Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
117 views36 pages

Session 14 Train Personnel On CSV and Data Integrity Compliance

er

Uploaded by

Al Rammohan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
117 views36 pages

Session 14 Train Personnel On CSV and Data Integrity Compliance

er

Uploaded by

Al Rammohan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 36

SESSION 14

Train Personnel on CSV and


Data Integrity Compliance

Chris Wubbolt – QACV Consulting


Denise Botto – inVentiv Health

April 28, 2016


Chris Wubbolt -

Principal Consultant, QACV Consulting. Over 25 years experience


working with large, mid-sized, and small pharma and medical
device companies. Primary focus is data integrity assessments,
auditing, providing training, and quality management system
improvement and implementation.

[email protected]

2
Denise Botto

Associate Director, Computer Systems Quality at inVentiv Health.


Has been with the CRO for almost 15 years. Main area of focus is
GCP, and is responsible for conducting software related vendor
audits, as well as internal IT/CSV related audits.

[email protected]

3
Objectives

• Develop a Proactive Training Program for CSV and Data


Integrity Requirements
• Implement a Training Matrix to Provide Focused Role-based
Training to Personnel
• Monitor Effectiveness of Training Program

4
Who needs to be trained on data
integrity requirements and why it
is important?

5
What is Data Integrity?

Data integrity refers to the completeness,


consistency, and accuracy of data.

6
Why train personnel on Data Integrity
compliance?

Data Integrity Guidance…

Should personnel be trained in detecting data integrity


issues as part of a routine CGMP training program?

Yes. Training personnel to detect data integrity issues is


consistent with the personnel requirements under §§ 211.25
and 212.10, which state that personnel must have the
education, training, and experience, or any combination thereof,
to perform their assigned duties.

7
Why is Data Integrity Compliance important?

Data Integrity – Data integrity is critical to regulatory compliance,


and the fundamental reason for 21 CFR Part 11.

FDA uses the acronym ALCOA to define its expectations of


electronic data.

Attributable
Long-lasting (legible)
Contemporaneous
Original
Accurate

Enduring
Retrievable

8
Train Personnel on CSV and Data Integrity Compliance

Main Criteria for Data Integrity

[R.D. McDowall, Spectroscopy, Focus on Quality, December 2010]

• Accurate - No errors or editing without documented amendments


• Attributable - Who acquired the data or performed an action and when?
• Available (Retrievable) - For review and audit or inspection over the
lifetime of the record
• Complete - All data is present and available
• Consistent - All elements of the record, such as the sequence of events,
follow on and are dated or time stamped in expected sequence
• Contemporaneous - Documented at the time of the activity
• Enduring - On proven storage media (paper or electronic)
• Legible - Can you read the data?
• Original/Reliable - Written printout or observation or a certified copy
• Trustworthy - The data and the record have not been tampered with

9
Train Personnel on CSV and Data Integrity Compliance

Requirements with respect to data integrity:

• § 211.68 (requiring that “backup data are exact and complete,” and
“secure from alteration, inadvertent erasures, or loss”);
• § 212.110(b) (requiring that data be “stored to prevent deterioration
or loss”);
• §§ 211.100 and 211.160 (requiring that certain activities be
“documented at the time of performance” and that laboratory controls
be “scientifically sound”);
• § 211.180 (requiring that records be retained as “original records,”
“true copies,” or other “accurate reproductions of the original
records”);
• §§ 211.188, 211.194, and 212.60(g) (requiring “complete
information,” “complete data derived from all tests,” “complete record
of all data,” and “complete records of all tests performed”).

10
Train Personnel on CSV and Data Integrity Compliance

Data Integrity Warning Letters:

January 2008: “It was observed that the data stored on the computer
can be deleted, removed, transferred, renamed or altered [without
control].”

April 2008: “There is no audit trail or log of data changes that are
made to the information in the database. Data cannot be verified
against source records, since such records are not maintained.”

