Data Integrity Compliance Project

Size: px

Start display at page:

Download "Data Integrity Compliance Project"

Chastity Bell
5 years ago
Views:

1 Data Integrity Compliance Project

2 RISK FACTORS FOR DI ISSUES Outsourcing Supply Chain Data Review Practices Increasing use of electronic systems Economic Stressors 2

3 Fully Integrated into QMS DATA INTEGRITY COMPLIANCE PROJECT Risk Assessment: Determination, Prioritization, Remediation Data Destruction Data Retention Data Lifecycle Data Review & Reporting Generation & Data Collection Data Processing Top Management Awareness, Support, Monitoring, Holistic Combination of Behavioral, Procedural and Technical Steps 3

4 DATA GOVERNANCE CONTROLS Behavioral Procedural Technical CONTROLS 4

5 HOLISTIC APPROACH TO DATA INTEGRITY Management, Governance & Leadership Technical & Procedural Controls Culture, Mindset & Behaviors 5

6 DI Program A team of different departments shall be defined The sponsor and manager of the team shall be defined The roles and responsibilities shall be defined The team shall perform periodical updates to the upper management The team shall define all GxP critical data, All GxP critical process shall be defined All GxP critical systems shall be defined All GxP critical instruments shall be listed All Gxp critical computerized systems shall be listed All GxP critical spreadsheets shall be listed All manual calculation steps shall be defined Risk assessments shall be performed to determine control, check points. Data and process owners shall be defined All individuals shall be trained for data integrity and also data they are responsible.

7 DATA INTEGRITY COMPLIANCE PROJECT TEAM QA Lead CSV Lead Project Manager Business Unit Compliance Leads Project Sponsor IT Automation SME Documentation Lead Lab Instruments SME IT Lead 8

8 DI PROJECT SPONSOR ROLE Sponsor is from top management Focuses on management accountability, implementing tools for knowledge sharing, and developing and providing the appropriate levels of training Ensures continuous improvement, Monitors the execution and performance of the program by quality metrics 9

9 DI PROJECT MANAGER ROLE Project Manager, usually with a mixture of lab, CSV, IT or Quality Experience Coordinate site activities and resources Facilitate the prioritization of assessment activities and meeting timelines Interpret top management decisions for site usage Assist in inspection preparation Create site Remediation Plan for management approval 10

10 INITIAL MEETINGS Determination of GxP critical systems Determination of GxP critical Data from these systems Determination of spread sheets used from each departments Determination of CSV statuses of the computerized systems Determination od the data owners Determination od list of SOP s for DI compliance Determination od systems with audit trail functionality Determination of systems with print out option Determination of user access rights matrix Determination of shared accounts 11

Focus Areas Quality Agreement Enhancements Enterprise System Assessments Computer System Validation Enhancements Centralized Quality processes

11 Focus Areas Quality Agreement Enhancements Enterprise System Assessments Computer System Validation Enhancements Centralized Quality processes Site System Assessments / Data Process Mapping Paper/Manual Processes and Controls Training/ Inspection Readiness Internal Audits / Supplier Audits 12

12 Quality System Docus Areas Update overall Policy Interpret the What s of DI Suggested focus on DI topics: Audit Trail Review Shared Accounts Digital Signatures Second Person Review CSV 13

13 SOme Assessment Questions 1. Can data files be modified on the operating system? 2. Can reviewers access the audit trails? 3. Are operators using a shared account? 4. Is audit trail functionality available and activated? 5. Is there an SOP for sample test injections? 6. Is there an audit trail review procedure? 7. Can paper forms be replaced or duplicated without detection? 15

14 DI Impacts To CSV Intended use: Vendor supplied validation packages Sites performing User Acceptance Testing Extend UAT testing to include data verification Interface testing to include data verification from source to target Increased negative and boundary testing Security/permissions verification/segregation Review of System Admin actions 16

15 CSV Enhancements Pilot with one upgrade system and one new system Spreading awareness for IT staff understanding Updated Risk Assessment, Validation Plan for DI Creating standard DI requirements Assessing Enterprise systems for DI requirements 17

