What success looks like is when everyone in an organization understands the importance of truth in data, through all levels of the organization, from the senior executives to the newest employees.Kip Wolf, Head of Technical Operations & Portfolio Management, X-Vax Technology, Inc
Honeywell Introduction (00:02):
Welcome to Forging Connections, a podcast from Honeywell about the convergence of IT and operational technology for industrial companies. We’ll talk about the future of productivity, sustainability, safety and cyber security. Let’s get connected.
Michelle Dawn Mooney (00:19):
Hi, and welcome to Forging Connections, a Honeywell podcast. Thank you for joining us for the second installment of “Shaping the Future of Quality.” I’m your host Michelle Dawn Mooney and today we are talking about data integrity, why it’s so important and everything you need to know about it. I have a great guest who is going to break it all down for us today. We are joined by Kip Wolf, Head of Technical Operations and Portfolio Management at X-Vax Technology. Kip, thank you for joining me today.
It’s my pleasure.
So, when it comes to data integrity, there’s a lot to talk about. We only have a short time, and I’m sure you could probably take a couple of hours or days to go over the information there, but let’s just start with the basics. What is data integrity and why is it so important?
The U.S. Food and Drug Administration defines data integrity in guidance published in December 2018 as the “completeness and consistency and accuracy of data.” I prefer to simply think of data integrity as truth in data throughout the entire data lifecycle. The data lifecycle is very important to consider. The Medicines and Healthcare products Regulatory Agency in the UK includes the lifecycle in their definition, talking about maintaining data throughout the entire lifecycle. That is the key point I want to make in today’s messaging.
Kip, let’s talk about how we can ensure or how does the company ensure data integrity?
It must be an integral component of the organizational culture. What success looks like is when everyone in an organization understands the importance of truth in data, through all levels of the organization, from the senior executives to the newest employees. And this is, again, instantiated in the U.S. Food and Drug Administration’s guidance where they mentioned for the first time in writing quality culture. This was the first time that FDA mentioned quality culture and they mentioned that it is the executive’s responsibility to create a quality culture where employees understand that data integrity is an organizational core value. I was so happy when that guidance came out because that’s something that we’ve been saying in my field for a long time, that it’s really about the personal commitment to data integrity. It is important to see it as an organizational core value and reinforce it all along the lifecycle of the data and across the entire organization.
With the importance of data integrity, let’s talk about ALCOA—what does ALCOA stand for?
It is great that we have this acronym to remind ourselves of what data integrity looks like. Data integrity is not simply limited to the items of the acronym. As I mentioned, it’s important to understand it as a core value across your organization.
ALCOA stands for:
A – Attributable
L – Legible
C – Contemporaneous
O – Original
A – Accurate
So, we want to talk about regulations because when we think of data and there’s so much to it, obviously major regulations there. Let’s talk about what the regulations are when it comes to data integrity and then let’s look at how that may vary between the United States and the EU.
Michelle, that is a good question because a lot of folks misunderstand that data integrity maybe is a new concept or there are new rules about data integrity. Which couldn’t be further from the truth. What we like to refer to as the predicate roles in life sciences in the U.S., that’s 21 CFR Parts 210 and 211. There are elements of those regulations that have been around for decades that speak to data integrity. I’m coming back again to the FDA guidance in that that guidance does a very good job of citing those predicate rules and previous regulations that relate to data integrity. The rules have been around for quite some time, but the way we think about them is what has changed.
21 CFR Part 11, which is the electronic records and electronic signatures rule that the FDA produced became effective in August of 1997. It’s been around for a long time and is something that people regularly cite as relevant to data integrity and they’re not wrong. But data integrity is not simply limited to U.S. market Part 11 or just the predicate rules. It’s broader than that. And of course, I mentioned the MHRA guidance in the UK. There are other guidances in other regions imposed by health authorities, but the regulations have been around for some time. These guidances are very useful because they help interpret the regulations that may have been around for some time in current thinking in a distributed networking environment where we now have cloud computing, distributed networks and things like that. The guidance is very important to help interpret the rules and regulations that have been around for some time.
Kip, when it comes to life sciences organizations, how can they take a risk-based approach to data integrity?
Risk-based is a term that’s very often used in the life sciences industry and folks that are probably watching this podcast understand how to assign risk and do risk assessments. The important part with data integrity is to consider, again, data integrity as a core value across the organization and specifically across the entire quality management system. Some companies will simply put in place a singular policy for data integrity and consider themselves safe from a regulatory perspective and a practical, operational perspective thinking, okay, now we’ve spoken to data integrity that’s all we need to do. That’s certainly a good first step, but what we find is what’s better is to really interrogate the entire quality management system and almost take kind of a maturity model approach—assessing all elements of the quality management system, all elements of your operations and consider data integrity in each of those elements across each of the functional areas and within each process because you may find pockets in your organization where data integrity is very robust, yet other places where it could use a lot of help.
