Data Integrity: A Vertical Journey

Guidelines and regulations 3 ^, 4 ^, 5 can help companies avoid unacceptable data integrity risk to product quality, patient safety, and public health. Original equipment manufacturers (OEMs) and equipment suppliers are updating their portfolios to deliver to market-compliant solutions. However, the lack of standards and increasing customer pressure on OEMs could lead to heavily customized and inefficient stand-alone solutions.

We suggest that vertical integration 6 of equipment represents a pragmatic and realistic concept that can dramatically simplify equipment specification and improve efficiency, reduce risk, facilitate training, and optimize support for equipment and personnel in the working environment. Vertical integration allows the segregation and specialization of functions as data reports, data storage, and data generation. This allows machines and personnel to focus on producing high-quality medicine in an efficient manner.

We also present a filter integrity tester case study to highlight the differences between stand-alone solutions and vertical integration.

• 3US Food and Drug Administration. “Part 11: Electronic Records; Electronic Signatures—Scope and Application.” August 2003. https://www.fda.gov/downloads/RegulatoryInformation/Guidances/ucm125125.pdf
• 4European Commission Health and Consumers Directorate-General/European Medicines Agency. EudraLex, Volume 4: Good Manufacturing Practice (GMP)—Medicinal Products for Human and Veterinary Use, Annex 11: Computerised Systems, revised January 2011. https://ec.europa.eu/health/sites/health/fi les/fi les/eudralex/vol-4/annex11_01-2011_en.pdf
• 5World Health Organization. Annex 5: Guidance on Good Data and Record Management Practices. WHO Technical Report Series, No. 996, 2016. http://www.who.int/medicines/publications/pharmprep/WHO_TRS_996_annex05.pdf
• 6Dennert, A., A. Gössling, J. Krause, M. Wollschlaeger, and A. M. Henao Montoya. “Vertical Data Integration in Automation Based on IEC 61499,” 2012 9th IEEE International Workshop on Factory Communication Systems, Lemgo, 2012, pp. 99–102. doi:10.1109/WFCS.2012.6242551

Data Integrity Requirements and the Current Technology Landscape

Big data, digitalization, artificial intelligence, cloud computing, Industry 4.0: These are just few of the buzzwords of this new industrial revolution. Data are embedded in our everyday life, representing a fundamental part of our work. Every day we perform tasks with data: We create, update, share, connect, upload, analyze, manipulate, secure, and store data. The way we manage data can make a significant difference.

Every day we make decisions and base the quality of products on data, understanding always that mishandling might compromise patients’ access to safe medication. But how can we guarantee that a safe environment and a strong culture will properly manage data, ensure high quality standards, and improve efficiency, especially when the businesses constantly pressures the manufacturing environment to optimize cost? Data integrity requirements represent an environment in which solutions and ideas can evolve and be developed to manage, control, and compliantly use this increasing ow of data.

The Novartis Data Integrity Program supports associates in all aspects of the business with solid data integrity governance by proactively detecting and mitigating risk, facilitating communication, promoting education with different tools and learning levels, and improving technologies and systems. Data integrity cannot be managed in silos: Our approach can ensure success not only in developing and implementing data integrity compliant solutions, but also in controlling and sustaining them (Figure 1).

The well-known ALCOA+ acronym defines a framework of standards designed to ensure data integrity. ALCOA refers to data that is attributable, legible, contemporaneous, original, and accurate; the “plus” adds complete, consistent, enduring, and available. These attributes can be translated into process and technical requirements and later into technical features.

In addition, guidelines such as the ISPE GAMP® Guide for Records & Data Integrity 7  have been published to help companies address the data integrity expectations of regulators and health agencies. OEMs and equipment suppliers are currently updating their portfolios to deliver compliant equipment to the market. Discussions are still ongoing, however, and the lack of standards across the market might lead to customized stand-alone solutions driven mainly by companies’ subjective interpretation of data integrity requisites.

Historically, the stand-alone concept has been the most common equipment-design approach used in the pharmaceutical manufacturing environment, allocating the tasks to generate, store, and report data internally. All processes, as well as business, technical, and regulatory requirements should be fulfilled by the equipment or system. When this is not feasible, procedural controls should compensate.

Considering each piece of equipment as an autonomous and an independent “island” can lead to complexity and inefficiency on a crowded manufacturing shop floor. At the same time, new technologies offer solutions and opportunities that were previously restricted to specific areas or businesses. Recent progress on networks, historians, data lakes, interfaces, and connectivity protocols has been impressive. 8 Some of these technologies enable vertical integration of equipment systems and processes.

Vertical integration solutions are already on the market and achievable through standard components. Once a company has defined a strategy for selecting and adopting upper-level systems, equipment only needs the required interfaces to communicate with them. These systems allow the separation and specialization of such functions as data reports, data storage, and data generation. Data integrity requirements can also be tailored to the systems. Conversely, stand-alone equipment could be designed to have all these systems built-in and fully integrated, with the goal that requirements should be fulfilled by the equipment (Figure 2).

A filter integrity tester case study will compare the stand-alone concept to vertical integration.

