WHITE PAPER www.vaisala.com

Managing GxP Environmental Systems to Ensure Data Integrity

In this paper, we provide some history of data management for life science systems and an overview of new regulatory expectations, including changes to guidance. We then offer eight recommendations for establishing and maintaining good practices for data integrity.

More than Bytes and control strategies available Thanks to the publication of and Signatures for compliant data management, enforcement actions such as GMP pharmaceutical companies can find non-compliance reports, warning As efforts to ensure the quality and change hard to achieve, both in terms letters, import alerts, and notices, it’s safety of drugs increase, so does the of updating systems and behavior. evident that regulators are targeting amount of data generated by those data integrity failures during efforts. As a result, global regulatory inspections. Subsequent enforcement scrutiny over the last few years has Enforcement Action actions have led to the withdrawal turned to providing guidance on on Data of supply across multiple markets, preserving data quality. Throughout product recalls, consent decrees and Data integrity requirements have the life science industries — reputational damage for the firms been addressed in the FDA’s Title pharmaceutical research, involved. With increased targeting 21 CFR Part 11 and the EU's GMP manufacturing, medical devices of data integrity from regulators, it is Eudralex Volume 4, Chapter 4 and and biotechnology — guidance and now crucial that everyone involved in Annex 11. This is so far unchanged. regulatory enforcement strategies GxP-regulated activities understand However, with increasing automation are being re-evaluated with a focus correct data management practices. based on computerized systems, as on data integrity. With increasing well as the globalization of operations awareness among inspectorates of and the increasing cost of bringing problems inherent to data collection products to market, new guidance and storage, there comes increased was needed to clarify regulatory awareness of gaps between industry expectations around the creation, practice and existing technology. handling and storage of data. Although there are solutions Principles and Practice The acronym ALCOA is used by the FDA, MHRA, and the World Health Organization to outline expectations on records, including paper-based, Data integrity means that all data electronic, and hybrid (systems that use both paper and electronic records). collected and stored must be correct, ALCOA is a useful guide to remembering key points of data management for GxP traceable and reliable. In the UK the compliance. ALCOA means: Medicines and Healthcare products Regulatory Agency (MHRA) defined data integrity in their 2015 document: “MHRA GMP Data Integrity Definitions A = Attributable to the person generating the data and Guidance for Industry” as the L = Legible and permanent extent to which all collected data are = Contemporaneously recorded “complete, consistent and accurate C throughout the data lifecycle.” O = Original or a true copy A = Accurate For their 2016 draft guidance for industry “Data Integrity and Compliance with CGMP” the FDA The WHO added some extra definitions to ALCOA in their document “WHO defines it as: “…the completeness, Technical Report Series 996 Annex 5*, Guidance on good data and record consistency, and accuracy of data. management practices” expanding the acronym to ALCOA+. In addition to Complete, consistent, and accurate original emphasis of ALCOA principles, the “+” includes the attributes of being data should be attributable, legible, complete, consistent, enduring and available. contemporaneously recorded, original or a true copy, and accurate (ALCOA).” Thus, ALCOA+ is now the goal for every piece of information that can impact the purity, efficacy and safety of products, and the standard by which data will Full documents: MHRA GMP Data Integrity be evaluated. In practice it means that companies must maintain control over Definitions and Guidance for Industry* and intentional and unintentional changes to data, including the prevention of data Data Integrity and Compliance with CGMP* loss or corruption.

Data Management However, a review of enforcement actions proves that many companies are Challenges misinterpreting guidance. Other industry stakeholders try to help with more explicative documents. For instance, the European Compliance Academy (ECA) Regardless of the methods of published an article specifying data integrity failures that caused one German gathering and storing data — manual, company to receive an FDA Warning Letter. Observations included: automatic or a combination — there ▪ Failure to exercise sufficient controls over computerized systems to prevent are opportunities for failure. Manual unauthorized access or changes to data, and to provide controls to prevent processes entail obvious points omission of data. of possible failure: operators can The computerized system lacked access controls and audit trail capabilities. forget to record information, record ▪ incorrect values, lose records, or ▪ All employees had administrator rights and shared one user name. even intentionally falsify data. The ▪ Electronic data could have been manipulated or deleted without traceability. risks with computerized systems ▪ Raw data were copied to a CD and then deleted from the hard drive. Data are more technical. For both copied were selected manually without assurance that all raw data was copied manual and automated methods, before being permanently deleted. regulatory agencies have described the regulatory expectations in their Each of these deviations could have been addressed by systems and methods guidelines and draft documents. including: ▪ Unique usernames and passwords Full document: WHO Technical Report ▪ An inerasable audit trail or event log Series 996 Annex 5, Guidance on good data and record management practices* ▪ Separate administrator and user access rights ▪ Good standard operating procedures (SOPs) Oversight and regular review of processes * See references at the end of this paper for links to sources. ▪ From Principles to Practicable There are seven functions and knowledge areas touched upon consistently in regulations and guidance on data integrity. Here we review these key areas, focusing on how they are applied to environmental monitoring applications.

