Understanding Data Integrity (Full Seminar)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Good morning everybody I'm Louis Glunz president of Regis welcome you to our coffee and chemistry talk. We have plenty of talks and if you look at our website through you're in it YouTube. I have a little promotion of our company. We're a company that takes molecules from development up through the clinic to commercial and we do all the associate the analytical, validation, and impurity work along with that fear you're finding documents to the Drug Master File (DMF). We have really good fortune that Mike Anisfeld here as a speaker. Mike has 35 years in the pharmaceutical industry in production, quality, and technical transfer. Mike was educated UK and it actually a qualified person in the UK so some of our products are released in Europe by QPs and Mike is one of those persons. For the last 15 years Mike's advised Regis, and he's no small part of us having zero 483s on our last three inspections were very happy about that. Let's make this a productive day. Mike going to talk for an hour on Data Integrity. This is the number one way that companies find themselves in FDA warning letters. And actually interesting your presentation yet some things were car companies are getting some data integrity issues. Oh you wait wait. Let's welcome up Mike Anisfeld. Good morning everybody! Good morning everybody slight qualification I am a QP in Europe but because I'm resident here in the States I'm on a reserve list in Europe the day I move back and tell them I'm officially back in England I become a full QP again so that's the bazzara T of the European regulations. Today we're going to talk about data integrity which is becoming the a number one topic in FDA inspections. Three weeks ago I was in Seoul Korea with a client who's going through his fourth FDA inspection so we expected no problem one inspector for five days three days spent doing data integrity two days looking at the quality systems never got in production never got into warehousing never got into validation it was all data integrity so that's the move of FDA these days. We're living in a world of lots and lots of data and many words and you hear about this all the time big data data integrity and what does it really mean to us and what does it really mean to society in general so it's how do you access the data who can change the data how do you maintain the data it's all part of that system. Just a bit of history some GMP trends in the 1980s we had basic GMPs you know the regulations came out and every was trying to get to grips with it. In 1990s we had the part 11 computer controls, if you remember y2k and we remember the panic of Y2K? Your bank accounts will disappear on midnight on December 31st 1999. Some of you may be too young to remember that. Then we had the aughts as they say the 2000s, where we got into quality systems, out of specifications, CAPA's and trending. Which was new to many many companies. And now this the theme of this last few years is data integrity and as I said it really is becoming the real focus of many inspections, not just FDA maybe British the Swedish other European countries are also very very concerned about this. So it's becoming a global issue of really big proportions. Some quality management principles and where does it all fit together. If you read into ICH International Conference on Harmonization, they have guidelines which are now in effect basically worldwide everybody follows them. If you read ICH Q10 they talk about quality management systems which involves the patient. What are we doing to impact the patient? Positively I hope! How do we design our drugs and our API's towards the patient? We talk about leadership and management responsibilities. Louis's job here at Regis is to give the people, the money, the finances, the time, to get the job done. Then he delegates the quality aspects to Dan he regulates the odious the production aspects somebody else but management is the top key issue. The Process. What is the process we're in? What are we trying to make? How we're trying to do it? and how do we design it but it's validated and foolproof? And then where is the evidence of that? Where is the data of that? And I've highlighted that because that's gonna be the subject today's discussion. Then we have CAPA Corrective Action Preventive Action. What do we do if things go wrong? Because none of you came to work this morning saying I'm gonna mess up things just happen. Well you may do I don't know. I hate the company I'm gonna really mess it up! But none of us really do that? Things happen so what do we do how to be correct? And then finally we get into FDA's big one these days which is their key to getting into data integrity their key to getting into quality systems. They first go for the annual product reviews. So it's we give them the information and they can rip us apart. But that's the Quality management principles. And you have to realize it's not just pharmaceuticals I don't know if anybody's followed the news in the last few weeks about the scandal in Japan. Kobe Steel, anybody heard of Kobe Steel? It hit NPR this morning for the first time. Kobe Steel makes the steel for automobile industry, and about 80 percent of all cars made in Japan