MHRA GMP Data Integrity Definitions

and Guidance for Industry January 2015

Initial Review and Critique – March 2015

Bob McDowall
R.D.McDowall Ltd

Thanks to Mark Newton, Lorrie Schuessler & Chris Burgess

©R.D.McDowall Limited 2015 www.rdmcdowall.com 1

 Overview
• MHRA expectations for data integrity
December 2013
• MHRA Guidance on data integrity January 2015
– Introduction
– Establishing data criticality & inherent integrity risk
– Designing systems to assure data quality & integrity
– Data integrity definitions and expectations
• Question:
– One country of 28 EU member states – impact?
©R.D.McDowall Limited 2015 www.rdmcdowall.com 2
 Introduction

©R.D.McDowall Limited 2015 www.rdmcdowall.com 3

 Setting Expectations
• Data integrity is fundamental in a pharmaceutical quality
system which ensures that medicines are of the required
quality.
– Guidance compliments EU GMP
– Data governance integral within the company’s PQS and EU
GMP Chapter 1
– The effort and resource assigned to data governance should be
commensurate with the risk to product quality, and should also
be balanced with other quality assurance resource demands.
– … manufacturers and analytical laboratories are not expected
to implement a forensic approach to data checking, but instead
design and operate a system which provides an acceptable
state of control based on the data integrity risk, and which is
fully documented with supporting rationale.

©R.D.McDowall Limited 2015 www.rdmcdowall.com 4

 Data Integrity Definitions
• Data Integrity: The extent to which all data are complete,
consistent and accurate throughout the data lifecycle.
– MHRA 2015

• Data Integrity: The degree to which a collection of data are

complete, consistent and accurate.
– FDA Glossary of Computer Systems Software Development Terminology (1995)

• Integrity: Data, information and software are accurate and

complete and have not been improperly modified
– FDA Guidance on Content of Premarket Submissions for Management of Cybersecurity in Medical Devices
(Oct 2014)

• Integrity: The degree to which a system or component prevents

unauthorized access to, or modification of, computer programs or
data.
– IEEE Standard 610 (Glossary)

©R.D.McDowall Limited 2015 www.rdmcdowall.com 5

 Criteria for Data Integrity
• Attributable — Who acquired the data or performed an action and
when?
• Legible — Can you read the data file / any written entries?
• Contemporaneous — Documented at the time of the activity.
• Original — Written printout or observation or a certified copy thereof.
• Accurate — No errors or editing without documented amendments.
• Complete — All data including any repeat or reanalysis performed on
the sample.
• Consistent — All elements of the analysis such as the sequence of
events follow on and are date or time stamped in the expected
sequence.
• Enduring — Not recorded on the back of envelopes, cigarette packets,
Post-It notes but in laboratory notebooks or electronic media
• Available — Can be accessed for review and audit or inspection over the
lifetime of the record.

©R D McDowall Ltd 2015 www.rdmcdowall.com 6

 Data Life Cycle
• All phases in the life of the data (including raw data)
from initial generation and recording through processing
(including transformation or migration), use, data
retention, archive / retrieval and destruction.
– Applicable to paper, hybrid and electronic records
– ALCOA+ principles apply throughout the life cycle
– Access for trending up to 2 years after generation
Note: Arbitrary & prescriptive time period
– Retention for up to 30 years in some cases e.g. supporting an
MA

©R.D.McDowall Limited 2015 www.rdmcdowall.com 7

 Data Life Cycle
Active
Phase

Data
Acquisition
Data
Processing

Reportable
Result(s)

Data Use

Short Term
Retention

Long Term
Archive
Data
Migration Note: for flat file systems
Data there may need to be a
Destruction retention stage after each
stage of the active phase to
ensure preservation and
integrity
Inactive
Phase

©R.D.McDowall Limited 2015 www.rdmcdowall.com 8

 Applies to All Record Types
• Data integrity requirements apply equally to
manual (paper) and electronic data.
– Implicitly this also includes hybrid systems
– Also see definition of true copy (p7) and paper
audit trails (p11)
• Inconsistency:
– MHRA guidance does not refer to homogeneous
and hybrid systems as mentioned in EU GMP
Chapter 4
©R.D.McDowall Limited 2015 www.rdmcdowall.com 9
 Return to Paper? No Way!
• Manufacturers and analytical laboratories should be aware
that reverting from automated / computerised to manual /
paper-based systems will not in itself remove the need for
data integrity controls.
– Contravention of Annex 11 Principle – new system with lower
quality
– No time sequence enforcement
• This may also constitute a failure to comply with Article 23
of Directive 2001/83/EC, which requires an authorisation
holder to take account of scientific and technical progress
and enable the medicinal product to be manufactured and
checked by means of generally accepted scientific methods.
– Equivalent to the FDA’s “c” in the cGMPs

