Audience Q&A: From Data Integrity and Quality Culture Webinar

This article covers additional questions submitted following the webinar, “Data Integrity and Quality Culture – Enabling far more than “just” compliance.” presented by Ulrich Köllisch, Manager and Subject Matter Expert on Data Integrity, at GxP-CC on November 10, 2022. 

In the webinar, Köllisch shares insights into the latest discussions on merging data integrity and quality culture with key takeaways from current FDA data integrity findings.

The webinar was part of Redica Systems’ celebration of Quality Week 2022 with the theme of “quality conscience,” i.e., how organizations can adopt practices that ensure robust corporate and quality cultures that drive conscience in ethical decision-making.

How does Redica Systems help you build a quality culture and conscience? By keeping your quality and regulatory teams in-the-know about the most recent developments, your team can work more efficiently and ultimately improve product quality.

Redica Systems is a data analytics platform helping life sciences companies improve their quality and stay on top of evolving regulations. Our proprietary processes transform one of the industry’s most complete data sets, aggregated from hundreds of health agencies and Freedom of Information Act (FOIA) sourcing, into meaningful answers and insights that reduce regulatory and compliance risk.

We serve quality professionals from companies like Amgen and Astra Zeneca by providing the data analytics they need to maintain the highest quality.

To access the recording, including the slide presentation, click here.

Q&A with Köllisch

1. Are there any specific surveys to know the Quality culture status of a facility?

• Yes, the ISPE Cultural Excellence Report gives some.

2. If senior leadership supports launching a Quality Culture program, what is the best first step a company can take to improve the quality culture?

• In my opinion, a very good first step is to start with GEMBA walks. The Japanese term Gemba means “actual place.” This means that leadership (and Quality unit members) go to the shopfloor and let the employees explain their issues, their concerns, and how they assume to fulfill their needs work with a quality mindset. We had a good experience in Data Integrity GEMBA walks: You will get more honest and realistic insights than in a (self-)inspection because the atmosphere is much more open. And the shopfloor employees are motivated because they can experience that their input is heard and considered and that the management cares about their opinion. This leads, in the end, to an improved quality culture, and I would consider it a “low-hanging fruit” to perform GEMBA walks. The ISPE Cultural Excellence Report provides information about GEMBAs, their preparation, and their execution.

3. What are the symptoms of a good quality culture that an auditor would find?

• It is not really a ”hard fact” an auditor will measure; it is rather the missing quality culture you can observe. For example, employees who are unsure what to say if a manager is in the room. If the employee deeply understands the value of his job and how it fits into the whole mission/vision, this is a good indicator of quality culture. Furthermore, the existence of reported failures and their correct handling is a sign of quality cultures, whereas areas with “too good to be true data” could be a sign of a missing error culture. On the hard-fact piece, one could consider the turn-over rate as a measure. If employees leave and change quickly, this could be an alarm sign.

4. Are there any suggestions for maintaining the collaborative energy and heightened interest in regulatory compliance following an inspection? I have often seen people falling back into old habits after a few months.

• Yes, this is true, and this human behavior appears whenever something is driven by extrinsic motivation, like the fear of an observation after an inspection or of a bad mark at school. Consequently, you should strive from the start to create a motivational environment that is focused on the real importance of avoiding risks to human beings (patients) but also with the chances which open from trustworthy and reliable data. Noteworthy, it is often the case that not only compliance and quality departments profit from “good data” but also the business itself. FDA states this in the recently published white paper on Quality Management Maturity. This positive note can be fostered by awareness campaigns with motivating trainings and exercises (not 50 pages policy and SOP readings) and the opportunity to bring oneself into the program. GEMBA walks can be helpful to increase the motivation to be “a part of it.” Altogether, we could say that a “Data Culture” needs to be in place which sees data as an asset and not “data as a burden.”

5. How is the content of FDA warning letters with strong Data Integrity content evolving, and what is it telling us about FDA focus?