use Kobe Steel. Well it turns out that they've been fudging all their data about the steel strength, and now there's a huge scandal which could impact every car made in Japan over the last 10 years, and could be massive, massive recalls. We're not sure yet what's gonna be happening. So it's not just the pharmaceutical industry who we worry about. It impacts everybody it impacts everything! Mitsubishi Motors another Japanese company manipulated data to make the fuel economy for some of its cars look better. Hey if Volkswagen does it why don't we! I mean hey! Let's join the club. This one blows my mind the US Air Force managed to lose a hundred thousand records in its database because they didn't do any backups. The US Air Force didn't do backups lost a hundred thousand records? Doesn't that tell you something about government, or in specifically where was there QA people to make sure the system worked properly? So it's not just pharmaceuticals. This is an old one from pharmaceuticals in 2003, where this company called Pan Pharmaceuticals had to recall every product on the market because they had systematic and deliberate manipulation of their quality controlled test data. If they couldn't do the test I just write at a number makes no difference nobody's going to check Well guess what? They got caught out and caught out. There was a period in 2004 that you could not get a vitamin product from always, because everyone had been made in Australia and shipped over here and he was a worldwide recall. The company went out of business about six months later. So it's everything. Now it is a global concern. You want guidelines on data integrity? Well there's one issued by the World Health Organization (WHO). The Pharmaceutical Inspection Cooperation (PIC/S) Scheme which is 50 countries has a guideline and it's identical word-for-word for the European Medical Agency (EMA). The British have come out with a great one an FDA has come out with a guideline 'ish'. It doesn't exactly tell you what exactly to be done and how. If you really want to know what to do read the British one. It's really the word for word tells you, no nonsense what to do. So I'll give you that reference all you have to do is Google: 'MHRA Data Integrity guideline'. You'll get it, it's free. So realize that if your data is not accurate, if we can't trust it it may as well not exist. Why do we bother having it? Means a lot of work to create it. So let's talk about what is data integrity. It's more than you may believe. It's the extent to which data is complete, consistent, and accurate throughout the data lifecycle from the initial generation, through recording and processing, including transformation of the data from manual to computer, from computer, to another computer, to a backup, to a restore it. Does it all hang together? Many companies I go to actually have you check that the restore function works? You back up the data great. But how do we know the file wasn't corrupted during the backup? When I say oh. Well I said well let's do it now. let's play humor me. Let's try and restore the data now and come back at lunchtime and show me the ax restore data matches the original data. Lunchtime comes and go as they say well we're still trying to do it. Well come on it should be just a press of a button! Right through retention archiving retrieval and finally destruction. Yes eventually you will destroy the data 10 to 20 years from now you still need to keep the data probably not so data sits in the middle of three circles it's like a Venn diagram. Confidentiality you don't want your data getting out to other people. Integrity can we rely on the data is integral and is it available to review that availability is often a big problem. The key to data integrity is what is called ALCOA. Everybody familiar with the term ALCOA? Aluminium Corporation of America, ALCOA that's their logo just remember ALCOA. No I don't have shares in ALCOA. And it's the key to data integrity. (So let's) What is this ALCOA? It's an acronym for five things the A is attributable. You clearly know who recalled the data who performed the activity it's been signed and it's been dated and you know who wrote the document and when they did it. Last year I was in India at API company, and the batch records are in English. Nice I can read it, and I'm looking at the batch record the production cycle the processing cycle the reaction time is 48 hours at a certain temperature and pressure and rotation. I'm looking at 48 hours worth of data and it's all written with the same slope of the hand writing the same color ink and it's all exactly written down the middle of the column. What would you think to yourself? Is this written by the person who did the job when they did the job? Probably not! So I said to these QA director next and I said, "You know I don't believe that the actual operator wrote there's details because 48 hours is six shifts each of six hours and you can have six types of handwriting but it's all one type of handwriting.", and he goes Mr. Anisfeld, you are totally correct. I said then why doesn't the operator do it? And they said well the operator can't read or right. I said okay I can understand that yeah read and write English. Why don't you write it in the local language Marathi? This is outside