Professional Documents
Culture Documents
Risky Business Video Slides
Risky Business Video Slides
Michelle Holbrook, Senior QA Auditor &
Judy Baushke, Manager Analysis & Quality Services
Rho, Inc.
A Full-Service CRO
Agenda
What is Data Integrity
Record Integrity
Integrity Controls
Risk Management
Case Studies
Indicators and Summary
A Full-Service CRO
Sample Questions
21 CFR Part 11 is recommendations for validation only.
True False
Electronic systems do not need documented testing to
have integrity.
True False
Using a risk‐based approach, a system can bypass
validation.
True False
Software that is purchased is already validated.
True False
A Full-Service CRO
1
2/25/2016
Training Objectives
Understand the importance and expected
documentation to demonstrate data integrity
Educate/re‐educate staff about the expectations
Promote compliance with the regulations and
guidelines to ensure the quality of work products
A Full-Service CRO
New Buzz Word
Data integrity ‐ the assurance that data is consistent,
certified and can be reconciled
Characteristics:
A complete or whole structure. All characteristics of the data including
business rules, rules for how pieces of data relate, dates, definitions and
lineage must be correct for data to be complete.
Functions that are performed on the data must ensure integrity. Examples
of functions are transforming the data, storing the history, storing the
definitions (Metadata) and storing the lineage of the data as it moves from
one place to another. The most important aspect of data integrity per the
data architecture discipline is to expose the data, the functions and the
data's characteristics.
Is identically maintained during any operation (such as transfer, storage or
retrieval).
A Full-Service CRO
Burning Questions
How can the integrity of data be compromised?
Poor monitoring, record integrity, and controls
What activities go into providing data integrity
assurance?
GDP, SOPs, monitoring, queries, validation
How is data integrity measured and maintained?
Deviations, queries, exception reports, audits
What’s the worst that could happen if a little of my
data lacks integrity?
Data is not accepted by agency, sponsor requires rework
A Full-Service CRO
2
2/25/2016
Drug Development Process
Data is collected throughout lifecycle
Manufacturing data
– LIMS, QC, batch
files, release
Drug
Post‐marketing
Distribution/Admini
surveillance
stration data
Human trials data Animal data
A Full-Service CRO
A Full-Service CRO
ALCOA: Clinical Trials Guidance
There is an increasing use of computerized systems in
clinical trials to generate and maintain source data and
source documentation on each clinical trial subject
Such electronic source data and source documentation
must meet the same fundamental elements of data quality
(e.g., attributable, legible, contemporaneous, original, and
accurate) that are expected of paper records and must
comply with all requirements.
FDA's acceptance of data from clinical trials for
decision‐making purposes depends on FDA's ability to
verify the quality and integrity of the data
“21 CFR 312, 511.1(b), and 812”
A Full-Service CRO
3
2/25/2016
ALCOA +
ttributable ‐ Resulting from or belonging to a person
The system should also be designed to ensure attributability.
or thing Therefore, each entry to an electronic record, should be
made under the electronic signature of the individual making
that entry.
egible ‐ Capable of being read or deciphered
ontemporaneous ‐ Originating, existing, or
happening during the same period of time
riginal‐ Constituting an origin or beginning
ccurate ‐ Free from error, conforming exactly to
truth or to a standard When migrating to newer systems, it is important to generate
accurate and complete copies of study data and collateral
information relevant to data integrity.
A Full-Service CRO
ALCOA +
omplete‐ Having all necessary or normal parts,
components, or steps
onsistent‐ Free from variation or contradiction
nduring‐To continue in existence, lasting;
continuing; durable
vailable‐ Present or ready for immediate use
What about a printed digital signature?
Metadata integrity
A Full-Service CRO
Certified Copy
Certified Copy
A copy of original information
That has been verified, as indicated by dated signature
Stating “an exact copy having all of the same attributes
and information as the original”
How would you see or use this?
Print outs from an e‐system
Scanning paper records
Save or print to PDF
Site eCRF and audit trail copies
A Full-Service CRO
4
2/25/2016
A Full-Service CRO
Record Importance
The records that you maintain are very important to
FDA to:
Understand your process
Prove that sponsors are producing high quality, safe and
effective products
Prove that we are collecting and producing accurate data
in support of that quality, safety, and effectiveness
reported
A Full-Service CRO
Record Archival
A sponsor shall retain the records and reports required
for 2 years after approved; or, until 2 years after
investigational use is discontinued
For each study, documentation should identify what
software and hardware is used in systems that create,
modify, maintain, archive, retrieve, or transmit data.
This documentation should be retained as part of
study records
FDA personnel should be able to read audit trails both
at the study site and at any other location where
electronic study records are maintained
A Full-Service CRO
5
2/25/2016
So What About E‐Records?
