Are your laboratory practices enabling good data integrity when it comes to your equipment?

The following are additional questions submitted following the May 24, 2022 webinar, “Are Laboratories Perpetuating Data Integrity Problems?”, that featured presenters Paul Smith from Agilent Technologies and Consultant Bob McDowall. These questions specifically address laboratory instrumentation. A portion of the Q&A also covered audit planning.

For coverage of the webinar itself, read the articles “Data Integrity and Your Analytical Instruments” and “Invest in Tech to Avoid Data Integrity Issues.”

[Related: To access the webinar, including the slide presentation, click here.]

Question: Should orphaned data on IR spectrometers, pH meters, dissolved oxygen meters, etc. be part of the review or understanding of equipment?

McDowall: Yes! It is critical that orphan data are explained and associated with a specific analysis. I wrote a recent article on this subject from the perspective of chromatographic analysis that readers can access if they want further information

Question: What is IT’s responsibility versus data owners’ responsibility to perform a data integrity routine verification of GxP operational data of the following:

Archive data (pre- and post-decommissioning)
Backed-up data (pre- and post-decommissioning)
Operational data (pre-archival/backup)

McDowall: Process/data owners (i.e., business) are accountable for all data on the system throughout the data lifecycle. IT performs the work required by the process owner to ensure that the data are maintained and QA has oversight.

Question: What are some data integrity controls that can be applied to ensure cybersecurity?

McDowall: Firewalls should be properly configured and maintained. Perform penetration testing to identify any vulnerabilities. Keep up to date with security patches. Use AV that is kept current.

No USB sticks unless supplied by the company and tested to see they are okay before use. I would also advise restricting internet access from analytical instruments and training users not to click on links from unknown senders of emails.

[Related: Did you know there have been 41 secondary 483 observations issued this year that point to data integrity issues at human drug GMP sites? Contact us to learn more about how you can access these specific observations.]

Question: If a hybrid system has temporary storage, should the audit trail be enabled and reviewed? Is it better to rely on printouts when systems have partial audit trail capabilities?

McDowall: This is the fastest way to a 483 observation. Print away! The question contains a number of problems:

Temporary storage of data without the system automatically saving data is poor system design by a supplier and poor system selection by the laboratory. This is a data integrity problem for the laboratory and means that the laboratory relies on humans to press the save icon. Best advice: Replace the system.
Audit trails must always be enabled and never turned off. If the audit trail can be turned off, it is a poor system design.
If there is a partial audit trail, batch record or instrument log entries will be needed to have a complete record. Again, if it is not automatic it is a poor system.

Question: What are your thoughts on the four-eyes principle versus printouts (e.g., balances) for systems with no audit trail?

McDowall: The minimum requirement for balance is a printer, ideally, with user identification of actions. I would not expect such an instrument to have an audit trail, however, this creates static data which when entered into a computerized system becomes dynamic data.

I recommend interfacing the system with an informatics application to avoid the problem: see Stason Pharma and Tender Corp warning letters or the articles, “Do You Really Understand the Cost of Noncompliance?” and “How Static Are Static Data?”

Question: Although electronic laboratory notebooks can capture a large amount of critical metadata, is there an argument that the replacement of the traditional paper lab notebook where information about how the test was carried out by the analyst and the noting of events which may not seem important at the time of the test is lost.

McDowall: It is important that any informatics application has the ability to record problems and deviations contemporaneously instead of having to enter data into another system.