Mumbai. Marathi. He says no no Mr. Anisfeld you don't understand what I'm saying the local operator can't read or write anything. Totally illiterate in any language so we have to have the supervisors come in afterwards and write down what we think they will happened. So there's your first basic problem of data integrity. Legible. It must be possible to read or interpret the data after it's recorded. It must be permanent that means no pencils, no unexplained high hieroglyphics or symbols or codes and if it's correct it has to be done properly. You know the proper way one line through signature date new number or if in Japan two lines through as Japan is different no two I in one line through in Japan it means not whatever it is in two lines through means it's an error. It has to be Contemporaneous. The data has to be recorded at a time it was generated in close proximity to the location where the data is generated. So I went to one company where the balances are three rooms away down the corridor, and they go along to do the weighing, and they remember what the weighing is they come back three rooms they write it down. Not exactly the best practice. Original. The data has to be preserved in an unaltered state. If not you have to explain why not and you have to certify copies of the data. In France it is terrible there is a cultural thing there don't ask me why it is but it's a cultural thing. You want the data in reports to be neat and typed and legible. So they do that. They take the original data they copied into the typists and she typed up all neatly and legible, and then they throw away the original. Don't ask me why. I see that even this year. I saw that and lastly it has to be accurate has to really reflect the action or the observation made the data has to be checked where necessary and modifications have to be explained if they are not evident. So the data has to be checked where necessary that doesn't mean every piece of data has to be checked. There are what we call critical data elements and non-critical data elements. So if I'm recording your training. There are critical elements of the training: What was the topic? Who gave it? When was it given? What is not critical is the exact time it started to the second and the exact time it finished to the second. So that's critical non critical and there are many documents we have in our industry that really are not critical and don't need a second signature. I go to some places where everything has a second signature, and then the amount of manpower that takes on the amount of checking and rechecking is incredible. So first look at your data and say what is critical and what is not critical? You have to have a system to make sure you have data integrity. You can't just say well of course we have. Jim wrote it. Jim, we trust Jim, he's been here for twenty years. If he says he wrote it on Wednesday, he wrote it on Wednesday. That is a German attitude, but it's not acceptable. In Germany people work for the same company for years and years and years and after 20 years working with something you still don't know his first name. It's Herr Schmitt! So you need to have a system and process designed to encourage compliance with the principles of data integrity. You need to consider ease of access, usability, and location when ensuring proper controls. For example now this slide is totally stolen by me from the MHRA Data integrity guidelines. I make no claim to write written it so when you get to the guideline you'll see this exactly again. You need to record times that events happen if you are critical for time. I went to a company in Pittsburgh recently and every room I went to showed a different time. Not off by one minute or two minutes one room said 2:30 another one said ten minutes past 11:00. I mean no synchronization whatsoever! This is Pittsburgh. So you have to have access to clocks, and they should be master/slave synchronized. One master clock and all the others mirror it. and it should ideally be synced to a time clock you know by these atomic time. I have one in my bedroom. It's every hour on the hour some signal goes to a satellite and it's always correct as is my watch. Accessibility to batch records, and I would also add testing records at locations where the activity takes place. Ad-hoc data recording a later transcription to official records is not necessary. I went to a place recently where the weighing records was actually original was written on a paper towel, and then they took a paper towel and took it back to the lab, because the weighing was three rooms down. And I said, well where's the original data because I saw them do it on paper towel over there but here there's no paper towels. And well no we transcribed. Well the best solution to that is either take the lab book with you, or take the paper towel cut it out and stick it in the lab book I mean one of the other but, I want the original data. Control of a blank paper templates for data recording. Many places you go to they spilled some acid over the paper in the datasheet, go back to the lab, get/photocopy another data sheet and bring it in. Well how do we know the original data was the real data and what's been copied now on a new one? FDA doesn't like that at all. Abbott paid a fine of around quarter million