Ensuring Data Integrity in a Regulated Environment

Wed, 05/18/2011 - 4:47am

R.D. McDowall, Ph.D.
Get the latest news in High Performance Computing, Informatics, Data Analysis Software and
more - Sign up now!
Ensuring Data Integrity in a Regulated Environment
10 essential chromatography data system compliance areas
This article explores the steps necessary to ensure the integrity of data generated and
maintained by chromatography data systems (CDS) in a regulated GXP environment. It has
been driven partly by recent content of some U.S. Food and Drug Administration (FDA) warning
letters and the publication of the new European Union (EU) GMP Annex 11 regulations.
Since the Able Laboratories 1,2 and Leiner Health Products 3 fraud cases, there has been a
focus on the integrity of data generated in regulated quality control laboratories. This focus has
been justified by at least one FDA warning letter where spectroscopic data were copied from
one batch that passed to another one. 4 Therefore, the aim of this article is to present and
discuss 10 compliance areas to ensure the integrity of data generated by CDS, especially in the
light of recent regulatory changes and approaches.
Recent regulatory changes
There are three regulatory changes that have occurred already, or that will have an impact in
the future, on the integrity of data in regulated laboratories:
FDAs post inspection 483 program: Begun in September 2009, this program requires a
complete response from a company to all 483 observations within 15 business days. 5, 6 This
should mean a redefinition of inspection ready within companies, so that laboratories are
working compliantly and do not need to respond in a panic to meet the 15-day deadline.
However, as evidenced by the laboratory data integrity issues, this is not happening in a number
of laboratories.
Part 11 inspection program: 7 In 2010, the FDA announced that they would be conducting Part
11 audits alongside normal GMP inspections of companies to assess how industry is
interpreting 21 CFR 11 after the publication of the 2003 guidance on Part 11 scope and
application. 8
New EU GMP regulations for computerized systems (Annex 11) and documentation (Chapter 4)
were released in January 2011 and become effective on June 30, 2011. 9,10 At first sight, the
focus should be on the increased requirements for computerized systems regulation in Annex
11. However, the sting in the tail is contained in the update for Chapter 4.
Here, the EU looks at records of activities and requires that raw data be defined formally for all
systems generating data for batch release and specifically mentions hybrid and fully electronic
systems. In this respect, we now have harmonization between the EU and FDA around
management of electronic records.
These changes will inevitably impact all computer systems in regulated laboratories, including
chromatography data systems.

Criteria for integrity of laboratory data

To help training staff, we need to know the basics of laboratory data integrity. The main criteria
are listed below: 11
Attributable who acquired the data or performed an action and when?
Legible can you read the data and any laboratory notebook entries?
Contemporaneous documented at the time of the activity
Original written printout or observation or a certified copy thereof
Accurate no errors or editing without documented amendments
Complete all data including any repeat or reanalysis performed on the sample
Consistent all elements of the analysis, such as the sequence of events, follow on and are
dated or time stamped in expected sequence
Enduring not recorded on the back of envelopes, cigarette packets, Post-it notes or the
sleeves of a laboratory coat, but in laboratory note books and / or electronic media in the CDS
or LIMS
Available for review and audit or inspection over the lifetime of the record
Analytical scientists need to understand these criteria and apply them in their respective
analytical methods. So, let us interpret these criteria for a CDS in light of regulations and
warning letter citations.
10 areas for ensuring CDS data integrity
Below, I suggest 10 areas that are essential to ensure the integrity of data within the boundaries
of a chromatography data system.
These are:
1. Identify each user uniquely
2. Implement adequate password controls
3. Establish different user roles / access privileges
4. Establish and maintain a list of current and historical users
5. Control changes to the system
6. Use only trained staff to operate the system
7. Understand predicate rules for laboratory records
8. Define and document e-records for the system
9. Review the audit trails for each run
10. Back the system up regularly
We will now discuss each area in turn to see what controls are needed.
1. Identify each user uniquely
Attributing work to an individual is a key GMP compliance requirement. In the paper world,
identification of each analyst is easily achieved through each persons initials or signature on a
printout or laboratory notebook. However, this simple principle often is lost when we move into
the electronic domain, as each individual needs a unique user identity to use the CDS.
However, the cost of user licenses for the CDS can be a deterrent to this and, although it
appears to be sensible from a financial perspective, it is a compliance disaster waiting to
happen. So, ensure that accounts are not shared, as the FDA rewards those laboratories with
free entry to the agencys wall of shame, better known as the warning letter pages of their Web
site.
Notable entries on the wall of shame are:
Concord Laboratories: 12 Here, managers were observed to log onto the CDS and set up a
chromatograph for analysis, and then the analyst who was actually doing the work accesses the

system via manager accounts.

