Data Integrity Expectations of EU GMP Inspectors

An expectation pertinent to the computer systems performing good manufacturing practices (GMP) regulated-related functions is the integrity of electronic records (e-records). This expectation takes the highest priority in any worldwide health agency GMPs, including the European Medicines Agency (EMA) and its European Union (EU) member states.

E-records comprise raw e-records, derived e-records, and associated metadata. E-records integrity is the foundation of GMPs. The electronic information, properly recorded and managed, is the basis for manufacturers assuring the competent authority of their products’ identity, strengths, purity, and safety. Reliable e-records also demonstrate that the production process of the regulated entity and the computer systems adhere to the GMPs, including manufacturing instructions. 

Any unintended changes to e-records as the result of a storage, inputs and outputs (I/Os), or processing operation, including malicious intent, unexpected hardware failure, and human error, will compromise the integrity of e-records. 

This article provides the key expectations of EU GMP inspectors in the area of data integrity of e-records. These expectations are based on the following EMA sources: 

• European Community (EC) Commission Directives 2003/94/EC (1) and 91/412/EEC (2)

• EC GMP Annex 11 Computerized Systems (3) 

• Chapter 4 of the EC GMP guide concerning documentation (4) 

• EMA Questions and Answers: Good Manufacturing Practices-Data Integrity (5)

• EudraGMDP Database (6) 

• Medicines & Healthcare Products Regulatory Agency (MHRA) GxP Data Integrity Definitions and Guidance for Industry (7)

• MHRA GMP Inspection Deficiency Data Trend 2016 (8).

EMA e-records integrity technical requirements

EMA has overall responsibility for regulating human and veterinary medicinal products within the European Commission. In terms of what all EU countries must achieve related with the manufacturing of medicinal products, all EC member states are bound by a single set of directives. Computer systems and e-records associated with GMP-related activities are delineated in the Commission Directive 2003/94/EC. 

“When electronic, photographic, or other data processing systems are used instead of written documents, the manufacturer shall first validate the systems by showing that the data will be appropriately stored during the anticipated period of storage. Data stored by those systems shall be made readily available in legible form and shall be provided to the competent authorities at their request. The electronically stored data shall be protected, by methods such as duplication or back-up and transfer on to another storage system, against loss or damage of data, and audit trails shall be maintained.”(1)

The veterinary medicinal products GMP requirements can be found in 91/412/EEC (2).

As noted, EMA’s e-records integrity objectives are:

• E-records will be appropriately stored during the anticipated period of storage. 

• E-records stored by computer systems shall be made readily available in legible form.

• E-records shall be provided to the competent authorities at their request. 

• E-records shall be protected, by methods such as duplication or back-up and transfer on to another storage system, against loss or damage of data.

• There must be a record of any e-records change made, the previous entry, who made the change, and when the change was made. These audit trails shall be maintained.

It is up to the individual countries to decide how the applicable directive is implemented into national law.

EMA GMP inspections comprise an on-site compliance assessment. These EMA GMP assessments are performed by official(s) of the EU competent authorities, or authorities found an equivalent under a mutual recognition agreement. The method used to verify e-records integrity may vary contingent on the technology used by the regulated facility.

EU e-records integrity guidelines

There are two key guidelines associated with e-records integrity resulting from Commission Directive 2003/94/EC and 91/412/EEC; one being EMA GMP Annex 11 Computerized Systems and the other, EMA GMP Chapter 4: Documentation (1-4).

EMA GMP Chapter 4 relates to good documentation practices. It provides key definitions of records (see Table I). 

Complementing the definitions in Table I, the author recommends the following:

• Records must be written evidence of what has happened and are recorded contemporaneous either by personnel or automated equipment. As an example, automated equipment may measure process parameters. 

• In automated environments, the events recorded are contemporaneous and retained in the format in which they were originally generated are considered raw data.

Table I: Key definitions of records based on EudraLex (4).

Definition

Certificates of analysis

Records that provide a summary of testing results on samples of products or materials together with the evaluation of compliance with a stated specification.

Records

Provide evidence of various actions taken to demonstrate compliance with instructions (e.g., activities, events, investigations, and in the case of manufactured batches, a history of each batch of product, including its distribution).

Raw data

Records that are used to generate other records. For e-records, regulated users should define which data are to be used as raw data. At least, all data on which quality decisions are based should be defined as raw data.

