecycle.

Data Integrity refers to completeness,


consistency and accuracy of data. That data
should be ALCOA.
The collected data should be Attributable, Legible,
Contemporaneously recorded, Original or a true
copy, and Accurate (ALCOA).

Data Integrity is defined as the extent to which all


data are complete, consistent and accurate,
throughout the data lifecycle.

©2017 Waters Corporation COMPANY CONFIDENTIAL 13


ALCOA+
Key Factor in Data Integrity
Attributable
Wer, Wann, Was, Warum? Who acquired the data or performed an action?
A
Legible
Verständlich Can you read and understand the data entries?
L
Contemporaneous
Zeitnah dokumentiert Were records documented at the time of the activity?
C
Original
Orginal Is it the first recorded observation (or a verified, true copy)?
O
Wissenschaftlich korrekt
Accurate Is the result scientifically valid and error free?
A
Complete
Komplett All data including any repeat or reanalysis performed
Consistent
Konsistent All elements of the analysis are date/time stamped in the expected sequence
+ Enduring
Unveränderlich Recorded in a permanent, maintainable form throughout its lifecycle
Available
Verfügbar For review, audit, or inspection over the lifetime of the record

©2017 Waters Corporation COMPANY CONFIDENTIAL Stan W. Woollen, Sr. Compliance Advisor 14
What is Data Life Cycle?

 …from initial generation and recording through processing


(including analysis, transformation or migration), use,
data retention, archive / retrieval and destruction.

 ...assessing risk and developing quality risk mitigation


strategies for the data life cycle,
 including controls to prevent and detect risks throughout the steps of:
– data generation and capture;
– data transmission;
– data processing;
– data review;
– data reporting, including handling of invalid and atypical data;
– data retention and retrieval;
– data disposal.
©2017 Waters Corporation COMPANY CONFIDENTIAL 15
Sichern und Prüfen der kompletten Daten:
Statische und dynamische Daten

©2017 Waters Corporation COMPANY CONFIDENTIAL 16


www.FDA.Gov Questions and Answers
Level 2 Guidance - Records and Reports

©2017 Waters Corporation COMPANY CONFIDENTIAL 17


www.FDA.Gov Questions and Answers
Level 2 Guidance - Records and Reports

©2017 Waters Corporation COMPANY CONFIDENTIAL 18


Papierdokumentation ist nicht ausreichend
Complex/Dynamic
Printouts are NOT
Representative

LIMS
HPLC ERP
UV Spec GC
Simple/Static FTIR
Printouts pH Meter
COULD
represent
original data
©2017 Waters Corporation COMPANY CONFIDENTIAL 19
MHRA Draft GxP Guidance:
Reviewing Electronic Records Summary

 Data may be…


– Static (e.g. a ‘fixed’ record such as paper or pdf) or
– Dynamic (e.g. an electronic record which the user / reviewer can interact with).

 Data must be retained in a dynamic form where this is critical to its integrity or later verification.

 (Once printed) chromatography records lose the capability of being reprocessed and do not
enable more detailed viewing of baselines or any hidden fields.

 Some data generated by electronic means to be retained in an acceptable paper or PDF format
– Where it can be justified that a static record maintains the integrity of the original data.
– Verified copies of all raw data, meta data, audit trail, result files, software/system configuration settings
for each record, all data processing runs including methods and audit trails for a reconstruction …. and
verification
This approach is likely to be onerous to enable a GxP compliant record
GxP Data Integrity Definitions and Guidance for Industry
©2017 Waters Corporation COMPANY CONFIDENTIAL DRAFT July 2016 20
FDA Guidance:
Reviewing Electronic Records Summary

 Static is used to indicate a fixed-data document (such as a paper record or an


electronic image), and

 Dynamic means that the record format allows interaction between the user and the
record content.
– But defines as allowing the reviewer to change/edit things…???

 (Printouts allowed if) includes associated metadata and the static or dynamic
nature of the original records

 Electronic records from certain types of laboratory instruments are dynamic records,
and a printout or a static record does not preserve the dynamic format
Data Integrity and Compliance with CGMP Guidance for Industry
©2017 Waters Corporation COMPANY CONFIDENTIAL DRAFT April 2016 21
WHO Guidance:
Reviewing Electronic Records Summary

 A PDF or printout is fixed or static and the ability to expand baselines, view the full spectrum,
reprocess and interact dynamically with the data set would be lost in the PDF or printout

 Data integrity risks may occur when persons choose to rely solely upon paper printouts or
PDF reports
– If the reviewer only reviews the subset of data provided as a printout or PDF, these risks may go
undetected

 Paper printouts of original electronic records from computerized systems may be useful as
summary reports… verify that the printed summary is representative of all
(electronic)results.

