Data Integrity and New

Expectations
David Keen
The opinions expressed in this presentation and on the
following slides are solely those of the presenter and not
necessarily those of GSK. GSK does not guarantee the
accuracy or reliability of the information provided herein.”

2
Intoductions

• What is Data Integrity?

– ALCOA

• DI in the Microbiology Laboratory

• How to manage DI risk in the laboratory and in production

• Regulators and DI
What is Data Integrity?

• Data Integrity is the generation and control of data

associated with ensuring product quality and patient safety.

• If this data is suspect or compromised, then here is a risk to

patient safety or product quality.

• DI is not a new topic.

– The control of data is an essential part of GMP. However…..

• There have been a number of recent regulatory findings

where the integrity of this data has been found to be
suspect.
– This makes DI a Hot Topic (not a new topic)

Presentation title in footer 00 Month 0000 4

What is Data Integrity?

• So why is there a focus on DI?

– Manipulation of chromatograms for APIs by Chinese Suppliers
– Test runs and testing into compliance in many companies
– Evidence of falsified EM data in Microbiology labs
– A change in the understanding of what constitutes raw data

Presentation title in footer 00 Month 0000 5

What is Data Integrity?

• There is an increased trend in regulatory findings associated

with DI issues.
– This has led to the cessation of new product filings and import bans.
– Regulatory agencies are not relying on inspection alone, the sharing of data
between agencies and governments (MOU) can lead to the above.

• DI can mean many things to many people.

• Any unintended change (loss) to data as the result of a

storage, retrieval or processing operation is a failure of DI.
– Malicious intent
– Hardware failure
– Human Error

Presentation title in footer 00 Month 0000 6

What is Data Integrity?

• Breaches of Data Integrity can be divided into two basic

categories.
– Malicious
• Deliberate falsification of results and manipulation of data
• Red flag leading to significant regulatory sanction.

– Unintentional
• Human error
• Lack of understanding
• Old data handling systems
• High levels of manual intervention

Presentation title in footer 00 Month 0000 7

Data Integrity and ALCOA (+)

• ATTRIBUTABLE – Identifies the person generating the data

• LEGIBLE - Clear and understood, permanent

• CONTEMPORANEOUS – recorded in real time

• ORIGINAL – Primary or source data, raw data, not a copy,

not manipulated or edited

• ACCURATE – Free from error, truthful, not falsified

+ Complete, Consistent and Enduring

ALCOA started of as FDA guidance and the acronym has been around since
the 1990’s. This is not new!
Presentation title in footer 00 Month 0000 8
Data Integrity in the Microbiology Laboratory

• There is a significant difference the level of control and

automation between microbiology and chemistry
laboratories.
– High levels of manual data manipulation
– Humans perform a high number of actions
– Humans perform a high degree of unaided raw data interpretation

• This increases the likelihood of error occurring.

• The level of detection of an error is also low (Humans

checking Humans)

Presentation title in footer 00 Month 0000 9

Data Integrity in the Microbiology Laboratory

• Control of microbiological growth media.

– For microbiologists to analyse data, you have to find and grow the bugs so a
human can see them.
– Over 90% of microbes do not grow on standard growth medias used in the
Pharmaceutical industry.
– If your in-use growth media has been incorrectly manufactured, stored or
handled, then it may not be able to grow that remaining 10% of microbes.
– This could lead to a false negative rather than a low count.

– You need to have rigid, well understood controls for managing your microbial
growth media.
– Examples of poor media control include fantastic purified water samples,
Grade C EM data

Presentation title in footer 00 Month 0000 10

Data Integrity in the Microbiology Laboratory

• What about the microbiologists….they appear human?

• Humans make errors.

• Simple counting errors

– Undercounting and overcounting.
– Be suspicious of counts that are always just under the limit…..is that the
case, or is it paperwork avoidance?

• Use of the human eye for microbial checks.

– The Gram Stain, simple API id results, require checks for colour change or
turbidity.
– How do you define a colour change or turbidity?

Presentation title in footer 00 Month 0000 11

A Worked Example – Environmental monitoring

• Simple scenario that could go wrong

– However it is easily preventable with a little bit of understanding.