Reports

Records that document the conduct of particular exercises, projects, or investigations, together with results, conclusions, and recommendations.

Explicitly, the EMA GMP Chapter 4 establishes that suitable controls to ensure integrity of documents must be established (4).

The key EMA GMP Annex 11 e-records integrity-related clauses are depicted in Table II. The e-records integrity controls listed are the most observed as part of the associated non-compliance report located at the EudraGMDP database (6).

Table II: Data integrity-related clauses relating to e-records, based on the European Medicines Agency Good Manufacturing Practice Annex 11 (3).

Annex 11 clause

Paragraph

4

The validation of computer systems must be performed in accordance with the relevant GMP guidelines and based on a risk assessment. It must be taken into account the integrity of the data. When determining data vulnerability and risk, it is important to consider the intended use of the computer system and associated data. (Note: As a result of computer systems validation not properly performed or not performed, the EU inspectors affirm that the integrity, reliability, up-to-date, originality and authenticity of the e-records cannot be assured.)

7.1

“Data should be secured by both physical and logical means against damage.”

12.4

“Management systems for data and for documents should be designed to record the identity of operators entering, changing, confirming, or deleting data including date and time.”

12.1

“Physical and/or logical controls should be in place to restrict access the computerized system to authorized persons. Suitable methods of preventing unauthorized entry to the system may include personal codes with passwords, restricted access to computer equipment and data storage areas.”

There are many other e-records integrity-related clauses in Annex 11 (9, 10). These clauses are also implemented during the design phase or during the operational and retirement phases as part of procedural controls.

Expectations of EU GMP inspectors

Based on a collection of non-compliance reports by EU inspectors (July 2013-February 2017), located at file://OLOPEZ6102/Google%20Drive/Erecs, the following tabulations about e-records integrity-related issues were obtained (Table III).

Table III: Data integrity-related issues identified from a collection of non-compliance reports by EU inspectors (July 2013-February 2017).

Causes of non-compliance

Occurrences

Deleted data

11

Manipulated data

9

No logical access controlled to computer systems

7

Falsified data

6

Computer systems not properly validated

5

Entries not contemporaneous

2

Comments such as “integrity and security of analytical data,” as part of the non-compliance reports, do not provide relevant information to assign the deviation to a particular cause. The tabulation of these comments is not part of Table III.

Deleted, manipulated, or falsified data. Records retained in computer storage must be secured by both physical and logical means against loss, damage, and/or alteration. The main clauses applicable to these e-records actions are Clauses 7.1 and 12.4 of Annex 11 (3). It excludes the issue related to the unauthorized entry to the storage area in Clause 12 of Annex 11. 

E-records warehouses security design must make provisions to protect original or true copy e-records and the associated metadata. These e-records cannot be deleted or changed without recording the modification. As an element of the e-records integrity in storage, there must be a record of any modification made that includes the previous entry, who made the change, and when the change was made (5, 11).

The modification of an e-record can be documented by an electronic- or paper-generated audit trail. The paper-based audit trail may be acceptable until an electronic audit trailed functionality becomes available. To reduce the risk of losing e-records in the storage and guarantee e-records readiness to the users, periodic back-ups must be performed. The back-up must be stored separate from the primary storage location, and at a frequency based on an analysis of risk to GMP e-records and the capacity of the storage device.

Any rights to alter files must be assigned to personnel independent from those responsible for the record content. Segregation of duties between data lifecycle stages provides safeguards against data integrity failure by reducing the opportunity for an individual to alter, misrepresent, or falsify data without detection (5).

No logical access controlled to computer systems. The main Annex 11 clause applicable to this item is 11-12.1 (3). All personnel must be provided with appropriate levels of access and defined responsibilities to carry out their assigned duties. This requirement must be backed up by an authorization policy specifying logical access rights to domains, computers, applications, and e-records. As a function related to security, e-records integrity service maintains information exactly as it was recorded, and is auditable to affirm its reliability. For this reason, controlled access to the short- and long-term storage must be implemented.

Security must be instituted at several levels. Procedural controls must govern the physical access to computer systems (physical security). As part of the physical security, it must be considered putting security to devices used to store programmes, such as disks.