dollars for that about 15 years ago. There's a real big issue. Access rights preventing data amendments. I would expect that the minimum there is an SOP that defines who can access data? Who can read data? Probably anybody. Who can write new data? Only authorized validated analysts, or trained analyts. Who can edit data? Probably only one or two people on the very strict controls, and who can delete data? Even more restrictive controls. But these things need to be defined in SOPs. You need to have audit trails. Audit trails need to be automatically generated. You can't have a little log saying well I change this on that and that's it. The system itself has to have audit trails and these audit trails need to be reviewed and FDA's latest thinking is when you do an HPLC chromatogram you print out the run sheet, you print out the chromatograms, and then you also print out the audit trail for that day or that operators work, and it needs to be reviewed as part of the batch record review. Automated data capture and Printers attached to the equipment is encouraged. So you don't have to write numbers down just take a printout. It's encouraged it's not a must but it's encouraged. and printers obviously have to be close to where they're the work is being done. If you are checking data you also have to have access to the raw data. So when QA does the batch record review and gets the QC lab it's not sufficient to get just a certificate of analysis from the lab they need to get the raw data with all the chromatograms without all the printouts of a QA can do a second person check or a third person checking some company. You need to control the physical parameters of time, space and equipment to perform the tasks to be done is required many places don't have room for printers don't have room for computer inputs so they transfer the data by hand. What we call sneaker ware. They take a disk away move it somewhere around. You have to have enough space to do these things. and as I said before staff checking the activities need to have the raw data this is a British thing that allows scribes to record activity on behalf of somebody else under exceptional circumstances a different company in India I saw the work of making tablets and the guys doing his work and standing just inside the door of the room is the supervisor with a checklist. The batch record riding up all the data because can't read it legibility. Guys just not able so the British allowed containment recording who compromises the productivity to accommodate cultural or staff literacy language and activities performed by an operator but witnessed and recorded by the supervisor. The FDA doesn't allow that. the British do. In both situations the supervisor recording should be contemporaneous and it goes on. Now there are different data record formats and depends on the complexity of what's going on. We can have simple activities, all the way through to complex activities. Simple activities may not require software at all and a printout could we represent the original data. For example, I'm doing a weighing. I do the weighing, I get a print out from the printer. There's no computer no data saved in the weighing balance there's no linkage to a LIMS system. What I do is I weigh it here's the printout that's a simple system. All the way to the most complex which has complex software and the printout itself doesn't represent the original data. The original data is captured in the hard disk inside the computer. I don't know if you're aware every time you made a photocopy on your photocopy machine, the big one downstairs hallway. There is a hard disk in there, and it keeps a copy of what you copied. Police could go in there ten years from now and see exactly what's being covered on that machine. So that's the original data. The print out is a facsimile. So we have no software all the way through to complex software, and if you put all your pieces of equipment on this scheme, a pH Meter has no software, the printout is what you get that's it. All the way through to Enterprise resource planning (ERP), LIMS systems, even CAPA systems, the further you get the more complex the data, the more you have to worry about data integrity. Can we trust? Can we rely on the data? My slides by the way have a series of builds on them and when you print out the handouts the trouble is it doesn't always print all the series of builds. I'm more than happy if you give me a business card, I can send you the original of the presentation, and then you can see the whole thing, all right. So documentation requirements for data integrity when you do chromatography work. I would expect to see the print run chart, the sample sequence, how you what you injected, your blanks, your standards, your calculation of system suitability, your actual runs, your system suitability, again. So print the systems is really from the start in the end print all the chromatograms, print all the calculations, and then print the audit trail for all work by that analyst for that day. That's nowadays what is expected to be the minimum for QA to reviewing for the QC lab manager to review the data, and FDA is spending a lot of time on the audit trail. There is an inspector, FDA inspector by the name of Peter Baker who is originally a chemist and is a