1、 Data Integrity and Compliance With CGMP Guidance for Industry DRAFT GUIDANCE This guidance document is being distributed for comment purposes only. Comments and suggestions regarding this draft document should be submitted within 60 days of publication in the Federal Register of the notice announci
2、ng the availability of the draft guidance. Submit electronic comments to http:/www.regulations.gov. Submit written comments to the Division of Dockets Management (HFA-305), Food and Drug Administration, 5630 Fishers Lane, rm. 1061, Rockville, MD 20852. All comments should be identified with the dock
3、et number listed in the notice of availability that publishes in the Federal Register. For questions regarding this draft document, contact (CDER) Karen Takahashi 301-796-3191; (CBER) Office of Communication, Outreach and Development, 800-835-4709 or 240-402-8010; or (CVM) Jonathan Bray 240-402-5623
4、. U.S. Department of Health and Human Services Food and Drug Administration Center for Drug Evaluation and Research (CDER) Center for Biologics Evaluation and Research (CBER) Center for Veterinary Medicine (CVM) April 2016 Pharmaceutical Quality/Manufacturing Standards (CGMP) Data Integrity and Comp
5、liance With CGMP Guidance for Industry Additional copies are available from: Office of Communications, Division of Drug Information Center for Drug Evaluation and Research Food and Drug Administration 10001 New Hampshire Ave., Hillandale Bldg., 4 thFloor Silver Spring, MD 20993-0002 Phone: 855-543-3
6、784 or 301-796-3400; Fax: 301-431-6353 Email: druginfofda.hhs.gov http:/www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/default.htm and/or Office of Communication, Outreach and Development Center for Biologics Evaluation and Research Food and Drug Administration 10903 New Hampshi
7、re Ave., Bldg. 71, Room 3128 Silver Spring, MD 20993-0002 Phone: 800-835-4709 or 240-402-8010 Email: ocodfda.hhs.gov http:/www.fda.gov/BiologicsBloodVaccines/GuidanceComplianceRegulatoryInformation/Guidances/default.htm and/or Policy and Regulations Staff, HFV-6 Center for Veterinary Medicine Food a
8、nd Drug Administration 7519 Standish Place, Rockville, MD 20855 http:/www.fda.gov/AnimalVeterinary/GuidanceComplianceEnforcement/GuidanceforIndustry/default.htm U.S. Department of Health and Human Services Food and Drug Administration Center for Drug Evaluation and Research (CDER) Center for Biologi
9、cs Evaluation and Research (CBER) Center for Veterinary Medicine (CVM) April 2016 Pharmaceutical Quality/Manufacturing Standards (CGMP) Contains Nonbinding Recommendations Draft Not for Implementation TABLE OF CONTENTS I. INTRODUCTION. 1 II. BACKGROUND . 1 III. QUESTIONS AND ANSWERS . 2 1. Please cl
10、arify the following terms as they relate to CGMP records: . 2 a. What is “data integrity”? 2 b. What is “metadata”? . 3 c. What is an “audit trail”? . 3 d. How does FDA use the terms “static” and “dynamic” as they relate to record formats? . 3 e. How does FDA use the term “backup” in 211.68(b)? 4 f.
11、 What are the “systems” in “computer or related systems” in 211.68? 4 2. When is it permissible to exclude CGMP data from decision making? 4 3. Does each workflow on our computer system need to be validated? 4 4. How should access to CGMP computer systems be restricted? 5 5. Why is FDA concerned wit
12、h the use of shared login accounts for computer systems? . 6 6. How should blank forms be controlled? 6 7. How often should audit trails be reviewed?. 6 8. Who should review audit trails? . 6 9. Can electronic copies be used as accurate reproductions of paper or electronic records? . 7 10. Is it acc
13、eptable to retain paper printouts or static records instead of original electronic records from stand-alone computerized laboratory instruments, such as an FT-IR instrument? . 7 11. Can electronic signatures be used instead of handwritten signatures for master production and control records? . 8 12.
