Information Governance for Data Integrity Presented by: Kip Wolf of Tunnell Consulting Information Systems Track, Session #: SES305 Tuesday 31 OCT 2017 11:40 12:05 Discussion Topics Recent trends in FDA inspection observations related to Data Integrity Taking a Business Process Management (BPM) approach Innovative thinking for direct value and competitive advantage Case studies Recommendations/Q&A 1
Innovations in Information Governance as a Competitive Advantage for Data Integrity Data Integrity issues at the forefront of inspection observations. Common citation within FDA Warning Letters. Innovative thinking and non traditional approaches to Information Governance present opportunities for: Improved Data Integrity True competitive advantage Transform your culture with: Creative design to information governance Simplified operational excellence and risk management approaches Clever change management techniques Recent FDA Trends in Warning Letters FDA focus on accuracy and integrity of data Cite adulteration (i.e., regarding product/patient, not system specific) Quality management systems incl. information management are key Highest total CDER Warning Letter numbers (single country): China India Risks increase with move towards contract manufacturing Increased variables Complexity of control/responsibility 2016 CDER Warning Letters from Office of Manufacturing Quality 2
Warning Letters issued by CDER Office of Manufacturing Quality as of AUG 2017 All 34 incl. some level of Data Integrity implication ~40% had direct Data Integrity Remediation citations Quotes from Recent Warning Letters with Data Integrity Remediation Citations analytical testing records were missing data, dates, and signatures investigator observed your staff altering information in analytical test reports during the inspection your analyst was unable to retrieve requested data, and explained that he deletes older data to make space for newly acquired data investigators found batch production records that contained blank or partially completed manufacturing data and lacked dates and signatures for verification review of audit trail data revealed that your analysts manipulated the date/time settings ; and, analysts admitted to setting the clock back and repeating analyses your firm reported only the passing results from repeat analyses 3
Data Integrity Explained Data Integrity and Compliance with CGMP Guidance for Industry (Draft Guidance, APR 2016) Data integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA). Processes, roles and responsibilities for creation and maintenance of data over it s entire life cycle Data integrity assessment can include (but is not limited to): CGMP/QMS Maturity Good Documentation Practices Document control & records management Quality culture & personnel Master Batch Record design Material management Manufacturing floor/br execution Lab operations and analytical data/documentation Data Integrity and Information Quality Begin with Stewardship and Result in Direct Value CGMP/QMS Maturity Good Documentation Practices Document control & records mgmt. Quality culture & personnel Master Batch Record design Material management Manufacturing floor/br execution Lab operations and analytical data/documentation Change control/m&a ($) Efficiency/compliance (fewer obs.) Reduced TCO; M&A ($) Inspection readiness (fewer obs.) Efficiency and error reduction ($) Schedule adherence ($) Schedule adherence ($) Schedule adherence ($) 4
PEOPLE: Assess and develop personnel (encourage awareness and education) Process Ownership Defines responsibility for process performance and change management Establishes quality requirements for process, incl. information quality (culture) Critical for DMAIC (Define, Measure, Analyze, Improve, Control) and DFSS (Design for Six Sigma) projects Information Stewardship Defines data and information characteristics, policies, rules, etc. Monitors and measures data quality; and, responds to resolve issues/conflicts Necessary for sustainability and improvement of quality information as an asset Data Custodianship Handles Hands on data management, performing operations which create and/or maintain data, reference data, meta data, etc. Essential that context is provided for effective data management Process Ownership Information Stewardship Data Custodianship PROCESS: Assess and improve data/information standards, policies and procedures Assess and improve data/information standards, policies and procedures within a robust company wide Quality Management System Standards and regulations include: ISO 9001:2015 Quality Management Systems (uses a process model) 21 CFR Part 820 Quality System Regulation (specified by FDA) ISO 13485:2016 Quality Management for Medical Devices 21 CFR Part 11 Electronic Records; Electronic Signatures ICH Q10 Pharmaceutical Quality System Discusses Knowledge Management and Process Performance; and, makes reference to Data Management 21 CFR 211.100 Current Good Manufacturing Practice for Finished Pharmaceuticals (a) There shall be written procedures for production and process control designed to assure that the drug products have the identity, strength, quality, and purity they purport or are represented to possess. 5
