FDA Continues to Highlight Data Integrity as a QC Lab Issue

FDA warning letters issued between January and May 2024 continue to highlight the issue of ensuring data integrity within laboratories. As an example the warning letter to Westward Laboratories LLC, issued 14 May 2024, stated:

“… your quality system does not adequately ensure the accuracy and integrity of data to support the safety, effectiveness, and quality of the drugs you manufacture. See FDA’s guidance document Data Integrity and Compliance with Drug CGMP for guidance on establishing and following CGMP compliant data integrity practices at https://www.fda.gov/media/119267/download.”

The Integrity Issue

Managing laboratory data in a way that demonstrates it is not altered, or manipulated, remains a keen concern, especially with electronic records, files, and databases. Many instruments include an audit trail within their own database that captures changes to the data but how do you ensure that a ‘super-admin’ cannot go in the backend and manipulate that data. That may seem a ridiculous scenario until you think about the Russian drug doping scandal, where (it was alleged) the database itself was manipulated to cover up unwanted test results.

Common data Integrity issues cited during FDA inspections include:

• A lack of access control to files/folders/servers (including admin rights)
• The use of shared accounts
• A lack of control to prevent deletion of raw data
• A lack of audit trail review and inadequate data review procedures
• A lack of control to ensure the integrity of electronic data is maintained
• QMS excel spreadsheets not validated, or password protected
• Original quality records missing
• Incomplete quality records

Figure 1: File transfer of instrument data is very common

Data is commonly transferred via an intermediary static file output from an instrument and then imported into the LIMS. This handoff mechanism is itself vulnerable, which is one reason database to database transfers (instrument to LIMS) are becoming more common. Text file interfaces nevertheless are still the most common way of linking instruments to LIMS, with 80% of instruments linking this way in practice, so how can we really ensure data integrity?

Compliance Builder

Xybion Compliance Builder neatly bridges this gap providing a complete audit trail to ensure data integrity. Compliance Builder can monitor file locations on any windows-based server or PC, logging any file changes in a complete audit trail as they occur. It can be set up to monitor any directory/file hierarchy and provide an audit trail with revision management. Any files added, deleted, or modified will be captured in the audit trail, and different versions of the file may be inspected. It also allows electronic signatures for monitored data activity, ensuring a full independent audit trail.

Compliance Builder is the smart way to ensure that data at rest, however briefly, remains truly 21 CFR Part 11 compliant. In addition to monitoring folders and file locations it can also monitor databases (Microsoft SQL or Oracle, or Access), ensuring any changes within the database are properly logged. This is useful, even where instruments have their own software managing auditing in the instrument database, as the audit function can be centralized. Rather than many different instrument manufacturers with multiple audit trails, the audit function can be centralized providing a single quality audit management function for the entire organization.

Figure 2: Summary of Xybion’s Compliance Builder Features

Managing Global Audit

One typical example of Compliance Builder use is a US based fortune 500 company that makes medical devices, pharmaceuticals, and consumer goods. They had multiple QC labs running a wide range of instruments, each with their own way of capturing electronic records. This led to a huge disparity in audit trails which was difficult to manage and validate. In addition, there was uncontrolled access to instruments and critical data, so they were, in effect, unable to ensure data integrity across their global lab infrastructure.

Compliance Builder has allowed them to centralize the audit function, monitoring 400 workstations globally, with a total of nearly 7 million files and 15 million file revisions. In addition, the client has locked down the monitored folders to the specific instrument vendor applications, ensuring files cannot be tampered with. All historical audit trail and file revisions are available to users globally on-demand, satisfying the stringent data integrity demands of the US FDA.

Is Data Integrity Relevant to Your Organization?

Data integrity is important in every laboratory, as reliable analytical data is its main output, but this is especially so in regulated QC laboratories in pharmaceuticals, medical devices and aligned industries. You probably already have many software applications managing instruments, your laboratory, and your quality management processes. However, have you assessed the potential vulnerabilities in how the data interface between the systems, or the accessibility of data at rest (either within files or database). The ability to access and manipulate this data is what these warning letters are all about, and exactly the area that Xybion’s Compliance Builder covers.

Matrix Gemini LIMS customers using static files in their organization may want to simplify data compliance management by centralizing the audit function into one application, with a single interface rather than (potentially) hundreds spread over many different instruments, laboratories or sites. To find out more about Xybion’s Compliance Builder or book a demo please contact us.

{Note: Autoscribe Informatics is a subsidiary of Xybion Digital Inc. (TSXV: XYBN)}.