Accessibility Links

The New FDA Guidelines On CGMP Data Integrity

Written by: Bethan Williams
Date: 18 May 2016

Are you ready for the new FDA guidelines?

When an FDA audit team comes to check on your data, are you confident you can show compliance with the relevant Current Good Manufacturing Practice (CGMP) regulations? Until recently, some of the FDA’s policies on CGMP had grey areas, allowing room for debate with the inspectors. Revised guidelines are clearer but this only increases the likelihood of penalties for non-compliance.

New FDA guidelines on data integrity state that “data integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate.”

What does this mean for the pharmaceutical industry and its data professionals

The context: instances of non-compliance

The amended guidelines, Data Integrity and Compliance with CGMP, have not come out of the blue. Back in 2009 the FDA faced a legal challenge by dietary supplement manufacturers, claiming its policies were too vague and violated their right to due process. The claim was rejected, but the question of clarity had been raised publicly.

There have also been a rising number of failed FDA audits of manufacturers around the world, including European countries such as the Czech Republic and Italy. In China, the FDA found instances where sample raw data had been deleted in an attempt to conceal it from the authorities. In India, more than 15 companies have been warned about data credibility in the last three years alone. Examples included overwriting or permanently deleting data.

The FDA’s new regime is aimed at providing clarity in what companies should be doing, but also no room for excuses if data integrity falls short of the required standard. In a globalised market, it enforces stricter rules on suppliers who used to be able to plead ignorance to the finer detail of FDA policy. From now on, companies will have to be able to show they have the right controls and oversight in place, or risk losing revenue.

The format of the guidelines

The draft guidelines are written in plain English, to reduce loopholes or misinterpretation among those countries where English is not the first language. They are in a question and answer format, with 18 questions covering everything from drug manufacturing, finished pharmaceuticals, and positron emission tomography drugs.

The guidelines provide comprehensive rules on when it is acceptable to exclude CGMP data, managing workflow validation, data access, audits, and electronic records, as well as training employees, sampling and testing, and strategies to address problems.

The detailed guidance focuses on ensuring data is accurate and trackable. For example, metadata must be included referring to the data context. There should be a robust system for recording when data is amended and by whom. The guidelines express disapproval of the use of shared logins to access data systems, which can make it harder to identify who made changes.

Consequences of non-compliance

Data integrity is important for both manufacturers and consumers. When the FDA identifies a company as non-compliant, there is a range of possible responses: a warning letter, import alert, consent decree (settlement agreement) or, most seriously, revocation of market approval. Removal of market approval is the most dramatic sanction, likely to cause huge financial loss and reputational damage to the company involved.

With the clearer guidelines in place, penalties for poor data practice are likely to become more severe. While this may be bad news for pharmaceutical companies, it must be remembered that poor data integrity impacts on consumers and other medical organisations as well as manufacturers. As much as 40% of drug shortages are said to be due to quality issues, including problems with data integrity.

The challenge for data professionals

Skilled data officers are more in demand than ever as companies adjust to tighter regulations. Data professionals have to ensure a company’s policies and procedures are compliant with regulations not just from the FDA, but any other regulators in areas the company supplies. It’s a complex job, and constant vigilance is required to ensure that standards do not slip.

QMS experts or quality performance managers have to be motivated, proactive people, as well as having detailed knowledge and skill. When regulatory changes are proposed, there is often a lead-in period of around one to three years; a good data officer will start to plan the transition sooner rather than later in order to ensure changes are enacted smoothly and with minimal disruption.

Pharmaceutical companies are currently reflecting on the new guidelines and what they mean for their own processes: changes to IT systems, to processes, recruiting more people, or perhaps reducing the size of some teams.

How will the changes in the FDA regulations impact your role or organisation? Contact EPM Scientific to discuss your needs today.