By Brian James, Ph.D., SVP of operations, Rondaxe
As a sourcing professional, a great deal of your time is spent identifying and vetting suppliers. After generating a list of promising candidates, conducting interviews, sending out questionnaires, and performing a site visit, you feel comfortable recommending a CDMO. After careful thought and a lot of hard work, it can be a significant setback if your chosen partner fails a quality audit. At best, you can turn to your second choice, but now you have lost time and money.
How can this be avoided? There are steps you can take early in the process to limit the likelihood of choosing a supplier with a major quality issue, specifically risks associated with data integrity.
Data integrity is a hot topic and will continue to be a concern as the regulatory environment becomes more stringent. Recent data integrity violations are due to the industry’s failure to develop QA standards that keep pace with rapidly evolving technology or human error. Warning letters citing data integrity concerns are on the rise, illustrating the problem. This leads to the question: How can people who are not QA professionals identify potential issues early to avoid future headaches?
The answer is simple, but not easy. Think of ensuring data integrity as a puzzle with three components: The first piece is the human element, the second is process management, and the final piece is product-specific data. For an initial supplier visit, the human element should be the focus, with the other two pieces of the puzzle addressed in a later formal quality audit.
THE HUMAN ELEMENT AND ALCOA
To illustrate the importance of the human element, the problem should be clearly outlined. In other words, how bad can it be, really? Consider this story:
During the second day of a quality audit with two other auditors, we were focused on batch records, calibration data, and SOPs. On one of the batch records that was more than a year old, I noticed a missing signature from the operator. I pointed out the blank space to the site head of QA, expecting, at least, an explanation. Without batting an eye, he glanced at the record, forged the operator’s initials, and handed the batch record back to me. No investigation, no deviation. Just like it never happened. Of course, the next person to review the same record would never know.
I have relayed this story to a few people, and each time I am met with complete disbelief. Although it may be hard to believe, this is a true story of the worst data-integrity violation I have ever witnessed. Not surprisingly, this CDMO was not awarded the contract.
Many people are familiar with the acronym ALCOA that encompasses the human component of data integrity. Is data attributable, legible, contemporaneous, original, and accurate?
During the initial site visit, the focus is often on determining whether the CDMO can manufacture your product, but extending your observations further saves you time and trouble.
ATTRIBUTABLE: WHO DID IT?
Attributable refers to who recorded the data, but it also encompasses access. The most common infraction I notice during site visits is the lack of access control, specifically regarding analytical instrumentation. Systems running without password protection do not inspire confidence in a high degree of data control. Without the security of password control, there can be no assurance the data is attributable and has not been manipulated. Some examples of attributable data include:
- test results that are initialed and dated by the analyst performing the testing
- adjustment of a set point on a monitor made by an operator and the change logged in an audit trail
- a math error on a lab record that was initialed and dated to show who made the correction and when.
Another issue addressed in FDA warning letters can be described as testing or reprocessing into compliance. An analyst who suspects data may be false can delete the file and repeat the analysis. This is a subtler infraction and difficult to detect on an initial visit, but you should ask if data is discarded, and if so, if there is an SOP to outline the process.
LEGIBLE: ANYBODY CAN READ IT
This entry speaks for itself; if you cannot read the records now, staring at them as you try to piece together why the last batch failed specifications is not going to improve the chicken scratch some people pass off as writing.
- Use indelible ink to record data in lab notebooks.
- When correcting entries, strike out the old entry with a single line.
CONTEMPORANEOUS: RECORDED IN REAL TIME
The issue of contemporaneous data is becoming more critical with the advent of digital records. Many companies have moved to electronic records and storage, which brings up additional questions: Does the CDMO use electronic or paper records during manufacture? Are electronic records password-controlled, and do they require completion of all entries? The answers to these questions will reveal a great deal about the overall quality of the potential CDMO and data integrity.
As you audit the potential supplier, keep in mind:
- Experiments and results should be performed and recorded in real time.
- Electronic data should include a date/time stamp.
- Date/time stamps should be included in the record with the recorded data.
Sometimes a company prefers paper records over electronic, but this does not have to be a deal breaker. Paper records require additional questions in terms of accessibility and safe storage. Are the paper records kept in a place easily accessible by the operators? Records stored in a control room are less likely to be stained or ruined but are also less likely to be completed contemporaneously.
ORIGINAL AND ACCURATE: NO COPIES ALLOWED
Well, except for when copies are allowed — as in the case of a true copy. A true copy is not run off the copy machine in the corner but is certified in some manner to be an accurate rendition of the original source material from which it was copied.
I often see confusion in the question of source data. Sometimes it is unclear exactly what the source data is, e.g., a high-performance liquid chromatography (HPLC) trace. An HPLC trace is not source data, but a representation of source data. The original source data is stored in the computer as a series of zeros and ones. In the same way, a nuclear magnetic resonance (NMR) spectrum is not source data either. The original data is enfolded in the free induction decay (FID) used to generate the NMR spectrum. Clarifying the principle of original and source data in the context of data integrity allows you to pinpoint areas of concern during an audit. Accurate data is reflective of what happened or was measured and should be error-free, complete, and truthful. Any processing or edits should be documented and explained.
In the pharmaceutical industry, data integrity is key to ensure the end products meet the required quality standards. For someone who is not a quality control professional, following the guidelines outlined can be the key to selecting a high-quality CDMO who delivers a successful campaign for your project.