Data Management and Data Integrity (DMDI)

6 April 2017

The TGA's Manufacturing Quality Branch is responsible for the assessment, licensing and certification of manufacturers of medicines and biologicals, to ensure compliance with GMP standards.

Approval for a domestic site is achieved through an on-site inspection, whereas overseas sites may be approved through an on-site inspection, or via the GMP Clearance Application Process.

Irrespective of the way in which approval is achieved, the effectiveness of each processes is determined by the accuracy and truthfulness of the evidence provided to the TGA and ultimately the integrity of the underlying data. It is critical to our evaluation process that the TGA can determine and fully rely on the accuracy and completeness of evidence and records presented to us by manufacturers and/or sponsors.

It is a basic and fundamental requirement of GMP that data generated by manufacturers and used to support product quality, safety and efficacy is accurate and complete. The TGA expects manufacturers to implement and maintain quality systems that ensure good data management and integrity practices, and these requirements are embedded within the Manufacturing Principles i.e. the PIC/S GMP Guide to Good Manufacturing Practice (GMP) for Medicinal Products or the Australian Code of GMP for human blood and blood components, human tissues and human cellular therapies.

Data management and data integrity (DMDI) have become hot-topics in the last few years; there have been multiple reports relating to poor data-management practices that undermine regulator and consumer confidence in medicines. As a result, the TGA and other international regulatory agencies have placed increasing emphasis on data management and integrity practices. The TGA has, and continues to be involved in the development of DMDI guidance to help ensure the quality and safety of medicines supplied.

This statement serves to provide some clarification regarding the TGA's official position regarding DMDI practices for industry.

TGA expectations regarding data management and integrity

The requirements for data management and data integrity are not new and have been embedded in GMP requirements for a number of decades.

TGA views data management and integrity issues very seriously, and this is reflected in the TGA definition of a "critical" deficiency:

"A deficiency in a practice or process that has produced, or may result in, a significant risk of producing a product that is harmful to the user. Also occurs when it is observed that the manufacturer has engaged in fraud, misrepresentation or falsification of products or data."

As a PIC/S member, the TGA intends to reference the PIC/S Good Practices for Data Management and Integrity In Regulated GMP/GDP Environments, PI 041-1 (Draft 2) when performing inspections of manufacturers and, where relevant, in reviewing information submitted in support of clearance applications.

All manufacturers of therapeutic goods have a responsibility and a duty to assess their data management systems for potential vulnerabilities and take steps to design and implement good data governance practices to ensure data integrity is maintained.

Data Integrity is defined as "the extent to which all data are complete, consistent and accurate, throughout the data lifecycle"[1] . The ALCOA+ principles outline data management and integrity practices that are required to ensure the integrity of data, irrespective of how it is generated.

Table 1. ALCOA+ Principles (Reproduced with the permission of PIC/S [2])
Data Attribute Integrity Requirement
Attributable It should be possible to identify the individual who performed the recorded task. The need to document who performed the task/function, is in part to demonstrate that the function was performed by trained and qualified personnel. This applies to changes made to records as well: corrections, deletions, changes, etc.
Legible All records must be legible - the information must be readable in order for it to be of any use. This applies to all information that would be required to be considered Complete, including all Original records or entries. Where the 'dynamic' nature of electronic data (the ability to search, query, trend, etc) is important to the content and meaning of the record, the ability to interact with the data using a suitable application is important to the 'availability' of the record.
Contemporaneous The evidence of actions, events or decisions should be recorded as they take place. This documentation should serve as an accurate attestation of what was done, or what was decided and why, i.e. what influenced the decision at that time.
Original The original record can be described as the first-capture of information, whether recorded on paper (static) or electronically (usually dynamic, depending on the complexity of the system). Information that is originally captured in a dynamic state should remain available in that state.
Accurate

Ensuring results and records are accurate is achieved through many elements of a robust Pharmaceutical Quality Management System. This can be comprised of:

  • equipment-related factors such as qualification, calibration, maintenance and computer validation.
  • policies and procedures to control actions and behaviours, including data review procedures to verify adherence to procedural requirements
  • deviation management including root cause analysis, impact assessments and CAPA
  • trained and qualified personnel who understand the importance of following established procedures and documenting their actions and decisions.

Together, these elements aim to ensure the accuracy of information, including scientific data, that is used to make critical decisions about the quality of products.

Complete All information that would be critical to recreating an event is important when trying to understand the event. The level of detail required for an information set to be considered complete would depend on the criticality of the information. A complete record of data generated electronically includes relevant metadata.
Consistent Good Documentation Practices should be applied throughout any process, without exception, including deviations that may occur during the process. This includes capturing all changes made to data.
Enduring Part of ensuring records are available is making sure they exist for the entire period during which they might be needed. This means they need to remain intact and accessible as an indelible/durable record
Available Records must be available for review at any time during the required retention period, accessible in a readable format to all applicable personnel who are responsible for their review whether for routine release decisions, investigations, trending, annual reports, audits or inspections

(Table © PIC/S)

As a result of this increased focus on data management and integrity, the TGA expects manufacturers to take the following actions to assure the integrity of all data generated in support of manufacturing operations and product quality:

  • Review existing quality system procedures and systems to ensure data integrity is maintained. Manufacturers are encouraged to focus on:
    • Systems for the generation, issue and control of physical-copy documentation and batch records, including those designed to control the use and access to blank forms and templates.
    • Processes for the access, generation, control and review of electronically generated data and records, including, but not limited to system validation, configuration and ensuring reviews of source data and audit trails are routinely performed, based on risk.
    • Validation of electronic systems in accordance with Annex 11 (or Chapter 10 of the Australian Code of GMP for human blood and blood components, human tissues and human cellular therapies (2013).) and data integrity requirements.
    • Arrangements for the storage, back-up and archiving of GMP data.
    • Staff training and awareness in data integrity requirements of the Guide to GMP.
  • Review the effectiveness of data management and integrity controls implemented through your quality system's self-inspection program.
  • Review the effectiveness of data management and data integrity controls implemented by key service providers, e.g. contract manufacturing or testing facilities, through your quality management system's external (supplier) audit program.

Where manufacturers identify gaps or vulnerabilities in the current controls, it is expected that you develop and document appropriate corrective and preventative actions for resolution. This may include the need to update the quality management system, equipment and software in cases where the in-use systems are unable to meet current expectations for Data Management and Data Integrity.

Implementation period

Data Integrity requirements are already entrenched within the PIC/S Guide to Good Manufacturing Practice (PE009-8) and Australian Code of GMP for human blood and blood components, human tissues and human cellular therapies and therefore the TGA expects manufacturers to comply with these requirements.

Where non-compliance with data integrity principles is observed, a deficiency will be reported, citing the relevant PIC/S GMP clause. The classification of the deficiency will be based on the nature and significance of the deficiency.

Any questions or enquiries relating to the TGA's Data Management and Data Integrity policy may be sent to gmp@tga.gov.au

The TGA invites companies that identify significant data integrity issues to contact: gmp@tga.gov.au


Footnotes

  1. PIC/S Good Practices for Data Management and Integrity In Regulated GMP/GDP Environments, PI 041-1 (Draft 2)
  2. Laboratory testing for activity, potency or efficacy is not equivalent to clinical safety and efficacy studies, which are evaluated as part of the application to register therapeutic goods on the ARTG