Most companies have experienced being audited and, where necessary, “defending” the work carried out in their analytical laboratories during audits. Historically, laboratories have tended to provide information about the validation of their methods and procedures, the qualification and suitability of their analytical equipment, and information about training of their laboratory staff as justification for the validity of the analytical results.
Nonetheless, the focus on data integrity by FDA, the United Kingdom Medicines and Healthcare Products Regulatory Agency (MHRA), and other regulatory bodies during audits may mean that historical approaches to laboratory audit preparation and audit “defense” is simply not enough. In a data integrity-focused audit, the emphasis has moved away from providing information based on technical justification and scientific rationale towards providing evidence that the analytical results are not fraudulent. This is almost a “guilty until proven innocent” approach and can be very different to historical audits. For any laboratories that are not prepared for this change, the audit will at best be “uncomfortable” and at worst may present a potential high risk to the organization.
Common Data Integrity Issues Found in Laboratories
Audit Trails – For electronic data acquisition systems, audit trails are not available or are not enabled; therefore, there is no record of data modifications or deletions. Neither any interim control are in place for monitoring the changes.
Unique User Logins – Each user should have a unique username and password for both the analytical software and the operating system. This is essential for tracing work performed to a unique individual, and is critical for Good Manufacturing Practice (GMP) compliance and data integrity.
User Privilege Levels – Each data acquisition system should have defined user levels based on the role the user will have in the system. Examples of common user levels include analyst, supervisor, manager and administrator. Privileges assigned to each level should be clearly defined and commensurate with the requirements for each user type.
Unofficial “Test” Injections – Some firms have been cited for injecting samples prior to beginning an official sequence. This practice results in essentially generating data for products, but not reporting the data. This practice is called selective reporting.
Control Over Processing Methods – Use of high performance liquid chromatography (HPLC) processing methods (including integration parameters) that are not defined or controlled. This includes the practice of manual integration without justification or approval, and processing injections in the same sequence with different processing methods and integration parameters. Alteration in integration parameters so results appears to be passing whereas actual results are not passing to avoid OOS, Out of Trend (OOT) or investigation.
Control Over Electronic Systems – Failure to establish adequate controls over computer systems to prevent unauthorized access or changes to electronic data. This can include failure to have mechanisms to prevent unauthorized user access to the system, and ability to rename, move, delete or not save file results.
Falsification of data – Recording fewer contaminants from a sample to ensure that the result meets the specification is a simple data integrity problem.
Incomplete data- In some cases the laboratory report may be incomplete or not legible. Improper mention of unit or unclear writing or mis-print.
Common Data Integrity Issues Found in Microbiological Laboratories
Traditionally, microbiological laboratories have relied on manual testing and recording operations, which opens the door to significant issues with data integrity.
The issues observed often relate to the
• Falsification of data; for example, recording fewer contaminants from a sample to ensure that the result meets the specification is a simple data integrity problem. How can a manufacturer be sure that company or contract laboratories are not guilty of falsification of data? Reviewing data trends can provide useful indicators
• Purified water systems with no microbial excursions or clean rooms with no environmental monitoring excursions are simple triggers that should prompt further investigation. If it looks too good to be true, it may well be!
• Spot checks of samples against the recorded results can also provide a good bench marking indicator of whether there should be any concern regarding the integrity of recorded data.
• Microbiological samples are often read and then rapidly discarded, so it is sometimes difficult to obtain evidence of falsification. Physical spot checks of sa
mples in the incubator can be a powerful technique; if, for instance, physical spot checks identify the “first four purified water excursions ever” to be found on a site, it is likely these are not the first excursions.
mples in the incubator can be a powerful technique; if, for instance, physical spot checks identify the “first four purified water excursions ever” to be found on a site, it is likely these are not the first excursions.
• Microbiological data patterns can also identify data integrity and falsification with a simple review of the data. For example, media growth promotion results can yield interesting patterns; there have been instances where only even.
User Privilege Levels
Each data acquisition system should have defined user levels based on the role the user will have in the system. Examples of common user levels include analyst, supervisor, manager and administrator. Privileges assigned to each level should be clearly defined and commensurate with the requirements for each user type. Examples of privileges include the ability to create methods, modify integration parameters, reprocess data and modify data.
Unofficial “Test” Injections
Some firms have been cited for injecting samples prior to beginning an official sequence. This practice results in essentially generating data for products, but not reporting the data.
Control Over Processing Methods
Use of high performance liquid chromatography (HPLC) processing methods (including integration parameters) that are not defined or controlled. This includes the practice of manual integration without justification or approval, and processing injections in the same sequence with different processing methods and integration parameters. Another example of this practice includes processing standards that are used for quantitative of samples with different processing methods (integration parameters) without justification provided.
Control Over Electronic Systems
Failure to establish adequate controls over computer systems to prevent unauthorized access or changes to electronic data. This can include failure to have mechanisms to prevent unauthorized user access to the system, and ability to rename, move, delete or not save file results. Mechanisms should be in place to ensure that files cannot be accessed outside the analytical software (e.g. via the operating system) and edited, moved, renamed or deleted.
Overall, the crucial component to any data integrity review is to ensure that data is recorded exactly as intended and, upon later retrieval, ensure that the data is the same as it was when it was originally recorded. In short, data integrity aims to prevent unintentional changes to information, eliminating the potential for significant data integrity errors occurring in the pharmaceutical manufacturing process.