Presentazione standard di PowerPoint - salute.gov.it · Indice della presentazione 1. ... Data risk...

Virgilio DoniniDirezione generale sanità animale e farmaci veterinariUfficio 5

"Data must be retained

in a permanent format"

Indice della presentazione

1. Il recente «boom» del data integrity nel contesto regolatorio internazionale

2. Data integrity e i princìpi ALCOA

3. Panoramica sui documenti di riferimento (data integrity)

4. «Low hanging fruits»

5. Esempi di non conformità (ispezioni ufficio 5 DGSAF)

Il recente «boom» del data integrity

nel contesto regolatorio internazionale

2015

• MHRA - Data Integrity Definitions and Guidance for Industry• WHO - Guidance on good data and record management

practices

2016

• EMA - Questions and answers: Good manufacturing practice

• FDA - Data integrity and compliance with CGMP (già comunque presente nel 21 CFR part 11)

• PICS - Good practices for data management and integrity in regulated GMP/GDP environments

Il recente «boom» del data integrity

nel contesto regolatorio internazionale

Data integrity: novità 2017

ISPE:

Good automated manufacturing practice (GAMP) is both a

technical subcommittee of the International Society for

pharmaceutical Engineering (ISPE) and a set of guidelines for

manufacturers and users of automated systems in the

pharmaceutical industry.[

https://en.wikipedia.org/wiki/International_Society_for_Pharmaceutical_Engineering

https://en.wikipedia.org/wiki/Good_automated_manufacturing_practice

MHRA - Data Integrity Definitions and Guidance for Industry:

“The extent to which all data are complete, consistent and accurate throughout the data lifecycle.”

WHO - guidance on good data and record management practices:

“Data integrity is the degree to which a collection of data is complete, consistent and accurate throughout the data lifecycle. The collected data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate”.

Data integrity : definizioni

FDA – Data integrity and compliance with CGMP:

• For the purposes of this guidance, data integrity refers to the completeness,consistency, and accuracy of data.

• Complete, consistent, and accurate data should be attributable, legible,contemporaneously recorded, original and accurate (ALCOA)

PICS – good practices for data management and integrity in regulated GMP/GDP environments:

• Data Integrity is defined as “the extent to which all data are complete, consistent and accurate, throughout the data lifecycle” .

• Data integrity applies to all elements of the Quality Management System and the principles herein apply equally to data generated by electronic and paper-based systems.

Data integrity: definizioni

Data governance Data governance is the sum total of arrangements

which provide assurance of data integrity. These

arrangements ensure that data, irrespective of the

process, format or technology in which it is generated,

recorded, processed, retained, retrieved and used will

ensure a complete, consistent and accurate record

throughout the data lifecycle.

Data lifecycle Data lifecycle refers to how data is generated,

processed, reported, checked, used for decision-

making, stored and finally discarded at the end of the

retention period.

(2016 PICS - Good practices for data management and

integrity in regulated GMP/GDP environments)

Data integrity: concetti correlati

Data

Lifecycle

Data integrity e i princìpi ALCOA

Attributable

Legible

Contemporaneous

Original

Accurate

• Tra i primi sostenitori del principio: Stan Woollen – FDA

• Definito dalla linea guida WHO come : A commonly used acronym short

for “accurate, legible, contemporaneous, original and attributable.

• Principio ripreso in (esempi): Concept paper on clinical trials – EMA

Allegati alle GAMP (ALCOA+)

EMA Q&A on good manufacturing practices


Alcoa plus

Panoramica sui documenti di riferimento

(data integrity)

http://www.ema.europa.eu/ema/index.jsp?curl=pages/regulation/q_and_a/q_and_a_detail_000027.jsp#section18

EMA - Good manufacturing practice - (Agosto 2016)

EMA

Il concetto di ALCOA / data integrity

c’era già nelle GMP?

L’EMA ci risponde nelle

The main regulatory expectation for data

integrity is to comply with the requirement of

ALCOA principles. The table below provides

for each ALCOA principle the link to EU GMP

references (Part I, Part II and Annex 11)

EMA

12.4 Management systems for data and for documents should be designed to

record the identity of operators entering , changing, confirming or deleting

data including date and time

7.1 Data should be secured by both physical and electronic means against damage.

Stored data should be checked for accessibility, readability and accuracy. Access

to data should be ensured throughout the retention period.

EMA

Senior management should ensure that data integrity risk is

assessed, mitigated and communicated in accordance with

the principles of quality risk management. The effort and

resource assigned to data integrity measures should be

commensurate with the risk to product quality, and balanced

with other quality assurance resource demands.