Quality Risk Management1 Personnel2 Documentation ▪ Understand the potential ▪ Document and communicate ▪ Implement Good impact of all data on product roles and responsibilities. documentation practice quality and patient safety. ▪ Provide technical support for (GdocP) in all written ▪ Understand the basic systems administration. documents and SOPs. technologies used in your ▪ Assign responsibility for data ▪ Refer to relevant regulations data processes, and their throughout its entire lifecycle. when creating and reviewing inherent limitations. documents. For example, ▪ Encourage a workplace culture CFR Title 21, Part 211 “Current ▪ Implement systems that that supports issue reporting. provide an acceptable state Good Manufacturing of control that is matched to ▪ Implement systems that Practice for Finished process criticality and risks. can identify and minimize Pharmaceuticals” Subpart J - potential risks. Records and Reports. ▪ Identify and document points of risk for unauthorized ▪ Create behavioral controls for deletion or amendment, as well personnel, procedural controls as opportunities for detection for processes, and technical Data Life Cycle through routine reviews. controls for technologies. Implement change Schedule and perform Reward proper conduct and ▪ ▪ ▪ management and control of periodic risk assessments. analyze the root causes of compliance failures in order to incidents and deviations. Provide training to ensure you ▪ fix them systemically. Ensure corrective and are using existing technologies ▪ preventive action (CAPA) to their full potential. ▪ Authorize individuals and grant appropriate privileges processes and procedures are for each system. in place.

Audits & Internal Inspections3 Training Vendors/Providers ▪ Create detailed review ▪ Provide regular training, and ▪ Ensure providers have qualified processes for inspection document training completion and trained personnel. including personnel identities findings, non-compliance Review providers’ quality and dates. ▪ reports, and Warning Letters. management systems. Ensure training is matched ▪ Perform routine in-house data ▪ Note compliance to standards to different roles involved ▪ audits, including: audit trails, such as ISO 9001, or ISO 17025. raw data and metadata, and with data, including quality original records. assurance, quality control, ▪ Perform regular checks production and management. of providers’ systems ▪ Schedule regular spot-checks and services; audit where Store training documentation of system user access rights. ▪ necessary and/or allowable. where it is quickly retrievable Report audit results to senior ▪ by those involved with Review contracts, technical management and other ▪ regulatory and 3rd party agreements, quality relevant stakeholders. inspections. agreements.

1 A key document in this area is ICH Q9. This guideline from the ICH Expert Working Group provides a methodology for a risk-based approach to data management, including recommendations. See references at the end of this paper for links to sources. 2 Personnel management directs and controls how companies function to achieve business goals. Focusing on personnel ensures that resources are allocated to the functions that support recommended practices and promotes accountability among all levels of management and staff. 3 For the recommendation to review original records an example is germane. If a hybrid system is in use (both paper and electronic data are generated), the original data should also be checked routinely in addition to trend data, reported documents, or PDF files. Data Management Tools: Eight Ways to Ensure Data Integrity The following recommendations give an overview of how to maintain data integrity for computerized systems.

