Data Integrity Issues in Today’s Complex and Global Manufacturing Supply Chain Fran Zipp President and CEO Lachman Consultants November 8, 2017 ©2017 Lachman Consultant Services, Inc. All rights reserved. Legal Notice

The information displayed on these presentation slides is for the sole private use of the attendees of the seminar/training at which these slides were presented. Lachman Consultant Services, Inc. (“Lachman Consultants”) makes no representations or warranties of any kind, either express or implied, with respect to the contents and information presented. All original contents, as well as the compilation, collection, arrangement, and assembly of information provided on these presentation slides, including, but not limited to the analysis and examination of information herein, are the exclusive property of Lachman Consultants protected under copyright and other intellectual property laws. These presentation slides may not be displayed, distributed, reproduced, modified, transmitted, used or reused, without the express written permission of Lachman Consultants. Data Integrity is More Important Than Ever in Current Political Climate • Trump administration strongly favors decreased oversight and regulation • Manufacturers must still develop safe and effective drugs • Pharmaceutical companies need to demonstrate value of new drug to payers to ensure reimbursement and marketability of drugs • Patients and Payers need to be able to trust data across entire lifecycle • Highest levels of data integrity will be needed if some regulatory checks and balances are removed Complexity of supply chain for pharmaceutical products

Godwin, F., “CDER Regulatory Perspective on Compliance and Enforcement Trends”, presented at the 2017 PDA/FDA Joint Regulatory Conference, September 12, 2017 Data integrity overview

• Data Integrity: “The extent to which all Data are complete, consistent and accurate throughout the Data Lifecycle.”

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015 • Data Lifecycle •Data Creation (including metadata) •Data Processing (objective, handling failures) •Data Review (source data, re-processing) •Data Reporting () •Data Retention (back-up, archiving) Data integrity is nothing new: Principles from Paper and Ink Era Still Apply • §211.68 requires that backup data are exact and complete, and secure from alteration, inadvertent erasures, or loss; • §212.11(b) requires that data be stored to prevent deterioration or loss; • §§211.100 and 211.160 require that certain activities be documented at the time of performance and that laboratory controls be scientifically sound; • §211.180 requires true copies or other accurate reproductions of the original records; and • §§§211.188, 211.194, and 212.60(g) require complete information, complete data derived from all tests, complete record of all data, and complete records of all tests performed Where Have DI Concerns Been Found?

Essentially all GMP environments: • Quality Assurance • Quality Control Testing Labs • Stability Testing Labs • Validations • Manufacturing and Packaging • Development Labs • Maintenance and Engineering Functions

Data integrity issues are not just found in “release testing” Why Are We Talking About DI?

• GxP Data integrity is critical to patient safety, regulatory compliance and business success. • Data is the basis of regulatory filing approval. • Recent inspections by FDA, MHRA, EMA and other global authorities have highlighted a continuing concern throughout industry. Regulatory Requirements for DI Across Lifecycle • Instruments must be qualified and fit for purpose [§211.160(b), §211.63] • Software must be validated [§211.63] • Any calculations used must be verified [§211.68(b)] • Data generated in an analysis must be backed up [§211.68(b)] • Reagents and reference solutions are prepared correctly with appropriate records [§211.194(c)] • Methods used must be documented and approved [§211.160(a)] • Methods must be verified under actual conditions of use [§211.194(a)(2)] • Data generated and transformed must meet the criterion of scientific soundness [§211.160(a)] • Test data must be accurate and complete and follow procedures [§211.194(a)] • Data and the reportable value must be checked by a second individual to ensure accuracy, completeness and conformance with procedures [§211.194(a)(8)] Regulatory Requirements for DI Across Lifecycle (Cont’d)