wiz on this stuff. I've suffered through two of his inspections. And he knows HPLC is much better than most of you in the lab do, and he can do a number on this he got so bad that he caused two years ago three years ago 17 Indian Pharmaceutical companies to get warning letters, and the result of that was the Indian pharmaceutical Association asked the government not to renew his Visa! (laughter) And he got kicked out of India really seriously. He spent the next year at FDA headquarters teaching other FDA inspectors exactly what he knew, so now we have Peter Baker and lots of mini Peter Baker's! And Peter Baker then came to China and I suffered through his second audit. I suffered through one in India, I suffered through another one in China, and again he found things that we had no idea what he wasn't even looking for, and we got another warning letter on that. He's now been kicked out of China as well. I'm not sure where he is now but he is really knows his data integrity. We have to worry about data governance how do we address who owns the data throughout the lifecycle considering the design operational monitoring of the systems to comply with the principles of data integrity over intentional and unintentional changes of information. How do we control this? Who thinks about it? So include staff training in the importance of data integrity principles. The creation of a work environment that enables the visibility of errors. When you make an error, it should show up. My wife recently had a blood test, and her hemoglobin level went down to 6.9, and instead of just reporting the results, overlaid over the result was the word 'Panic Panic' to catch the nurses' attention, the doctor's attention, because when your blood level, when your hemoglobin goes down to that level, you can die. Two more drops in it, you're dead. So they all came running like crazy. You have to have a transfusion, right now. So that's how you get people's attention. The same with the errors. The visibility of errors. Senior management is responsible to implant the systems, the procedures to minimize the potential risks of data integrity and identify the residual risk, the using risk management techniques explained in the risk management ICH guidelines. And contract givers, that's you, using an outside lab or an outside testing facility have to ensure that data ownership, governance, and accessibility are included in contract and technical agreement. It should also govern data governance as part of your vendor assurance program. So part of your audits now of vendors is: how do they control their data? how do you know that their data is intact integrity? And raw data has to permit the full reconstruction of the activities resulting in the generation of the data. In the case of basic electronic equipment which does not store data, or provides only a printed output, the printout constitutes the raw material. For HPLCs, GCs, UV, the print out is not the raw material. No matter what your SOP says. Because I've been to place where it says in our facility we consider the printout to be the raw data. That's fine for you that's not fine for the authorities. The raw data is won't the first capture point. Are you all familiar with the term metadata? Metadata a really important issue. Some people are always confused by this. If you go home when your wife is on the telephone. You can hear the discussion from her side of it or his side of it just past on the phone, and you know the conversations going on and you can hear one side of the conversation. You have no idea who they're speaking to. A month later when you get your phone bill, you'll get a list of the date, who was called, the time of the call, the duration of the call. That is the metadata giving context to the one-sided conversation you heard a month ago. So the conversation itself is the data. The metadata gives you the background to it. Metadata without the data is useless. Data without the metadata is useless. So you need to make sure that you keep both so when you have a chromatogram you can see the print out but the metadata is all the who did the assay, what time they did the assay what other assays were done. That's all the metadata and that's what needs to be seen in the audit trail. So it's the data describes the structure the interrelationships and other characteristics. It's an integral part of the original record, and without the metadata the data has no meaning. You need to make sure the accuracy completeness and content of the meaning of the data and the metadata throughout the data life cycle. So if Regis is making an API, and you do, and your typical expiration date is what three years? Let's say three years. Then you need to keep the data for how long? Not three years, because your API is going into somebody else's tablets, and they have a four year expiration date, and the GMP says you keep data for the expiration date plus one year or two years in Europe, so that your customer has four years plus a 1 that's 5 plus your 3 is 8, and then your lawyers will say keep it forever. But but you have to think about the usage and the data retention time, okay. You need to worry about destruction of the data should and you need to consider the criticality and applicable legislative retention requirements. Archiving