DATA INTEGRITY IN

PHARMACEUTICAL
INDUSTRY
TOPICS COVERED
 WHAT IS DATA INTEGRITY

 IMPORTANCE OF DATA

 HOW SHOULD THE DATA BE

 REGULATORY REQUIREMENTS

 APPLICATION INTEGRITY

 DATA INTEGRITY ISSUES

 CONSEQUENCES

 DETECTING AND PREVENTING DATA INTEGRITY ISSUES

What is “Data”?

Information, especially facts or numbers, collected to be
examined and considered and used to help decision-
making, or information in an electronic form that can
be stored and used by a computer.

 a paper-based record of a manual observation

Digital/Electronic /Computerised
Photographic/Video
Audio
What is Integrity

“Integrity” is the quality

or condition of being
integral and accurate;
completeness.
Data integrity- Definition
Data integrity within a GMP environment can be
defined as

“generating, transforming , maintaining and assuring

the accuracy, completeness and consistency of data
over its entire life cycle in compliance with applicable
regulations”
Data integrity – Why a hot topics now ?

• Agencies expects that pharmaceutical

companies should retain complete and
accurate records/ raw data and to be
made available to inspectors at any
point of time
• Undermines the safety and efficacy
and/or assurance of quality of the drugs
that consumers will take-PATIENT
SAFETY
• Compliance to regulatory requirements
(FDA, MHRA, TGA, etc.)- failure to
which deems the drug adulterated..
 Importance of DATA
It is people and computers who collect DATA and impose patterns on it.
These patterns are seen as INFORMATION which can be used to enhance
KNOWLEDGE. These patterns can be interpreted as truth, and are authorized
as aesthetic and ethical criteria.

DATA Water analysis

FORMATION TRENDS

SYSTEM
KNOWLEDGE
BEHAVIOR
How DATA should be?
FDA uses the acronym ALCOA to define its
expectations of electronic data.
Attributable Who performed? SOURCE DATA In itial/
When performed? signature/
When it was changed?
Why it was changed? registers
Legible Data must be recorded as CAN YOU READ IT? Control of blank
readable on durable form/ pen policy
medium
etc
Contemporaneous It must be recorded when NO BACKDATING Documents
you perform. available at the
right place and at
the right time
Original Data must be either CONTROL Verified true copy
original or true copy.
scans
Accurate As it is / No errors / No REVIEWED? Reflect observation
corrections without data
amendments.
 ALCOA+
Complete It must include every detail MISSING?
related to activity.

Consistent Consistent throughout each DATE/TIME/SIGN

department.

Enduring Must be recorded on controlled NOT RECORDED:NOT DONE

work sheets.

Available Available / Accessible / Traceable LOST?

 Regulatory Requirements for Data Integrity -
FDA- 21 CFR 211
• Instruments must be qualified and fit for purpose [§211.160(b),
§211.63]
• Software must be validated [§211.63]
• Any calculations used must be verified [§211.68(b)]
• Data generated in an analysis must be backed up [§211.68(b)]
• Reagents and reference solutions are prepared correctly with
appropriate records[ §211.194(c)]
• Methods used must be documented and approved [§211.160(a)]
• Methods must be verified under actual conditions of use [§211.194(a)
(2)]
• Data generated and transformed must meet the criterion of scientific
soundness [§211.160(a)]
• Test data must be accurate and complete and follow procedures
[§211.194(a)]
• Data and the reportable value must be checked by a second
individual to ensure accuracy, completeness and conformance with
procedures [§211.194(a)(8)]
 EudraLex
Volume 4, GMP Guidelines, Annex 11
Risk Management “Risk management should be applied throughout the lifecycle of the
computerised system taking into account patient safety, data integrity and product quality. As
part of a risk management system, decisions on the extent of validation and data integrity
controls should be based on a justified and documented risk assessment of the computerised
system.”

Data :Computerised systems exchanging data electronically with other systems should include
appropriate built-in checks for the correct and secure entry and processing of data, in order to
minimize the risks.

Data Storage :Data should be secured by both physical and electronic means against damage.
Stored data should be checked for accessibility, readability and accuracy. Access to data should
be ensured throughout the retention period.

