Data integrity PIC S

Recommendations

Info

Impact to product with actual or potential risk to patient health: Criticaldeficiency:Product failing to meet Marketing Authorisation specification atrelease or within shelf life.Reporting of a ‘desired’ result rather than an actual out ofspecification result when reporting of QC tests, critical product orprocess parameters.Wide-ranging misrepresentation or falsification of data, with orwithout the knowledge and assistance of senior management, theextent of which critically undermines the reliability of thePharmaceutical Quality System and erodes all confidence in thequality and safety of medicines manufactured or handled by the site.Impact to product with no risk to patient health: Major deficiency:Data being misreported, e.g. original results ‘in specification’, butaltered to give a more favourable trend.Reporting of a ‘desired’ result rather than an actual out ofspecification result when reporting of data which does not relate toQC tests, critical product or process parameters.Failures arising from poorly designed data capture systems (e.g.using scraps of paper to record info for later transcription).No impact to product; evidence of moderate failure: Major deficiency:Bad practices and poorly designed systems which may result inopportunities for data integrity issues or loss of traceability across alimited number of functional areas (QA, production, QC etc.). Eachin its own right has no direct impact to product quality.No impact to product; limited evidence of failure: Other deficiency:Bad practice or poorly designed system which result in opportunitiesfor data integrity issues or loss of traceability in a discrete area.Limited failure in an otherwise acceptable system, e.g. manipulationof non-critical data by an individual.11.2.5 It is important to build an overall picture of the adequacy of the key elements(data governance process, design of systems to facilitate compliant datarecording, use and verification of audit trails and IT user access etc.) to makea robust assessment as to whether there is a company-wide failure, or adeficiency of limited scope/ impact.11.2.6 Individual circumstances (exacerbating / mitigating factors) may also affectfinal classification or regulatory action. Further guidance on the classificationof deficiencies and intra-authority reporting of compliance issues will beavailable in the PIC/S Guidance on the classification of deficiencies PI 040.PI 041-1 58 of 63 1 July 2021
12 REMEDIATION OF DATA INTEGRITY FAILURES12.1 Responding to Significant Data Integrity issues12.1.1 Consideration should be primarily given to resolving the immediate issuesidentified and assessing the risks associated with the data integrity issues.The response by the company in question should outline the actions takenas part of a remediation plan. Responses from implicated manufacturersshould include:12.1.1.1 A comprehensive investigation into the extent of the inaccuracies in datarecords and reporting, to include:A detailed investigation protocol and methodology; a summary of alllaboratories, manufacturing operations, products and systems to becovered by the assessment; and a justification for any part of theoperation that the regulated user proposes to exclude 13 ;Interviews of current and where possible and appropriate, formeremployees to identify the nature, scope, and root cause of datainaccuracies. These interviews may be conducted by a qualifiedthird party;An assessment of the extent of data integrity deficiencies at thefacility. Identify omissions, alterations, deletions, record destruction,non-contemporaneous record completion, and other deficiencies;Determination of the scope (data, products, processes and specificbatches) and timeframe for the incident, with justification for thetime-boundaries applied;A description of all parts of the operations in which data integritylapses occurred, additional consideration should be given to globalcorrective actions for multinational companies or those that operateacross multiple sites;A comprehensive retrospective evaluation of the nature of the dataintegrity deficiencies, and the identification of root cause(s) or mostlikely root cause that will form the basis of corrective andpreventative actions, as defined in the investigation protocol. Theservices of a qualified third-party consultant with specific expertisein the areas where potential breaches were identified may berequired;A risk assessment of the potential effects of the observed failureson the quality of the substances, medicines, and products involved.The assessment should include analyses of the potential risks topatients caused by the release/distribution of products affected by alapse of data integrity, risks posed by ongoing operations, and anyimpact on the integrity of data submitted to regulatory agencies,including data related to product registration dossiers.12.1.1.2 Corrective and preventive actions taken to address the data integrityvulnerabilities and timeframe for implementation, and including:13 The scope of the investigation should include an assessment of the extent of data integrity at the corporate level,including all facilities, sites and departments that could potentially be affected.PI 041-1 59 of 63 1 July 2021
Page 1 and 2:
PHARMACEUTICAL INSPECTION CONVENTIO
Page 3 and 4:
9.10 Management of Hybrid Systems .
Page 5 and 6:
3.5 The principles of data manageme
Page 7 and 8: o automation; oro the use of techno
Page 9 and 10: process consistency (e.g. biologica
Page 11 and 12: should clearly demonstrate that rep
Page 13 and 14: Staying continuously and actively i
Page 15 and 16: 6.7 Dealing with data integrity iss
Page 17 and 18: Data IntegrityAttributeRequirementt
Page 19 and 20: Specific elements that should be ch
Page 21 and 22: generation of working copies of doc
Page 23 and 24: 4. ExpectationDocuments should be s
Page 25 and 26: 8.5.2 Records should be appropriate
Page 27 and 28: Where appropriate, the reason for t
Page 29 and 30: 8.9 Direct print-outs from electron
Page 31 and 32: 8.11.2 A record/register should be
Page 33 and 34: 9.2.2 Validation alone does not nec
Page 35 and 36: osystems used in the decision proce
Page 37 and 38: Check that end-user testing include
Page 39 and 40: read by the new software. Where nec
Page 41 and 42: - User access controls should ensur
Page 43 and 44: potential security weaknesses) and
Page 45 and 46: 9.6 Audit trails for computerised s
Page 47 and 48: - in the case of changes or modific
Page 49 and 50: 9.8 Review of data within computeri
Page 51 and 52: to access electronically stored dat
Page 53 and 54: Appropriate quality risk management
Page 55 and 56: Area for reviewComparison of analyt
Page 57: Accurate [4.1], [6.17] [5.40], [5.4
Page 61 and 62: 12.2.1.2 Evidence of open communica
Page 63: MetadataIn-file data that describes
show all

Data integrity PIC S

Create successful ePaper yourself

Delete template?

Save as template?