data should be put in place for long-term retention of relevant data in compliance with legislation. I became the QA manager of a company and I was looking at all our data. We had nice computers which at that time had three and a half inch floppy disk. I inherited some 11 inch disks the original Wang disks. Couldn't read them! I had no way of knowing what the data said. That's one of the problems we have today. CD ROMs as a data media storage is old hat. It's going out the way. You keep your data on a cloud. Where's the cloud? Anyone know where the cloud is? Who controls the cloud? How do you know what's happening your data? All these things come up cloud computing. You like the clouds? Took a long time to find a picture of clouds. All right. Here's a big issue because everybody's going to the cloud both for downloading software and for keeping your data. We have software providers who have SAS, high SaaS software as a service, infrastructure as a service. If you want to buy Microsoft Word today you probably can't buy it as a disk you could only rent it for them and have to pay a fee every year. They're keeping it as a service. You rent the service. Same with Adobe when you're trying to print out documents you can't buy the discs anymore I still use version 9 because it's on the disk that I've got, otherwise if I went to today's version 13 every year I got to pay 130 bucks! To me that's insane, that's how they make money. So where you use a cloud or virtual services you have to pay attention to understand what is being provided who owns it how you retrieve it how is retained and its security. The physical location where the data is held including the impact of any laws applicable to that geographic location should be considered. Has anybody heard of these Svalbard islands in northern Arctic Ocean? Svalbard it's a little set of islands owned by Norway, and it is year round average temperature 30 degrees. It is cold, and these server farms which have all these computerization get very very hot, so they are looking for places where they can cool it down. ah Svalbard, and we now have several data farms up in Svalbard. Who owns that data? Well the company you hired from? But what is the legislative rules for that data? Norway? Well that depends on which part of Svalbard you are? Because half of Svalbard is Russian. So you're gonna go with the laws of Russia to keep your data, and data hacking? We've heard that recently, or is it gonna be the Norway? Have you even thought about this. Responsibility of the contract give our acceptor and remember the cloud is a contract acceptor you're going to tell them store my data has to be defined and agreement, and if you want to go ordered it anybody want to go to Svalbard. It's difficult to get to by the way. You need to have timely access to the data including the metadata and ordered trails and you need to have kept by the data owner and the national competent authorities on request. You should be able to go there with reasonable advance notice. Hey I want to come and audit your facilities for GMP compliance because this is part of GMP and I want to come next November. Oh I can't come in November why not well there's no plane and no boat. Oh so you've got to think about those sort of things. Contracts with providers define the responsibilities for archiving continued right readability of the data throughout the retention period and appropriate arrangements must exist for the restoration of the software of the season as per its original interactive validated state. Many people rent software these days. I just mentioned word they say the advantage of renting software is we are constantly updating it so you never have an old version, and then you say well what about constantly validating your updates? You get silence. Because if you're buying a validated software great you use it but if they update it and don't even tell you though they just automatically do it every day, every night and then they don't tell you it's validated. Now you get into trouble when FDA shows up. So this is a big issue. Business continuity arrangements should include in the contract and tested. Supposing your cloud provider in Svalbard goes out of business. Or there is an earthquake because that is an earthquake zone and the whole of the island goes. Now what do you? Do you have backup plans? So there's data integrity business, especially as more and more people are going the cloud becomes more and more difficult. You can learn a lot by looking at warning letters from different agencies. The FDA has warning letters. The European Medicines Agency (EMA) has warning letters and it's very easy to find them. Just go European Medicines Agency (EMA). They don't call it warning letters. They call it. It's another word for it. It'll come back to me, but there's another word besides warning letters. Oh certificate of compliance. Just type in that word and you'll get that. The United Nations also has one by the way. Let me give you some examples. Now I mentioned the Chinese per oh sorry the Japanese problem today of the cars and steel. Here's another recent one from last month. Shandong Vianor in China. The firm failed to ensure that lab records including complete data your management acknowledged falsifying analytical test results