In such cases, data can’t be verified because the original source


records (e.g., certificate of analysis) have been scanned in and then
thrown away. As a result, there is no way of knowing whether or not
this is the original. Anyone can go into Adobe and change the record.
Thus, FDA says, you have no tracking or controls on this, so we
cannot rely on it.

11
Train Personnel on CSV and Data Integrity Compliance

Data Integrity Warning Letters continued:

May 2010: “Your firm failed to check the accuracy of the input to and output
from the computer or related systems of formulas or other records or data
and establish the degree and frequency of input/output verifications.”

April 2010: “Your firm's laboratory analysts have the ability to access and
delete raw chromatographic data . . . Due to this unrestrictive access, there is
no assurance that laboratory records and raw data are accurate and valid.”

In the last example, FDA says there is no assurance of accuracy or validity. . .

What the Agency is driving with Part 11 is the need for data to be
trustworthy.

12
Train Personnel on CSV and Data Integrity Compliance

Here are some steps you should take to ensure data integrity:
• Implement a Data Integrity Policy and Plan
• Embed data integrity verification activities into internal audit
processes
• Train your internal auditors to understand what to look for when
detecting data integrity deficiencies
• Create awareness among staff so they can assist with this
endeavor, and report concerns before they become full-fledged
issues
• Seek external support to assure completely unbiased, third-party
investigations and/or to enhance your internal investigation program

13
Train Personnel on CSV and Data Integrity Compliance

Develop a Proactive Training Program for CSV and Data Integrity


Requirements
• Identify current regulatory requirements and industry standards
• List organizational responsibilities for CSV and data integrity
programs
• Review key validation processes and deliverables
• Identify electronic data integrity controls

14
Develop a Proactive Training Program for CSV and
Data Integrity Requirements
 Map each applicable regulatory requirement to a
policy and/or SOPs.
21 CFR Part 211
Subpart B – Organization and Personnel Policy A SOP 1
SOP 2
Subpart C – Buildings and Facilities Policy B SOP 3
Subpart D – Equipment Policy C SOP 4
Subpart F – Production and Process Controls Policy D SOP 5

21 CFR Part 58
Subpart B – Organization and Personnel Policy A SOP 6
Subpart C – Facilities Policy B SOP 7

 Identify organizational roles responsible for activities,


including review and approval.
15
Develop a Proactive Training Program for CSV and Data
Integrity Requirements

Organizational responsibilities for CSV and data integrity programs


• End Users
− Use of system as intended in compliant manner
• System Owner (Business)
− Owns the business process
− Responsible for GxP data generated from business process (Data
Governance)
− Review/approval of change requests
• IT
− Technical accuracy, viability and compatibility of a technology solution.
− Data backup
− Security
− Review/approval of change requests

16
Develop a Proactive Training Program for CSV and Data
Integrity Requirements

Organizational responsibilities for CSV and data integrity programs


• QA
− Perform audits to verify that use of system and all validation activities and
documents comply with applicable regulations and internal procedures.
− Review and approve validation documents.
− Review/approval of change requests.
• Compliance
− Assure that systems used are in compliance with applicable regulations.
• Validation
− Overseeing validation program and activities.
− Development of validation documentation.
• Other

17
Develop a Proactive Training Program for CSV and Data
Integrity Requirements

IT Controls
Record Management
Calibration
Validation

IT Controls
- User access

Record Retention
& Archival
Calibration

18 IT Controls
Develop a Proactive Training Program for CSV and Data
Integrity Requirements

What do these individuals need to know about CSV and Data


Integrity?
• End Users
• System Owner
• IT
• QA
• Compliance
• Validation

19
Develop a Proactive Training Program for CSV and Data
Integrity Requirements

Key validation processes and deliverables


• Based Data Integrity Policy and Related SOPs
• Planning –Validation Plan
 Include data integrity and risk assessments as part of the validation program
• Requirements – URS
 Include data integrity requirements
• Design - Functional, Design, and Configuration Specification
− Include data integrity controls
• Development – Coding Standards (as applicable)
• Testing – Test Plan, UAT, Test Report
• Release – Validation Summary Report, Release Statement
• Operation and Maintenance
− Change Control
− Backup and Restore
− Disaster Recovery