Regular back-ups of all relevant data should be done. Integrity and accuracy of backup data and
the ability to restore the data should be checked during validation and monitored periodically.
Establishing data criticality and inherent integrity risk

With reference to figure above, simple systems (such as pH meters and

balances) may only require calibration, whereas complex systems require
‘validation for intended purpose’. Validation effort increases from left to
right in the diagram above.
Drugs and Cosmetics
(Third Amendment) Rules, 2008
RAW DATA:- Raw data refers to the laboratory work sheet, note books or
analysis sheet, records, memorandum, notes or extract copies thereof that may
be the results of general observations and other activities and such raw data
shall include hand written notes, photographs, software, drawings, computer
printouts, spectral charts, dictated observations or recorded data from
automated equipments
Data integrity and security shall be maintained and the data shall not be
accessible to any unauthorised person.

STORAGE: All the raw data, documentation, Standard Operative Procedures,

protocols, and final reports are to be retained and there shall be archives for
orderly storage and expeditious retrieval of all raw data, documentation,
protocols, interim and final report. The archive shall provide a suitable
environment that will prevent modification, damage, or deterioration and/or
loss.
Importance of India
A leading global provider already
World’s 3rd largest generics producer
Produces 10% of world’s medicines - Over US $12 Billion
exports to 200 countries
41% of U.S prescriptions are manufactured in India
23% of UK product Licenses name an Indian manufacturer &
38% an Indian API source
Large and growing base of educated raw talent
Skilled chemists, chemical engineers and Ph.Ds at 1/6th to
1/3rd of U.S. costs
Large and diverse patient pool
Measures taken by CDSCO …
In order to ensure audit-readiness of Indian manufacturing plants through
a robust drug regulatory mechanism in the country, Central Drugs
Standard Control Organisation (CDSCO) plans to bring about uniformity
in inspections of Schedule M units across the country as a part of its
programme to upgrade Schedule M units to WHO-GMP level. 
This will be a big boost to several Indian drug makers which had come
under the scanner of the global drug regulatory authorities in the recent
years over a range of issues like data integrity, including production
quality, sanitation standards and alleged data manipulation. 
Aimed at strengthening the regulatory mechanism, health ministry had
also concluded a survey recently to test 47,000 drug samples from across
the country, a process that started in April this year
 Purpose of the survey is to get more clarity on the percentage of spurious
or low-quality drugs circulated in India. Besides that GMP compliance is at
the core of the government's consideration to supply safe and efficacious
medicines to other countries for the sake of patient safety. 
Data Integrity (DI) - Regulatory Focus
(Application Integrity)
Change in Regulatory Focus :

The integrity of the data collected and recorded by

pharmaceutical manufacturers is critical.

WHO & UK MHRA inspectors have undergone training to

better detect signs of data problems to ensuring that high
quality and safe medicines are produced.