 A risk-based approach to reviewing data requires process understanding and knowledge of the
key quality risks… requires understanding of the computerized system, the data and
metadata and data flows.
Guidance on Good Data and Record Management Practices
Released June 2016 As WHO_TRS_996 Annex 5
©2017 Waters Corporation COMPANY CONFIDENTIAL 22
Sichern Sie Ihre Gerätedaten?

©2017 Waters Corporation COMPANY CONFIDENTIAL 23


Backup & Archiv

©2017 Waters Corporation COMPANY CONFIDENTIAL 24


Sichern sie Ihre Empower Daten?

 Wie archivieren Sie?


– Projekte? System Audit Trail?
– Warum? Wer? Wann? Wo?
– Audit Trail für die Archivierung?
– Bleiben die Metadaten erhalten ?
– Überprüfen Sie den ‘restore‘ Prozess?
– Löschen Sie die Daten nach x Jahren?
– Ist dies beschrieben in einer SOP?

 Richtlinien zur Archivierung


– EU und PIC/S Annex 11: Section 17 Archiving
– MHRA guidance: in Data Retention section, Archive
– FDA guidance: in Question 1 (a), a bit cryptic
– WHO guidance: in Annex 5 Retention of Original Records

©2017 Waters Corporation COMPANY CONFIDENTIAL 25


Data Integrity Regulatory Findings

©2017 Waters Corporation COMPANY CONFIDENTIAL 26


FDA Presentation | June 2015

©2017 Waters Corporation COMPANY CONFIDENTIAL 27


FDA Presentation | June 2015

©2017 Waters Corporation COMPANY CONFIDENTIAL 28


FDA Presentation | June 2015

©2017 Waters Corporation COMPANY CONFIDENTIAL 29


FDA Presentation | March 2017

©2017 Waters Corporation COMPANY CONFIDENTIAL 30


FDA Presentation | March 2017

©2017 Waters Corporation COMPANY CONFIDENTIAL 31


FDA Presentation | March 2017

©2017 Waters Corporation COMPANY CONFIDENTIAL 32


21 CFR Part 211.194:
Laboratory Records All All
TestCalculations
Data
Performed
Created
Results,
Method
Sample
AllTest
Test Data
All
All Signature
Signature
Sample
Test Data
Data
All TestPass/Fail
Data
Description
Description
Created
All Created
Test Data
Performer
Reviewer
Weight
All laboratory
Created
Created
Created records
required
to be kept

Various Analytical
PC’s in Lab Applications or
Lab Book or forms Excel Lab Book or forms

©2017 Waters Corporation COMPANY CONFIDENTIAL 33


Chinese Company | May 2016

 Failure to prevent unauthorized access or changes to data, and to provide adequate


controls to prevent manipulation and omission of data.

 During the inspection, an FDA investigator discovered a lack of basic laboratory controls to
prevent changes to your firm’s electronically stored data and paper records.

Your firm relied on incomplete records to evaluate the quality of your drugs…

 Our investigator found that your firm routinely re-tested samples without justification, and
deleted analytical data. We observed systemic data manipulation across your facility,
including actions taken by multiple analysts and on multiple pieces of testing equipment.

 Specifically, your Quality Control (QC) analysts used administrator privileges and passwords
to manipulate your high performance liquid chromatography (HPLC) computer clock to
alter the recorded chronology of laboratory testing events.
©2017 Waters Corporation COMPANY CONFIDENTIAL 36
Indian Company - April 2017

 Failure to ensure that test procedures are scientifically sound and appropriate to ensure
that your API conform to established standards of quality and/or purity.

Our investigators observed that the software you use to conduct high performance liquid
chromatography (HPLC) analyses of API for unknown impurities is configured to permit extensive
use of the “inhibit integration” function without scientific justification.

 Failure to prevent unauthorized access or changes to data, and to provide adequate


controls to prevent manipulation and omission of data.

During the inspection, an FDA investigator discovered a lack of basic laboratory controls to
prevent changes to your firm’s electronically-stored data in laboratories where you
conduct CGMP activities.