14、 When does electronic data become a CGMP record? 8 13. Why has the FDA cited use of actual samples during “system suitability” or test, prep, or equilibration runs in warning letters? 9 14. Is it acceptable to only save the final results from reprocessed laboratory chromatography? . 9 15. Can an int
15、ernal tip regarding a quality issue, such as potential data falsification, be handled informally outside of the documented CGMP quality system? 9 16. Should personnel be trained in detecting data integrity issues as part of a routine CGMP training program? 10 17. Is the FDA investigator allowed to l
16、ook at my electronic records? . 10 18. How does FDA recommend data integrity problems identified during inspections, in warning letters, or in other regulatory actions be addressed? . 10 Contains Nonbinding Recommendations Draft Not for Implementation 1 Data Integrity and Compliance With CGMP 1 Guid
17、ance for Industry 12 3 4 This draft guidance, when finalized, will represent the current thinking of the Food and Drug 5 Administration (FDA or Agency) on this topic. It does not establish any rights for any person and is not 6 binding on FDA or the public. You can use an alternative approach if it
18、satisfies the requirements of the 7 applicable statutes and regulations. To discuss an alternative approach, contact the FDA staff responsible 8 for this guidance as listed on the title page. 9 10 11 12 13 I. INTRODUCTION 14 15 The purpose of this guidance is to clarify the role of data integrity in
19、 current good manufacturing 16 practice (CGMP) for drugs, as required in 21 CFR parts 210, 211, and 212. Part 210 covers 17 Current Good Manufacturing Practice in Manufacturing, Processing, Packing, or Holding of 18 Drugs; General; part 211 covers Current Good Manufacturing Practice for Finished 19
20、Pharmaceuticals; and part 212 covers Current Good Manufacturing Practice for Positron 20 Emission Tomography Drugs. This guidance provides the Agencys current thinking on the 21 creation and handling of data in accordance with CGMP requirements. 22 23 FDA expects that data be reliable and accurate (
21、see the “Background” section). CGMP 24 regulations and guidance allow for flexible and risk-based strategies to prevent and detect data 25 integrity issues. Firms should implement meaningful and effective strategies to manage their data 26 integrity risks based upon their process understanding and k
22、nowledge management of 27 technologies and business models. 28 29 In general, FDAs guidance documents do not establish legally enforceable responsibilities. 30 Instead, guidances describe the Agencys current thinking on a topic and should be viewed only 31 as recommendations, unless specific regulat
23、ory or statutory requirements are cited. The use of 32 the word should in Agency guidances means that something is suggested or recommended, but 33 not required. 34 35 II. BACKGROUND 36 37 In recent years, FDA has increasingly observed CGMP violations involving data integrity during 38 CGMP inspecti
24、ons. This is troubling because ensuring data integrity is an important component 39 of industrys responsibility to ensure the safety, efficacy, and quality of drugs, and of FDAs 40 ability to protect the public health. These data integrity-related CGMP violations have led to 41 1This guidance has be
25、en prepared by the Office of Pharmaceutical Quality and the Office of Compliance in the Center for Drug Evaluation and Research in cooperation with the Center for Biologics Evaluation and Research, the Center for Veterinary Medicine, and the Office of Regulatory Affairs at the Food and Drug Administ
26、ration. Contains Nonbinding Recommendations Draft Not for Implementation 2 numerous regulatory actions, including warning letters, import alerts, and consent decrees. The 42 underlying premise in 210.1 and 212.2 is that CGMP sets forth minimum requirements to 43 assure that drugs meet the standards
27、of the Federal Food, Drug, and Cosmetic Act (FD 49 212.110(b) (requiring that data be “stored to prevent deterioration or loss”); 50 211.100 and 211.160 (requiring that certain activities be “documented at the time 51 of performance” and that laboratory controls be “scientifically sound”); 52 211.18
28、0 (requiring that records be retained as “original records,” “true copies,” or 53 other “accurate reproductions of the original records”); and 54 211.188, 211.194, and 212.60(g) (requiring “complete information,” “complete 55 data derived from all tests,” “complete record of all data,” and “complete
29、 records of 56 all tests performed”). 57 58 Electronic signature and record-keeping requirements are laid out in 21 CFR part 11 and apply to 59 certain records subject to records requirements set forth in Agency regulations, including parts 60 210, 211, and 212.For more information, see guidance for
30、 industry Part 11, Electronic Records; 61 Electronic Signatures Scope and Application. 3The guidance outlines FDAs current thinking 62 regarding the narrow scope and application of part 11 pending FDAs reexamination of part 11 63 as it applies to all FDA-regulated products. 64 65 III. QUESTIONS AND
31、ANSWERS 66 67 1. Please clarify the following terms as they relate to CGMP records: 68 69 a. What is “data integrity”? 70 71 For the purposes of this guidance, data integrity refers to the completeness, 72 consistency, and accuracy of data. Complete, consistent, and accurate data should 73 be attrib