• The content is clearly evolving to demonstrate not only an actual case where data was handled inadequately (e.g., falsified or omitted data) but going more to investigate the possibility that this could happen to challenge the existing technical and procedural controls around it.
  The second trend we observes very recently is a focus on applied quality intelligence, whereby the FDA wrote now more than once to apply “ongoing monitoring of both intra-batch and inter-batch variation to ensure a continuing state of control.” (Example: https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/warning-letters/glenmark-pharmaceuticals-limited-637314-11222022). This is the enforcement of the guidance on process validation older than ten years now (https://www.fda.gov/files/drugs/published/Process-Validation–General-Principles-and-Practices.pdf). What does it mean? Well, I would say you could put it simply: Make use of your data and learn from it, a behavior we could also simply call “Quality Intelligence”.

6. In your opinion, what are some of the key fundamental mistakes companies have made in their approach to Data Integrity?

• The biggest mistake I can see in the field is avoiding real data centralization projects. In contrast, many companies stay with decentralized solutions (e.g., stand-alone systems in the lab) instead of centralizing their data (e.g., with a LIMS and LES). In these cases, the situation is often worse, and the systems are run in a hybrid mode, which means electronic and paper data. In these very common scenarios, the real costs of paper-based solutions are not considered, and the digitalization process is seen as too expensive, which is a clear mistake. One could, for example, just calculate that one paper record may cost 15 minutes of additional working time in its lifecycle (issue, sign, review, archive), which is not at all a big assumption. If we then consider the number of paper records in a “hybrid lab,” we are quite fast in a situation where the digitalization project gets much cheaper in the long run.
• The FDA changed its enforcement on this topic in the last years and often requires to aim for a centralized (LIMS) solution in the “Response to this Letter” section. (Example see here: https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/warning-letters/stason-pharmaceuticals-inc-604889-07082020).
• Additionally, data integrity has been seen too long as a technical exercise without considering the application of data governance as a whole. The new PIC/S guideline on Data Integrity has a very good chapter on this, including the requirement to use critical thinking skills to assess residual risk and, therefore, not applying everywhere the same checklist solutions but to identify the critical spots and act on them quickly. I personally like this quote and use it in almost every training: “An organization which believes that there is ‘no risk’ of data integrity failure is unlikely to have made an adequate assessment of inherent risks in the data lifecycle” (see https://picscheme.org/docview/4234)

7. In terms of data integrity, What’s the most trendy technology in view of quality and informatic solution (E.G: CLOUD, DIGITALIZATION, LIMS, AI/ML)

• The most widely applied technology at this time point is cloud solutions. We can see many implementations in the GMP area but even more in the GCP space because here, the decentralization of systems opens a lot of new opportunities, which can be a huge improvement potential because the data can directly be entered into the systems (e.g., EDCs) and patient data can be entered via browser from the smartphone. Of course, this comes with a strong demand to increase the security of the data reducing the risk of cyber-attacks. But also other risks should be considered, e.g., what happens if the data is not uploaded due to a lack of internet connection? Again, data flow maps are an excellent tool for identifying these risks. As a side note, the newly released position paper on the revision of Annex 11 by EMA and PIC/S has several paragraphs considering cloud solutions (https://www.ema.europa.eu/en/documents/regulatory-procedural-guideline/concept-paper-revision-annex-11-guidelines-good-manufacturing-practice-medicinal-products_en.pdf)

8. What are cadence recommendations from guidance for the review of system audit trails?

• For both questions, the answer is very consultant-typical and generic: It depends… 
• However, I would like to point out excellent guidelines from PDA, the Technical Report (TR) 84, which talks about Data Integrity in manufacturing operations (but the principle could be applied in the lab and anywhere): Here, we find scores which depend on the data criticality, the system vulnerability and the frequency of usage which lead to concrete suggestions for audit trail review and backup frequencies. For the audit trail review cadence, the decision which is connected to the audit trail review must be considered, as explained in FDA’s Data Integrity Guideline (2018, see §8). Nowadays, we can often see that a high backup frequency becomes less of a problem if the technology is centralized so that standard backup procedures like database backups following a generation principle can be conducted fully automatically.