English
Spanish
French
German
Arabic
Hindi
Korean
Russian
Dutch
In recent years, the FDA (U.S. Food and Drug Administration) has found an increasing number of cGMP violations in terms of data integrity in its cGMP (current Good Manufacturing Practices) inspections. cGMP violations related to data integrity have led to a number of regulatory actions (including warning letters, import bans, and writs of acceptance). China’s NMPA (State Drug Administration) has also upgraded the concept of data integrity to data reliability. As a pharmaceutical company, we need to be careful to prevent data integrity vulnerabilities and meet the requirements of the regulations.
The ancient Greek philosopher Aristotle once said: “Law is order, and good law can lead to good order.” “The progress of the times will inevitably bring about new problems, and there will be corresponding laws to regulate these problems, which is both the wisdom of the times and the development law of the times.” For the pharmaceutical industry, the advent of the era of big data has promoted the digitization and “digital intelligence” of countless pharmaceutical companies Process. However, as the pace of digitization accelerates, the problems masked by the prosperous data landscape are also emerging, with data leakage, destruction, and loss becoming one of the most important security risks. In this regard, we need to increase the importance of data security, hold responsible entities accountable, and improve the system of data security. Data integrity is an extremely sensitive topic for the pharmaceutical industry, and here we will discuss data integrity management for pharmaceutical equipment.
Definition
Before proceeding to the follow-up, we first need to know what data integrity is. It is broadly defined as the authenticity, completeness and traceability of all data in the enterprise, and involves validity and consistency; In the narrow sense, it refers to the completeness and authenticity of laboratory QC (quality control) data; In addition, it can also refer to the management and verification of computerized systems.
The completeness, consistency and accuracy of all data throughout its lifecycle should be guaranteed. For the FDA, Application data integrity is a matter of data integrity.
Legal basis for data integrity
The U.S. cGMP (Dynamic Manufacturing Practice) states that laboratory records should include [1]:
- 1. Ensure compliance with established specifications and standards for all complete inspections (including inspection and analysis) of information.
- A complete record of all the information obtained in the process.
- Inspect all relevant calculation records, and review the accuracy and completeness of the original records by another person in accordance with the established standards.
- A complete record of any modifications that have been developed and applied to the inspection method.
China’s 2010 edition of GMP (Pharmaceutical Manufacturing Practice) has requirements for data and record management [2]:
- 1. Records should be filled in in time, the content is true, the handwriting is clear, easy to read, and not easy to erase.
- Records should be kept clean and not torn or altered arbitrarily, and any changes filled in in the records should be endorsed with names and dates, so that the original information remains legible.
- Each activity related to this Specification (GMP) shall be recorded to ensure that activities such as product production, quality control and quality assurance can be traced.
- The accuracy of the records shall be checked, if the electronic data processing system is used, only authorized personnel can enter or change the data through the computer, and changes and deletions shall be recorded. Critical data is entered and independently reviewed.
- The inspection record of each batch of products shall include the quality inspection records of intermediate products, products to be packaged and finished products, and the batch of products can be traced.
The requirements for data management in China’s “Drug Record and Data Management Requirements (Trial)” are [3]:
Article 24 : For the basic information data of activities and the data on behavior activities generated through operations, inspections, checks, manual calculations, and other such conduct, requirements for recording personnel, recording time, and recording content, as well as confirmation and review methods, shall be provided in relevant operating procedures and management systems.
Article 25 Where data is read from measuring instruments, the measuring instruments shall be verified or calibrated in accordance with law.
Article 26: Necessary management measures and technical means shall be employed for electronic data obtained through computer (chemical) systems collected, processed, and reported:
(1) Electronic data obtained through manual input and processing by application software shall prevent the functions and settings of the software from being arbitrarily changed, and review the input data and data generated by the system, and the original data shall be preserved in accordance with relevant provisions;
(2) The electronic data generated after being collected and processed by the computer (chemical) system shall comply with the corresponding specifications and requirements, and the metadata shall be saved and backed up, and the backup and restoration process must be verified.
Article 27 : Other types of data refer to data contained in documents, images, audio, pictures, atlases, etc.; Other types of data that meet the following conditions are deemed to meet the requirements of this requirement:
(1) Be able to effectively represent the content contained therein and be available for retrieval and use at any time;
(2) Where the form of data is transformed, it shall be ensured that the converted data is consistent with the original data.
The Core Of Data Integrity:
AlcoA+CCEA Principles [4].
The ALCOA+CCEA principle is not only a requirement for record integrity in GMP, but also a basic requirement for record integrity for all compliance audits, and is the cornerstone of credit. The specific meanings of ALCOA and CCEA are shown in Table 1. The ALCOA+CCEA principle is really a requirement for all operations during the data lifecycle such as record generation/entry, modification, storage, retrieval, backup, recovery, and output. If these operations comply with the above principles, the integrity of the record is met.
