Susan Schniepp, executive vice-president of Post-Approval Pharma and Distinguished Fellow, Regulatory Compliance Associates, takes a look at the regulations around data integrity and how they relate to the concept of quality culture.
Q. I have been hearing that regulatory authorities are beginning to audit companies regarding their ‘quality’ culture with relationship to data integrity issues. Can you give me a little background on this issue?
A. The regulatory authorities have always been interested in the culture of an organization. Recently, however, the specific culture of an organization is being connected to the veracity and accuracy of the data generated to support the quality of manufactured products. The theory is the more mature an organization is the more reliable the product support data are. To understand this concept thoroughly, we should start with a brief review of FDA’s quality metrics initiative.
When FDA posted the first draft guidance, Request for Quality Metrics, the metrics chosen were lot acceptance rate, product quality complaint rate, invalidated out-of-specification (OOS) rate, and annual product review or product quality review on time rate. The guidance also contained three optional metrics intended to measure quality culture: measuring senior management engagement, corrective actions and preventive actions (CAPA) effectiveness, and process capability/performance. Although the optional metrics intended to measure quality culture were removed from the current version of the guideline, it is the first indication that regulators felt there was a correlation between culture and data integrity.
At the same time the issue of quality metrics was being discussed, there was a resurgence of data integrity problems in the industry evidenced by the number of citations that reference this issue. Between 2005 and 2016, approximately 225 FDA warning letters were issued with observations for data integrity. These observations included repeat human error deviations, insufficient training, system failures, inappropriate qualification or configuration of systems, poor procedures or not following procedures, and intentional acts of falsification. The increase in data integrity observations prompted regulatory authorities to address the issue by releasing a series of guidelines that reemphasize the importance of data integrity. FDA, the Medicines and Healthcare products Regulatory Agency (MHRA) in the United Kingdom, the World Health Organization (WHO), and the Pharmaceutical Inspection Co-operation Scheme (PIC/S) have all released documents to reeducate the industry on data integrity concepts and expectations (1–5). In addition to the regulatory guidelines, the Parenteral Drug Association (PDA) released a free document titled Elements of a Code of Conduct for Data Integrity to help address the problem (6).
One common theme permeating through these documents is that of quality culture. Regulators have linked the reliability of data to the existence of a quality culture as exemplified by statements taken directly from the guidances. The PIC/S guidance on Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (5) states, ‘Management should aim to create a work environment (i.e., quality culture) that is transparent and open, one in which personnel are encouraged to freely communicate failures and mistakes. Organizational reporting structure should permit the information flow between personnel at all levels’ (5).
The MHRA guidance (2) titled ‘GXP’ Data Integrity Guidance and Definitions discusses organizational culture, stating, ‘The organization needs to take responsibility for the systems used and the data they generate. The organizational culture should ensure data [are] complete, consistent, and accurate in all its forms (i.e., paper and electronic)’ … ‘The impact of organizational culture, the behavior driven by performance indicators, objectives, and senior management behavior on the success of data governance measures should not be underestimated. The data governance policy (or equivalent) should be endorsed at the highest levels of the organization.’ WHO deals with the concept of quality culture in their document Guidance on Good Data and Record Management Practices (4) by stating, ‘adoption of a quality culture within the company that encourages personnel to be transparent about failures so that management has an accurate understanding of risks and can then provide the necessary resources to achieve expectations and meet data quality standards.’ This same document states, ‘Management, with the support of the quality unit, should establish and maintain a working environment that minimizes the risk of non-compliant records and erroneous records and data. An essential element of the quality culture is the transparent and open reporting of deviations, errors, omissions and aberrant results at all levels of the organization, irrespective of hierarchy.’ Based on the language used in data integrity guidance documents, it is clear that regulatory authorities consider quality culture an important element in establishing the veracity and integrity of the data being generated by companies that support the products they manufacture.
The trouble with quality culture is determining how to measure it. PDA has developed a culture assessment tool that links organizational attributes to specific behaviors (7).
Attributes were defined as elements of a quality system such as, but not limited to, deviations reporting, change control, CAPA, complaints, and environmental monitoring programs or systems. Behaviors were defined as intangibles such as, but not limited to, robust communication and transparency, rewards and recognition, employee engagement, and cross functional vision. The theory was if quality attributes equaled quality behaviors, which then equaled quality culture, then if the quality attributes of a company could be measured, they would reflect the maturity of the quality culture of an organization. The PDA tool involves several steps that include training employees on the use of the tool, an onsite assessment, an all-staff survey, and finally analysis and action on the results. There are, of course, other tools available to measure the culture of an organization. The real point is whatever tool your company uses to measure culture, it will be an important element in determining your data integrity risks and remediating them before an inspection.
Auditing a company to determine if their culture is conducive to generating data that meets the attributable, legible, contemporaneous, original, and accurate (ALCOA) concepts is on the horizon and may become a part of routine audits performed by regulators or industry auditors when evaluating the suitability of a manufacturer, potential partner, or service provider.
1. FDA, Data Integrity and Compliance with CGMP Guidance for Industry Draft Guidance (CDER, April 2016).
2. MHRA, A GxP Data Integrity Definitions and Guidance for Industry, Draft version for consultation (MHRA, July 2016).
3. MHRA, GMP Data Integrity Definitions and Guidance for Industry (MHRA, March 2015).
4. WHO, Annex 5, Guidance on Good Data and Record Management Practices (WHO, June 2016).
5. PIC/S, Draft Guidance: Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (PIC/S, August 2016).
6. PDA, Elements of a Code of Conduct for Data Integrity (PDA, 2015).
7. S. Schniepp, ‘Assessing and Improving Quality Culture: Tool & Resources,’ presentation at 3rd PDA Europe Annual Meeting, June 27, 2018.
Pharmaceutical Technology
Vol. 42, No. 10
October 2018
Pages: 82, 81
When referring to this article, please cite it as S. Schniepp, "The Link Between Data Integrity and Quality Culture," Pharmaceutical Technology 42 (10) 2018.