Perform Risk-based Validation Audit your Audit Trails Plan for Business Continuity ▪ Validate only systems that are ▪ An audit trail must be an ▪ Ensure disaster recovery part of GxP-compliance. Ensure inerasable record of all data in a planning is in place. protocols address data quality system, including any changes Your plan should state how and reliability. that have been made to a ▪ quickly functions can be database or file. To be useful In some cases it’s cost-effective restored, as well as the probable ▪ in GxP compliance an audit to have the system vendor impact of any data lost. trail must answer: Who? What? perform qualification and When? And Why? Look for software and systems validation of the systems. To ▪ that can record and store help decide between in-house Define the data relevant to GxP ▪ data redundantly to protect or purchased validation service, and ensure it’s included in an it during power outages or use the ISPE’s GAMP5 (Good audit trail. network downtime. Automated Manufacturing Assign roles and schedules Practice) categorizations ▪ Employ solutions such as UPS for testing the audit trail ▪ to determine the validation (Uninterrupted Power Source), functionality. complexity of your system. battery-powered, standalone The depth of an audit trail recorders or devices that can Account for all electronic data ▪ ▪ review should be based on the switch to an alternate power storage locations, including complexity of the system and source when required. E.g. printouts and PDF reports its intended use. data loggers that can also be during validation. battery powered. Understand what audit trails Ensure your quality management ▪ ▪ comprise: discrete event logs, system defines the frequency, history files, database queries, roles and responsibilities in reports or other mechanisms system validation. that display events related to Be Accurate ▪ Your validation master plan must the system, electronic records ▪ Verify system inputs. For outline the approach you will use or raw data contained within example, an environmental to review meangingful metadata, the record. monitoring system requires including audit trails, etc. regularly calibrated sensors. ▪ Schedule periodic re-evaluations For networked systems, test after your initial validation. ▪ Change Control that data are coming from the right location. ▪ Ensure system software ▪ Select systems that provide updates are designed to comply alarm messages in case of Select Appropriate System with changing regulations, communication failure, device and Service Providers especially when implementing problems, or data tampering. new features. ▪ Ensure your providers are fluent ▪ Collaborate with providers to with the relevant regulations.* stay informed about changes and Archive Regularly ▪ Systems must be fit-for- update your systems accordingly. purpose. Get proof of a ▪ Select systems that are easy to ▪ Backup and save electronic software’s efficacy for the update upon the addition of new data on a pre-set schedule and application it will be used in. hardware or other system inputs. to a secure location, including ▪ Learn about your suppliers’ metadata. organizational culture and ▪ Verify the retrieval of all of data maturity relating to data during internal audits. management. Ask them what Qualify IT & Validate Systems systems are in place to ensure ▪ Electronic archives should data integrity and audit those ▪ Validated systems require an be validated, secured and systems if possible. IT environment that has been maintained in a state of control fully qualified. throughout the data life cycle.

* See EU GMP EudraLex Annex 15: “Where validation protocols and other documentation are supplied by a third party providing validation services, appropriate personnel at the manufacturing site should confirm suitability and compliance with internal procedures before approval.” viewLinc & VaiNet Features ▪ Access to the system is controlled by individual login IDs, user names and passwords. Event Details ▪ User-specific rights and access control permissions create different authority levels, fulfilling the regulatory requirement for segregation of duties. ▪ viewLinc includes device checks to guarantee the origin of the Add Comment data and validation alarms to guarantee the validity of data. ▪ Only viewLinc, not users, can create data records, and these viewLinc shows all events within the system, including: threshold and device are uneditable and inerasable. alarms, messages sent (Emails or SMS), User login/out, automated report ▪ Acquisition, changes, generation, devices added, and more… modifications, and deletion of data are recorded by an audit trail shown in viewLinc’s “Event” view. Data Integrity in Environmental Monitoring ▪ Calibration data is stored As a manufacturer of environmental measurement and monitoring systems, Vaisala in each device, and in the is invested in understanding the relationship between computerized systems, software, ensuring accuracy network functionality, device efficacy and data integrity. Over the past decade we’ve specifications of devices are also tracked. continuously developed our monitoring system software with the goal of ensuring data integrity. Here we outline several features of viewLinc that guarantee reliable, ▪ Reports are created in secured complete and accurate data. PDF files that cannot be modified. ▪ All graphs, system reports New Generation, Same Data Integrity and environmental reports Vaisala’s proprietary VaiNet wireless technology* is a recent addition to the are easy to read, fulfilling the requirement of human readable viewLinc system and includes all of Vaisala’s current data loggers’ security features, copies of data. which are designed for GxP-regulated applications. However, the VaiNet technology assures secure connectivity between loggers and access points with a specially ▪ All measurements are synchronized against the licensed ISM (Industrial, Scientific and Medical) protocol. With radio band variants system’s server clock so it’s of 868 MHz and 915 MHz depending on global location, VaiNet allows monitoring easy to compare data sets. devices to transmit independently of over-crowded Wi-Fi networks. Vaisala licensed Semtech’s LoRa™ (Long Range) modulation technique to create a device that ▪ The viewLinc software can be used in multiple time operates wirelessly with wired-equivalent data recording. VaiNet uses a modulated zones simultaneously without version of CSS technology (Chirp Spread Spectrum) to achieve ranges 100 meters or compromising the data because more in typical warehouses based on wideband, noise-like signals that are highly all records are based on UTC reliable, yet require less power for data transmission. (Coordinated Universal Time). ▪ Thorough system The result is a long-range signal that is readable only by Vaisala devices within a documentation helps with VaiNet network. Two additional security features further enhance data integrity: qualification, validation data encryption and data authentication. Data encryption means that specific code and future usage of the is required to read and understand transmitted information. In VaiNet, the original system (User Requirement Specification, Functional data is transmitted between data loggers and the network access point (VaiNet AP) Specification, Traceability Matrix, and cannot be intercepted by a non-VaiNet device. Data loggers encrypt the data Risk Assessment, validation before transmission, and only the access point can decrypt this data. Encryption documentation and reports). is performed with proven AES-128 technology (AES = Advanced Encryption ▪ Metadata is easy to find and Standard) and data authentication uses CMAC technology (Cipher-based Message provides contextual information Authentication Code). Authentication ensures that data is coming from the correct on all data. source and the origin of the sent message is always identified and tracked.

