PDA Points to Consider: Best Practices for Document/Data Management and Control and Preparing for Data Integrity Inspections

Background and Purpose

Based on its own experience and through a broad industry survey conducted with support from the Association for Accessible Medicines (AAM) and the Pharma & Biopharma Outsourcing Association (PBOA), the Parenteral Drug Association (PDA) has identified current questions related to data management and control that have been frequently cited in U.S. Food and Drug Administration (FDA) inspections or have led to FDA regulatory actions. The PDA Data Integrity Task Force has selected 11 questions to address at this time and included recommended best practices for each situation. The purpose of this document is to help to clarify these issues for industry and to help facilitate better compliance by sharing PDA members' expertise in and understanding of current best practices.

Data integrity inspectional observations by health authorities can have a severe impact on a firm from a regulatory and public perception perspective and should not result from a lack of clarity by industry about what is required. In addition, firms are concerned that the inability to produce a requested record or document during an inspection, even if not a standard report or existing quality system document, could be construed as delaying, denying, limiting, or refusing inspection, which also has significant consequences.

Question 1: Copies of Good Manufacturing Practice (GMP) Records

Context: On a daily basis, there are many valid reasons why a firm may wish to make copies of GMP records, including records that contain a lot number, batch-specific data, test results, or other data. For example, firms may make a copy of a batch record to provide to a Technical Services group to conduct an investigation. Especially in light of recent 483 observations that highlight documents with batch information found in a shredder, it is unclear under what conditions it is permissible to treat copies of GMP records as uncontrolled, non-GMP records. Requiring that the issuance, management, and destruction of all of these documents be controlled by the Quality Unit imposes an unnecessary burden on industry. The key is for firms to be able to show how they assure that an original record is the original record and that the data in the record satisfy ALCOA (Attributable, Legible, Contemporaneous, Original, and Accurate) principles.

Issue: Is a copy of a GMP record (e.g., printout of the raw data or photocopy/scan of a paper original record) itself considered a GMP document?

Clarification: As long as firms have full control over original GMP documents and the original GMP document is retained as required by the firm's procedure, copies can be created and destroyed as needed. A copy of a GMP record need only be retained if additional GMP information (e.g., raw data) is recorded on the document copy. As a part of maintaining control over GMP records, it is advisable to make sure that copies can be readily distinguished from originals (e.g., copies are stamped as “copy” and/or originals are stamped as “original”).

Question 2: Documents Not Traditionally Considered GMP Records

Context: In recent 483s, we have observed that documents not traditionally considered GMP records (e.g., e-mails and other communications) become the object of scrutiny and observations. A working definition of what the agency currently views as a GMP record for such things as e-mail, supervisor schedule, etc. would be helpful for industry. Firms communicate informally about production and quality-related activities on a continuing basis in order to facilitate operations. An e-mail regarding batch release may be essentially the written equivalent of a phone call from one colleague to another stating that a batch has been released. Requiring formal controls around all of these documents, or requiring that such documents cannot be printed and discarded/destroyed/shredded at will, creates a large burden on firms and their quality units.

Issue: Are e-mails or other papers that contain batch-related information such as product name, lot number, or test results considered GMP records if local procedures are clear on what is the system of record?

Clarification: Whether a document is considered a GMP record depends on whether it is generated to satisfy a GMP requirement (see Data Integrity and Compliance with CGMP, Guidance for Industry, April 2016 draft, “When generated to satisfy a CGMP requirement, all data become a CGMP record.”). For example, if e-mail is used as a record of batch release, it is a GMP document. If e-mail is used to communicate that a batch has been released, but the system of record for batch release is not e-mail, then the e-mail is not a GMP record. Similarly, drafts of risk assessments, investigation reports, etc. are not GMP (GMP) records until they have been reviewed and finalized. If companies use e-mails for GMP purposes, it is advisable to have a controlled process, governed by a standard operating procedure (SOP).

