Editor’s Note: The following blog post summarizes an article that initially appeared in PDA Letter magazine. Read the full article.
Life sciences companies need trustworthy data to ensure the safety and quality of their drug products. Heightened regulatory focus on data contamination is driving companies to pursue a thorough understanding of data integrity and to modify their processes accordingly.
In this blog post, we’ll learn how to create a risk-based corporate data integrity program to ensure product safety and efficacy.
Complex organizational dynamics, such as human actions and business processes and procedures, cause data integrity problems. These sociotechnical dynamics are explained through the 5P model for human cognitive behavior, shown in Figure 1.
Figure 1: The 5Ps influencing cognitive behavior
The 5Ps are Principles, Processes, Purpose, People, and Performance. An effective data integrity program is designed to align the 5Ps in an organization.
In 2005, sociologist J.T. Wells introduced the fraud framework called The Fraud Triangle. The items in the triangle have been modified to apply to the biopharmaceutical industry.
Fraud occurs when one or more of these causal factors exist:
The incentive component is demonstrated by management’s acceptance or tolerance toward behaviors detrimental to data integrity. The opportunity for committing fraud happens when there is no mechanism to detect the fraud. The “everybody is doing it” attitude justifies noncompliant behavior.
An effective data integrity program must portray management’s unequivocal insistence on honesty and take pride in it. Now, let us explore the controls that must be in place to mitigate recurring data integrity issues.
Because it’s impossible to eliminate all data integrity vulnerabilities, controls must be established to reduce the likelihood of errors. Such controls consist of the following control triad components:
Whereas procedural control is primarily applied to practices and procedures during the data’s lifecycle, technical controls are designed into products to preserve data integrity. Digitization and digital tools, such as a validation lifecycle management system (VLMS), provide the technical controls to inhibit the unauthorized manipulation of test outcomes and help capture raw data to detect the manipulation of results.
Now that we understand why data integrity problems occur, we are better equipped to build an effective program. The program should advance through four phases, each consisting of one or more stages, as depicted in Figure 3.
PLAN: This phase includes (1) designating a project sponsor, a member of the CEO’s executive team to act as the conduit between the project team and executive management, (2) forming the core team that includes a project manager and management-level members from the quality assurance and information technology departments, at a minimum, and (3) forming the project team consisting of members from stakeholder groups, including external consultants who are data integrity subject matter experts.
DEVELOP: This phase includes (1) data integrity audits, or the discovery stage of the project, where the project team and equipment users conduct Gemba walks seeking information and capturing results in a template for consistency, and (2) developing a prioritized plan by conducting a risk assessment of the data integrity issues and vulnerabilities discovered during the Gemba walks.
DEPLOY: This phase consists of mini-projects performed by several breakout implementation teams. After completing these mini-projects, systems are deployed after being certified “fit for use” by the company’s quality assurance group.
MONITOR: Activities in this phase are designed to obtain better transparency and visibility into the data integrity program and provide corrections or revisions to improve the program’s effectiveness. Reviews of data-integrity-related 483s, warning letters, and corrective and preventive actions (CAPAs) could also provide input to revise the program.
The data integrity maturity model (DIMM) provides a consistent method of scoring the effectiveness of a data integrity program. The model guides the company to continually improve by climbing the maturity scale. When internal auditors use the DIMM to place the auditee department at a certain maturity level, it provides the department with a consistent measure of what needs to be done to climb the maturity ladder. The figure below itemizes the steps inherent in the DIMM.
Read the full PDA Letter article to learn how to build an effective corporate data integrity program to manage risk and pursue continual improvement to maturity.