that were used to support your release of something to the United States. Not good. And then your analysts revealed that the so and so a lot was sub potent however the stivic analysis provided shows with respect well in question about the why the C of a reported passing results even other batch actually failed. your quality unit manager stated, "I made a mistake." My question is where's QA? Because that was the lab manager. Where was QA? Where was their audits? Or more importantly where's the audits, that should have been happening from their clients? Because they're making API for American customers. What happened to their audits? This is a real interesting one from a company called Wockhardt. In India Wockhardt is a huge huge Indian Hospital group. they same areas we have a North Shore connect and we have the other chains here in the States Wockhardt has about 200 hospitals and they decided that really they should vertically integrate in every way possible so they bought the makers of (bed) sheets so they could get all the sheets at a cheap rate into the hospital. And then they said we can do the same with drugs and we started up doing drug manufacturer only trouble was they didn't have much idea about GMP and drug manufacture in general. So they've had repeatedly warning letters and this one from December while reviewing gas chromatography (GC) data on instruments so and so, our investigator found unreported results including OOS test results for raw materials. He didn't investigator explain why you failed to investigate. Also found you reported only two of three chromatographic injections during in process sample testing for residual solvent. You didn't explain why you excluded the third injection. Not good and your response indicates you have initiated a retrospective review of data over a multi-year period but your response is inadequate because it does not explain the depth of your electronic data review so you begin to see how FDA's expectation of data integrity is getting tougher and tougher. Let's go to a place that is about what two miles from here it's probably one mile from here. Morton Grove pharmaceuticals. Now Morton Grove has a very interesting history this is over 20 years it's gone through a successive series of ownerships and changing from the investment groups to pharmacy groups to investment group and now to a pharmaceutical ownership. Morton Grove pharmaceutical always had the same name in the same building. It is now owned by Wockhardt of India. the same Wockhardt of the previous slide, and your firm hasn't got proper controls over computer systems. Investigators observe the IT staff in your facility share the usernames and passwords to access your electronic data storage system. Your IT staff can delete or change directories and files without telling anybody. That is a major basic thing that integrity is a really serious issue. It could be that their IT group here a mile from here takes directions straight from the IT group in India could be. Who knows? All I know is that Wockhardt is not doing well with data integrity anywhere in the world. It also goes on, you failed to ensure that lab records include complete data. When our investigator reviewed your investigation of the above failure results we found your investigation assigned the cause of the failures to analyst error, if repeat tests delivered passing results. The original results were invalidated without scientific justification under the protocol and only retest results were reported. You can't do that. That comes back to your basic CAPA investigations. Your investigations have to have scientific rationale and validity before you say, these results are lab error analyst error. In fact companies that spend more attribute more than 10% of all that problems with the investigations to analysts are probably not doing a good job in the investigation because it's real quick and easy to I'll blame the analyst to move on. So that's a huge issue there. Japanese company earlier this year. The audit trail showed you perform this testing in duplicate. The audit trail indicated you conducted the sequence analyzing impurities of that lot. The audit trail showed a new sequence was started 24 hours after the first sequence. None of the 19 chromatograms generated in the first sequence were maintained and available for review. So ok, I don't have the original data I don't know why you got rid of it. What was wrong with it? so how do I know I can trust the second set of data? That's all comes out from looking at the audit trail and on the second set of chromatograms you could only provide you could not provide any rationale for not maintaining the original data and you failed to document the scientific justification for repeating the analysis. And again he goes on you don't mention electronic data for your ultra violet visible (UV/Vis) spectrophotometer and you don't have an audit trail, and in addition you revise the procedure called procedure on testing records all the data generated from any analytical device should be kept as records. However your response is inadequate. You haven't conducted a retrospective review to determine how your failures main records affects the quality of drugs previously made. So nowadays if FDA comes up with a data integrity problem