Ohm Laboratories: 13 The citation states that One user account is established for two analysts
to access the laboratory instruments software on the computer system attached to HPLC
systems.
Furthermore, you should not reuse user identities, even if a person leaves the laboratory or the
company, but allocate a different identify to each individual.
2. Implement adequate password controls
Once a person has their unique user identity allocated to them, they will access the CDS by
logging on using their user identity and password. The password needs to be strong enough so
that it cannot be guessed by others, but not so strong that the user has to write it down to
remember it (otherwise known as the password paradox). Regardless of the strength, it is
essential that any rules for a password must be enforced by either the operating system or the
CDS application software to ensure that the rules are followed.
So, some of the citations concerning passwords for CDS are:
common password shared between two or more users by Ohm Laboratories 13
passwords with a minimum of four characters that never expired by the Gaines Chemical Co. 14
An audit finding of mine, where both the user identity and password were written down and
stuck on the front of the workstation. The user identity was admin. What was the password
used? Yes, youve guessed it admin!
A suggestion is that any default accounts are disabled, or at least the default password is
changed, especially if it is documented in the user manual.
3. Establish different user types with different access privileges
U.S. GMP regulations in 211.68(b) require systems and equipment to be limited to authorized
individuals only, which is fair enough. However, in todays CDS, you can define user types with
different access privileges allocated to each type. Why is this important? Let me ask you a
question, do you to want allow the newest recruit in your laboratory the ability to do anything in
the system including changing methods and reports without anybody knowing about it? Of
course not, so we implement different user types in our CDS such as trainee, analyst,
supervisor, power user and system administrator. To each user type, we allocate different
access privileges based upon the role that they will perform in the system.
However, some people do not learn or even consider some basic integrity requirements:
Concord Laboratories 12 was cited in their warning letter: In addition, data security protocols are
not established that describe the users roles and responsibilities in terms of privileges to
access, change, modify, create, and delete projects and data.
Ohm Laboratories: 13 Each user account provides full system administrative rights, including
editing of the methods and projects.
4. Establish and maintain a list of current and historical users
Regulations on both sides of the Atlantic Ocean in 21 CFR part 11 15 and Annex 11 9 require
authorized users with different access privileges. However, the FDA guidance for industry:
Computerized Systems in Clinical Investigations, 16 issued in 2007, requires a list of current and
historic users of systems used for clinical trials and clinical investigations. Although this is
guidance, it is a logical interpretation of the GMP regulatory requirements cited above. This list
needs to be established and maintained, as it is easy for an inspector to ask to see the list of
accounts and, if somebody has recently left, ask to see if the account is still active or has been

disabled. Concord Laboratories, 12 for example, would need to generate such a list as a
corrective action to the citation in the previous section.
5. Control changes to the system
Linked to the allocation of access privileges discussed earlier is the ability of a user to make
changes to methods, integration parameters and also baselines. U.S GMP. in 211.68(b)
requires that changes are only made by authorized individuals. However, when you share user
identities, as happened at Concord Laboratories, 12 unattributed changes to methods were
made as the laboratory could not identify individuals making changes to methods and, therefore,
determine if they had the appropriate combination of training, education and experience.
6. Only trained staff must operate the system
Under GMP, there is the requirement for all staff to have the combination of education, training
and experience to perform their job as stated in 211.25. This, you would think, would be a
classic no-brainer. However, some companies appear to have had a frontal lobotomy instead:
In one of the citations from the Able Laboratories 483 observation form 1 it notes failure to
provide adequate training to analytical chemists. Why was this important, you may ask? Here is
the reason: OOS results were substituted with passing results by Analysts and Supervisors.
The substitution of data was performed by cutting and pasting of chromatograms, substituting
vials, changing sample weights and changing processing methods.
So, it is an important part of a users training to ensure data integrity of the data generated and
that changes may only be made according to predefined procedures to prevent an accusation of
falsification or fraud.
7. Understand predicate rules for laboratory records
Under the U.S. GMP regulations for laboratory records, there is a specific statement in the
beginning of 211.194(a) that states: Laboratory records shall include complete data derived
from all tests necessary to assure compliance with established specifications and standards,
including examinations and assays, as follows. The key phrase in this is complete data i.e.
everything warts and all including the data you dont want your supervisor to see. This is the
key to establishing the integrity of data in a CDS. Why? Errors occur, mistakes happen,
chromatographs malfunction and columns fail to work. So, include everything.
Notable exceptions to this have been:
Able Labs 483 1 with the citation laboratory records do not include complete data derived from
all tests, examinations and assays necessary to assure compliance with established
specifications and standards.
Cambrex Profarmaco 17 where the citation reads: Your quality unit failed to maintain complete
laboratory control records for the analysis of your APIs (including graphs, charts, and spectra
from laboratory instrumentation derived from all tests conducted) to ensure compliance with
established specifications and standards.
Raw data (e.g., chromatograms, standard and sample weights, calculations, standards,
reagents, and instrument information) for the Albuterol Sulfate (June 2001) and Lorazepam
(June 2006) related substances, method validation were not available during the inspection. The
failure to have this data available during the inspection prevented the investigators from
confirming the authenticity and reliability of data submitted to support drug application.