Considering a cross-functional, cross-divisional, and cross-organization approach is very important. Data integrity from a risk-based approach is not simply an IT problem. Think of the traditional business process management as a threefold “people, process, technology” approach. What we find is that technology has advanced most of the IT support that you get or what you’ve implemented in your company is probably very sufficient in terms of security and data protection. This is something the IT folks know very well how to manage. The processes may even be rather robust where the individual processes are well defined and regulated. The people become the biggest risk, and that comes from things like workforce changes, mergers and acquisitions, and business expansion, where data integrity and maturity kind of ebbs and flows as there are changes within the organization. It is terribly important to take a risk-based approach, not just once and not just periodically arbitrarily, but continually along the evolution of your organization.
Speaking of evolution, it is ever-changing, with more people, more information, and more data—so, with that, can you recommend any resources for data integrity guidance?
Absolutely, Michelle. I’ve mentioned the FDA and MHRA guidance, there are other guidances out there and you can easily find them in a search engine. The FDA guidance, as I mentioned, is very useful to read because if you’re not familiar with regulations and guidance, it’s an easy read. It’s structured in a question-and-answer kind of FAQ format. Even if you are familiar with regulations and guidance, it’s a much easier read than previous regulations. The MHRA guidance is very robust. It’s much larger than the FDA guidance on the topic, but it too is a very good read. A number of sections have discreet definitions and explanations of terms and practices for data integrity. There are other guidances out there. PIC/S guidance and a forthcoming industry, an agnostic technical report that’ll be coming out of the American Society for Quality that’ll include guidelines for collecting and recording and retaining data within a QMS.
Great information that you presented Kip.
Let’s round things out with your final thoughts, because we went over a lot of information, a lot of important information that companies will want to find out more about. Any final thoughts on this?
Yeah, just most importantly, the data informs our lives, right? It informs our simplest and most complex life-altering decisions. Therefore, we need truth in data. Whether some of these topics resonated with you because you’re responsible for them in your company or whether you don’t have organizational responsibility, but you want to internalize some of these concepts personally. A lot of the references that I mentioned are complex and might be difficult to find. In the “Additional Resources” list below are references where you can find more information and read at your leisure.
Wonderful! If you would like more information, of course, you can go to the Honeywell website and find more information under the Forging Connections podcast link. I want to thank you Kip for joining me. Kip Wolf, Head of Technical Operations and Portfolio Management at X-Vax Technology, Inc. Thank you for being with me today.
It’s my pleasure.
And thank you all for joining us for Forging Connections, a Honeywell podcast, and this is the second installment of “Shaping the Future of Quality”. Once again, be sure to follow for more of that podcast information, and as Kip was saying some great links there with even more information on what we discussed today. I’m your host, Mooney. Thanks for joining us. We’ll see you soon.
Honeywell Exit (10:31):
This has been Forging Connections, a podcast from Honeywell. You can follow Honeywell Forge on LinkedIn and download new episodes from our email@example.com. Thanks for listening.
Additional references are described in detail in an article by the interviewee at: https://www.pharmaceuticalonline.com/doc/the-data-integrity-body-of-knowledge-expands-with-new-pending-guidances-0001.
- 21 CFR PART 11—ELECTRONIC RECORDS; ELECTRONIC SIGNATURES. U.S. Food and Drug Administration (FDA), March 20, 1997.
- Data Integrity and Compliance With Drug CGMP Questions and Answers Guidance for Industry. U.S. Food and Drug Administration (FDA), December 13, 2018.
- Guidance for Industry Part 11, Electronic Records; Electronic Signatures — Scope and Application. U.S. Food and Drug Administration (FDA), August 2003.
- EudraLex – Volume 4 Good Manufacturing Practice (GMP) – Annex 11: Computerised Systems. European Commission, January 2011.
- Guidance on Good Manufacturing Practice and Distribution Practice: Questions Answers – Data Integrity Section. European Medicines Agency, August 2016. https://www.ema.europa.eu/en/human-regulatory/research-development/compliance/good-manufacturing-practice/guidance-good-manufacturing-practice-good-distribution-practice-questions-answers#data-integrity-(new-august-2016)-section.
- GXP’ Data Integrity Guidance and Definitions. Medicines and Healthcare Products Regulatory Agency (MHRA), March 2018.
- WHO Expert Committee on Specifications for Pharmaceutical Preparations, Fiftieth Report. World Health Organization, 2016.