©R.D.McDowall Limited 2015 www.rdmcdowall.com 10

 Establishing Data Criticality &
Inherent Integrity Risk

©R.D.McDowall Limited 2015 www.rdmcdowall.com 11

 Data Governance Definition
• The sum total of arrangements to ensure that
data, irrespective of the format in which it is
generated, is recorded, processed, retained
and used to ensure a complete, consistent and
accurate record throughout the data lifecycle.

©R.D.McDowall Limited 2015 www.rdmcdowall.com 12

 Data Governance Expectation
• Data governance should address data ownership throughout the
lifecycle, and consider the design, operation and monitoring of
processes / systems in order to comply with the principles of data
integrity including control over intentional and unintentional
changes to information.
• Data Governance systems should include staff training in the
importance of data integrity principles and the creation of a
working environment that encourages an open reporting culture
for errors, omissions and aberrant results.
• Senior management is responsible for the implementation of
systems and procedures to minimise the potential risk to data
integrity, and for identifying the residual risk, using the principles of
ICH Q9. Contract Givers should perform a similar review as part of
their vendor assurance programme

©R.D.McDowall Limited 2015 www.rdmcdowall.com 13

 Data Governance System
ICH Q10
Pharmaceutical
Quality Systems

EU GMP Chapter
1 - PQS

ICH Q9 Quality Data EU GMP Chapter

Risk Governance 4
Management System Documentation

Data Integrity
Management Data Integrity Identify Critical
Policies and
Responsibilities Training Records
Procedures

©R.D.McDowall Limited 2015 www.rdmcdowall.com 14

 Data Integrity Approaches

Pharmaceutical Quality System

Data Governance

Systems for
All Overall Data
Generating & Risk Identify Critical
Records Integrity
Transforming Management Records
Generated Approaches
Data

Note: System can apply to paper, hybrid or electronic data generation & manipulation

©R.D.McDowall Limited 2015 www.rdmcdowall.com 15

 Designing Systems to Assure
Data Quality & Integrity

©R.D.McDowall Limited 2015 www.rdmcdowall.com 16

 Designing Systems to Ensure Data Integrity
• Poorly written section
– (Restrict) Access to clocks for recording timed events
– Accessibility of batch records at locations where activities take
place so that ad hoc data recording and later transcription to
official records is not necessary
– Control over blank paper templates for data recording
(FDA Guide to Inspection of QC Labs 1993)
– User access rights which prevent (or audit trail) data amendments
– Automated data capture or printers attached to equipment such as
balances
– Proximity of printers to relevant activities
– Access to sampling points (e.g. for water systems)
– Access to raw data for staff performing data checking activities.

©R.D.McDowall Limited 2015 www.rdmcdowall.com 17

 Spectrum of
Data Generation

Process for HPLC/GC

Data Observation pH Meter Analytical UV
systems incl LIMS ERP System
Generation balance Spectrometer
MS

Type of Firmware Non-config’d Config’d Config & Config &

None Firmware
software software custom s/w custom s/w
Software (GAMP Cat 2) (GAMP Cat 2)
(GAMP Cat 3) (GAMP Cat 4) (GAMP Cat 4/5) (GAMP Cat 4/5)

Mode of Data Printout from E-records E-records E-records E-records

Observation Observation
Recording instrument and printouts and printouts and printouts and printouts

Written Written
Raw Data Printout E-records E-records E-records E-records
observation observation

No No Printout must Define access Define access Define access Define access
independent independent include whole privileges. privileges. privileges. privileges.
evidence to evidence to weighing Restrict Restrict Restrict Restrict
verify work verify work sequence access to IT access to IT access to IT access to IT
Data Integrity functions. functions. functions. functions.
Issues Validate for Validate for Validate for Validate for
intended use. intended use. intended use. intended use.
Printouts not Printouts not Printouts not Printouts not
raw data. raw data. raw data. raw data.
Audit trail Audit trail Audit trail Audit trail

Paper Electronic
records records

Increasing AIQ and CSV to demonstrate fitness for purpose

Increasing risk to data integrity, Increasing system complexity
Increasing reliance on supplier’s QMS

