作者:Eva Kelly,ERA Sciences (专栏作家Guest Column | January 31, 2025)
本文转自GMP实践学无止境公众号
在快速发展的生命科学领域,确保GMP记录的完整性变得比以往任何时候都更加重要。FDA和EMA等监管机构继续强调数据完整性是GxP合规的基石,并以ALCOA+或ALCOA++原则作为指导框架。
In the fast-evolving world of life sciences, ensuring the integrity of GMP records has never been more critical. Regulatory bodies like the FDA and EMA continue to emphasize data integrity as a cornerstone of GxP compliance, with ALCOA+ or ALCOA++ principles serving as a guiding framework.
无论您是转向生产运营、实施序列化系统,还是采用基于风险的方法,理解和缓解未发现的数据完整性问题对患者安全和产品质量至关重要。
Whether you’re transitioning to manufacturing operations, implementing serialization systems, or embracing risk-based approaches, understanding and mitigating uncovered data integrity issues is essential to patient safety and product quality.
在这里,我们将深入探讨2024年FDA检查观察数据集中最常见的违规引用问题,并特别关注数据完整性问题及其长期挑战。基于我们支持生命科学和医疗器械组织的经验,我们还将提供一些关于如何加强2025年数据完整性合规策略的基本见解。
Here, we’ll delve into the most common noncompliance citations informed by 2024 inspection observation data sets from the FDA with an added focus placed in this article on data integrity issues and perennial challenges. Based on our experience supporting life sciences and medical device organizations, we then offer some basic insights on how to strengthen your data integrity compliance strategies for 2025.
2024年的特点是熟悉的问题(以往常见的问题)
一些数据完整性挑战在组织中仍然存在。程序控制不足或缺失、记录不完整和/或缺失是长期存在的问题。以下几点详细阐述了这些及其他关键数据完整性挑战。
2024 Was Characterized By Familiar Issues
Some data integrity challenges persist in organizations. Inadequate or missing procedural controls and incomplete and/or missing records are perennial problems. The following points elaborate on these and other key data integrity challenges.
-治理和SOP的薄弱点
即使存在程序,它们通常也不够详细,无法指导GMP数据和记录活动,并且难以一致地遵循或重复。根据FDA 2024财年数据,涵盖兽医、药品、生物制品和医疗器械领域,超过50%的引用与程序不足有关,其中一些具体引用在2022年、2023年和2024年观察到,涉及以下内容:
Governance and SOP weaknesses
Even where procedures exist, they are often insufficiently detailed to guide GMP data and record activities and are difficult to follow or repeat in a consistent manner. Based on FDA 2024 fiscal year data and including the product areas veterinary, drugs, biologics, and medical devices, over 50% of all citations related to inadequate procedures with some specific citations observed in 2022, 2023, and 2024 relating to:
·21 CFR 820.100(a):“纠正和预防措施的程序尚未[充分]建立。”
·21 CFR 820.198(a):“由正式指定单位接收、审查和评估投诉的程序尚未[充分]建立。”
·21 CFR 211.22(d):“适用于质量控制单位的职责和程序未[书面化]或[未完全遵循]。”
·21 CFR 211.100(a):“贵公司未能建立[充分的]书面程序,用于生产和过程控制,以确保药品具有其声称或代表的特性、强度、纯度和质量。”
·21 CFR 820.100(a) “Procedures for corrective and preventive action have not been [adequately] established.”
·21 CFR 820.198(a) “Procedures for receiving, reviewing, and evaluating complaints by a formally designated unit have not been [adequately] established.”
·21 CFR 211.22(d) “The responsibilities and procedures applicable to the quality control unit are not [in writing] [fully followed].”
·21 CFR 211.100(a) “Your firm failed to establish [adequate] written procedures for production and process controls designed to assure that the drug products have the identity, strength, purity, and quality that they are purported or represented to possess.”
通过额外的数据完整性视角,并特别关注同期的警告信,某些问题一再出现,包括程序控制,监管机构不断强调:“数据完整性在整个cGMP数据生命周期中至关重要,包括数据的创建、修改、处理、维护、归档、检索、传输以及记录保留期结束后的处置。”
Applying an additional data integrity lens and looking specifically at warning letters for the same period, certain problems continue to crop up again and again, including procedural controls, with regulators continually emphasizing: “Data integrity is critical throughout the cGMP data life cycle, including in the creation, modification, processing, maintenance, archival, retrieval, transmission, and disposition of data after the record’s retention period ends.”
在一个具体例子中,FDA调查人员发现仅有的高级审计跟踪审查指令不足,导致审查人员之间的不一致。
In one specific example, FDA investigators found insufficient high-level audit trail review instructions only, leading to inconsistencies across reviewers.
缺陷案例
Indoco Remedies被发现缺乏适当的程序控制,包括:“色谱分析的管理程序未要求审查所有审计跟踪数据。
Example
Indoco Remedies was found to lack appropriate procedural controls, including: “The procedures governing chromatography analyses do not require the review of all audit trail data. Your personnel were unaware of the requirement to review the Empower Message Center data in Plant (redacted) analyses during the inspection.”