Table 1 Alcoa And CCEA Inclusions
| Basic data principles ALCOA | Abbreviation | Full English name | Meaning | Interpretation
|
| A | Attributable | Traceable | The source of the collected information can be identified, such as subjects, inputs, foreign data, etc | |
| L | Legible | Clearly visible | The data collected can be read and understood by others | |
| C | Contemporaneous | Synchronize in a timely manner | The data should be recorded at the same time as it is generated or observed, and entered into the database within a certain time window, that is, the temporal identification of the data | |
| O | Original | raw | The data is recorded for the first time, or can be traced back to the original | |
| A | Accurate | Precision | Data data recording and calculation, analysis and other transformation processes are correct and reliable | |
| Basic data principles ALCOA+ | C | Complete | complete | All data is present, such as all test results are preserved, including metadata |
| C | Consistent | unanimous | There are no contradictions or discrepancies in the data, such as using standardized data | |
| E | Enduring | long | Data can be retained for as long as required and can be recovered when needed, such as hard disks, CDs, tapes, and so on | |
| A | Available | Available | Once requested, it can be obtained and made available to the management authorities in a timely manner |
With regard to quality assessment, the Data Integrity Guidelines propose that internationally accepted principles such as ALCOA and ALCOA+ should be used as assessment requirements and that corresponding specific indicators need to be designed. The ALCOA Principles were proposed by the U.S. FDA in 2007 in its Guiding Principles, Computerized Systems Used in Clinical Research, and the ALCOA+ Principles are the EU GCP The Ombudsman Working Group (EU GCPIWG) elaborated in 2010 in its “Feedback Paper on Expectations for Electronic Source Data and Transcription into Electronic Data Collection Tools in Clinical Trials”. The data management principles in NMPA’s Drug Records and Data Management Requirements (Trial) are shown in Table 2.
Table 2 Principles Of Data Management
| NMPA Pharmaceutical Record and Data Management Requirements (Trial) Three Principles | There are rules to follow | Do things according to the rules | There is evidence to be found | ||
| NMPA Pharmaceutical Records and Data Management Requirements (Test Line) three elements | Record the file | Record filling | Data | ||
| Specific principles function | Carrier | The line is | request | ||
| Data management Basic principles ALCOA | Attributable | Traceable | ● | ● | ● |
| Legible | Clear and visible | ● | ● | ● | |
| Contemporaneous | Synchronization and timing | ● | ● | ● | |
| Original | raw | ● | ● | ● | |
| Accurate | Precision | ● | ● | ● | |
| Data management Basic principles ALCOA + | Complete | complete | ● | ● | ● |
| Consistent | unanimous | ● | ● | ● | |
| Enduring | Long | ● | ● | ● | |
| Available | Available | ● | ● | ||
How To Achieve Data Integrity
Achieving data integrity needs to be considered from both the management and technical dimensions.
Data Integrity Management
The enterprise is one of the most important foundational practices for maintaining data security and the first responsible object for achieving data integrity. Therefore, we should give full play to the core position of enterprises in the construction of data security, encourage the enthusiasm of enterprises to participate in governance, and give certain guidance. The government should enhance the awareness of the responsibilities of enterprises themselves, enhance communication between enterprises, create the obligation of data security risk monitoring and security incident reporting, improve the awareness of network operators and critical information infrastructure operators of data security control obligations, and severely punish enterprises that violate the prescribed obligations. At the same time, with the increase of international trade, cross-border enterprises need to invest more funds in cross-border data flow management, protect the personal information data, government data and related industry data of the domestic public owned by the company or obtained by other means, appropriately pre-review cross-border data, establish and improve the security management supporting means of enterprises, and fulfill their responsibilities on the basis of obtaining their own interests.
Data Integrity Technology
There are three main technologies related to data integrity:
1. Identity Authentication Technology
Identity authentication technology is currently one of the main means to verify whether user information is legitimate. There are three main ways to authenticate:
(1) Two-factor authentication, such as the identity authentication method of account password verification and verification code verification that often appears in the website;
(2) Digital certificates, such as ID card information entered when buying tickets online, personal information entered during exam registration, etc.;
(3) Identification and exchange mechanism, such as video verification required by the telephone operator when applying for a calling card.
2. Encrypt The Compressed Package
The essence of an encrypted package is to compress the data to be sent first, and then encrypt the obtained package. This is one of the more common encryption methods at present. There are two main forms of compressed packages, one is ZIP and the other is RAR. Both types of packages are supported regardless of the type of computer system. Moreover, both have password setting and modification functions. Encrypted packages require the message receiver to use an encrypted password for packet information reading. In addition to ensuring the integrity of the security of data information, this encryption method can also effectively reduce the use of computer storage space and improve the running speed of the computer.
3. Intrusion Detection System
Intrusion detection system refers to the organic combination of hardware equipment and software for intrusion detection, which is mainly responsible for the real-time monitoring of network data information. Its core function is to detect violations of security policies and to alert computer systems as soon as they are compromised. Intrusion detection is also divided into two types, one based on flags and the other based on anomalies. Flag-based intrusion detection, which is detected in a similar way to antivirus software: it first defines a violation of security policy and then detects whether the defined behavior occurs on the computer. Intrusion detection based on anomalies first defines the normal operation parameters of the computer, and then compares the current computer operating parameters with the defined parameters to detect whether the computer is affected by the outside world.
How To Safeguard Data Integrity [5].
After completing the design and implementation of data integrity, enterprises also need to pay attention to the correct use and maintenance in actual operation to ensure that the data integrity of each system is in a sustainable state. We need to establish a sound data management system (such as backup system active-active, storage space redundancy, etc.), and do periodic review of data management (such as regular restore testing, etc.). Critical data also needs to be checked periodically, and the data operation log is checked to ensure that all operations are within the scope of authorization and have a complete record.
Summary
Modern technology is developing rapidly, the wide application of big data, cloud computing and artificial intelligence technology, digitalization in the pharmaceutical field has become a major trend, but we must do a good job of synergy between development and compliance to ensure that under the premise of compliance, steady development, to achieve the goal of digitalization. When we establish a sound data integrity management system and measures for pharmaceutical equipment, we are also strengthening our understanding and respect for pharmaceutical regulations and deepening our understanding and understanding of data security.