Risk-Based Approaches to Data Integrity in Manufacturing

This summer, PDA Technical Report No. 84: Integrating Data Integrity Requirements into Manufacturing and Packaging Operations will be published. This document will identify frameworks that can be used to develop and sustain data integrity management procedures, systems, processes and controls. Employing these frameworks will help users achieve compliance with applicable laws, regulations and directives for pharmaceutical products.

While the requirement to maintain accurate and complete data is well recognized by industry, the level of data integrity controls needed at each step is not universally understood. Applying a one-size-fits-all approach to data integrity controls may be neither valuable nor, in certain instances, feasible. The use of a risk-based approach is essential to developing a robust data integrity program, considering the requirements from a data-lifecycle perspective. Risk-based concepts apply even as industry transitions from manual documentation systems to fully electronic or hybrid (manual and electronic) systems.

TR–84 will describe a quality risk management approach for establishing and assessing the appropriateness of data integrity controls for manufacturing operations based on the criticality and vulnerability of the data for its intended use. Mapping data vulnerability against existing controls, using the definitions and processes described in this technical report, will allow organizations to determine whether the controls in place are adequate to prevent inadvertent data integrity issues.

This technical report also will provide recommendations for implementing appropriate data integrity controls in manufacturing operations by describing both general considerations and opportunities for implementing differentiated levels of controls based on the criticality of the process or system being implemented. While most data integrity controls required by health authorities will apply in the same manner for any GMP data, the technical report team (comprised of members representing industry, regulatory agencies and consultants) has identified seven areas in which a risk-based approach may be applied. For example, the technical report will assess the differing levels of controls that may be applied to audit trails and to access controls for electronic systems based on the potential impact to the manufacturing processes.

TR–84 will also provide an overview of data integrity regulatory and enforcement trends in the United States and Europe.

PDA Technical Report No. 84: Integrating Data Integrity Requirements into Manufacturing and Packaging Operations is expected to be available for purchase in the PDA Bookstore in August.