许多公司还在数据安全方面表现出不足,常见的引用包括:
Many companies also showed insufficiencies around data security with common citations including:
·不确定如何在正确的时间确认正确角色的访问权限,包括用户角色变更
·不确定如何确认供应商在系统中可能具有提升角色时的活动
·Uncertainty on how to confirm access for the right role at the right time, including user role changes
·Uncertainty on how to confirm vendor activities when they may have elevated roles in the system
缺陷案例
Unexo Lifesciences被发现缺乏关键的系统访问控制。“质量控制分析师能够操纵结果、日期和内部及供应商印章批准的图像,这些图像来自第三方合同实验室的分析证书(COAs),包括在多个COAs上复制印章批准的手段。”
Example
Unexo Lifesciences was found lacking in key system access controls. “QC analyst had the ability to manipulate results, dates, and images of in-house and vendor stamp approvals on component certificate of analyses (COAs) from third-party contract laboratories, including the means to duplicate the stamp approval across multiple COAs for components.”
·端到端备份和恢复程序不足。
·Inadequate procedures for end-to-end backup and restore processes.
缺陷案例
Applied Therapeutics难以对其数据应用适当的控制或充分维护数据备份。部分整改活动将包括Applied Therapeutics创建“一个数据流程图,明确显示收集数据的流动和存储,以确保源数据在现场和申办方处均得到维护”以及“电子数据(即使保存在第三方系统中)将适当备份并保存在申办方处。”
Example
Applied Therapeutics struggled to apply appropriate controls to their data or adequately maintain data backups. Part of the remediation activities will include Applied Therapeutics creating “a data process map that clearly shows the flow and storage of collected data, to ensure that source data is maintained at both the site and at the sponsor” and “Electronic data (even if held on third-party systems) will be backed up appropriately and held at the sponsor.”
-验证缺陷
2024年,软件验证不足(包括网络或云解决方案)再次成为问题,而2025年的焦点可能会转向人工智能的适当使用和所需的验证。
Validation deficiencies
Insufficient validation of software, including network or cloud solutions, was again an issue in 2024 with the lens possibly shifting to appropriate use of AI and required validation for 2025.
一些2024年的关键引用:
Some key 2024 callouts:
·21 CFR 820.70(i):“作为[生产]或[质量体系]一部分使用的软件尚未根据既定协议[充分]验证其预期用途。”
·21 CFR 820.70(i) “Software used as part of [production] [the quality system] has not been [adequately] validated for its intended use according to an established protocol.”
缺陷案例
Rolence未验证用于便携式X射线系统最终测试的X射线质量控制软件应用程序。
Example
Rolence had not validated the software application for X-ray quality control used to perform the final tests of portable X-ray systems.
·21 CFR 211.68(b):“[计算机]或[相关公式系统]的输入和输出未检查准确性。”
与211.68(b)相关的引用约占FDA每年所有引用的7%,因此公司要么缺乏管理计算机系统和保护数据的适当程序,要么现有程序不足以应对。
·21 CFR 211.68(b) “Input to and output from [the computer] [related systems of formulas] [records or data] are not checked for accuracy”
Citations associated with 211.68(b) comprise approximately 7% of all FDA citations year on year, so companies either lack proper procedures to manage computerized systems and protect their data, or the procedures they have just aren’t cutting it.
–系统库存缺口
经常引用的系统库存缺口包括:
System inventory gaps
Frequently-cited system inventory gaps include:
·过时或不完整的库存列表,导致数据和记录失控
·退役系统未适当跟踪,但仍包含GxP相关数据。
·Outdated or incomplete inventory lists, leading to uncontrolled data and records
·Retired systems not appropriately tracked but still containing GxP-relevant data.
在搜索警告信和483表格时,并不总是立即明显看出与计算机化系统库存管理相关的缺陷是一个可能导致数据完整性缺口的重大问题,但当调查人员信中引用:“对数据记录和报告中的不准确程度进行全面调查”时,您的调查应包括详细的调查、协议和方法,以及涵盖所有实验室、生产运营和系统的评估摘要。
While searching through warning letters and 483s, it is not always immediately obvious that a deficiency associated with computerized system inventory management is such a big issue that could lead to data integrity gaps, but when the investigator letter cites: “A comprehensive investigation into the extent of the inaccuracies in data records and reporting,” your investigation should include a detailed investigation, protocol, and methodology and a summary of all laboratories, manufacturing operations, and systems to be covered by the assessment.
缺陷案例
对于Viatris来说,毫无疑问,如果您不知道数据在哪里或是否可靠,那么您究竟如何应用适当的控制?
Example
For Viatris there can be no doubt, if you don’t know where the data is or whether it is reliable, then how on earth can you be applying appropriate controls?