Data risk assessment should consider the vulnerability of data

to involuntary or deliberate amendment, deletion or

recreation. Control measures which prevent unauthorised

activity and increase visibility / detectability can be used as

risk mitigating actions

EMA

The decision which data influences may differ in importance, and theimpact of the data to a decision may also vary. Points to consider regardingdata criticality include:

• What decision does the data influence?

For example: when making a batch release decision, data which determinescompliance with critical quality attributes is of greater importance thanwarehouse cleaning records.

• What is the impact of the data to product quality or safety?

For example: for an oral tablet, active substance assay data is of greaterimpact to product quality and safety than tablet dimensions’ data

It may be beneficial to provide a summary document which outlines theorganization’s total approach to data governance

EMA

Computerised systems should be

designed in a way that ensures

compliance with the principles of data

integrity. The system design should make

provisions such that original data cannot

be deleted and for the retention of audit

trails reflecting changes made to original

data

EMA

Data integrity - Electronic

The following expectations should be considered

where appropriate, based on data risk and criticality:

• enable traceability for issuance of the blank form by

using a bound logbook with numbered pages or other

appropriate system. For loose leaf template forms,

the distribution date, a sequential issuing number, the

number of the copies distributed, the department

name where the blank forms are distributed, etc.

should be known

• Distributed copies should be designed to avoid

photocoping either by using a secure stamp, or by

the use of paper colour code not available in the

working areas or another appropriate system

EMA

Data integrity - Paper

MHRA - Data Integrity Definitions and Guidance for Industry

Designing systems to assure data quality and integrity (1/2)

Systems and processes should be designed in a way that encouragescompliance with the principles of data integrity. Consideration shouldbe given to ease of access, usability and location whilst ensuringappropriate control of the activity guided by the criticality of the data.

Examples include:

• Access to appropriately controlled / synchronised clocks for recording timed events.

• Accessibility of records at locations where activities take place so that ad hoc data recording and later transcription to official records is not necessary.

• User access rights that prevent (or audit trail) unauthorised data amendments

• Automated data capture or printers attached to equipment such as balances (or double check?)


Designing systems to assure data quality and integrity (2/2)

• The use of scribes to record activity on behalf of another operator should be considered ‘exceptional’, and only take place where the act of contemporaneous recording compromises the product or activity e.g. documenting line interventions by sterile operators.

• …..the supervisory recording should be contemporaneous with the task being performed, and should identify both the person performing the task and the person completing the record. The person performing the task should countersign the record wherever possible, although it is accepted that this countersigning step will be retrospective.


PICS - Good practices for data management and integrity in regulated GMP/GDP environments

Risk assessments should focus on a business process

(e.g. production, QC), evaluate data flows and the

methods of generating data, and not just consider IT

system functionality or complexity. Factors to consider

include:

• Process complexity;

• Methods of generating, storing and retiring data and

their ability to ensure data accuracy, legibility,

indelibility;

• Process consistency and degree of automation /

human interaction;

• For computerised systems, manual interfaces with IT

systems should be considered in the risk assessment

process. Computerised system validation in isolation

may not result in low data integrity risk, in particular

when the user is able to influence the reporting of

data from the validated system.


Data governance system review

• The effectiveness of data integrity control measures should

be assessed periodically as part of self-inspection (internal

audit) or other periodic review processes. This should ensure

that controls over the data lifecycle are operating as

intended.

• In addition to routine data verification checks, self-inspection

activities should be extended to a wider review of control

measures, including a check of continued personnel

understanding of data integrity …………. e.g. by review of

continued training in data integrity principles and

expectations.


FDA – Data integrity and compliance with CGMP


La linea guida FDAè un documento

«Q&A»

What is an “audit trail”?

• Audit trail means a secure, computer-generated, time-stamped electronic record that allows

for reconstruction of the course of events relating to the creation, modification, deletion of an

electronic record.

• For example, the audit trail for a high performance liquid chromatography (HPLC) run could

include the username, date/time of the run, the integration parameters used, and details of a

reprocessing, if any, including change justification for the reprocessing.

• Electronic audit trails include those that track creation, modification, or deletion of data (such

as processing parameters and results) and those that track actions at the record or system level

(such as attempts to access the system or rename or delete a file).



How often should audit trails be reviewed?

FDA recommends that audit trails that capture changes to critical data be

reviewed with each record and before final approval of the record. FDA

recommends routine scheduled audit trail review based on the complexity of

the system and its intended use.

Who should review audit trails?

……… all production and control records, which includes audit trails, must

be reviewed and approved by the quality unit .

WHO: guidance on good data and record management practices

8 TRAINING IN GOOD DATA AND RECORD

MANAGEMENT

Personnel should be trained in data integrity policies and agree to

abide by them.