32、utable, legible, contemporaneously recorded, original or a true copy, and 74 accurate (ALCOA). 475 2FDAs authority for CGMP comes from FD for legible see 211.180(e) and 212.110(b); for contemporaneously recorded (at the time of performance) see 211.100(b) and 211.160(a); for original or a true copy
33、see 211.180 and 211.194(a); and for accurate see 211.22(a), 211.68, 211.188, and 212.60(g). Contains Nonbinding Recommendations Draft Not for Implementation 3 b. What is “metadata”? 76 77 Metadata is the contextual information required to understand data. A data value 78 is by itself meaningless wit
34、hout additional information about the data. Metadata is 79 often described as data about data. Metadata is structured information that 80 describes, explains, or otherwise makes it easier to retrieve, use, or manage data. 81 For example, the number “23” is meaningless without metadata, such as an 82
35、 indication of the unit “mg.” Among other things, metadata for a particular piece 83 of data could include a date/time stamp for when the data were acquired, a user ID 84 of the person who conducted the test or analysis that generated the data, the 85 instrument ID used to acquire the data, audit tr
36、ails, etc. 86 87 Data should be maintained throughout the records retention period with all 88 associated metadata required to reconstruct the CGMP activity (e.g., 211.188 89 and 211.194). The relationships between data and their metadata should be 90 preserved in a secure and traceable manner. 91 9
37、2 c. What is an “audit trail”? 93 94 For purposes of this guidance, audit trail means a secure, computer-generated, 95 time-stamped electronic record that allows for reconstruction of the course of 96 events relating to the creation, modification, or deletion of an electronic record. 97 An audit tra
38、il is a chronology of the “who, what, when, and why” of a record. For 98 example, the audit trail for a high performance liquid chromatography (HPLC) 99 run could include the user name, date/time of the run, the integration parameters 100 used, and details of a reprocessing, if any, including change
39、 justification for the 101 reprocessing. 102 103 Electronic audit trails include those that track creation, modification, or deletion 104 of data (such as processing parameters and results) and those that track actions at 105 the record or system level (such as attempts to access the system or renam
40、e or 106 delete a file). 107 108 CGMP-compliant record-keeping practices prevent data from being lost or 109 obscured (see 211.160(a), 211.194, and 212.110(b). Electronic record-keeping 110 systems, which include audit trails, can fulfill these CGMP requirements. 111 112 d. How does FDA use the term
41、s “static” and “dynamic” as they relate to record 113 formats? 114 115 For the purposes of this guidance, static is used to indicate a fixed-data document 116 such as a paper record or an electronic image, and dynamic means that the record 117 format allows interaction between the user and the recor
42、d content. For example, a 118 dynamic chromatographic record may allow the user to change the baseline and 119 reprocess chromatographic data so that the resulting peaks may appear smaller or 120 Contains Nonbinding Recommendations Draft Not for Implementation 4 larger. It also may allow the user to
43、 modify formulas or entries in a spreadsheet 121 used to compute test results or other information such as calculated yield. 122 123 e. How does FDA use the term “backup” in 211.68(b)? 124 125 FDA uses the term backup in 211.68(b) to refer to a true copy of the original 126 data that is maintained s
44、ecurely throughout the records retention period (for 127 example, 211.180). The backup file should contain the data (which includes 128 associated metadata) and should be in the original format or in a format 129 compatible with the original format. 130 131 This should not be confused with backup co
45、pies that may be created during 132 normal computer use and temporarily maintained for disaster recovery (e.g., in 133 case of a computer crash or other interruption). Such temporary backup copies 134 would not satisfy the requirement in 211.68(b) to maintain a backup file of data. 135 136 f. What a
46、re the “systems” in “computer or related systems” in 211.68? 137 138 The American National Standards Institute (ANSI) defines systems as people, 139 machines, and methods organized to accomplish a set of specific functions. 5140 Computer or related systems can refer to computer hardware, software, p
47、eripheral 141 devices, networks, cloud infrastructure, operators, and associated documents (e.g., 142 user manuals and standard operating procedures). 143 144 2. When is it permissible to exclude CGMP data from decision making? 145 146 Any data created as part of a CGMP record must be evaluated by t
48、he quality unit as part 147 of release criteria (see 211.22 and 212.70) and maintained for CGMP purposes (e.g., 148 211.180). Electronic data generated to fulfill CGMP requirements should include relevant 149 metadata. To exclude data from the release criteria decision-making process, there must 150
49、 be a valid, documented, scientific justification for its exclusion (see the guidance for 151 industry Investigating Out-of-Specification (OOS) Test Results for Pharmaceutical 152 Production, and 211.188, 211.192, and 212.71(b). The requirements for record 153 retention and review do not differ depending on the data format; paper-based and 154 electronic data record-keeping systems are subject to the same requirements. 155 156 3. Does each workflow on our computer system need to be validated? 157 158 Yes,
