FDA Regulators Address Data Integrity and Lab Audit Trails

FDA Regulator Panel Discussions: Part I

The topic of data integrity and its continuing significance took center stage during regulator panel discussions at key association meetings in late 2021. 

During the “Inspection-Based Panel Discussion” at the 2021 PDA/FDA Joint Regulatory Conference this year, other topics discussed included issues FDA has seen with records requests, the scope of remediation of deficiencies found on inspection, the use of consultants, and analytical instrument audit trails.

[Related: The intersection of data integrity and quality culture is one of four topics covered in the FREE Redica Systems compilation report, “The Current Pharmaceutical Quality Landscape.”]

The following were participants in the PFD/FDA panel discussion:

PDA/FDA Moderators

• Center for Veterinary Medicine (CVM) Supervisory Chemist Mai Huynh
• DL Chesney Consulting Principal and General Manager (former FDA) David Chesney

PDA/FDA Participants

• Center for Drug Evaluation and Research (CDER) Office of Manufacturing Quality (OMQ) Office of Compliance (OC) Manufacturing Guidance and Policy Staff Director CDR Tara R. Gooen Bizjak
• FDA Office of Regulatory Affairs (ORA) Consumer Safety Officer Sandra Boyd
• ORA Senior Advisor Rachel C. Harrington
• CVM Senior Policy Advisor Laura Huffman
•  CDER OC Global Compliance Branch Chief Quallyna Porte
•  ORA Supervisory Consumer Safety Officer Richmond Yip

This article is the first part of a three-article series:

• Part I below examines the discussions at the 2021 PDA/FDA Joint Regulatory Conference conference around data integrity with special attention to analytical instrument audit trails and the use of consultants.
• Part II focuses on discussions at the 2021 PDA/FDA Joint Regulatory Conference around quality culture and concerns voiced by FDA officials regarding responses to record requests and the scope of remediation efforts for issues identified during inspections.
• Part III will provide a synopsis of comments made at the ISPE Annual Meeting held in person and virtually in Boston a few weeks after the PDA/FDA conference by FDA CDER Commander (CDR) Tara Gooen Bizjak in response to a question asking what she sees as significant new/emerging global compliance issues.

Data Integrity and Data Governance Plans

CDER’s Quallyna Porte explained that one way to avoid data integrity issues is to have a robust data governance plan.

Firms need a data governance plan that is “well-established,” she maintained, “to ensure across the facility that the data is appropriately handled and that all the ALCOA [attributable, legible, contemporaneous, original, accurate] principles are met.” Porte said that the agency is “still finding that something as simple as unique passwords is not in existence at some firms.”

CDER’s Tara Gooen-Bizjak agreed. She added, “To put some numbers behind it, in CDER we have seen from 21% to over 34% of warning letters in the last five years have included charges or elements of unreliable data.”

In addition, she commented, “I think we are starting to see another layer as well, where not only is it unreliable data that investigators are finding on inspection, but now unreliable data that we are seeing through the remote evaluations.”

In other words, FDA investigators are seeing on inspection data that is different from what is provided remotely. “So, I think that there are a lot of layers to this. And data integrity continues to be an issue,” Gooen Bizjak emphasized.

[Author’s Note: For more on data integrity, watch this clip of a case study presented by Regulatory Compliance Associates’ Distinguished Fellow Susan Schniepp.]

Analytical Instrument Audit Trails

Moderator Chesney introduced the topic of audit trails for analytical equipment with the following questions:

• “Should audit trails be reviewed on each test as part of the assay review process, or can the audit trails be reviewed on a periodic basis, for example, weekly or monthly, etc.”
• “Is it more dependent on the type of system you are working with? The concern is that the audit checks for each test will slow the review process and take more resources during that process than performing it periodically to assure data integrity.”

Porte drew attention to the relationship between audit trails and data integrity by revisiting a theme she pointed to earlier in the panel discussion: data governance plans.

“I think one of the things firms should first look at is establishing, if you do not already have one, a data governance program. I will direct you to the PIC/S data integrity guidance [as a resource].”

She explained that when a firm sets up a governance program it needs to look at the laboratory audit trails.

“We all know there are tons of audit trails, right? We cannot just say, ‘Turn on all audit trails and review data for all audit trails,’ because that is a massive amount of information. What we expect firms to do as part of their data governance program is to review the audit trails and identify the ones that are critical—that are tied to GMPs and GDPs—and perform a risk assessment to determine which ones need to be reviewed and at what frequency.”

FDA investigators are seeing on inspection data that is different from what is provided remotely

The reviews would be based on the resulting plan. The firm would have evaluations from the risk assessment to be able to justify whether the reviews are for each batch, or a pre-established periodic timeframe, or whatever the case is.

“The bottom line here is we want firms to look at their overall data management system and establish a data governance program if there is not one in place. Based on that you will be able to determine how and when to conduct reviews,” Porte explained.

ORA’s Sandra Boyd suggested tying audit trail reviews to product release “to make sure that nothing happened—that each sample was only injected one time, and that there are no test injections. Prior to release, I would expect some sort of review to be done. The company would have to evaluate what audit trails to review and whether the review happens at product release or less frequently.”

[Editor’s Note: For more highlights from the conference, read the article, “7 Takeaways From the 2021 PDA/FDA Joint Regulatory Conference.”]

The Use of Consultants

Porte also addressed an area not often discussed by regulators: how firms use consultants. While it is common for the agency to recommend using consultants when a company has shown that it may not have the internal expertise to address issues found during inspection, Porte addressed how consultants are used and issues FDA has seen.

She noted her office has seen that “some firms are trying to orchestrate their use of consultants to their advantage. And what I mean by that is that they are limiting the information that they are providing to the consultants for the review. So, the review is not going to be complete.”

The bottom line here is we want firms to look at their overall data management system

In other instances, she lamented, companies have used consultants that “they are able to sway in terms of the results of their review.”

By way of example, the CDER Branch Chief said, she has seen instances where one consultant does a review and tells the firm that no major issues were found. The firm gets a second consultant who identifies significant gaps, signifying that the first consultant did not really perform a thorough job.

“When we say ‘use a consultant,’ we are looking deeper than just checking a box and saying that a consultant has been used,” she stressed. “We are looking to see if the consultants really have the background to provide the support to the firm that we are requesting, that the review is complete, and that the firm is providing the consultants all the information that they need for them to be able to do the kind of review that we are expecting.”

[Related: For more from author Jerry Chapman about data integrity, click here to download the FREE report, “The Current Pharmaceutical Quality Landscape.”]