I have included the Cambrex Profarmaco citation at length to illustrate how data integrity
problems in the laboratory can create problems for the business as a whole. The company has
applied for a license to sell a product, yet there is no data available from the CDS to support
statements in the submission to the agency lack of CDS data integrity can seriously damage
a companys wealth.
8. Define and document electronic records for the system
Since 2003, the Part 11 Scope and Application guidance 8 has recommended that companies
define the electronic records for their systems. However, on June 30, 2011, this also will be the
law in Europe for those working to GMP, as this is when the new version of Chapter 4 on
documentation becomes effective. The Principle states for Records: 10 For electronic records
regulated users should define which data are to be used as raw data. At least, all data on which
quality decisions are based should be defined as raw data.
There are two issues to look at here. First is the fact that EU GMP considers that documentation
includes a record that is the evidence of an activity; therefore, the data files created during an
analytical run are records. Second, when a CDS is used for batch release, the users must
define what the raw data are for the system. I have discussed this for a CDS in an earlier
publication. 18
However, Chapter 4 10 goes into greater scope and more detail in clause 4.1. (Note that only the
parts of this clause relevant to this discussion are presented here, and you should read the
whole clause to understand the whole picture.):
The requirements apply equally to all forms of document media types. Similar to the definition
of electronic record in 21 CFR Part 11, it does not matter that a media type has not been
invented: when it is and you use it, this regulation covers it. This is a broad-scope definition and
is not limited by any specific technology.
Many documents (instructions and/or records) may exist in hybrid forms, i.e. some elements as
electronic and others as paper based. It does not matter if a record is generated on paper,
exists as handwritten signatures following a printout of the electronic record (hybrid system) or
is maintained fully electronically, this regulation covers it.
Relationships and control measures for master documents, official copies, data handling and
records need to be stated for both hybrid and homogenous systems. This means that a
document that has been reviewed and approved, which defines relationships between the
records in the CDS and how they are controlled, including access by users, etcetera, is needed.
Appropriate controls should be in place to ensure the integrity of the record throughout the
retention period. We have to maintain the records and integrity of the data throughout the
record retention period.
Furthermore, in clause 4.10, 10 it states: It should be clearly defined which record is related to
each manufacturing activity and where this record is located. Secure controls must be in place
to ensure the integrity of the record throughout the retention period and validated where
appropriate. So, life has just gotten a lot more formal for a CDS. Laboratories must define the
raw data (records), if they have not already done so, and also state where the records are
located. Furthermore, the integrity of the records must be retained throughout the retention
period (reiterating 4.1 above) and, if electronic records are involved, validation will be involved in
any archiving or application software updates.

However, here is where the problem begins, from audits that I have conducted in many
laboratories over the years, there is still a problem of defining raw data in a CDS as anything
other than paper. Now, with the publication of the EU Chapter requirements, there is no room
for maneuver: CDS records are either hybrid or electronic. No discussion and no debate: the
argument of raw data as paper has just joined the dodo as extinct.
Now, if you think the FDA has been sleeping on the job, there is a little snippet from the
Administrations Web site19 that is available for all to see: The printed paper copy of the
chromatogram would not be considered a true copy of the entire electronic raw data used to
create that chromatogram, as required by 21 CFR 211.180(d). The printed chromatogram would
also not be considered an exact and complete copy of the electronic raw data used to create
the chromatogram, as required by 21 CFR 211.68. The chromatogram does not generally
include, for example, the injection sequence, instrument method, integration method, or the
audit trail, of which all were used to create the chromatogram or are associated with its validity.
Therefore, the printed chromatograms used in drug manufacturing and testing do not satisfy the
predicate rule requirements in 21 CFR Part 11. The electronic records created by the
computerized laboratory systems must be maintained under these requirements. I could not
write this better but I could make it more entertaining.
9. Review the audit trail entries for each batch
Part of the complete data for a CDS analytical run includes the audit trail, and there is the
requirement under US GMP 211.194(a)(8) for the initials or signature of a second person to
show that work has been done correctly and conforms to standards. This implies that the audit
trail should be checked. In contrast, in Europe under Annex 11, it will be the law to review the
audit trail for batch release from June 30, 2011.
The FDA has cited laboratories over the years for failure to review the audit trails of CDS
systems: Failure to review electronic data as part of batch release at Able Laboratories 1 Both
Concord Laboratories 12 and Ohm Laboratories 13 also were cited for failing to review audit trails
in their CDS systems e.g. Review of audit trails is not required.
The problem is that current CDS audit trails cannot demonstrate that a user has reviewed it
what a bummer!
10. Backup the system regularly
Part 11 requires record protection 15 and so does that new version of Annex 11. 9 The latter
goes further than Part 11 and its predicate rule in clause 7.2 Regular back-ups of all relevant
data should be done. Integrity and accuracy of backup data and the ability to restore the data
should be checked during validation and monitored periodically. So, interpreting this, backups
have to be done regularly. Typically, this will be daily. So, it will be the IT department doing this
task, not laboratory personnel. When the backup is performed, the backup logs must be
checked to see whether the backup worked or not and, if not, should be rescheduled to avoid
the loss of data. Moreover, backup needs to be validated, and periodic restores should be
performed to see that the tapes are still readable.
However, there is always somebody who is going to fail in a spectacular way, and our star in
this section is Ohm Laboratories: 13 Specifically, your firm does not have an adequate number
of personnel to ensure that your firms manufacturing operations are adequately conducted and
completed. For example, a. Your QCU personnel stated that no data back-up of the HPLC
Systems has been performed since May 26, 2009 due to insufficient time to perform such