A Full-Service CRO
E‐what? Scope?
Electronic Record ‐ any combination of text, graphics,
data, audio, pictorial, other representation in digital form
that is created, modified, maintained, archived, retrieved,
or distributed by a computer system
Electronic Signature ‐ a computer data compilation of
any symbol authorized by an individual to be the legally
binding equivalent of a handwritten signature
Records are comprised of data and metadata
What’s metadata? data about the data
So, data integrity deals with data and metadata
A Full-Service CRO
Audit Trails
Part 11 Preamble, “The agency believes that, in general, the
kinds of operator actions that need to be covered by an audit
trail are those important enough to memorialize in the
electronic record itself. These are actions which, for the most
part, would be recorded in corresponding paper records
according to existing record keeping requirements.”
“At this time the agency’s primary concern relates to the
integrity of human actions.”
Changes to data that are stored on electronic media will
always require an audit trail, 11.10(e). Documentation should
include who made the changes, when, and why they were
made.
A Full-Service CRO
6
2/25/2016
NIH Information Security Training
A Full-Service CRO
21 CFR Part 11: e‐Signatures / e‐Records
Scope and Application of 21 CFR Part 11
requirements for “records in electronic form that
are created, modified, maintained, archived,
retrieved, or transmitted…”
Five subsections identified:
Validation
Audit trail
Legacy systems
Copies of records
Record retention
A Full-Service CRO
21 CFR Part 11: e‐Signatures / e‐Records
Criteria for acceptance of electronic records and
signatures
Part 11 requires controls for audit trails, system
operational checks, system authority checks,
metadata, and system device checks. Why?
Provide for the same security, traceability, and
capabilities that are inherent in a paper system
Electronic records and electronic signatures must have
the same integrity and reliability as paper records
and handwritten signatures
Electronic ALCOA+
A Full-Service CRO
7
2/25/2016
Bottom Line? Manage Risk
What is Risk?
A measure of the probability and severity of undesired effects.
Often taken as the simple product of probability and
consequence (FDA).
Hazard: 1) Potential source of harm or damage. A
hazard may have more than one potential cause. 2) A
condition that is prerequisite to a mishap (FDA).
Risk Assessment: A comprehensive evaluation of the
risk and its associated impact (FDA).
Why is it important?
A Full-Service CRO
FDA Endorsement of Risk Based Models
Latest Part 11 Guidance (8/03)
Level of Concern method defined for software validation
(General Principles of Software Validation, 1/02)
Hazard Analysis of Critical Control Points (HACCP) method
for process validation (FDA guidelines and training)
GHTF Process Validation Guidance decision flow diagram for
determining whether process validation is required
Quality System Inspection Technique (QSIT) for Quality
System Regulation compliance (medical device regulation)
Pharmaceutical cGMPs for the 21st Century: A Risk Based
Approach, FDA paper
A Full-Service CRO
NIH and International Endorsements
NIH Risk Management Guidebook, June 2008
Guidance for Industry Q9 Quality Risk Management,
ICH, June 2006
Safety Aspects—Guidelines for their inclusion in
standards, ISO/IEC Guide 51, January 1999
National Institute of Standards and Technology
(NIST), SP 800‐30, 2002
A Full-Service CRO
8
2/25/2016
A Full-Service CRO
Risk Life Cycle
A Full-Service CRO
Risky Business
2 types of risk
Project(People/Business) Risks
Data Risks (Need/Retention/Regulations)
3 categories related to 2 types of risk
Manual, human error
Automation error
Development or configuration error
Risk Assessment, Risk Analysis
Risk Management, Control
A Full-Service CRO
9
2/25/2016
Example Risks
Data Corruption or Loss
Data Changes – change to previously recorded entry
Data Migration – from one system to another, from
one CRO to another, etc.
Data Transcription or Transfer (manual or automated)
from paper, scantron forms and spreadsheets, laboratory
reports, EDC, site
to eCRF or DMS, EDC, Safety System, Sponsor, etc.
Data Analysis/Processing – calculations, custom
functions to merge cells of information, etc.
A Full-Service CRO
A Full-Service CRO
Risk Processes
Risk Assessment
Birds‐eye view of risks – what’s foreseeable based on the
landscape
Project Risks
Resourcing, training, procedures, processes
Regulatory Risks
What regulations govern the system , process or data?
Automation (Software) Risks
How does introducing a computer system add risks?
A Full-Service CRO
10
2/25/2016
Risk Processes
Risk Analysis
Detailed, critical analysis
Regulations
Workflow process
System and data requirements
Functionality
Resources and procedures
FMEA
Fault Tree Analysis
A Full-Service CRO
Intended Use
Identify the Software Category and its Impact
Software Category is related to the type of software
component, for example, based on GAMP5.