Specifically, audit trail functionality for some systems you used to conduct CGMP operations was
enabled only the day before the inspection, and there were
no quality unit procedures in place to review and evaluate the audit trail data.

©2017 Waters Corporation COMPANY CONFIDENTIAL 37


Statements of EU Non GMP Compliance

 EU GMP Certificates have been publicized for some time


– http://eudragmdp.ema.europa.eu/inspections/gmpc/index.do
– Recently opened a database of Non Compliance Reports
(or statements of non compliance)

 SUMMARY
– Deliberate falsification of results / hiding non conformities
– Failed injections deleted
– Discrepancies in raw data / lack of raw data
– Inadequate review and control of computerized laboratory results and systems
– Insufficient Qualification of Equipment
– Quality Control deficiencies including; inadequate records, lack of specificity in analytical
methods, failure to investigate unknown peaks

©2017 Waters Corporation COMPANY CONFIDENTIAL 38


Indian Company | March 2017

 Italian Medicines Agency


Statement of Non-Compliance with GMP
 Nature of non-compliance: Major deficiencies were found in the following areas:
– electronic and paper analytical data integrity,
– QC activities,
– computerized systems security,
– analytical and process data manipulation,
– personnel, and
– deviations and OOS management
leading to a serious risk for public health.

©2017 Waters Corporation COMPANY CONFIDENTIAL 39


Auditoren prüfen die Datenintegrität

 Werden alle Daten betrachtet – auch die nicht verwendeten (orphan data)
– Werden nur die guten Resultate gewählt?
– Was passiert mit schlechten Resultaten?
o gelöscht, versteckt, ignoriert?
o mit Begründung und Signatur?
– Werden die Proben ‘tested into compliance’
o Solange analysiert bis das Ergebnis passt?
o An anderer Stelle verändert bis das Ergebnis passt?
 Sind die Daten sicher?
– Zugriffsrechte korrekt?
– Archiv, regelmäßige Prüfungen, Disaster Recovery
– Sind Daten versteckt oder gelöscht?
 Kann die Erstellung der Daten nachvollzogen werden?
– Audit Trail, Metadaten, Versionen

©2017 Waters Corporation COMPANY CONFIDENTIAL 40


Inspection Themes

CSV
Delete Unsecured
Privileges Data

Technical No
Sharing DATA Audit
Controls
Accounts Trail
MANIPULATION

Procedural Poor Review All Data:


Controls of Electronic Data Good and Bad
including audit
trails Poor OOS or
Lab Error
OOS found in Investigations
Periodic orphan data
Review

©2017 Waters Corporation COMPANY CONFIDENTIAL 41


Impact: Investigation into suspected
Data Integrity problem (an example)

Hiring outside Product Quarantined


consultants until end of investigation
EXPIRED:
tons of product lost

14 people 600
for 4.5 months PAGE REPORT
into investigation

35,000 chromatograms, all


Outside laboratories
related methods, and paper
engaged to cover urgent
records to review AGAIN
testing

Remediation projected cost CA$18m


Currently at CA$35m and still going
©2017 Waters Corporation COMPANY CONFIDENTIAL 42
Impact: Investigation into suspected
Data Integrity problem (an example)

Hiring outside Product Quarantined


consultants until end of investigation
EXPIRED:
tons of product lost

14 people 600
AND NOTHING WAS WRONG.
for 4.5 months PAGE REPORT
into investigation

35,000 chromatograms, all


Outside laboratories
related methods, and paper
engaged to cover urgent
records to review AGAIN
testing

Remediation projected cost CA$18m


Currently at CA$35m and still going
©2017 Waters Corporation COMPANY CONFIDENTIAL 43
Was können Sie tun?

©2017 Waters Corporation COMPANY CONFIDENTIAL 44


Was können Sie tun?