The access to individual computer system platforms is controlled by network specific security procedures (network security and database server). Access to these devices should be controlled (logical security). User access controls should be configured and enforced to prohibit unauthorized access and the attributes of the e-records.

Computer systems not properly validated. The main clause applicable to this deviation is 4. As part of the inspection, the validation of the computer system is evaluated. The validation process must take into account the interface between the data acquisition function and the data recording function. These functions must be verified, tested, and periodically verified to check the accuracy of the data. I/Os errors can result in severe production errors and distribution of adulterated or misbranded products. The extent and frequency of I/Os checking will be assessed on an individual basis and should be determined based upon the risk and built in controls. These built-in checks provide the accurate exchange of electronic data to decrease the issues of data integrity while the electronic data are in transit.

The computer system must incorporate validated checks to ensure the completeness of data acquired (4). For systems using automated data capture, the EU inspector should review validation records to ensure correct I/Os and processing of data are implemented and are effective.

Audit trails and the validation records of the associated functionality for computer systems should be verified as well. 

Entries not contemporaneous. Contemporaneous e-records should be recorded at the time they were generated. The main clause applicable to this item is 12.4 of Annex 11 (4).

Records of events provide written evidence of what had occurred and are recorded contemporaneously either by personnel or automated equipment. Automated equipment may measure process parameters. In automated environments, events recorded contemporaneously and retained in the format in which they were originally generated are considered raw data.

The following observation relates to a contemporaneous type of deviation: “Analysts routinely use the PC administrator privileges to set the controlling time and date settings back to over-write previously collected failing and/or undesirable sample results.”

Conclusion

Manufacturers of human and veterinary medicinal products are required to meet EMA’s expectations on the integrity of the e-records for those computer systems performing GMP-related regulated functions. The occurrences of the non-compliance cause on recent reports have driven EU inspectors to conduct a comprehensive initial evaluation on the integrity of the e-records, including computer systems validation, accuracy of the e-records, physical and logical security, and the traceability of the modification to e-records. Ensuring integrity of e-records as part of a system implementation will ensure a positive inspection outcome.

References 

1.Commission Directive 2003/94/EC laying down the principles and guidelines of good manufacturing practice in respect of medicinal products for human use and investigational medicinal products for human use (October 2003).
2. Commission Directive 91/412/EEC laying down the principles and guidelines of good manufacturing practice for veterinary medicinal products (July 1991).
3. EC, Guide to Good Manufacturing Practice: Medicinal Products for Human and Veterinary Use-Annex 11: Computerized Systems, The Rules Governing Medicinal Products in the European Union Volume IV, Office for Publications of the European Communities, pp. 139-142 (Luxemburg, January 2011).
4. EudraLex, The Rules Governing Medicinal Products in the European Union, Volume 4, Good Manufacturing Practice, Medicinal Products for Human and Veterinary Use, Chapter 4: Documentation (January 2011).
5. EMA, Questions and Answers: Good Manufacturing Practice, accessed 5 July 2017.
6. EudraGMDP Database, accessed 5 July 2017.
7. MHRA, GxP Data Integrity Definitions and Guidance for Industry, www.gov.uk/government/news/mhra-gxp-data-integrity-definitions-and-guidance-for-industry (July 2016). 
8. MHRA, MHRA GMP Inspection Deficiency Data Trend 2016, (April 2017).
9. O. López, “Annex 11 and Electronic Records Integrity,” in EU Annex 11 Guide to Computer Validation Compliance for Worldwide Health Agency GMP (CRC Press, Taylor & Francis Group, Boca Raton, Fl, 1st ed., 2015), pp. 229-251.
10. O. López, “Electronic Records Handling: EMA Annex 11,” in Best Practices Guide to Electronic Records Compliance (CRC Press, Taylor & Francis Group, Boca Raton, Fl, 1st ed., 2016), pp. 63-75.
11. Health Canada, Good Manufacturing Practices (GMP) Guidelines for Active Pharmaceutical Ingredients (APIs), GUI-0104, C.02.05, Interpretation #15, December 2013.

Article Details

Pharmaceutical Technology Europe
Vol. 29, No. 7
Pages: 6–10

Citation

When referring to this article, please cite it as O. López, “Data Integrity Expectations of EU GMP Inspectors,” Pharmaceutical Technology Europe 29 (7) 2017.