• 211.194(a)(4) for complete data: A complete record of all data secured in the course of each test, including all graphs, charts, and spectra from laboratory instrumentation… • ICH E6 (R2) Good Clinical Practices Section 5.18.1 (b): The reported trial data are accurate, complete, and verifiable from source documents. • 21 CFR 58.130 (e): All data generated during the conduct of a nonclinical laboratory study, except those that are generated by automated data collection systems, shall be recorded directly, promptly, and legibly in ink. ···· Any change in entries shall be made so as not to obscure the original entry, shall indicate the reason for such change, and shall be dated and signed or identified at the time of the change. Any change in automated data entries shall be made so as not to obscure the original entry, shall indicate the reason for change, shall be dated, and the responsible individual shall be identified. • Data generated following the applicable GxP requirements to assure the reliability of data, records and documentation What Erodes Data Integrity

• Human Elements •Data Entry Error – “watch out” for human links between different electronic systems •Training (not being aware or ignorance of regulatory implications) •Willful (intent to deceive) • Systems inappropriately configured and/or qualified • Failure of Systems (Hardware/Software malfunction) • GxP non-compliance •Procedures not aligned with GxP requirements •Not executing against procedures •Inadequate Good Documentation Practices Challenges To Data Integrity

• Poor Documentation Practices •Electronic Data not saved or retrievable. •All Data related to testing/study not recorded. • Trails, either paper or electronic, do not allow for the reconstruction of events.

• Data Review/Study Oversight •Lack of thorough Data Review/Study Oversight •Lack of an effective QA Surveillance .

• Poor Systems •Equipment, Computerized Systems, Reference Standards, Test Methods and Facilities are not qualified with Data Integrity as a user requirement Fraud or cGMP Violations

• Fraud violations are criminal offenses • cGMP violations are civil offenses • Examples of Fraud: •Deliberate reporting of false or misleading data •Misrepresentation •Falsification of records •Destruction of records to obstruct investigations •Conspiracy •Selective Reporting –withholding of reportable records Fraud or cGMP Violations (Cont’d)

• Fraud - The Big Three: Altered Data Overwriting of data in chromatography data systems Manipulation of integrations to achieve a passing result Omitted Data Selective reporting of data for release decisions Undocumented Sample Trial Injections Manufactured Data Creation of replacement or “dummy” weight tapes

• Consider the above in a context of a DI risk assessment Fraud or cGMP Violations (Cont’d)

Further Examples of Fraud

• Inappropriate Chromatogram reintegration to exclude impurity peaks. • Invalidation of data based on system suitability failure, which was inappropriately integrated. • Falsified Clinical Study Eligibility Information • Switching/misrepresenting clinical test samples. Causes of Data Integrity Issues

• DI issues are not necessarily the result of willful malpractice, but are often caused by insufficiently controlled processes, poor documentation practices, suboptimal quality oversight and, often enough, professional ignorance. Relevant Learnings from Application Integrity Policy (AIP)

• Very difficult to distinguish between “sloppy” recordkeeping versus intent to misrepresent (fraud). The AIP makes no distinction. • Detection of “fraud” takes special techniques and time, especially where sophisticated schemes are used. Informants often are key. • Assessment of data integrity requires specialized inspection/audits that focus on risk-factors using auditors trained in forensic examination. • Laboratory instruments that generate and store chromatographic data have proven to be “gold mines”. • Aggressive techniques are key to success. Relevant Learnings from Application Integrity Policy (AIP) (Cont’d)

• Data integrity problems are often found where: • There is a fundamental lack of GMP knowledge and understanding of current regulatory expectations. • Management behavior demonstrates disinterest in compliance and discourages the reporting of problems. • There is a culture of not reporting problems and “shooting the messenger”. • “Work-arounds” are used instead of continuous improvement. • QA oversight does not exist, is limited, or ineffective, especially over laboratory operations. • Part 11 controls do not exist, are inadequate, or not followed. Historical examples of data integrity issues in drug development: Notable Historic Examples • Investigation began as a result of a publication on Flagyl by a pathologist in the Journal of the National Cancer Institute • Had been regarded as safe by FDA based on tests by contract laboratory • Investigations of contract laboratory revealed poorly conceived and carelessly executed experiments, lack of supervision and training of personnel, and inadequate record keeping = major Data Integrity issues