 “Den Überblick behalten” und regelmäßig prüfen


– Kritische Bereiche identifizieren, analysieren und Kontrollmechanismen etablieren
 Schulen und bestärken der Mitarbeiter
– Firmenkultur ist ein wichtiger Faktor
 Überprüfen was Sinn macht
– Wo liegen die größten Risiken?
– Wieviel Zeit und Geld können Sie auf die Verbesserungen verwenden??
– Was können Sie sofort verbessern? Was in der Zukunft?
 Führen Sie keine ‘unmöglichen’ SOPs und Vorschriften ein
– Überprüfen Sie die Einhaltbarkeit der SOP

©2017 Waters Corporation COMPANY CONFIDENTIAL 45


Data Integrity OK?
Überprüfen Sie Ihre Prozesse

 Um das richtige Maß zu finden, macht es Sinn die Arbeitsabläufe im Labor zu


dokumentieren. Beschreiben Sie die Schritte der unterschiedlichen Analyse (Von der
Probennahme bis zur Resultaterstellung) und der übrigen Laborprozesse

 Die Dokumentation sollte aufzeigen:


– Welche Schritte durchgeführt werden
– Wie die Schritte durchgeführt werden
– Wie sie dokumentiert werden
– Wo Entscheidungen getroffen werden
– Sind Prozesse automatisiert oder manuell durchzuführen
– Welches sind die Risiken eines jeden Schrittes
(Würden Sie merken, wenn die Datenintergrität verletzt wäre?)

 Der Zweck eines Datenintegritäts Audits ist die aktive Suche nach Betrug!
©2017 Waters Corporation COMPANY CONFIDENTIAL 46
ISPE GAMP® Guide:
Records and Data Integrity

 A stand-alone guide, that is aligned and can be used in parallel with GAMP® 5 and the
Good Practise Guides
– Based upon life science regulations and guidance (GCP, GMP, GLP and medical Devices),
including recent Data Integrity guidances, 21 CFR part 11, Chapter 4 Annex 11, ICH Q9 & ICH
Q10
– Main Body Consists of 5 main chapters M2: Data Integrity Maturity Level
o Introduction
o Regulatory Focus
o Data Governance Framework
o Data Life Cycle
o Quality Risk Management
– & 16 Appendices:
o Management
o Development
o Operations

©2017 Waters Corporation COMPANY CONFIDENTIAL 47


Es ist Ihre Verantwortung

 Der Kunde ist letztendlich verantwortlich für Compliance


 Validierung und Compliance können nicht “outsourced” werden, aber man kann
sich Unterstützung verschaffen
 Im Audit müssen Sie Ihre Arbeitsabläufe und Vorgehensweisen verteidigen

©2017 Waters Corporation COMPANY CONFIDENTIAL 48


Talk to your Vendor long before your Audit

 Your vendor is the BEST resource for Training


– The WHOLE application, not just the bits you think you will use
– Regular review with updates for new versions
– Attend User Meetings regularly
– Release Notes are essential to read very carefully
o Defects addressed, New features, New OS and instrument support

 SOPs need to address your business needs


– But ask your vendor for advise or to review

©2017 Waters Corporation COMPANY CONFIDENTIAL 49


Summary
DO review data and audit trails
DO perform and record training
DO use a change control process
DO create Standard Operating Procedures
DO select compliance-ready systems
DO archive your data
DO train users and prepare your response for
Multiple Analyses & Multiple Results

DON’T share accounts or passwords


DON’T provide delete privileges to users
DON’T disable the audit trails
DON’T hide or exclude data
DON’T forget to backup your data

©2017 Waters Corporation COMPANY CONFIDENTIAL 50


Waters products are there to help you!

Control your Instruments


Process/Report your data Control MS Instruments
Streamline your workflow Process/Report your Data
Data traceability
Archive your e-data
Confidence in Data Integrity Screening application
Streamline your workflow
Electronic Lab Notebook
Confidence in Data Integrity
Sample Management
Stability Testing
Inventories

Confidence in Data Integrity

©2017 Waters Corporation COMPANY CONFIDENTIAL 51


SAVE THE DATE!
Copenhagen, Denmark
WHEN: WHERE:
May 14–17 Copenhagen Marriott Hotel

Maximize the value of your Waters’ software and join us for: Choose from over
35 workshops and
 Latest product updates and case studies in the Plenary sessions demonstrations
on everything from the basic
 Deep dives on Waters' core Informatics products
foundations of Data Integrity
 Guidance on Waters' services and product features, including technical tips and tricks and hot topics like Cloud, to
 Hands-on training and Tutorial tracks to ensure your team is up to date with Waters’ Products Empower practical tips and
techniques.
 Workshops focusing on hot topics, such as Data Integrity and the Cloud
 Fun with the Waters community at our networking activities

©2017 Waters Corporation COMPANY CONFIDENTIAL 52