Question 3: Personal Diaries

Context: It is common for employees to use personal diaries or paper to record notes for themselves for non-GMP purposes, e.g., to-do list, training notes, personnel information. These notes are not considered to be GMP records by industry in general. Turning these notes into GMP records may in fact deter individuals from writing down information that is useful for effective time management or reinforcing one's own learning.

Issue: What types of entries/information can be recorded in a personal diary without being considered GMP records?

Clarification: If notes and diaries are used as personal and informal means of recording and are not the system of record for execution or documentation of GMP activities, then they are not considered to be GMP records. These informal recordings in personal notebooks might include to-do lists, training notes, coaching ideas, personnel information, etc.). Firms may want to consider controlling and spot-checking personal notebooks to ensure that they are being used only for non-GMP information. Firms may also want to train employees on what is and is not proper for recording in personal notebooks.

Question 4: Drafts of GMP Documents

Context: Firms generate many drafts of CGMP documents. It would be onerous and confusing to require that all of those documents be retained.

Issue: Are firms required to retain drafts of cGMP documents, such as reports of risk assessments, investigations, and validation?

Clarification: Once a final GMP document of record is created, drafts and documents used in the creation of the document of record no longer need to be retained. This includes documents and drafts used or created in the course of conducting an investigation. The final document is the document of record. GMP Change Control processes come into effect once a GMP document is formally approved. As a part of maintaining control over GMP documents, it is advisable to make sure that drafts can be readily distinguished from final documents (e.g., they are stamped as “draft”).

Question 5: E-mails as GMP Records

Context: Firms use e-mail for a variety of GMP and non-GMP purposes. It is unclear to many firms which uses constitute GMP uses and whether a firm's entire e-mail system becomes a GMP system due to its use.

Issue: Are e-mails considered to be GMP records?

Clarification: Whether e-mails are GMP records depends on whether they are being used to communicate GMP actions or content or capture GMP decision-making.

For example, if e-mail is used as the system of record for batch release, then those e-mails are GMP records, and local procedures should be clear on what is the system of record. If e-mail is used to communicate that a batch has been dispositioned, but that decision is formally captured elsewhere in accordance with the firm's SOPs, then the e-mail is not a GMP record. Similarly, if e-mail is used as the official system for escalation of quality issues per a firm's SOPs, then those e-mails are GMP records. If e-mail is used for informational purposes to note that there has been an escalation, and there is a separate system of record for escalations, then the e-mail is not a GMP record. The use of e-mail in GMP process(es) should be well-described in the relevant SOP(s).

To create a GMP record that is separate from the e-mail system, and to avoid an e-mail system being used as a GMP system of record, a firm may wish to consider printing, signing/initialing, and dating all of the relevant e-mails that constitute a GMP record. All of this should be done in accordance with a written SOP.

Question 6: Business Records That Are Not GMP Records

Context: Recent inspections have delved into business records that are not GMP records, such as footage from security cameras, drafts of GMP documents such as investigations, uncontrolled document copies, and security key card access systems. FDA may choose to inspect these items and may even use them as a means of finding GMP violations. However, the fact that records may be inspected should not mean that these items are GMP records. Otherwise, it would create an enormous burden on the Quality Unit to review and control new kinds of records.

Issue: If non-GMP records, such as footage from security cameras, drafts of GMP documents such as investigations, uncontrolled document copies, and security key card access systems are inspected, does that mean that they are considered to be GMP records?

Clarification: No. When generated to satisfy a GMP requirement, all data become a GMP record. But the fact that a non-GMP record may be subject to inspection or may be the source of an inspectional observation pertaining to a GMP issue does not turn it into a GMP record. However, if a system is intended to provide documented evidence of a GMP function or GMP result, then it is a GMP system. For example, if a key card entry system is used beyond employee exit and entry and is used as a log to monitor time spent in an aseptic core for purposes of media fill compliance, then it is being used for GMP purposes and should be clearly defined as such by local procedure. However, if such a system is evaluated on an occasional retrospective basis as part of a GMP investigation to ensure that an employee did not over-stay in the aseptic core, then that does not mean it should be considered a GMP system. Of course, any documentation from that system that is part of an investigation should be kept (in paper or electronic form) as a part of the investigation.

