How Do You Know if Your Data is Secure?

Data integrity – what it is and why it’s important

Having to manage data introduces a number of concerns for leaders in the life sciences industry. This is because the products and processes that define life sciences are based on the interpretation of data. If that data does not meet the ALCOA+ principles defined below, there is no assurance those products will meet the quality requirements of the consumer.

As reliance on computerized systems has increased, so too has the need for increased scrutiny around these systems. Regulatory citations related to data integrity, as a result, have grown significantly. The FDA recently issued 483 citations and warning letters to organizations in noncompliance, explored below. Primarily, these have dealt with the quality of the data, incomplete data, safety and reliability.

Organizations that wish to remain competitive and compliant must pay particular attention to the challenges around data – one solution to accomplish this is by ensuring data integrity.

Background

Data exists in countless forms, such as numbers, text, audio, pictures or graphs – it’s essentially any information gathered for future reference or analysis. While it can be presented as raw data, summarized or compiled data, graphical or meta data, it must follow the ALCOA+ principles regardless of how it’s presented, collected, or stored. These principles ensure that your data is a true, accurate representation of the products created and processes followed by life sciences companies. The ALCOA+ acronym stands for:

Attributable – Must be traceable back to the person or system generating the data

Legible – Must be readable and permanent

Contemporaneous – Must be collected and recorded at the time generated

Original – Must be the primary data collected or recorded for the first time

Accurate – Must be error-free, truthful and reflective of the observation

Plus (+) – These attributes were added to the framework to further define data integrity requirements, such as:

Complete – Must contain all data observed or recorded, and nothing should be removed, deleted, or modified

Consistent – Must be presented in a logical manner (chronological, sequential, etc.) and should include time and date stamps for each entry or set of entries

Enduring – Must be stored in a manner so that the data is accurately reproducible for the period of time defined by regulatory requirements (also known as predicate rule)

Types of Data Integrity

Data integrity comes in various forms, and the type you choose to implement for your life sciences organization should be specific to what you need from your data.

Physical – Physical data integrity simply means your data is protected during collection, storage, summarization and retrieval. If your data is stored electronically, your servers should be kept in a secure location. Data stored physically and on paper must be protected from water, fire and theft.

Entity – Under the entity model, the architecture of the database should be designed in such a way that data is stored and used in a consistent manner. Table links, primary keys, unique identifiers, and unique values must ensure data is consistent, complete, and unique.

Domain – Domain data integrity measures the properties of an individual table and its effect on the values captured in that table. It identifies constraints on the amount, length, type or format of the values that could affect the accuracy of the data.

Referential – This evaluates whether the data contained in a database or set of tables is used in a logical and uniform manner. It examines if the rules defining table structure, linking, and retrieval ensure the meaning and intent of the data is not changed as a result of the database structure.

User Defined – Under the user defined approached, it determines if the rules and restrictions defined by users align with business and regulatory requirements. When referential and entity controls cannot enforce specific requirements, user defined requirements may be implemented to ensure that data remains consistent and reliable.

Authorities’ Definitions of Data Integrity

Regulatory bodies have all provided definitions on the meaning of data integrity to best assist organizations in meeting requirements concerning data.

The FDA released their definition in the publication, “Data Integrity and Compliance with Drug CGMP,” stating that, “Data integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA).”

The Medicines and Healthcare Products Regulatory Agency defines it as, “The degree to which data are complete, consistent, accurate, trustworthy, reliable and that these characteristics of the data are maintained throughout the data life cycle. The data should be collected and maintained in a secure manner, so that they are attributable, legible, contemporaneously recorded, original (or a true copy) and accurate. Assuring data integrity requires appropriate quality and risk management systems, including adherence to sound scientific principles and good documentation practices.”

Examples of FDA 483 Citations and Warning Letters

Here are a few examples of recent 483 citations and warning letters issued by the agency.

In August 2024, the FDA issued a warning letter that stated:

• “Your quality system does not adequately ensure the accuracy and integrity of data to support the safety, effectiveness, and quality of the drugs you test.”
• “Your laboratory records did not include complete data to support the analysis performed.”

In the same month, the FDA issued a warning letter that stated:

• “Your operators used non-viable particle counts from a different time and place and altered the time to correspond to the desired results in the batch record. These systemic data integrity issues involved numerous production and quality assurance staff and were occurring at your facility for multiple months.”

In July 2024, the FDA issued a warning letter that stated:

• “Your quality system does not adequately ensure the accuracy and integrity of data to support the safety, effectiveness, and quality of the drugs you manufacture.”
• “Your environmental monitoring (EM) program lacks sufficient data to ensure the sterility of your ophthalmic drug products. For example, non-viable particulate monitoring is not performed during filling operations, only before and after. These data, while collected, are not recorded.”

In June 2024, the FDA issued a warning letter that stated:

• “Reliability of data is fundamentally compromised when there is a failure to record or maintain complete and accurate records of test results, or conditions associated with all tests. Furthermore, the lack of reliable data compromises the quality unit’s (QU) ability to exercise its function of ensuring compliance to applicable standards.”

In March 2023, the FDA issued a 483 observation that stated:

• “Laboratory control records do not include complete data derived from all tests conducted to ensure compliance with established specifications and standards, including examinations and assays.”
• “Historical data pertaining to critical process parameters and alarms is not available for verification.”
• “Laboratory records do not include complete data derived from all tests, examinations and assay necessary to assure compliance with established specifications and standards.”

+++

Understanding and implementing data integrity in life sciences supports organizations in maintaining the highest standards of data quality. While there’s various ways to execute a data integrity strategy, it’s important to implement the one that works best for your organization. To discuss your options and hear from our experts in data integrity, please contact our team.