This Special Report represents the 3rd year that we have published an evaluation of warning letters associated with data governance and data integrity deficiencies.

Failures in data integrity and data governance is an enforcement area that began almost 20 years ago and continues to increase in visibility and number of warning letter enforcement actions.

FDA is not the only health authority that identifies these issues in inspections and enforcement actions, but FDA’s transparency ensures these data are readily available.

In summary, we:

  • Briefly review the history that serves as background to where we are now.
  • Identify CY2017 warning letters that cite data integrity deficiencies.
  • Identify the number of warning letters citing this topic in the past 10 years and the country location of these sites.
  • Identify the regulations cited most frequently in CY2017 (in drug GMP warning letters) addressing data integrity failures.


Let’s begin with a review of where and when this topic originated. The “generics scandal” of the 1980’s identified falsified data submitted to FDA in support of ANDA drug approvals. In response, FDA brought a new focus to pre-approval inspections (PAI) to evaluate raw laboratory data included in the marketing application and to evaluate whether the site was capable of manufacturing as described in the application.

In parallel, FDA recognized the pharmaceutical industry’s increased reliance on computerized systems. In response, FDA developed and published 21 CFR11, the final rule on Electronic Records and Electronic Signatures in 1997 and its preamble.

While the requirements for electronic signatures were understood, confusion remained on both sides regarding the interpretation and enforcement of requirements for electronic records. Following enforcement actions against Able Laboratories in 2005 and against Ranbaxy in 2006 and 2008, FDA announced a pilot program in 2010 to evaluate data integrity as part of routine GMP inspections. FDA planned to use the information gained from these inspections to determine whether revisions to Part 11 or additional guidance on the topic were necessary.

FDA Investigator Robert Tollefsen describes the program in a slide deck presented at a variety of industry conferences in 2010. In the slide deck, FDA stresses that they will “continue to enforce all predicate rule requirements, including requirements for records and recordkeeping.” In fact, deficiencies in Part 11 are rarely, if ever, cited in warning letters because almost all failures are those where firms fail to comply with the predicate rules.

Further, enforcement directed at data governance and data integrity is not limited to the GMP area but now includes GCP. Some data integrity failures address clinical investigators and IRBs that fail to collect data or fail to retain data. The most dramatic cases, however, include those where problems occur at sites that perform bioavailability and bioequivalence studies including GVK and Semler Research.

Fundamentally, all data integrity deficiencies identified in forms-483 and warning letters are failures to follow cGMPs as specified in the predicate rules. The FDA has not implemented novel interpretations or requirements governing data governance. The use of computer systems and other electronic systems require different approaches to ensure compliant practices, but these are all based on the existing regulations in 21CFR211.

Keep reading here for all of 2017’s data integrity warning letters summed up into figures & tables (color-coded, too!)…

About the Author

Barbara W. Unger is Govzilla’s Quality Expert and Editor-in-Chief of GMP Regulatory Intelligence.  She formed Unger Consulting, Inc. in December 2014 to provide GMP Quality consulting services to the pharmaceutical and biopharmaceutical industry.  At Amgen, she led the segment of the Corporate GMP Audit group at Amgen focused on API manufacturers, Quality Systems and Computers.  She developed, implemented and maintained the GMP Regulatory Intelligence program for 8 years at Amgen Inc.  This included surveillance, analysis and communication of GMP related legislation, regulations, guidance and industry compliance enforcement trends.  This was an essential service and tool within the Corporate Audit function.

Unger Consulting Inc. | | 805.217.9360

Get a Demo

We’ll can show you insights into any of your key suppliers, FDA investigators, inspection trends, and much more.

Request a Demo