Question 7: Use of Shredders

Context: There is no GMP requirement prohibiting the placement or use of shredders in a facility. However, in light of recent observations relating to shredders and shredding, more guidance on shredders and document management would be helpful.

Issue: What restrictions pertain to the placement and use of shredders?

Clarification: There are no restrictions on the placement of shredders in a facility. However, due to the risk of unauthorized shredding of GMP records, it is recommended that firms prohibit shredders or other means of potential unauthorized document destruction in areas where GMP functions are performed. This especially includes those areas that create raw data, including production, warehouse, and laboratory areas, where the risk is more acute. It is acceptable to have shredders in areas that do not generate GMP records and/or documents, although procedural controls are advisable. These departments can include human resource, finance, and other management areas.

With respect to use of shredders, non-GMP records can be destroyed through whatever means a firm decides, including shredding (as long as such destruction does not violate corporate document retention policies). GMP records can be destroyed only when they have passed their retention period or if a true copy is being retained in place of original records.

For purposes of preserving confidentiality, firms may choose to provide secure bins for documents that require destruction in areas where there are not shredders. If those bins are in or near a GMP area, it is recommended that firms create procedures defining how destruction is accomplished. For example, Quality Unit review of bin contents may be appropriate in certain circumstances, such as during an audit or in cases of suspicion of inappropriate document or data management.

In a Research and Development (R&D) department, there may be GMP and non-GMP studies. It is advisable to create procedures and controls to prevent unauthorized destruction of GMP records in R&D.

Similarly, there are no restrictions on placement of correction fluid (e.g., Wite-Out) and sticky notes such as Post-It Notes, but it is advisable to prohibit them in GMP areas.

Question 8: Retention of Closed Circuit Television (CCTV)

Context: Firms are unclear what is required for retention of closed circuit television (CCTV) footage.

Issue: For how long does a firm need to retain CCTV footage?

Clarification: CCTV footage from cameras that do not serve a GMP purpose, such as security cameras, should be handled in accordance with applicable firm procedures and retention policies. In general, there is not a GMP requirement to use CCTV. If CCTV footage are serving a GMP purpose, such as for batch release, then the footage should be retained as GMP documentation because it is part of the raw data supporting the disposition of the batch. It is not a GMP requirement to record aseptic process simulation/media fills, nor is retention of such videos required, unless the video is used as the primary documentation of a GMP operation (activity) that is not documented by other means (such as significant activities that are not documented on the batch record or control records for the process simulation batch). Please note, however, that it is a cGMP expectation to make a video of a smoke study validation. This video is the raw data supporting the qualification of a controlled environment, and the video should be retained as a GMP record. Aspects of local data privacy requirements also need to be considered in defining local procedures.

Question 9: Data Capture Capabilities

Context: Many pieces of production and laboratory equipment have extensive data capture capabilities. Firms are unclear whether they can disable unnecessary functions and/or rely on alternate recordkeeping systems.

Issue: If a piece of production or laboratory equipment has electronic data storage capability, is a firm required to utilize that capability?

Clarification: If production or laboratory equipment captures data that is required under GMPs, it must be used unless there is a reliable and complete alternate paper or electronic documentation system in place that meets GMP requirements. Please note, however, that if electronic raw data is dynamic, then a fixed/static paper or electronic record may not constitute a complete copy of the original record because that record may be missing GMP-required data that is captured in the electronic system. Also, if there is an electronic audit trail, it should not be turned off in favor of a manual audit trail because a manual audit trail is necessarily less robust than an automatic one.

If an automated data capture system is disabled, it is advisable to document a good faith rationale for disabling the system. Firms should be prepared to defend the rationale during inspection if necessary, including evidence that all data required by cGMP is captured and retained by alternate system(s) as applicable.