Custom, Configured, Non‐Configured , Infrastructure
Single function, multi‐function; simple or complex?
Impact relates to the high level functions and types of
data it will manage.
Apply a “Predicate Rules Checklist”
Patient Safety
Product Quality
Security
Data Integrity
A Full-Service CRO
Functionality
think “created, modified, maintained, archived, retrieved, or transmitted”
In addition to the types of data it manages, does it:
Record data
Change or generate data or derive decisions
Calculations, transformations
Over‐ride, change or correct data
Allow custom features or functions
Compile or generate reports
Have device connections, e.g., interfaces in or out
Audit trails
Electronic Signatures
A Full-Service CRO
11
2/25/2016
Intended Use + Functionality
think “created, modified, maintained, archived, retrieved, or transmitted”
For example:
MS Spreadsheets
It’s configurable – you want to maintain the configuration for
consistent and reproducible results
If it’s calculating, it is creating data
Is it maintaining or archiving data? (where are you
storing the results – short and long term?)
What’s the risk? (lack of controls):
Deletion of required cells
Corruption or deletion of your calculations
Loss or change of data and data integrity
It needs to be validated and controlled
A Full-Service CRO
A Full-Service CRO
Risk Controls
Avoidance
Transference
Mitigation/Reduction
Acceptance
But what does this really mean in terms of software?
A Full-Service CRO
12
2/25/2016
Risk Control Categories
Software/design‐integrated controls
Roles, privileges
Modular components
Workflow guided processing
Audit trails
System & Business controls
Technology / Firewalls
Vendor Contractual & Service Level agreements
Validation, Change Control, Configuration Management
Processes and practices (SOPs, training, etc)
AUDITS!
A Full-Service CRO
Risk Mitigation Strategies
Solution options – custom vs. COTS
Vendor audits
Testing parameters
Traceability matrices
SOPs
Training
Experience –experienced personnel with technology or
system specific experience increases your chance of success
Database backups ‐ back up and restore testing
Disaster recovery ‐ testing
A Full-Service CRO
Responsibilities
Level of validation required is based on intended use,
established requirements, safety and regulatory risk.
How much validation is required for the software that I
need or use?
Is the intended use as part of production system?
Have we documented the risk assessment / justification?
Third party software must be assessed
Systems and processes must be under change control
A Full-Service CRO
13
2/25/2016
Implement Controls
SOPs
Process
Training
Validation
Audit Trails, Signatures
Backups
Utilization Audits
Process Improvement and CAPA
Risk Management Life Cycle – surveillance of residual and
new risks
Root Cause Analysis
A Full-Service CRO
Part 11 Procedural Requirements
Back‐up and archive retrieval ‐ 11.10(c)
Record retention ‐ 11.10(c)
Password control ‐ 11.10(d), 11.300(c)
Developer and user training requirements ‐ 11.10(i)
Hold individuals accountable for actions performed
under their log‐on ‐ 11.10(j), 11.200(a)(2)
Change control procedures for system documentation ‐
11.10(k)
Individuals verified before assigned electronic signature
authority ‐ 11.100(b)
Security reporting ‐ 11.300(d)
A Full-Service CRO
What Else?
Would you want these systems to be working correctly?
What is the risk to the subject or future patient?
Effect of accuracy of the data?
If you consider that validation means the system is
working correctly, then is some level of documented
evidence warranted?
Once it’s declared ‘validated’ – then what?
Change Control and Risk Management Life Cycle
Maintain the validated state
A Full-Service CRO
14
2/25/2016
Support Tools for Managing Software Risks
Inventory: Legacy Software, New Software
Intended Use and Predicate Rule evaluation – is
validation required?
Part 11 Checklist –
open system or closed system?
e‐records, e‐signatures, or both?
A Full-Service CRO
Support Tools for Managing Software Risks
Cont.
Validation – how much is enough?
Risk Analysis baseline, updates
Change Control – new and additional risks
Risk Surveillance
Effectiveness of controls
Changes in intended use
A Full-Service CRO
A Full-Service CRO
15
2/25/2016
Inspections and Guidance
Congress and DSI have been critical of FDA’s GCP
oversight and enforcement activities
2009‐ 73 DSI inspections
Compared to 25 / year historically
Electronic Source Documentation in Clinical
Investigations, Draft Guidance Dec 2010
http://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM239052.pdf
Ensure the reliability, quality, integrity, and traceability of electronic
source data and source records
Unlike paper, eSource documents and data can be easily copied,
transferred to other computerized systems or devices, changed, or
deleted without obvious evidence of these events.
