The Novartis Data Integrity Program supports associates in all aspects of the business with solid data integrity governance by proactively detecting and mitigating risk, facilitating communication, promoting education with different tools and learning levels, and improving technologies and systems. Data integrity cannot be managed in silos: Our approach can ensure success not only in developing and implementing data integrity compliant solutions, but also in controlling and sustaining them (Figure 1).
The well-known ALCOA+ acronym defines a framework of standards designed to ensure data integrity. ALCOA refers to data that is attributable, legible, contemporaneous, original, and accurate; the “plus” adds complete, consistent, enduring, and available. These attributes can be translated into process and technical requirements and later into technical features.
In addition, guidelines such as the ISPE GAMP® Guide for Records & Data Integrity
have been published to help companies address the data integrity expectations of regulators and health agencies. OEMs and equipment suppliers are currently updating their portfolios to deliver compliant equipment to the market. Discussions are still ongoing, however, and the lack of standards across the market might lead to customized stand-alone solutions driven mainly by companies’ subjective interpretation of data integrity requisites.
Historically, the stand-alone concept has been the most common equipment-design approach used in the pharmaceutical manufacturing environment, allocating the tasks to generate, store, and report data internally. All processes, as well as business, technical, and regulatory requirements should be fulfilled by the equipment or system. When this is not feasible, procedural controls should compensate.
Considering each piece of equipment as an autonomous and an independent “island” can lead to complexity and inefficiency on a crowded manufacturing shop floor. At the same time, new technologies offer solutions and opportunities that were previously restricted to specific areas or businesses. Recent progress on networks, historians, data lakes, interfaces, and connectivity protocols has been impressive.
Some of these technologies enable vertical integration of equipment systems and processes.
Vertical integration solutions are already on the market and achievable through standard components. Once a company has defined a strategy for selecting and adopting upper-level systems, equipment only needs the required interfaces to communicate with them. These systems allow the separation and specialization of such functions as data reports, data storage, and data generation. Data integrity requirements can also be tailored to the systems. Conversely, stand-alone equipment could be designed to have all these systems built-in and fully integrated, with the goal that requirements should be fulfilled by the equipment (Figure 2).
A filter integrity tester case study will compare the stand-alone concept to vertical integration.
Case Study
Stand-Alone Systems
Regulators and health agencies have recently increased their focus on filter integrity testers, particularly for data integrity requirements. Access controls and audit trail functionalities are often the major gaps identified during inspections.
Filter integrity tests represent a critical unit operation commonly employed in the pharmaceutical industry. They are subject to detailed requirements such as the FDA “Sterile Drug Products Produced by Aseptic Processing — Current Good Manufacturing Practice” guidance.
A satisfactory result provides assurance that the final product is sterile and therefore acceptable for human use.
As part of the normal use of testing equipment, an operator performs a test on a filter (data generation), data are stored internally (record), and the operator usually collects a summary of test results (report). Depending on the features of the model, these activities can be fully or partially automated. However, ensuring integrity of the data that are generated, stored, and extrapolated is fundamental.
In a high-level automated filter integrity tester, ALCOA+ standards might translate into advanced access control characteristics such as unique user IDs and passwords, and access privileges designed to separate duties. Adequate recipe (transactional data) management, date–time settings, and a local storage system capable of containing all data generated should also be embedded. Equipment software should guarantee an integrated audit trail and customizable reporting functionalities. An SOP should also be associated with the equipment (Figure 3).