©R.D.McDowall Limited 2015 www.rdmcdowall.com 18

 Use of Scribes to Record Data?
• Don’t… work electronically!
– More manual processes = lower quality and more mistakes
– No technical controls to enforce integrity
• The use of scribes to record activity on behalf of another
operator should be considered ‘exceptional’, and only
take place where:
– The act of recording places the product or activity at risk e.g.
documenting line interventions by sterile operators.
– To accommodate cultural or staff literacy / language
limitations, for instance where an activity is performed by an
operator, but witnessed and recorded by a Supervisor or
Officer.
– Question: real time verification of observation?

©R.D.McDowall Limited 2015 www.rdmcdowall.com 19

 Use of Scribes to Record Data?
• The use of scribes to record activity on behalf of another
operator should be considered ‘exceptional’, and only take
place where:
– Continued….
– In both situations, the supervisory recording must be
contemporaneous with the task being performed, and must
identify both the person performing the observed task and the
person completing the record.
– The person performing the observed task should countersign the
record wherever possible, although it is accepted that this
countersigning step will be retrospective. The process for
supervisory (scribe) documentation completion should be
described in an approved procedure, which should also specify
the activities to which the process applies.
– Human error rates considered?
• Note: there is no equivalent FDA position on this approach
©R.D.McDowall Limited 2015 www.rdmcdowall.com 20
 Data Integrity Definitions and
Expectations

An surfeit of “data” and no diagrams

©R.D.McDowall Limited 2015 www.rdmcdowall.com 21

MHRA Data Integrity Guidance: 19 Definitions
• Data • Data review
• Raw data • Computerised system user
• Metadata access / system admin roles
• Data integrity • Data retention
• Data governance • Archive
• Data life cycle • Backup
• Primary Record • File structure
• Original Record / True Copy • Flat files
• Computer system • Relational database
transaction • Validation for intended
• Audit trail purpose

©R.D.McDowall Limited 2015 www.rdmcdowall.com 22

 Focus on 5 MHRA Definitions
• Data
• Metadata
• Raw Data
• Primary Record
• Original Record / True Copy
– Guidance document only presents a list of
definitions and leaves to the reader to connect
them
– Relationship to OOS guidance?

©R.D.McDowall Limited 2015 www.rdmcdowall.com 23

 Definition: Raw Data
• Original records and documentation, retained in the
format in which they were originally generated (i.e.
paper or electronic), or as a ‘true copy’.
– Raw data must be contemporaneously and accurately
recorded by permanent means.
– In the case of basic electronic equipment which does not
store electronic data, or provides only a printed data output
(e.g. balance or pH meter), the printout constitutes the raw
data.
• Raw data must:
– Be legible and accessible throughout the data lifecycle.
– Permit the full reconstruction of the activities resulting in the
generation of the data

©R.D.McDowall Limited 2015 www.rdmcdowall.com 24

 Definition: Metadata
• Metadata is data that describe the attributes of
other data, and provide context and meaning.
Typically, these are data that describe the
structure, data elements, inter-relationships
and other characteristics of data. It also permits
data to be attributable to an individual.
– Contextual data putting an observation into context
– Applies to manual observations as well as hybrid
and electronic systems

©R.D.McDowall Limited 2015 www.rdmcdowall.com 25

 Definition: Data
• Information derived or obtained from raw data (e.g. a
reported analytical result)
– This definition is wrong and confusing
– This is NOT data it is information!
– Inconsistent with MHRA’s own guidance (PPT) on OOS which talks
about results
• Expectation (ALCOA):
– A: attributable to the person generating the data
– L: legible and permanent
– C: contemporaneous
– O: original (or ‘true copy’)
– A - accurate
– Not good enough should include the four additional parameters of
ALCOA+!
– ALOCA+ must be applicable throughout analytical process
©R.D.McDowall Limited 2015 www.rdmcdowall.com 26
 Definition: Primary Record
• The record which takes primacy in cases where data
collected or retained concurrently by more than one
method fail to concur.
– Data – wrong term under MHRA
– In situations where the same information is recorded
concurrently by more than one system, the data owner should
define which system generates and retains the primary record,
in case of discrepancy.
– The ‘primary record’ attribute should be defined in the quality
system, and should not be changed on a case by case basis.
– Not a term in EU GMP
– When is a primary record NOT the original record?
– How do you get into a situation where Primary Record comes
into lay
©R.D.McDowall Limited 2015 www.rdmcdowall.com 27
 Definition: Original Record
• Original record: Data as the file or format in
which it was originally generated, preserving
the integrity (accuracy, completeness, content
and meaning) of the record, e.g. original paper
record of manual observation, or electronic raw
data file from a computerised system
– Original records must preserve the integrity
(accuracy, completeness, content and meaning) of
the record.
– Are these raw data?
©R.D.McDowall Limited 2015 www.rdmcdowall.com 28
 Definition: True Copy
• True Copy: An exact copy of an original record,
which may be retained in the same or different
format in which it was originally generated, e.g.
a paper copy of a paper record, an electronic
scan of a paper record, or a paper record of
electronically generated data
– Exact (true) copies of original records may be
retained in place of the original record (e.g. scan of
a paper record), provided that a documented
system is in place to verify and record the integrity
of the copy.