it's not just one back today that's the problem They now once you go back and look at all the previous batches you made to make sure this Data Integrity problem doesn't affect all of them. I've had a client where he's had to go back through three years worth of data for a specific product, because that's the shelf life on the market. The FDA says well we find a problem in today's analysis how do we know the last three years where the data is okay. Can you imagine the workload to do that? It's unreal. So all this comes back to data integrity. I'm only trying to give you an introduction I've got a one-day seminar on this stuff so I hope I've given you some thoughts some ideas and if there's a big black cloud hanging over the room, good. But remember Data integrity repair depends on you. It's how you work within the framework of your company and I thank you for your attention. If there's any questions please now's the time. I apologize I rushed a bit because I knew we were at least half an hour late, so if there's any questions please. Yes sir, yes. so when you're a company we do service and my clients in New York and I don't change my computer clock now I'm printing my printout there's an hour difference compared to zero each time and say you started this thing and then every time there's a solution to that an easy solution I have a client who makes products in America but one of their tests is so super specialized specific the equipment to do it is based in Germany and so they sent the sample over Germany into it so now how do we synchronize all the boxes have you heard of the universal coordinated time GMT that company all of their clocks in every facility everywhere worldwide runs on gmt or UTC that's the way you get out at reading issue for you where do you see the endgame trending I guess there is no end to the complexity of legal where no really every every somebody comes up with a new system and you new routing to replace the cloud then we gonna have to figure out what that what everything about that it's just an ongoing thing it's like counterfeit drugs how do you ever get ahead of the counterfeiters you don't you have to always react it's the same with this how do you get ahead of it you can't because new technology new ways of working you're always going on some here's a consult this great FTA comes out with new regulations I get more business. For you guys who work with it it's a pain in the neck. sorry John machine o'clock yes please in my experience it seems like it's there's pressure to do things fast maybe you that's why you looking at interesting why is FDA looking at people are getting sloppy the more FDA concentrates on things like validation things like data integrity the more we're noticing in the industry basic GMP s are just dropping away people don't focus on that so things like forget it a sign of entering it well you should have gone automatic so it's autumn Erin done so yes there is this huge problem as soon as FDA picks a new topic to concentrate on everybody runs to worry about that and then other stuff gets left behind it's just the way it is. Yes the cure for all your cloud storage requires you to have an arraignment with a mythical company somewhere who knows, but cure is the old-fashioned cure have a backup that's stored off-site. You control the data. You know where it is. You know think about it. Cost-effectiveness I don't know but I'm saying that's the cure I don't trust the cloud I keep nothing on the cloud even my backups are always on to a local Drive kept in another building yes you commercialization you have to prove that you did not have the product for commercialization how does your piece approaches to data integrity reflect upon I'll be honest I don't deal with intellectual property so I don't even know how to answer your question I'm sorry I know what I'm an expert in and I know what I'm not and I stay away from what I'm not sorry yes please laboratory I've seen it with process computers we're in the production area you can change the parameters of the production there's an audit trail there and you review that as part of the batch record review to make sure that the new inputted date if we examine it says stirred a temperature of 90 to 110 and they can change that depending on whatever and so you want to make sure that the guy changed it to something correct so yes I want to see the audit trail as part of the printout of temperatures and times and also be the audit trail so that's becoming common oh yes oh yes absolutely and it gets very complicated when the technical agreement includes that your supplier that's a contract lab is using the cloud for its storages then it gets very complicated but yes I am seeing it in Last Chance very once if you have any questions in the future on the back slide is my email address don't try and follow me I'm never there let's send me an email and I'll get you an answer within 24 hours thank you everybody
Info
Channel: Regis Technologies, Inc.
Views: 23,248
Rating: 4.8754864 out of 5
Keywords: Regis Technologies, Globepharm Consulting, Michael Anisfeld, GMP, Pharmaceutical, Drug development, Data Integrity, ICH
Id: FnEE9Eoy56A
Channel Id: undefined
Length: 41min 56sec (2516 seconds)
Published: Mon Nov 13 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.