TECHNOLOGY: Develop supporting tools and technologies (incl. Common Information Model) Record Field System 1 System 2 System 3 Basic Information Field 1 Basic Information Field 2 Basic Information Field 3 Basic Information Field 4 Basic Information Field 5 Formulation Basic Information Field 1 Formulation Basic Information Field 2 Formulation Basic Information Field 3 Formulation Basic Information Field 4 Formulation Basic Information Field 5 Formulation Packaging Field 1 Formulation Packaging Field 2 Formulation Packaging Field 3 Formulation Packaging Field 4 Formulation Packaging Field 5 Labeling - Indications Field 1 Labeling - Indications Field 2 Labeling - Indications Field 3 Attribute Inventory (Data Mapping) Provides the superset of data elements (ROWS), grouped by Category and Entity Name; and, element relationships by system (COLUMNS). Provides detailed explanation of data definitions, data entry roles and responsibilities, downstream usage/ consumption, etc. Attribute Standards (individual or categorized) Processspecific Attributes (Canonical Format) Provides common data naming, definition and values for relevant Regulatory attributes. Provides contextual view of attributes within business processes; presents processes pictorially with all relevant interfaces. Attribute Metrics (individual or categorized) Process Standards (Business Process Diagrams) Provides Key Performance Indicators (KPI) for data quality and process control; analytics used for reporting and continuous improvement. Case Study #1: High maturity of info. stewardship improve data integrity and change control. Situation: Top 10 global biopharmaceutical company struggled with managing the complexity of product registration information with products marketed in >120 countries. Before: Product focused data management with circular arguments re: accountability ( which came first ). After: Documented and defined process and roles/responsibilities for information stewardship (corp./regional) and data custodianship (corp./local country). Regional middle man to resolve data integrity questions; and, coach stewards/custodians. Improved data integrity (trust what you see) and efficiency/effectiveness of change controls (when data changes were needed). 6
Case Study #2: Common definitions and process enable tracking of source data to submission. Situation: Small clinical stage biopharmaceutical company (with bigpharma partnership agreements) exclusively using contract laboratories and manufacturers; and, preparing to file NDA. Before: Much transactional data (>13 suppliers) and many data sources. Unable to always defend (with evidence) data traceability. After: Agreed on common definitions (e.g., source data, raw data ); sometimes recommending modifications to Quality Agreement(s). Documented content review process flow (incl. partner). Facilitated alignment and understanding with all stakeholders. Performed successful assessment for verification of data integrity and conformance to file, meeting the schedule for NDA filing. Case Study #3: Project artifacts from M&A present risk without 100% disposition. Situation: Top 5 global biopharmaceutical company during acquisition of another firm realized significant leftover in process data from project collaboration site. Before: Collaboration during integration resulted in significant amounts of leftover in process data with which to decide keep/don t keep. After: Defined early the roles/resp. for key stakeholders at both acquired and acquiring firm (e.g., Product Leads, regulatory history). Start with the end in mind (increased level of maturity of information management strategies, understand target of 100% disposition of artifacts). Reduce risk (e.g., ediscovery of leftover in process data ). 7
Recommendations for Increased Probability of Success When outsourcing: Ensure robust quality agreements Demand review of data/information standards, policies and procedures Demand review of data/information practices (e.g., observe operations and/or evidence of operations) When acquiring: Review previous quality agreements or other contracts Ensure due diligence re: information management and data integrity Within current operations: Take a BPM approach (People/Process/Technology) Assess and develop personnel (encourage awareness and education) Assess and improve data/information standards, policies and procedures to ensure a robust companywide Quality Management System Develop supporting tools and technologies (incl. Common Information Model) Engage third party for Data Integrity Assessment Discussion/Q&A Tunnell Consulting 900 East Eighth Avenue, Suite 106 King of Prussia, PA 19406 Kip Wolf, MBA, PMP, PgMP Senior Managing Consultant +1 717-376-6672 kip.wolf@tunnellconsulting.com https://tunnellconsulting.com 8