– An Environmental monitoring contact plate from a Grade C area has growth

on it.

Presentation title in footer 00 Month 0000 12

EM as a worked example

• How do you trust the result?

– Growth promotion challenge of the media
• Will it grow the bugs?
– Storage of the media
• Will it grow the bugs, will it last the incubation period (dehydration)
– Operator monitoring technique, time, method, disinfection
• Air bubbles, contact time, malicious intent
– Surface disinfectant inhibition
• Correct media for the job
– Incubation
• Correct temperature and time, alarms, time taken to get into an incubator (round
numbers)
– Colony counting
• How? What is a colony? What is the limit?
– Identification
• How, choice of it tool? Colour/turbidity check

00 Month 0000 13
Human Variation as an example

• Colony counting
– Shape
• Spreaders
• TNTC
– Method
• Lighting levels
• Magnification
– Second checking
• When?
• Who?
• Discard process?
• Reporting process – second person verification at the right time?

• Any ambiguity in a system could lead to a DI issue.

Presentation title in footer 00 Month 0000 14

API Id Strip Example

• API test well results are determined by eye.

• What is positive and what is negative?
– 1.
– 2.
– This strip selects for Gram negative bacteria.
– Reading these wells make the difference between
finding E.coli and Salmonella vs Proteus.

Presentation title in footer 00 Month 0000 15

Manual vs Electronic

• So far we have mainly covered manual data collection and

interpretation.
– The control of human error
– Micro data is fluid, it grows, it expires, it is a biohazard.

• Microbiology is not that backward, we do have some

modern technology
– Identification systems
– Endotoxin detection
– Environmental Monitoring systems
– Autoclaves etc

– What can go wrong here and cause a DI issue?

Presentation title in footer 00 Month 0000 16

Electronic DI

• Paper vs Electronic Data

• With paper, what you see is what you get. You can see
errors, you can see all the data….
– Can you spot missing data? Altered data?

• With electronic systems you cannot readily see all the data.
– Metadata
– Audit trails
– Raw data vs manipulated data (graphs)

– Electronic data is often approved with out viewing all the data.
– How do you spot a DI breach here?

Presentation title in footer 00 Month 0000 17

Electronic DI

• Understand who can alter your electronic data

– Administrator access
• Who, how many?
– Shared password/log-in access
• Why? How do you demonstrate who did what?
– What edit functions are enable or disabled
• Making data vanish
• Making data represent a different test
– How independent is an administrator?
– Aborted runs with no explanation
• Is this testing into spec?
– Understanding what raw data is used to present final results and what is
not….why?

Presentation title in footer 00 Month 0000 18

DI Summary

• Is your process managed in a repeatable way to eliminate

operator variation?

• Are you aware of operator bias? Can poor data be ignored?

• Is you data secure or can it be altered without an obvious

trail?

• What data is verified by a second check? How reliable is

that second check?

• What are you approving and checking on an electronic

record?

Presentation title in footer 00 Month 0000 19

DI and the regulators

• MHRA (UK) states;

– The control of your Data should address ownership of data throughout
lifecycle
– Data governance should include staff training on DI principles
– A working environment that encourages an open reporting culture for errors,
omissions and aberrant results is required
– Senior management is responsible for the implementation of systems and
procedures to minimise the potential risk to data integrity.

– MHRA is now asking companies to provide their DI control plans and are
being inspected to them.

Presentation title in footer 00 Month 0000 20

DI and the regulators

• EMA/TGA are requesting ‘guest access’ to interrogate

systems e.g. Vitek 2, HPLC/GC

• Inspectors are being trained on how to access audit trails on

your equipment. Do you know how to do this?

• Inspectors verifying raw data on instruments for

NDA/IND/BLA submissions

Presentation title in footer 00 Month 0000 21

DI and the Regulators

• FDA are now arriving at some sites and starting in the

Microbiology lab and start counting colonies and compare
with your results

• FDA can immediately tour the facility and photograph

computer screens showing data folders/files and then
compare to your results

• FDA are now conducting un-announced inspections outside

of USA based on concerns over DI (remember the MOU
process)

Presentation title in footer 00 Month 0000 22

Thank you

• Any Questions?