–缺失记录或数据以及记录缺少关键ALCOA++属性
缺失记录仍然是一个问题,未能维护原始记录仍然是许多公司非常关注的一个领域,包括以下公司:Viatris、Micro Orgo Chem和Becton, Dickinson, and Company。
Missing records or data and records missing key ALCOA++ attributes
Missing records continue to be an issue, with failure to maintain original records still an area of great concern for many companies, including just a selection here: Viatris, Micro Orgo Chem, and Becton, Dickinson, and Company.
坏消息是,提供数据完整性保证的数据属性不足仍然是一个问题。
The bad news is that insufficient data attributes to provide data integrity assurance are also still an issue.
长期存在的ALCOA++违规行为包括:
Perennial ALCOA++ offenders include:
·活动归属不良或缺失:缺乏角色分离,使用通用账户导致混淆实际完成GMP活动的人员。
·可读性差或缺失:记录被覆盖或更改,且未记录更改的理由或审计跟踪被禁用且无合理解释。
·准确性存疑:数据转换和手动计算在没有独立监督的情况下进行。
·数据转换错误:未经验证的转换损害了准确性。转换工具的使用没有版本或编码控制。
·Poor or no attribution of activities: There is a lack of segregated roles, and use of generic accounts leads to confusion of who had actually completed GMP activities.
·Poor or no legibility: There are overwritten or altered records and no justifications recorded for changes made or audit trails are disabled with no explainable reason.
·Questionable accuracy: Uncontrolled data transformations and manual calculations are performed without independent oversight.
·Data transformation errors: Unverified transformations compromised accuracy. Transformation tools are used with no version or coding controls.
–物理和逻辑安全问题
与物理记录相关的治理和控制仍然是一个问题。
Physical and logical security issues
Governance and controls associated with physical records continue to be an issue.
江苏恒瑞医药在检查期间被引用了许多问题,包括:
Jiangsu-Hengrui-Pharmaceuticals had numerous cited issues during their inspection, including:
·“严重的质量保证(QA)缺陷,例如在车辆下方和附近垃圾桶中发现的废弃原始cGMP记录堆叠,以及生产经理未经QA发放即可无限制访问空白生产批次记录和其他cGMP文件。”
·“Serious quality assurance (QA) deficiencies, such as discarded original cGMP records found stacked in a bag underneath a vehicle and in a nearby trash can, as well as your production manager’s unrestricted access to blank production batch records and other cGMP documents without QA issuance.”
另一个与逻辑控制相关的问题是通用账户的滥用。通常这些通用账户由供应商使用,但正确的使用应由服务或应用程序本身进行,并仅限于非常特定的活动。通用账户通常不与特定的命名用户关联,通常未启用邮件功能,用户不应被允许将其用作临时账户。
Another issue associated with logical controls is the misuse of generic accounts. Often these generic accounts are used by vendors but the correct use would be by the service or application itself and limited to very specific activities. Generic accounts are not typically associated with a specific named user, are typically not mail-enabled, and users should not be permitted to use them as temporary accounts.
缓解数据完整性风险
为了在这些挑战成为引用问题之前更好地应对,现场领导团队、IT、质量总监和所有数据利益相关者必须采取积极措施:
Mitigating Data Integrity Risks
To better address these challenges before they become citation-causing issues, site leadership teams, IT, quality directors, and all data stakeholders must adopt proactive measures:
·Enhance training: Ensure that all staff understand the importance of ALCOA++ principles and their practical application.
·Regularly revise SOPs: Regularly review and update procedures to include detailed instructions for audit trails, backup and restore, and system and data life cycle management.
·Conduct regular audits and assessments: Perform internal data integrity audits and GEMBA walks to identify and address gaps.
·Leverage technology: Implement GxP-compliant systems that streamline audit trail reviews, data security exception reporting, and life cycle management.
Maintain a centralized inventory: Use validated tools to manage system inventories and ensure retired systems are monitored appropriately.
结论
数据完整性仍然是生命科学组织在复杂监管环境中导航的首要任务。通过解决治理薄弱点、增强SOP并利用强大的系统,可以加强GxP合规性和审计准备。
Conclusion
Data integrity remains a top priority for life sciences organizations navigating complex regulatory landscapes. By addressing governance weaknesses, enhancing SOPs, and leveraging robust systems, it is possible to strengthen GxP compliance and audit readiness.
关于作者:
Eva Kelly是都柏林ERA Sciences的执行总监。她拥有分析科学学位和都柏林城市大学的化学博士学位,在制药、医疗器械和快速消费品等多个领域拥有超过25年的现场解决方案和学习管理经验。她是爱尔兰化学学会的现任会员,并专门从事数据完整性SME工作,具备21 CFR Part 11和附录11合规的专业知识,曾在制药和生物技术公司担任数据完整性和QA IT角色,专注于GxP SAAS、托管和本地解决方案。
2024年FDA-483缺陷报告汇总请关注
- 最新
- 最热
只看作者