Can You Demonstrate the Integrity of Your Data?

Oct 29, 2014
By Spectroscopy Editors
Volume 29, Issue 11

Recently, regulators in both the United States and United Kingdom issued guidance concerning laboratory data integrity that followed serious noncompliances found during inspections. In this column, we explore what this guidance means for spectroscopy systems used for analysis in regulated laboratories and derive some common-sense guidance that you can follow.

Ensuring the integrity of data is a prime requirement of any analytical laboratory so that the results generated and the decisions taken using that information can be relied upon. This is certainly so in laboratories working toward good practice regulations such as good laboratory practice (GLP) and good manufacturing practice (GMP).

Data integrity is defined by the Food and Drug Administration (FDA) as "The degree to which a collection of data is complete, consistent and accurate" (1). This is similar to the GMP requirement for complete data from quality control testing under the United States (US) GMP regulations (2), which I discussed in the April 2013 installment of this column (3). Going further, the Institute of Electronic and Electrical Engineers (IEEE) defines integrity as "The degree to which a system or component prevents unauthorized access to, or modification of, computer programs or data" (4). From the IEEE definition, we can focus on a computerized system that needs to have controls to only allow authorized users access to the system and technical controls to prevent unauthorized changes to the data entered or generated by the laboratory system. Not bad when you consider that the IEEE is not a regulated health care organization, but the requirements outlined in their definition equate to those in the US GMP (2).

Following the Able Laboratories fraud case (5) the FDA also revised its Compliance Policy Guide (CPG) 7346.832 for preapproval inspections (PAI) (6), which has three objectives, the third of which is the data integrity audit. Under this objective an FDA inspector has to "audit the raw data, hardcopy or electronic, to authenticate the data submitted in the CMC [chemistry, manufacturing, and controls] section of the application. And to verify that all relevant data ([for example,] stability, biobatch data) were submitted in the CMC section such that CDER [Center for Drug Evaluation and Research] product reviewers can rely on the submitted data as complete and accurate."

This focus on data integrity especially around computerized systems has found many noncompliances in a variety of quality control (QC) laboratories. I summarized some of the data integrity issues that were found in recent FDA inspections involving chromatography data systems in a recent article in LCGC Europe (7). The main areas of noncompliance were citations against four main areas of the Code of Federal Regulations (CFR):

  • Quality management system and management responsibility
  • Automatic and electronic equipment (§211.68)
  • Laboratory controls (§211.160–§211. 165)
  • Laboratory controls (§211.194 a–e) (7)

Interestingly, this focus on data integrity has not gone unnoticed on the other side of the Atlantic Ocean.

UK Regulatory Agency Focuses on Data Integrity

Table I: MHRA expectation for data integrity focused internal audits
The first recent regulatory change in data integrity we will discuss came from the United Kingdom (UK). In December 2013, via a posting on their website, the UK's Medicines and Healthcare products Regulatory Agency (MHRA) stated that beginning in 2014, inspections would check that regulated users were ensuring data integrity through self-inspections or internal audits (8). The requirement for internal audits is covered in chapter 9 of the EU GMP Guide (9). The full text of the MHRA posting is presented in Table I. I split the text into four sections, and my comments are in the right column next to each section.

Now, let's recross the Atlantic Ocean to see what has happened with our friends at the FDA.

lorem ipsum