End game for data integrity warning letters

Technology that supports paper to digital transition in pharma

What’s the craziest law you have ever heard of? In Sweden, it’s illegal to complain about lack of sunlight during the winter months.

Bizarrely, it is also illegal to be drunk inside a British pub. Some rules are made to be broken, but in pharmaceutical manufacturing, the rules aren’t lenient.

Here, Giuseppe Menin Industry Manager for Pharmaceutical, COPA-DATA, explains how technology is helping pharmaceutical manufacturers comply with data integrity regulations.

Pharmaceutical manufacturing is synonymous with legislation, and rules related to data integrity require a high level of attention. According to a whitepaper by ICQ Consultants, issues related to data integrity are increasing. In fact, FDA records show that number of 483 warning letters issued in 2015 was 19, but this increased to 98 in 2019.

Data integrity failures account for almost 20% of warning letters in devices, 15% in drugs and more than 40% in biologics.

Data integrity describes the completeness, consistency, and accuracy of Good Manufacturing Practice (GMP) relevant data in a pharmaceutical facility. According to data integrity guidelines, data must meet the Attributable, Legible, Contemporaneous, Original and Accurate principle - ALCOA, for short. Unfortunately, the industry is struggling to meet this standard.

Existing manufacturing equipment does not always comply with the ALCOA principle, so mitigating controls have to be implemented in the standard operating procedures on paper. However, this complicates operators working life and challenges Quality Assurance (QA) departments during inspections.

The ALCOA challenge

One of the common challenges related to the ALCOA principle is attribution and determining who changed the data. In a paper-based system, the person uses initials and a handwritten signature to confirm a parameter change in the system, or to record a value.

In line with ALCOA, electronic recording is preferred, with a unique access control credential that securely and permanently links the user to an audit trail with electronic signatures — shared or generic logins are not accepted.

Audit trails are one of the most important tools for inspectors to reconstruct the course of events related to any modification of GMP relevant information. However, this is another challenge for legacy equipment.

According to the ALCOA principle, audit trails must answer questions like: who modified the value? When? Why? Is the recorded value accurate and original?

Often, legacy machines do not provide an automatic audit trail, so manufacturers are forced to create it via paper procedures. Unfortunately, it’s challenging to guarantee ALCOA with a paper-based system. Only a validated electronic system can really certify its authenticity.

Data integrity compliance on legacy machinery

When operating legacy machinery, what should be adopted to avoiding paper procedures?

Let’s imagine a solution dedicated to a single machine in a pharmaceutical facility. First, you need a device that can connect to the machine control system, or programmable logic controller (PLC) and thus acquire the so-called Critical Process Parameters (CPPs).

To identify the sterilisation temperature, for example, the value is acquired and stored in the device. If the temperature exceeds the expected limits, a GMP critical alarm is generated. When starting a new batch, the set point values, or alarm thresholds must be changed in a controlled manner.

In this case, the operator will log-in the system with his credentials and make the change. The system then generates an audit trail event noting the change to the temperature set point value, including who made the change and at what time.

At the end of the lot, the system can produce a report that represents the temperature trend, any deviations. Using this method, the audit trail can provide a list of changes made to the relevant GMP parameters.

The data can then be saved on appropriate backup devices for long-term storage, as required by current regulations.

The object briefly described here, which we could call the Data Integrity Box, can work alongside the existing control system, for operations related to critical GMP parameters. We have thus updated an existing machine with a non-invasive approach, without modifying its configuration.

From digital silos to a connected plant

The prior example certainly satisfies data integrity, but it does keep the machine isolated — the so-called Digital Silo. However, it is possible to extend this concept to a group of machines.

COPA-DATA’s software platform, zenon, is capable of connecting to several machines of different types and is capable of centrally acquiring, processing and storing GMP-relevant data. This solution is known as the Automation Integration Layer.

Integrating the software across various machines, it is able to generate reports of alarms for deviations of GMP parameters, as well as produce audit trails and reports.

This approach can provide information in a contextual way to various users. For instance, the QA team may be interested in the audit trail, whereas an engineer may be more interested in the statistical process control (SPC) analysis.

What’s more, zenon can also communicate with other IT systems such as a manufacturing execution system (MES) or enterprise resource planning (ERP).

A large-scale pharmaceutical company in India solved its data compliance challenges using this strategy. Deploying zenon as an Automation Integration Layer, the company connected 160 separate machines, providing data to an MES, automating communication and thus, automating compliance.

Regulations associated with pharmaceutical manufacturing may seem increasingly complicated, but technology such as zenon is making it easier to adhere to these rules. Although remaining sober in a British pub – or continuing to smile during Sweden’s long winter months – may seem like an odious task, data integrity compliance needn’t be.

Companies