If an electronic data capture system is not disabled and is not utilized for GMP purposes, firms' procedures should clearly identify what system is used as the source of raw data and what system is not. It is also recommended that firms review the non-disabled system's data as a part of their procedures. The reason for this is that any data that is captured may be inspected by the FDA and could be the basis for concerns about data integrity, for example, in the case of discrepancies between data in the two different systems.

Question 10: Quality Plans

Context: Firms may be reluctant to create and document quality plans (documentation of their goals and timelines for quality system improvement) for fear of that plan being used as the source of 483 observations.

Issue: If a firm has a quality plan, will an FDA investigator use that plan as the basis for 483 observations?

Clarification: If a firm has a quality plan, an investigator may assess the sufficiency of that plan and whether the plan is being fully and timely executed. The fact that a firm has a reasonable quality plan in place may not prevent observations but can be evidence of a firm's willingness to self-identify and address issues. The adequacy of the firm's plan and the progress that the firm has made in executing the plan may be viewed by a regulator as a positive indicator of the firm's status. Using a firm's quality plan as a roadmap for negative observations could create a disincentive to creation of such plans. Regulators often encourage firms to proactively meet with them if the firm finds data integrity deficiencies, rather than waiting for those issues to be part of an inspection.

Question 11: Questioning Investigator Actions in the Field

Context: There is a diversity of FDA investigators in the field, and inspections can unfold in a variety of ways. Some firms are unsure of what to do if they perceive that an investigator is acting inappropriately or inspecting non-GMP records, documents, or facilities without cause.

Issue: If a firm believes that an FDA investigator is acting inappropriately or inspecting non-GMP records, documents, or facilities without an apparent cause, what should the firm do?

Clarification: The law defines the FDA's inspectional scope for a drug factory, warehouse, establishment, or lab as including “all things therein (including records, files, papers, processes, controls, and facilities) bearing on whether” drugs are adulterated or misbranded or otherwise prohibited by the U.S. Food, Drug, and Cosmetic Act (FD&C Act). The only explicit limits on the FDA's inspectional authority are that it does not extend to financial data, sales data other than shipment data, pricing data, personnel data (other than data as to qualification of technical and professional personnel performing functions subject to inspection), and research data that is beyond the scope of FDA requirements (see FD&C Act 704).

Firms should be aware, however, that the FDA interprets its inspectional authority broadly. As the FDA has stated, the law “authorizes FDA to conduct inspections at reasonable times, within reasonable limits, and in a reasonable manner. Although the [law] does not specifically define ‘reasonable,’ FDA has long maintained that the inspectional authority … ‘extends to what is reasonably necessary to achieve the objective of the inspection.’” [See Guidance for Industry, Circumstances that Constitute Delaying, Denying, Limiting, or Refusing a Drug Inspection (October 2014).] In 2012 the Food and Drug Administration Safety and Innovation Act (FDASIA), Public Law 112-144, was enacted. This law includes a provision that deems a drug to be “adulterated” if the drug “has been manufactured, processed, packed, or held in any factory, warehouse, or establishment and the owner, operator, or agent of such factory, warehouse, or establishment delays, denies, or limits an inspection, or refuses to permit entry or inspection”. Under this law, drug manufacturers that delay, deny, limit, or refuse to permit entry or inspection are potentially subject to regulatory sanctions by the FDA including Import Alert, Warning Letter, and Seizure.

One issue that arises is what the FDA can inspect, such as whether the FDA can inspect the firm's e-mail system, phone messages, and individuals' offices. It has also been reported that FDA investigators have requested information or data in a format other than that which is generally used or maintained by the firm, and informed the firm that it would be a refusal of inspection if the firm does not produce the requested information or data in that format.

If a firm believes that an investigator is acting inappropriately or inspecting non-GMP records, documents, or facilities without an apparent cause, the first step is to raise that issue with the investigator. If the firm does not feel it can do so, or that effort is unsuccessful, the firm can contact the District Office at which the investigator works, the FDA Office of Regulatory Affairs (ORA) ombudsman, or others in ORA or management of the FDA Center for Drug Evaluation and Research to discuss the issue.

Conflict of Interest Statement

The authors declare no conflict of interest.