Today (August 10, 2016) PIC/S made available a 41-page draft guidance, Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments. So now we have data management / integrity guidance from FDA (draft), MHRA (final and proposed revision), WHO (final), and now PIC/S. According to the PIC/S website “This draft guidance will be applied on a 6-month trial basis by PIC/S Participating Authorities. This draft document results from the need among Inspectorates to have access to harmonised data integrity guidance, considering the impact to public health. The purpose of the trial-period is to learn from implementation. It is acknowledged that the guidance requires expanding in some areas; however, the document has value in describing foundational principles which can be enhanced in future revisions. This draft document is not open for comments by industry.”
While this guidance is focused on providing assistance to the inspectorates, it can also serve industry in identifying what PIC/S inspectors will evaluate during inspections. As with guidance from the other authorities, both manual (paper) and computerized systems are within scope. This guidance applies to GMP and GDP inspections and does not appear to include either GCP or GLP areas. This likely will be added in the future as the scope of the guidance is expanded.
Rather than wait until I’ve had time for a detailed analysis, I want to ensure my readers have the document and can begin their analysis within the context of their company processes and procedures. Here are a few initial thoughts:
- Most definitions seem either the same or very similar to those used by the other authorities. The one definition that stands out as different here is that for the term ‘data‘.
- Data integrity applies through ‘all elements of the Quality Management System’ and also calls for documentation of data governance within the Quality Management system similar to the other agency guidances.
- The guidance specifically states that it is not intended for for-cause inspections ‘…where forensic expertise may be required.’
- The guidance addresses the ‘remote review of summary reports’ by both MAHs and ‘interested parties’ which I assume refers to contract manufacturing and testing arrangements. The guidance stresses the need to establish that the data provider is appropriately evaluated during an on-site audit including ‘…a review of the mechanisms used to generate and distribute summary data and reports.’ This reflects the MHRA expectation that contract firms have an adequate data governance and data management process. This guidance suggests that Quality Agreements should include a requirement that the contract giver should be notified ‘…of any data integrity failures identified at the contract acceptor site.’