Tackling Breaches in Data Integrity

Published on: 
Pharmaceutical Technology, Pharmaceutical Technology-11-02-2016, Volume 40, Issue 11
Pages: 8-9

Robust data integrity begins with both management and employees embracing a quality culture and successful implementation of data governance measures.

The issue of data integrity in pharmaceuticals is now becoming a hot topic among regulators and the industry, particularly in Europe and North America. The number of cases of poor data being submitted to inspectors and auditors of good manufacturing practice and other manufacturing standards has been increasing rapidly. This problem is happening in particular among API producers in India and China. As a result, products have been banned from the European market because their manufacturers have failed to maintain adequate levels of data integrity. The amount of lapses, however, has also been rising among manufacturers of APIs and finished medicines in Europe itself.

Causes of failures

“[We and our] international regulatory partners are continuing to see significant data integrity failures at manufacturers, laboratories, and clinical research organizations,” a spokesman for the United Kingdom’s Medicines and Healthcare products Regulatory Agency (MHRA) told Pharmaceutical Technology Europe.

“In MHRA’s experience, some of these companies have attempted to adopt the available regulatory guidance, but failed to do so effectively,” he continued. “This is often due to a failure to understand data lifecycle risks and the influence of organizational behaviour on the implementation of procedural and technical elements of data governance.”

Other factors behind breaches of data standards include intensifying competition, shorter delivery times, the need to cut costs, and inadequate training. Stricter regulations are also putting greater pressure on manufacturers to provide satisfactory data, particularly through electronic means.

European national medicines agencies have been considering banning the use of APIs produced by an Indian manufacturer after an inspection in June 2016 found a lack of quality assurance oversight on GMP-relevant data in its enterprise resource planning (ERP) computer systems (1). The inspection was carried out by the European Council’s European Directorate for the Quality of Medicines (EDQM), responsible for the European Pharmacopoeia.

Guidance on data integrity

The scope of data integrity--generally defined as the extent to which data are complete, consistent, and accurate, throughout the data’s lifecycle--has been broadened to include other criteria of data quality, such as ALCOA and ALCOA+. ALCOA stands for data that are attributable, legible, contemporaneous, original, and accurate, while ALCOA+ adds the qualities of being complete, consistent, enduring, and available.

The degree of concern about the quality of data related to GMP and other manufacturing and related standards has been reflected in the number of new guidelines on data integrity being issued by the world’s leading regulatory bodies. So far in 2016, new or proposed guidelines have been published by the United States Food and Drug Administration (FDA) (2), World Health Organization (WHO) (3), and the European Medicines Agency (EMA) (4). In addition, the Geneva-based Pharmaceutical Inspection Co-operation Scheme (PIC/S), representing health authorities and GMP inspectorates, issued draft guidance in August 2016 (5). Among European national agencies, the MHRA was among the first to publish guidance in 2015 (6), while a number of pharmaceutical industry groups and consultancies have been drawing up suggested voluntary codes of best practices in data integrity.

The objective behind the regulators’ guidelines has been to describe in detail what levels of data integrity are expected from pharmaceutical manufacturers and suppliers to ensure adequate product quality. The guidelines, however, also show an awareness that a crucial factor behind the achievement of data integrity in today’s global pharmaceutical market is the presence of a quality culture embracing both management and employees.

“Organizational behaviour is key to the successful implementation of data governance measures,” said the MHRA spokesman. This was a view echoed by EMA, which sees difficulties with data stemming from the way it is controlled. “In most cases, the underlying problems arise from weaknesses in the way the control of data is assessed and managed,” an EMA spokesperson told Pharmaceutical Technology Europe.

Consequently, with some of the guidelines, the regulators have been straying into new territory by trying to influence corporate cultural strategies and policies. They point out that senior management must show commitment to data reliability by leading by example. Business targets on data quality should be set, which are consistent with a manufacturer’s process capabilities. Employees should not only be empowered to provide accurate data but to report to management breaches of data quality by other personnel.

A quality culture


In its guidance on good data and record management practices (3), published in May 2016, the WHO’s expert committee on specifications for pharmaceutical preparations emphasized the importance of a quality culture. The guidance was only finalized after extensive consultation with national GMP and other quality performance inspectors.

Robust data integrity begins at the top. “Leadership is essential to establish and maintain a company-wide commitment to data reliability as an essential element of the quality system,” the document says (3). Staff must also be given responsibilities by being unrestrained in their provision of data. “An essential element of the quality culture is the transparent and open reporting of deviations, errors, omissions, and aberrant results at all levels of the organization, irrespective of hierarchy,” the guidance says (3). “Senior management should actively discourage any management practices that might reasonably be expected to inhibit the active and complete reporting of such issues, for example, hierarchical constraints, and blame cultures.”