Lyons, R.D., “F.D.A. Broadens Inquiry on Testing of New Drugs”, New York Times, November 17, 1976 Historical examples of data integrity issues in drug development: Notable Historic Examples (Cont’d) • Toxicology laboratory which operated the largest facility of its kind in 1950s-1970s. • Performed more than 1/3 of all toxicology testing in the US. • Laboratory was inspected by FDA in 1976 after whistleblower from client company reported that data was “too perfect.” • Laboratory criminally implicated in 1977 for producing fraudulent studies on widely used household and industrial products. • In 1983, EPA reported that only 16 percent of the laboratory’s testing results were valid. • Good Laboratory Practice regulations (21 CFR Part 58) promulgated as a result. “3-EX OFFICIALS OF MAJOR LABORATORY CONVICTED OF FALSIFYING DRUG TESTS”, New York Times, October 22, 1983 . Data Integrity Across Product Lifecycle: R&D

• Most cost effective to predict what targets have the greatest potential to reach market. • Costs $2.6B and takes well over a decade to develop an innovative drug. • Attrition is estimated at 80-90% of potential targets. • Attempts to reduce late stage attrition focuses on target promiscuity and compound promiscuity, as well as, all of the interactions. • Important to have accurate information that is accessible to all within development groups.

DiMasi, J.A., Grabowski, H.G. and Hansen, R.W., “Innovation in the : New Estimates of R&D Costs”, Journal of Health Economics, May 2016, 47, 20–33. Data Integrity Across Product Lifecycle: R&D (Cont’d) • R&D is done differently now than in the past • Companies collaborate with academia in private and public consortia • Companies often outsource many aspects of development, particularly in generic space • Collaboration is not without challenges • With each player involved in the R&D process, pharma companies have to manage data sets housed externally • Ultimately, firm that markets NDA/ANDA is going to be responsible for actions of all collaborators

Palgon, G. “The Pharmaceutical R&D Process and the Inherent Data Challenges”, Liaison blog, April 7, 2017, https://www.liaison.com/blog/2017/04/07/pharmaceutical-rd- process-inherent-data-challenges/ Data Integrity at Clinical Stage CPG 7348.001, In Vivo Bioequivalence Three objectives • To verify the quality and integrity of scientific data from BE studies submitted to CDER; • To ensure that the rights and welfare of human subjects participating in drug testing are protected; • To ensure compliance with the regulations (21CFR 312, 320, 50, and 56) and promptly follow up on significant problems, such as research misconduct or fraud

Food and Drug Administration, Compliance Program Guidance Manual 7348.001, “In Vivo Bioequivalence”, date of issuance March 27, 2000, https://www.fda.gov/downloads/ICECI/EnforcementActions/BioresearchMonitoring/ucm133760.pdf Compromised Data Integrity in Clinical Investigations – 3 Major Categories • Altered Data • Overwriting of electronic data • Manipulation of integrations to achieve passing result • Omitted Data • Selective reporting of data • Undocumented sample “trial” injections • Manufactured Data • Creation of replacement or “dummy” ECG test results • Copying an existing injection sequence, then changing the name of the sequence and the name of the injections along with the integration of the peaks Quality Culture and Its Impact on Data Integrity

• Right Mindset … for the Right Reasons • Knowing the “right thing” to do … and to do it. • Environment that fosters consistent, proper execution • Forthright identification and resolution of problems based on root cause and sustainability • Living the proactive, continuous improvement philosophy • Company enabled and nurtured Quality Culture and Its Impact on Data Integrity (Cont’d) • Need to hire the right people who can ensure that controls are in place • Do not just buy new IT systems • Ensure that there is an appropriate amount of mid-level or front line managers • Ensure that there are no shared passwords to ensure appropriate audit trails Questions to Consider

• Are your systems designed with Data Integrity as the primary goal? • Would Data Integrity or GMP issues with the potential to impact Data Integrity go unnoticed? • Ability to prove such issues did not result in a Data Integrity incident. • Is all testing accounted for? (Trial Injections)

Personnel aware of the criticality of Data Integrity? THANK YOU FOR ATTENDING!

Frances Zipp, President and CEO Lachman Consultant Services, Inc. 1600 Stewart Avenue, Suite 604 Westbury, NY 11590 516-222-6222