20
Develop a Proactive Training Program for CSV and Data
Integrity Requirements

Key validation procedures


• SDLC (as applicable)
• Data Integrity/Risk Assessment
• Validation Plan
• Requirements
• Design
• IQ/OQ/PQ
• Validation Summary Report
• Exception Resolution
• Change Control
• System Administration and Maintenance

21
Develop a Proactive Training Program for CSV and Data
Integrity Requirements

Who owns the data?


• Originate
• Review
• Approval
• Report
• Backup
• Restore
• Archive
• Destroy

22
Develop a Proactive Training Program for CSV and Data
Integrity Requirements

Electronic data integrity controls

Archivist
• One of the most important things to understand is that we need to
take a lifecycle approach to data integrity. Remember that adverse
events records will have to be stored for 10 years, and batch
records for seven or eight years. The key is to focus on the
record.
• Documents and e-data spend more than 80% of their lifespan in
an archived (e.g., stored) state
• It’s important to recognize that the records we’ve created and used
are going to spend most of their lifetimes sitting in storage, with
nobody looking at them. This is absolutely critical to understand,
because if you don’t build in controls to spot check those archived
records, you may find that they’re gone.

23 *ARMA [Authority on Managing Records and Information].


Develop a Proactive Training Program for CSV and Data
Integrity Requirements

Electronic data integrity controls

• Backup and Restore


• Disaster Recovery
• Replication

24
Develop a Proactive Training Program for CSV and Data
Integrity Requirements

Electronic data integrity controls

Backup and Restore


Replication
Disaster Recovery
• Data Loss
• Recovery Time
• Testing
• Co-location facilities

25
Train Personnel on CSV and Data Integrity Compliance

Implement a Training Matrix to Provide


Focused Role-based Training to Personnel
• Identify key tasks necessary for each role
within the CSV and data integrity program
• Create a role-based training program to
focus training activities
• Develop training exams to ensure
comprehension of training

26
Implement a Training Matrix to Provide Focused Role-
based Training to Personnel

Key tasks necessary for each role within


the CSV and data integrity program
• End Users
• IT
• QA
• Compliance
• Validation Manager
• Other?

27
Implement a Training Matrix to Provide Focused Role-
based Training to Personnel
RACI model is a tool used for identifying roles and responsibilities during.
R – Responsible A – Accountable C – Consulted I - Informed

28
Implement a Training Matrix to Provide Focused Role-
based Training to Personnel

Create a role-based training program to


focus training activities
• End Users
• IT
• QA
• Compliance
• Validation Manager
• Other?

29
Implement a Training Matrix to Provide Focused Role-
based Training to Personnel

SOPs/Policies related to the key tasks


 Record Integrity Policy
 Good Documentation Practices
 Raw Data Definition
 Operational Procedures
 Handling of data
 Roles and Responsibilities
 Review and approval of data

30
Implement a Training Matrix to Provide Focused Role-
based Training to Personnel

SOPs/Policies related to the key tasks


 Validation
 Security and Administration
 Record Retention
 Backup and Restore
 Disaster Recovery
 Monitoring Data Integrity Program
 Audits
 Reviews

31
32
Implement a Training Matrix to Provide Focused Role-
based Training to Personnel

Develop training exams to ensure


comprehension of training

33
Train Personnel on CSV and Data Integrity Compliance

Monitor Training Program


• Review investigations, CAPAs and other quality systems to
determine if re-training is necessary
• Update training materials as new information is obtained
• Periodic refresher training
• Audit the training program

34
Break Out Session

• Provide an Outline for a Data Integrity Plan

35
Questions

36 © 2016 All Rights Reserved | CONFIDENTIAL

You might also like