The PIC/S guidance (5) provides advice to GMP and other inspectors, primarily those working for the organization’s 49 member authorities in Europe, North America, and Asia Pacific, as well as Argentina and South Africa. It has been drawn up in draft form for review early next year mainly to ensure a document was issued relatively quickly in response to the deep interest in data integrity in pharmaceuticals across the world.

The PIC/S data integrity working group decided to “make the initial draft of convergent guidance available to PIC/S participating authorities as a soon as possible to ensure a consistent approach to regulatory expectations,” explained David Churchward of the MHRA and Matthew Davis of Australia’s Therapeutic Good Administration (TGA), the group’s co-chairs.

The 14 authorities making up the group identified out-of-date practices and technologies as a major cause of data integrity failures. “Examples include an increasing use of IT in manufacture and analysis, and the challenges of remote supervision of sites in a global supply chain,” Churchward and Davis told Pharmaceutical Technology Europe. “The guidance addresses the interpretation of existing GMP norms in the context of current technology, and discusses the key elements of effective data controls throughout the data lifecycle,” they added.

The guidance acknowledges the positive influence of quality cultures within companies but concedes the difficulties of making inspection citations based on observations of organizational behaviour. Nonetheless, inspectors can use behaviour as an indicator of risks for further investigation.

Companies should draw up a code of values and ethics that reflects management’s philosophy on quality and provides an environment of trust, where all individuals are responsible and accountable for ensuring patient safety and product quality. “The company’s general ethics and integrity standards need to be established and known to each employee and these expectations should be communicated frequently and consistently,” the guidance says (5). Management should aim to create a quality culture in which “personnel are encouraged to freely communicate failures and mistakes, including potential data reliability issues, [with an] organizational reporting structure permitting the information flow between personnel at all levels,” the document adds.

Harmonizing standards

Regulators seem to agree that in the long term, the content of guidelines on data integrity will have to be changed for the sake of harmonizing standards for data quality across the world, with PIC/S perhaps becoming a hub for sorting out differences of approaches to the issue. “EMA intends to work with PIC/S to publish more permanent international guidance,” said the agency’s spokesperson.

PIC/S believes that through the 14 authorities participating in its data integrity group, including FDA and nine EU agencies, and the rest of its membership, it has the structure for taking account of a broad range of views. “In the future, it is foreseen that harmonized inspectorate-focused guidance will be available through the PIC/S network,” said Chapman and Davis.

WHO views its guidance (3) as being of “an evolutionary, illustrative nature and will, therefore, be subject to periodic review based upon experience with its implementation and usefulness, as well as the feedback provided by the stakeholders, including national regulatory authorities (NRAs).”

One major barrier to effective application of guidelines in an area such as data integrity is the regional and national cultural variations that generate different viewpoints on what is, for example, efficient leadership. “Depending on culture, an organization’s control measures may be: ‘open’ (where hierarchy can be challenged by subordinates, and full reporting of a systemic or individual failure is a business expectation) or ‘closed’ (where reporting failure or challenging a hierarchy is culturally more difficult),” PIC/S says in its guidance.

Good data governance in ‘open’ cultures may be facilitated by employee empowerment to identify and report issues. “In ‘closed’ cultures, a greater emphasis on oversight and secondary review may be required to achieve an equivalent level of control due to the social barrier of communicating undesirable information,” the document (5) explains. The task of reconciling these differences has hardly yet begun. It will require input from a much wider spectrum of agencies than at present.


1. EMA, Eudra GMP, “Statement of Non-Compliance with GMP,” Report No: DE_SH/NCS/API/01/2016 (London, June 2016).
2. FDA, Draft Guidance for Industry: Data Integrity and Compliance with CGMP (Washington, April 2016).
3. World Health Organization, Guidance on Good Data and Record Management Practices, WHO Expert Committee for Pharmaceutical Preparations--Annex 5, Fifteenth Report (Geneva, May 2016).
4. EMA, Questions and Answers on Good Manufacturing Practice--Data Integrity (London, August, 2016). 
5. Pharmaceutical Inspection Co-operation Scheme (PIC/S). Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (Geneva, 10 Aug. 2016).
6. MHRA, GMP Data Integrity Definitions and Guidance for 
Industry (London, March 2015).

Article Details

Pharmaceutical Technology Europe
Vol. 28, No. 11
Pages: 8-9


When referring to this article, please cite it as S. Milmo, "Tackling Breaches in Data Integrity,"Pharmaceutical Technology Europe 28 (11) 2016.