From paper to electronic data
Bioindustrypark, October 10, 2013
Dr Alessandra Grande
Ivrea GxP Test Facility QA Manager, Head Global BMT QA
Research & Development Quality Assurance MerckSerono RBM
Outline
• Kind of data
• Requisites
• Applications
• Conclusions
Outline
• Kind of data
• Requisites
• Applications
• Conclusions
Guideline evolution
Electronic Paper and electronic system
Paper
homogeneous
hybrid
ISPE GAMP Good Practice Guide, Part 11 Compliant Electronic Records and Signatures 2006.
ISPE GAMP Good Practice Guide:
Risk-Based Approach to GxP
Compliant Laboratory CS, 2012.
AGIT, Guidelines For The Acquisition And Processing Of Electronic Raw Data In a GLP Environment, 2005.
FDA Guidance for Industry, Part 11 Scope and Applicatio n, 2003.
EU GMP Annex 11 CS, 2011 21 CFR 11,
Electronic Records;
Electronic Signatures final rule, 1997 OECD
Monogr aph No.
10; The Applicat ion of the Principl es of GLP to CS 1995
Red Apple II CS in Nonclinical Safety Assessment:
Current Concepts in Validation and Compliance 2007
Peach CS in Clinical Research:
Current Quality and Data Integrity Concepts 2008 EPA
GALPs Good Automat ed Laborato ry Practice 1995
FDA
Guidance for Industry; CS used in Clinical Trials
Updated May 2007
Paper vs e-Data
At the beginning of 2000, after the FDA 21 Part 11 publication moving from paper to electronic seemed to have some pro and some cons:
Trendy Costs Space Lack of
- confidence - CS knowledge
- guideline interpretation
Paper vs e-Data
Paper Electronic
Methodologies well established and stable
Computer technologies &
languages change frequently
Information can be read without any tools
e-management requires the use of computer languages & technology
Paper records are understandable without the use of additional
records.
e-record is not self contained &
requires other records to understand its meaning
Data definition in regulated environment
GLP OECD Raw data means all original test facility records and documentation, or
verified copies thereof, which are the result of the original observations and activities in a study. Raw data also may include, for example, photographs, microfilm or microfiche copies, computer readable media, dictated observations, recorded data from automated instruments, or any other data storage medium that has been recognised as capable of providing secure storage of information..
GCP ICH Source Data: all information in original records and certified copies of original records of clinical findings, observations, or other activities in a clinical trial necessary for the reconstruction and evaluation of the trial
EU GMP Chapter 4 Documentation may exist in a variety of forms, including paper- based, electronic or photographic media. The term 'written' means recorded, or
documented on media from which data may be rendered in a human readable form.
Records include the raw data which is used to generate other records. For electronic records regulated users should define which data are to be used as raw data. At least, all data on which quality decisions are based should be defined as raw data
Alessandra Grande 10th October 2013
Raw Data/Source Data - Meta Data
Raw data: original observations/activities recorded contemporaneously Raw/source data collected on a computer system can be:
– Electronic records
– Computer generated printouts – Other media
Meta Data: information held in the computer system which translates and/or supports the data (e.g Instrument settings).
- Must be maintained for as long as the data is required - Specific to the software application
- Integrity of data requires integrity of metadata
Data in the e-environment
In computer science, data is anything in a form suitable for use with a computer. If a program is a set of instructions that detail a task for the computer to perform; data is everything that is not program code.
Data is what the users and regulators are interested in.
Binary files (which are not human-readable) are sometimes called
"data" as distinguished from human-readable “text”
e-data systems in drug development
Pre-clinical
• Laboratory Information Management Systems, Clinical pathology
Phase I – Safety and tolerance
• CRF data management, EDC (Electronic Data Capture)
Phase II - Safety and Efficacy
• Study enrolment , Drug supply, Data capture, Clinical records
Phase III
• Statistics, Regulatory Submissions, Health Economics
Pharmacovigilance
• Adverse Events Reporting
Documentation management
• Change control (TW), Procedures (EDMS)
E&V/Maintenance
• SAP, Building Management System
Outline
• Kind of data
• Requisites
• Applications
• Conclusions
Data requisites
Independently of the support, the data must be ALCOA – Attributable
– Legible
– Contemporaneous – Original
– Accurate
E-data requisite
In particular e-data must guarantee data integrity. Data without integrity is not worth keeping
• Must for GxP compliance
• Business needs
Integrity from collection to submission
From cradle to grave
Data Integrity
Reliable
Accurate
Legible Contemp
Original
Secure Accountable
Attributable
Available
Data integrity
Data integrity depends on these attributes
Data Must be Accurate and Reliable
In order to ensure reliable data:
• Computerised systems must be validated to current standards
• Validation status must be maintained - change control
- periodic review
• IT infrastructure must be controlled and qualified through - maintenance
- IT continuity
- disaster recovery
Data Must be Accountable/Attributable
Data must be:
Authenticated – I did it Attributable – He did it
• Who recorded the original data and when?