©R.D.McDowall Limited 2015 www.rdmcdowall.com 29

True Copies: Conversion to PDF or Paper?
• It is conceivable for raw data generated by electronic means to
be retained in an acceptable paper or pdf format.
– However, the data retention process must be shown to include
verified copies of all raw data, metadata, relevant audit trail and
result files, software / system configuration settings specific to each
analytical run*, and all data processing runs (including methods and
audit trails) necessary for reconstruction of a given raw data set.
– It would also require a documented means to verify that the printed
records were an accurate representation. This approach is likely to be
onerous in its administration to enable a GMP compliant record.
– * computerised system configuration settings should be defined,
tested and ‘locked’ as part of computer system validation. Only those
variable settings which relate to an analytical run would be
considered as electronic raw data.
• Don’t be stupid

©R.D.McDowall Limited 2015 www.rdmcdowall.com 30

 Where are the Data?
• MHRA document does not provide sufficient
information or figures to link the definitions
together
• Slides that follow are for:
– Manual observation to paper record e.g. colour or
odour test
– Printout from an analytical balance
– Chromatographic analysis with a CDS configured
for electronic working

©R.D.McDowall Limited 2015 www.rdmcdowall.com 31

 Where Are The Records?
Reportable
Sample Test Observation
Result

Individual Reportable
Printout Calculate
Results Result

Interpret / Individual Reportable

E-Record
Transform Results Result

For a Test with an Observation:

• Raw Data (also Original Record) = observation / written record
• Metadata = written information for the analysis
• Information = reportable result

©R.D.McDowall Limited 2015 www.rdmcdowall.com 32

 Where Are The Records?
Reportable
Sample Test Observation
Result

Individual Reportable
Printout Calculate
Results Result

Interpret / Individual Reportable

E-Record
Transform Results Result

For a Test with a Printout:

• Raw Data (also Original Record) = printout
• Metadata = written information for the analysis
• Further record generation = entry into Excel for calculations with e-record and
printout, that to generate individual results
• Information = reportable result

©R.D.McDowall Limited 2015 www.rdmcdowall.com 33

 Where Are The Records?
Reportable
Sample Test Observation
Result

Individual Reportable
Printout Calculate
Results Result

Interpret / Individual Reportable

E-Record
Transform Results Result

For a Test generating Electronic Records:

• Raw Data (also Original Record) = electronic records of the test
Plus either electronically signed records or signed paper printout
• Metadata = contextual data in the CDS system of the analysis
• Data and metadata of the transformed / interpreted data (manual integration,
calculations, dilutions etc) with associated electronic signatures within CDS
• Information = reportable result
©R.D.McDowall Limited 2015 www.rdmcdowall.com 34
 Initial Conclusions
• It is a good document but not that good
• Good:
– It exists and is risk based
– Explains data governance system in more detail than
web site
– Identifies responsibilities of data owners and senior
management
– Examples good e.g. problems with flat files and ways
to remediate, EBRS contemporaneous example for
batch records, reviews of audit trail documented

©R.D.McDowall Limited 2015 www.rdmcdowall.com 35

 Initial Conclusions
• It is a good document but not that good
• Bad:
– Fails in many definitions
e.g. Confuses data with information – wrong!
– Vague – shopping list of definitions which need linking
together: diagram to link concepts
– Revision of some terms to look at data and
information
– Section on design controls poorly written
– Congruence required with MHRA OOS guidance(s)
©R.D.McDowall Limited 2015 www.rdmcdowall.com 36