Regulatory authorities are looking more closely at

international facilities for signs of altered and doctored records
Data Submission & Application Integrity as
required by regulatory authorities
1. Reliable
2. Trustworthy
3. Traceable
4. Verifiable
5. Complete
6. Legible
7. Meaningful &
9. Protected
Application Integrity Policy (AIP)
The Application Integrity Policy is what FDA pulls up when it
has questions about a manufacturer’s electronic data.
• Electronic information includes everything, such as emails,
adverse events reports, complaints, batch records, and quality
control records—everything that’s stored electronically. 
When FDA invokes the AIP, the Agency is, in effect, saying,
“We have concerns. We want to review everything this company
has submitted, whether an additional application request, or
request for a change in manufacturing.” If FDA invokes this
policy, you can expect an inspection. Not only will you have an
inspection, but that inspection will focus closely on how you are
controlling electronic records—i.e., it will focus on Part 11.
Summary of Data Integrity issues
QC
Alteration of raw, original data and records (e.g., the use of correction fluid)
Unlabeled or partially labeled vials dumped down the drain
Test results for one batch were used to release other batches
 Releasing product with known contaminants
Growth on microbiological plates was observed and recorded as no growth Microbiology
 Out-of-specification or undesirable results were ignored and not investigated
Re-testing without justification
Failing or suspect HPLC assay results are overwritten
HPLC integration parameters were changed and re-run until passing results were obtained
 Audit trail function was disabled.
Unofficial testing of samples with file names like test, trial, or demo
There are no controls to prohibit unauthorized changes to electronic data / inadequate
access controls.
Backdating
Summary of Data Integrity issues
Production
Employees signing manufacturing steps were not on premises at the
time the steps were completed
Data was removed and new data was added
Employee scraped off entries with hand-made tool
Making up Batch records during an FDA inspection BPR’s
Making up Training records during an FDA inspection
Firm had no CGMP training
Testing conducted late but recorded as being tested on time
Repacking failed product without assessing impact of failure
Repacked product was released
Proper investigation of incidents/ deviation in manufacturing area
was not recorded.
Summary of Data Integrity issues
documentation
No raw data for Standard preparation
No raw data for Sample weights
No raw data for Sample solution preparation and sample dilutions
Sample and reagent weights are written on small pieces of paper and transcribed onto
analytical worksheets Then, small pieces of paper were discarded / Raw data found in the
garbage bin
Destruction of raw data not meeting specification
Missing raw data
Re-writing laboratory notebooks
Unjustified invalidation of data and re-testing without a laboratory investigation
Pre / post dating of the records.
Failure to use approved procedures.
Recording / Signing for others
Re-writing the records without authorization.
Failure to report / document a discrepancy.
Failure to retain raw data / records.
Summary of Data Integrity issues-IT
COMMON PASSWORDS. Where analysts share passwords, it is not possible to identify
who creates or changes records, thus the A in ALCOA is not clear.
USER PRIVILEGES. The system configuration for the software does not adequately
define or segregate user levels and users have access to inappropriate software privileges
such as modification of methods and integration.
SYSTEM CONTROL: Laboratories have failed to implement adequate controls over data,
and unauthorized access to modify, delete, is not prevented; the file, therefore, may not
be original, accurate, or complete.
PROCESSING METHODS. Integration parameters are not controlled and there is no
procedure to define integration. Regulators are concerned over re-integration of
chromatograms.
AUDIT TRAILS. In this case, the laboratory has turned off the audit-trail functionality
within the system. It is, therefore, not clear who has modified a file or why.
Why is it so hard for companies to get it right?!
Lets summarise the areas where data
integrity issues can occur

QC
Production
IT
Regulatory
Other areas
RND
Sales/ Logistic
EHS
HR
Any others ?
Consequences of Data Integrity
issues
• Loss of Trust
• Recalls
• Form – 483 • Warning or Untitled Letter
• Import Alert
• Seizure
• Application Integrity Policy Invocation
• Non-compliance Report
• Notice of Concern
• Loss of job
• Loss of business
• Loss of Money
Example of absence of Data Integrity:
The worst case scenario is impact on patient safety and the loss of lives.
Although not regulated by the FDA or subject to cGMPs, the New England
Compounding Pharmacy incident in the US (MA) in 2012 can be used as an
example of the consequences of data related fraudulent activity.
In this case, 17,000 vials of methylprednisolone for injection contaminated
with fungi were distributed to 23 US states.
Resulted in 64 patients deaths and over 750 who suffered illness with fungal
meningitis as a result of sterility negligence & data integrity issues.
In this case, a FDA official said pharmacy technicians were instructed to lie
on cleaning logs, showing rooms as being cleaned when they had not.
This was undertaken per instruction of management.
Detecting & Preventing Data Integrity issues

1. Education and Communication

2. Technology and IT Systems
3. Detection and Mitigation of Risks
4. Governance of DI
What education? What communication?

Education and consistent communication ensure:

•A common understanding
•Awareness of impact
•Ownership
•Leadership support

…so mindset shift to strengthen understanding of Data Integrity

and impact on patients safety and product quality are key.
Detection and Mitigation of Risks
Detection and Mitigation of Risks
Technology and IT Systems
Governance of DI
Challenges of Maintaining Laboratory Data
Integrity
The first challenge in ensuring the integrity of laboratory data involves utilization of
hybrid systems (see Figure 1). If both are used, paper and electronic records need to
be synchronized.
Designing systems to assure data quality
and integrity -MHRA
Systems should be designed in a way that encourages compliance with the
principles of data integrity. Examples include:
Access to clocks for recording timed events
Accessibility of batch records at locations where activities take place so that
ad hoc data recording and later transcription to official records is not
necessary
Control over blank paper templates for data recording
User access rights which prevent (or audit trail) data amendments
Automated data capture or printers attached to equipment such as balances
Proximity of printers to relevant activities
Access to sampling points (e.g. for water systems)
Access to raw data for staff performing data checking activities.
Include E -data verification in internal audits