The integrity of data is fundamental to GMP and the requirements for good data management are embedded in the current Guides to GMP/ GDP for Medicinal products.
Classification of Deficiencies
Deficiencies relating to data integrity failure may have varying impact to product quality. Prevalence of the failure may also vary between the actions of a single employee to an endemic failure throughout the inspected organisation.
The PIC/S guidance on classification of deficiencies states:
“A critical deficiency is a practice or process that has produced, or leads to a significant risk of producing either a product which is harmful to the human or veterinary patient. A critical deficiency also occurs when it is observed that the manufacturer has engaged in fraud, misrepresentation or falsification of products or data”.
Notwithstanding the “critical” classification of deficiencies relating to fraud, misrepresentation or falsification, data integrity deficiencies can also relate to:
- Data integrity failure resulting from bad practice,
- Opportunity for failure due to absence of the required data control measures.
In these cases, it may be appropriate to assign classification of deficiencies by taking into account the following (indicative list only):
- Impact to product with actual or potential risk to patient health: Critical deficiency
- Impact to product with no risk to patient health: Major deficiency
- No impact to product; evidence of moderate failure: Major deficiency
- No impact to product; limited evidence of failure: Other deficiency
It is important to build an overall picture of the adequacy of the key elements (data governance process, design of systems to facilitate compliant data recording, use and verification of audit trails and IT user access etc.) to make a robust assessment as to whether there is a company-wide failure, or a deficiency of limited scope/ impact.
Individual circumstances (exacerbating/ mitigating factors) may also affect final classification or regulatory action.
Remediation Plan
Consideration should be primarily given to resolving the immediate issues identified and assessing the risks associated with the data integrity issues.
Responses from implicated manufacturers should include:
- A comprehensive investigation into the extent of the inaccuracies in data records and reporting
- CAPAs taken to address the data integrity vulnerabilities and timeframe for implementation and CAPAs effectiveness checks implemented
- Indicators of improvement e.g. Implementation of data integrity policies in line with the principles of this guide; Implementation of routine data verification practice