• Who’s worked on derived data and when?
• Who is responsible for the data?
Data Must be Accountable/Attributable Data
Audit Trail
• Proof of data authenticity
• Allows study/trial reconstruction
• May also contain details of computer system configuration
• Reports changes made, who made them, when and their reason (not obscuring original data)
• Reports date and time of data (controlled by the Server)
• Users must not be able to change audit trail information
Data Must be Available
Data must be available for all the data life.
- after their recording and before archiving - after archiving
- after system retirement
Data Must be Available
Back-up and Recovery
• Agreed frequency
• Suitable media
• Secure storage of back-ups
• Routine testing to verify accuracy
• Procedure for handling failures
• Documentary evidence
Backup is NOT archival!
Data Must be Available
Data Archiving
• Assurance that archiving information in an electronic medium will be usable (readable and extractable) in many years
• Hardware, software and algorithms evolve – is data integrity maintained during technology change?
GLP principles require study material to be archived after the final report signature. This applies also to electronic data. For other GxP principles the archival requirement is not statute even if they do
archive
Data Must be Available
System Retirement
Ensure e-data continue to be available and are humanly readable Consideration of
• Regulatory retention period
• Business needs
• IT issues
• Practicalities.
Solutions to keep data available
Migration of e-data to a new system
Transform data into common format
Systems are not available forever, however data may need to be!
Data Must be Secure
There are 2 kinds of security
• Physical
• Logical
Data Must be Secure
Physical security
• Records: restricted access to records and materials
• People: proof of authentication, e.g. staff ID badges
• Area: restricted access to buildings, laboratories, server
Data Must be Secure
Logical security
Data entry
• Passwords
• Biometrics: User ID authenticated by unique body part (e.g. retinal scans, finger prints) 21 CFR Part 11. Concept not usually implemented in GxP environment
• Different access rights (Who manages and maintains access controls)
Infrastructure
• Control receipt of transmission through Firewall
• Monitor network for viruses and isolation of detected viruses
• Update of antivirus & firewall software.
QA involvement in Computerised Systems
Computerised systems are no different from any other system/process QA may encounter (but require special considerations)
QA are required to indicate the extent of their involvement in computer activities.
GLP regulations mention auditing of computerised systems
OECD Monograph No 10 The Application of the Principles of GLP to Computerised Systems specifically indicates:
• QA responsibilities must be defined by management and described in written policies and procedures
• QA personnel are required to audit and monitor the compliance of computerised systems.
GCP and GMP do not mention any QA activities specific to computerised systems
Outline
• Kind of data
• Requisites
• Applications
• Conclusions
electronic Common Technical Document (eCTD)
The eCTD is an interface for industry-to-agency transfer of regulatory information and documents in a regulatory submission
The specification of the eCTD is based up on the content defined in the International Conference on Harmonisation (ICH) M4 expert working group (EWG)
Standard for Exchange of Nonclinical Data
SEND (Standard for Exchange of Nonclinical Data), is an implementation of the Standard Data Tabulation Model (SDTM) for nonclinical studies. It
specifies the format for reporting non-clinical study to the FDA.
• Report and tables
Past/now
• Report and tables
• SEND files
Now/Future
EudraCT
EUDRACT is the European Clinical Trials Database of all clinical trials of
investigational medicinal products with at least one site in the EU (since 1 May 2004).
This database has been established to:
• Facilitate communication between competent authorities
• Link with other databases such as EudraVigilance and EU Clinical Trials Register.
Facilitate communication on trials between authorities
Improve oversight of medicinal product development
Enhance protection of clinical trail subjects
Legal basis is Clinical Trials Directive 2001/20/EC
Outline
• Kind of data
• Requisites
• Applications
• Conclusions
Conclusion
To move to e-data is no longer a choice for various reasons:
• Business
• Regulatory
Business Requirements
• Intellectual property issues, establish ownership
• Most information generated today is in electronic format
• Logistics: 250,000 pages can be stored on a single DVD ROM
• Templates: Data manipulation requires standard formats for efficiency
• Electronic data capture obviates the need for paper (e.g. Patients can enter their own results using a PDA)
• Statistical analyses can be validated, automated calculation eliminates the human factor
Compliance/regulatory Requirements
• Raw data definition: for hybrid systems, it has to be demonstrated that both the signed paper printout and the electronic records that generated it are defined as raw data / electronic records and they are maintained and protected throughout the record retention period.
• Process more transparent to inspectors
• Approval: Regulatory authority queries can be answered immediately
Paper vs e-Data
Trendy Costs Space Lack of
- confidence - CS knowledge
- guideline interpretation
Paper vs e-Data
Costs of validation maintenance
Confidence CS knowledge
guidelines interpretation Space
Susteinability Compliance
Some open issues
• Data availability: how can you demonstrate that your data will be readable in 20 years
• data reliability in hybrid systems: how do you keep electronic and paper records synchronised so that they say the same thing?
• data reliability: how to manage manual entry (retrospectively) of critical data; checked by a second person or a validated process using the
computer itself?