Management should ensure personnel are trained to understand

and distinguish between proper and improper conduct, including

deliberate falsification and potential consequences.

In addition, key personnel, including managers, supervisors and

quality unit personnel, should be trained in measures to prevent

and detect data issues. This may require specific training in

evaluating the configuration settings and reviewing electronic data

and metadata, such as audit trails. For example, the quality unit

should learn how to evaluate configuration settings that may

intentionally or unintentionally allow data to be overwritten or

obscured through the use of hidden fields or data annotation

tools.

Management should also ensure that, at the time of hire and

periodically afterwards as needed, all personnel are trained in

procedures to ensure GDP for both paper and electronic records


9 GOOD DOCUMENTATION PRACTICE


+ALCOA

LOW HANGING FRUITS (…. soluzioni accessibili)

Cattiva gestione degli accessi ai dati

• Passwords condivise

• Nessun controllo degli accessi ai sistemi GXP

• Mancanza di un adeguato sistema di assegnazionedei privilegi di accesso ai sistemi informatici (es. analisti con il profilo di amministratore)

• Gli operatori possono cambiare le “ricette” (produzione, cleaning) senza un adeguato controllo

• Non sono effettuati test per il recupero dati

Low hanging fruits …….

Mancata revisione dei dati elettronici e dei meta-dati critici

• I dati di laboratorio non sono sottoposti a revisione (es. (re)

integrazioni di picchi cromatografici o ripetizione di corse

cromatografiche)

• In generale le variazioni di dati analitici non sono sottoposte a

valutazione

Gli Audit trails non sono abilitati o vengono abilitati e disabilitati.Quindi:• Non è possibile garantire che tutti i dati siano disponibili per una

corretta revisione• E’ possibile mettere in discussione l’autenticità dei dati

Il controllo di data e ora non è gestito con adeguati livelli di sicurezza

Low hanging fruits …….

Esempi di non conformità(ispezioni ufficio 5 DGSAF)

• Registrazioni manuali: durante la visita sono stati riscontrati documenti di

vario contenuto riportanti registrazioni manuali di difficile lettura o mancanti,

correzioni non conformi alle GMP (es. registri bilance) e registrazioni dello

stesso dato discordanti tra vari documenti (es. registro analista e scheda

prodotto XYZ)

• Le etichette che si appongono sui contenitori in magazzino per confermare

l’avvenuto campionamento non prevedono l’apposizione della firma di chi ha

eseguito il campionamento e la relativa data.

• SOP XYZ “gestione impianto acqua purificata”: ……. le specifiche di

riferimento per il test dei nitrati e per quello dei metalli pesanti, da effettuarsi

sull’acqua purificata, sono invertite tra loro

Esempi di non conformità (ispezioni ufficio 5 DGSAF)

• Laboratorio controllo qualità - registro campioni : (i) il registro contiene

l’indicazione dell’arrivo di campioni di XYZ (lotto 123) in data 13 settembre

mentre tali campioni sono stati consegnati al laboratorio in data 14

settembre

• Magazzino materie prime: il log book materie prime del magazzino riporta

dei dati inseriti a penna senza che sia identificata la persona che ha inserito

tali dati

• Dall’analisi dei dati inseriti nel sistema di gestione elettronica dei dati di

laboratorio (LIMS) è emerso che il valore del titolo di due campioni è stato

corretto dall’operatrice. Per uno dei campioni appartenenti al liofilizzatore B

è stato inserito erroneamente il valore di un campione del liofilizzatore A e la

correzione è stata tracciata e giustificata nel sistema. Per un altro campione

è stato invece inserito erroneamente ………… In questo secondo caso

l’operatrice ha omesso di inserire una nota nel relativo campo note

associato alla registrazione della variazione del dato.

Esempi di non conformità (ispezioni ufficio 5 DGSAF)

In conclusione…punti da ricordare:

Il concetto di data integrity:

• è inserito nel contesto più ampio della data governance

• è basato su criteri di gestione del rischio (cui sono associati i dati)

• è l’applicazione dei principi ALCOA (+)

• già esiste nelle GMP (parte 1, parte 2, allegato 11)

• non si applica solo alle analisi di laboratorio / ai dati elettronici ma a tutte le

tipologie di dati ed attività che prevedono la generazione di dati

• non può prescindere dalla mentalità / formazione delle persone

• può essere inizialmente approcciato «cogliendo» i low hanging fruits

13/12/2017

Presentazione standard di PowerPoint - salute.gov.it · Indice della presentazione 1. ... Data risk...

Documents

Transcript of Presentazione standard di PowerPoint - salute.gov.it · Indice della presentazione 1. ... Data risk...