activity. your quality unit personnel informed the investigators that the computer software was
upgraded and the raw data was lost during the software upgrade.
We have serious concerns about your firms implementation of changes to your computerized
systems (e.g., software upgrade). It is your responsibility to provide the means of ensuring data
protection (e.g., back-up system) for your computerized systems to prevent the permanent loss
of records. Please provide corrective actions to prevent similar recurrences.
The problem is that leaving the backups to laboratory personnel means that there is a great risk
that backups will not be performed regularly, will not be performed at all and probably will not be
verified to see if data can be recovered before a disaster happens. However, losing data during
the software upgrade is inexcusable and stupid.
The first thing anybody should do is backup the system securely, and this means verifying the
backup a check to read the data on the tape and verify it with the original data on the disk.
This takes time but is essential to check the quality of the backup. If you are worried still, take a
second backup using a tape from a different batch. Then, if there is a problem, you have a
second life line. However, the bottom line is that analysts should analyze samples, and the IT
department does the backups: right people for the right jobs. After all, you would not want the IT
department analyzing your samples would you?
Conclusions
To ensure the integrity of the data generated by a chromatography data system, we have
looked at 10 areas that, either by lack of control of the CDS or through new regulatory
requirements, are essential. Failure to have these controls and procedures in place will result in
compliance issues and also business problems that will adversely impact company
performance.
References
1. Able Laboratories 483 Inspectional Observations (July 2005)
2. R.D.McDowall, Quality Assurance Journal, 10 (2006) 15-20
3. Leiner Health Products Warning Letter (August 2007)
4. Xian Libang Pharmaceutical Company, Warning Letter (January 2010)
5. Review of Post-Inspection Responses, Federal Register, August 11, 2009, 74 (153) 40211
40212
6. R.D.McDowall, Spectroscopy, Focus on Quality, November 2009
7. FDA To Conduct Inspections Focusing on 21 CFR 11 (Part 11) requirements relating to
human drugs, http://www.fda.gov/AboutFDA/CentersOffices/CDER/ucm204012.htm, July 2010
8. FDA Guidance for Industry, Part 11 Scope and Application, 2003
9. EU GMP Annex 11 Computerised Systems:
http://ec.europa.eu/health/documents/eudralex/vol-4/index_en.htm
10. EU GMP Chapter 4 Documentation: http://ec.europa.eu/health/documents/eudralex/vol4/index_en.htm
11. R.D.McDowall, Spectroscopy, Focus on Quality, December 2010
12. Concord Laboratories Warning Letter (July 2006)
13 Ohm Laboratories, Warning Letter (December 2009)
14. Gaines Chemical Company 483 Inspectional Observations (December 1999)
15. 21 CFR 11, Electronic Records Electronic Signatures Final Rule, 1997
16. FDA Guidance for Industry, Computerized Systems in Clinical Investigations, 2007
17. Cambrex Profarmaco Warning Letter (August 2009)

18. R.D.McDowall, Validation of Chromatography Data Systems: Meeting Business and

Regulatory Requirements, Royal Society of Chemistry, Cambridge, 2005
19. Questions and Answers on Current Good Manufacturing Practices, Good Guidance
Practices, Level 2 Guidance - Records and Reports see question number 3.
http://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/ucm124787.ht
m
R.D. McDowall is Principal, McDowall Consulting. He may be contacted at
editor@ScientificComputing.com.