* See Application Note and webinar Conclusion References and Further Reading By implementing correct data ▪ EU GMP EudraLex Volume 4, Annex 11: Computerized Systems (2011) management practices that EU GMP EudraLex Volume 4, Annex 15: Qualification and Validation (2015) include behavioral, procedural and ▪ technological controls, the risks of ▪ EU GMP Eudralex Volume 4, Chapter 4. Documentation (2011) flawed, incomplete or erroneous data European Compliance Academy (ECA), GMP News 22/06/2016, German are mitigated. For many viewLinc ▪ Company receives FDA Warning Letter for Data Integrity Issues users in GxP-regulated applications there are common scenarios that ▪ FDA 21 CFR Part 11, Electronic records, electronic signatures (1997) entail expensive risks. An undetected FDA Draft Guidance, Data Integrity and Compliance with CGMP, Guidance for compressor failure overnight or ▪ Industry (April 2016) on a weekend could destroy the entire contents of a fridge or freezer. ▪ ICH Q9, ICH Harmonized Tripartite Guideline, Quality Risk Management, These chambers may be storing 9 November 2005 irreplaceable samples from research ISPE GAMP 5. A Risk-Based Approach to Compliant Computerized Systems (2008) in a crucial stage of development. ▪ With an automated monitoring system ▪ MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015 in place, the assets are safeguarded. MHRA GxP Data Integrity Definitions and Guidance for Industry, Draft Even when equipment failure is not ▪ version for consultation, July 2016 immediately catastrophic, accurate and reliable data sent in an alert ▪ PIC/S, Draft Guidance, PI 041-1 (Draft 2), Good Practices for Data Management through email or SMS will indicate and Integrity in Regulated GMP/GDP Environments. 10 August 2016 that a problem is imminent. ▪ WHO Technical Report Series 996 Annex 5, Guidance on good data and record management practices (May 2016) Data integrity is about more than compliance with regulations; it’s about protecting life-saving To learn more about data integrity in your controlled environments, research and products for human use. In GxP applications, data often see our webinar on this topic: represents significant investments in Vaisala.com/webinar-central/data-integrity-for-pharma development, clinical trials, donated tissue, and the hopes of patients for a new therapy or drug. The data represent assets that require About the Author: Piritta Maunu brings many fail-safe, trustworthy systems and practices that ensure patient safety. years in biotechnology to her role as a Life The devices, software, infrastructure, Science Industry Expert in Vaisala. She has processes and operating procedures worked in quality management, R&D and GMP must all be aligned to ensure that data production. Piritta holds a M.Sc. in Cell Biology are complete, consistent, accurate, and is an instructor of General Biology. and exemplifying the characteristics of ALCOA+.

Ref. B211613EN-A ©Vaisala 2017 Please contact us at This material is subject to copyright protection, with all copyrights retained by Vaisala and its individual partners. All rights reserved. www.vaisala.com/requestinfo Any logos and/or product names are trademarks of Vaisala or its individual partners. The reproduction, transfer, distribution or storage of information contained in this brochure in any form without the prior written consent of Vaisala is strictly prohibited. Scan the code for All specifications — technical included — are subject to change www.vaisala.com more information without notice.