16 Some Assessment Questions For IT Identify areas of your company where DI controls have not been assessed How will you gain visibility into those systems? Which roles need to be involved to authorize the assessments? Who will perform the assessments, as a team or individually? How will you analyze the gaps and plan for remediation? What are Quick Wins for your company? Will remediation require IT budget/upgrades? How do you include DI in your IT processes? 18

17 DATA FLOW MAPPING GMP PROCESSES 1. Goods incoming 2. Manufacturing 3. Filling 4. Packaging 5. Testing 6. Disposition and release 7. Shipping 8. Maintenance and calibration 9. Training 10. Process validation 11. Analytical tests validation 12. Stability management General GMP business processes in order to produce products that meets patients needs 19

Determining the Critical Data Example of tablet

Packaging (primary) Packaging (Secondary) QC

Analytical Batch Record Settings Data Settings

expiry date Wrong sealing Wrong rejection

18 Determining the Critical Data Example of tablet manufacture Creation of BR Bulk product mfg Packaging (primary) Packaging (Secondary) QC (release) PLC A PLC B IPC C Mfg Batch Record Analytical Batch Record Settings Data Settings (methods) Data Examples of serious errors: Wrong expiry date Wrong sealing Wrong rejection parameters Wrong reporting of automation challenge result Alarms not reported 20

19 Identifying Critical Data Critical Data: Data that has been assessed and documented as impacting patient safety and/or product quality and/or efficacy. The decision that data influences may differ in importance, and the impact of the data to a decision may also vary. Points to consider regarding data criticality include: Which decision does the data influence? For example: when making a batch release decision, data which determines compliance with critical quality attributes is of greater importance than warehouse cleaning records. What is the impact of the data to product quality or safety? 21

20 Visual Data Flow Mapping example Lab Test (i.e. ph Meter) CDS LIMS SAP Lab Notebook Paper Archive Electronic Backup 23

21 Data Flow Mapping Questions To Ask How is the data created? Who creates it? Where does the data move to next? By which methods does it move? What reports are created from the data? Who modifies the data? What GMP decisions are made at which points in the process? Where are audit trails reviewed? Should we determine new Audit Trail review points? Where is the data stored once it is finished being processed? Do we know how long to keep the data? Which third parties receive our data? 24

22 Data Flow Mapping Common Controls Computer system validation, validated interfaces System field level checks on data validity Second person review System Access controls with User Access Review Procedures for System Administrators and Users of systems Backups of PCs, systems, periodic testing of backups 25

23 Data Flow Mapping Common Controls Good documentation procedure and practices Error reports reviewed by QA Business continuity plans and plans are periodically tested Protected paper storage locations esignatures at approval or rejection decisions Personnel training Internal audit functions 26

24 Culture, Mindset and Behaviors Policy QMS Procedures Processes Behavior and Culture A strong quality culture is best indicated by what is done when no one is looking 29

25 ERRORS WILL HAPPEN Reasons for Human Errors: Lack of effective training Lack of attention Memory Lapse Interruptions, Ignorance Too many steps Communication failure too many people Poorly designed equipment, method, process Keeping with past practice rather than with current circumstances Too much workload 30

26 WHAT S WORKING WELL? Senior management support Empowered team, and leadership Central management and tracking Cross departmental communication and knowledge sharing Scheduling and planning for project s expectations Review and update to existing processes 31

27 FORWARD LOOKING FOCUS AREAS Mapping of gap remediation with investment plans Extensive training and awareness at all different levels Existing process changes, especially in manual processes changes to electronic, automated ones Development of DI metrics/kpis 32

28 DI Program Next Steps Complete Priority One Assessments and start remediation planning. Focus on Quick wins Continue with Priority Two and Three Assessment and ongoing Gap Remediation Enhance DI Training and ongoing knowledge sharing DI by Design (IT systems and business and processes 33

29 GOALS OF SUCCESSFUL REMEDİATİON You and the regulators are able to reconstruct the manufacturing process through records We want certainty there is no data: Falsification Omission Hiding Substitution 34

30 FINALLY