A Full-Service CRO
Data Integrity Warning Letters
Sant Chawla, MD 17 Mar 2010
http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm207168.htm
Numerous AEs recorded in subjects' records that had not been reported on
the eCRFs. Delays in transcribing AEs from progress notes to eCRFs that
range from 8 ‐15 months (site staff stopped entering data before visits so
that they could enter data with the monitors present, to avoid additional
system queries)
The lack of timely data entry in the electronic CRFs may have jeopardized
subject safety as well as the reliability and integrity of the data captured
at your site
Francisco Hernandez, MD 20 Apr 2009
http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm162703.htm
Staff errors rendered all subjects ineligible for the trial
The violation of the protocol exclusion criteria…had the potential to
influence study results
A Full-Service CRO
Record Access and Oversight
Warning Letters
Bruce Branitz, MD 09 Apr 2009
http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm162812.htm
The review of the eCRFs revealed discrepancies. When hard copies of the
eCRFs were requested, you were unable to provide copies. Your SC stated
that the eCRFs were maintained by another firm and you had no access to
the database. Accordingly, you could not show that you prepared and
maintained adequate and accurate case histories
Charles McKay, 23 Oct 2009
http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm188805.htm
The PI failed to have adequate involvement in and oversight of the
study to ensure data integrity and to protect the rights, safety, and welfare
of subjects enrolled in the study
A Full-Service CRO
16
2/25/2016
Integrity Doesn’t Stop with PIs
Sponsor/CROs who monitored problematic PIs
Oversight of study conduct
Intervene when PIs have delegated key assessments to
personnel not qualified or when personnel ignore /
circumvent protocol requirements
Assess quality systems to determine if they effectively
and proactively detect compliance problems
Clear process for evaluating, escalating, and addressing
non‐compliance (e.g., root cause analysis, CAPA)
Inspections for significant non‐compliance is
identified at multiple sites
A Full-Service CRO
Case Study‐ceftobiprole
J&J Warning Letter
http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm177398.htm
“…data supporting the NDA was of good quality, and that the rights,
welfare, and safety of study subjects were adequately protected”
Poor monitoring
No escalation or compliance management/CAPA
Icon Warning Letter
http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm193156.htm
“… data submitted in support of NDA are scientifically valid and
accurate”
GCP guidelines state that any change or correction to a document
should be dated, initialed, and explained, and should not obscure
the original entry; therefore … failed to make corrections …
appropriately
A Full-Service CRO
Case Study‐ceftobiprole
Can the sponsor demonstrate that the GCP
non‐compliance at clinical sites did not render
conclusions drawn from the study invalid?
Prove that the conclusions are valid
Conditional approval‐ Mar 2008
Conduct additional audits (data validation) of clinical
sites
Review monitoring practices
Complete Response Letter with refusal ‐ Dec 2009
Drug is still not approved (transferred to Basilea)
A Full-Service CRO
17
2/25/2016
Summary
Know your process
Know where and how systems are used
Know the regulatory requirements
Know the risk areas
Demonstrate
Record integrity
Data Integrity
Validation
Document and Manage Risk
A Full-Service CRO
References
“A New Era of GCP Accountability: FDA Aggressively
Targets Clinical Trial Oversight and Data Integrity”,
FDLI, Aug 2009
Guidance for Industry, Computerized Systems Used in
Clinical Investigations, FDA , May 2007
“Reflection Paper on Expectations for Electronic
Source Documents Used in Clinical Trials”, EMA,
October 2007
General Principles of Software Validation; Final
Guidance for Industry and FDA Staff, FDA, 2002
A Full-Service CRO
References Continued
Computerized Systems Used In Clinical Trials, Apr 1999
GAMP 4: The Good Automated Manufacturing Practice
(GAMP) Guide for Validation of Automated Systems in
Pharmaceutical Manufacture, ISPE, 2002
ISO 9001:2000, Quality management systems ‐
Requirements, ISO, 2000
General Principles of Process Validation, FDA, 1987
Global Harmonization Task Force Study Group 3 Process
Validation Guidance
A Full-Service CRO
18
Risky Business - J. Baushke
ICH-E6 4.9.3, CFR312.62, 11.10(e) Mitigation: Testing/Change Control & Configuration Management-à
Changes to data/metadata Contemporaneous, Attributable
Audit Trails Validation Life Cycle
ICHE6-5.5.3, CFR11.10(g)
Unauthorized data changes Attributable Mitigation: Audit trail, user log-ins, roles and privileges
Permissions
Unauthorized access / user 11.10(d) Limited Access, 11.300(e) Attributable Mitigation: Firewall, intrusion testing, password lockout
Record Retention (archival, 11.10(a) Validation, 11.10(c) Record Original, Complete, Enduring, Mitigation: Testing/Change Control & Configuration Management-à
purge) Retention Available Validation Life Cycle
Manual error
ALCOA+ Attributable-Legible-Contemporaneous-Original-Accurate - (Complete, Consistent, Enduring, Available) Automation error