Case Study

Stand-Alone Systems

Regulators and health agencies have recently increased their focus on filter integrity testers, particularly for data integrity requirements. Access controls and audit trail functionalities are often the major gaps identified during inspections.

Filter integrity tests represent a critical unit operation commonly employed in the pharmaceutical industry. They are subject to detailed requirements such as the FDA “Sterile Drug Products Produced by Aseptic Processing — Current Good Manufacturing Practice” guidance. 9 A satisfactory result provides assurance that the final product is sterile and therefore acceptable for human use.

As part of the normal use of testing equipment, an operator performs a test on a filter (data generation), data are stored internally (record), and the operator usually collects a summary of test results (report). Depending on the features of the model, these activities can be fully or partially automated. However, ensuring integrity of the data that are generated, stored, and extrapolated is fundamental.

In a high-level automated filter integrity tester, ALCOA+ standards might translate into advanced access control characteristics such as unique user IDs and passwords, and access privileges designed to separate duties. Adequate recipe (transactional data) management, date–time settings, and a local storage system capable of containing all data generated should also be embedded. Equipment software should guarantee an integrated audit trail and customizable reporting functionalities. An SOP should also be associated with the equipment (Figure 3).

• 7International Society for Pharmaceutical Engineering. GAMP® Guide: Records & Data Integrity. March 2017.
• 8User Association of Automation Technology in Process Industries (NAMUR). “Module Type Package Automation.” 31 January 2018. https://www.namur.net/fi leadmin/media_www/fokusthemen/MTP-Folien_f%C3%BCr_Namur-Website.pdf
• 9US Food and Drug Administration. Guidance for Industry. “Sterile Drug Products Produced by Aseptic Processing — Current Good Manufacturing Practice.” September 2004. https://www.fda.gov/downloads/Drugs/Guidances/ucm070342.pdf

In a single manufacturing plant, several filter integrity testers are often operative. Allocating all of these requirements in each stand-alone unit might lead to a fragmented, inefficient, and expensive process that is complicated to qualify and maintain within the working environment. Risk of data manipulation, probability of mistakes, training requirements, and need for supervision must be considered and properly managed for each piece of equipment.

This stand-alone concept can be applied to all equipment on the shop floor, with variances influenced by specific process requirements and technological limits. The complexity can increase with equipment, software, and functionalities from different manufacturers. Large manufacturing networks across multiple countries and technological platforms can add additional levels of complexity.

Equipment standardization can reduce the variety of models, vendors, and systems, but variation cannot be eliminated. Vertical integration allows equipment and software from different manufacturers to operate together efficiently while achieving compliance with health authority regulations. Each vertically integrated unit is connected to a centralized “backbone” system where good practice (GxP) data and associated management controls are incorporated.

Though it may be considered similar to a distributed control system, vertical integration does not rely on central operator control but on interfaces that allow the automatic exchange of data. The benefit of vertical integration can be explained using the example of our filter integrity tester.

As part of a standardization program, Novartis, in association with Pall Life Sciences, developed a filter integrity tester unit that leverages industry standards (domain controller, OPC connectivity, 10 historian, storage, etc.) to integrate the working environment vertically. Upper-level systems were selected and standardized. The unit is accessed via unique user login credentials, with passwords that are automatically maintained and authenticated (Figure 4).

Recipes are managed by the central management system and recalled from each unit during operation. Date and time are centrally synchronized. Data is stored in a centralized system (historian). The operator can use the equipment to perform the test (data generation), transmit the data to the historian (record), then use a third application to generate an electronic summary and present it on the screen (report).Vertical integration reduces DI risks at the equipment level, and permits compliance efforts to be focused on a few standardized upper-level systems. In a certain way, adopting the vertical integration concept makes the equipment “lighter,” leaving it as only a data generator. Maximum benefit can be achieved once the concept is applied to all equipment operative in the manufacturing plant.

• 10OPC Foundation. Unified Architecture. “Part 11: Historical Access.” 12 November2015. https://opcfoundation.org/developer-tools/specifi cations-unified-architecture/part-11-historical-access/

It’s important to know who was running the equipment and who performed which operation

Vertical Integration

The vertical integration concept defines a new and important equipment characteristic: The interface is enabled to extract data in a way that allows it to be handled by the upper-level systems. The number of interfaces required is directly linked to the question “Do we need to extract all the data from the equipment or just different data sets with different characteristics?” The RUTH (recipe, user, time, history) concept offers an answer to this question and defines the data that needs to be extracted (Figure 5).

Recipe

The “recipe” is transactional data related to manufacturing order, initial equipment setup, or orchestration (interaction with other pieces of equipment). Recipe data configurations are controlled, approved, and stored in a standard recipe management (SRM) system that controls the creation, change, and approval of master recipe data by authorized operators, based on their roles. The SRM maintains the different versions and storage of master recipes. Prior to starting a process, the operator initiates the SRM to set the batch information and selects the recipe to use in the equipment. Only one recipe is available in the equipment at any time. The historian is the connecting link between the SRM and equipment for data transfer. It maintains the recipe data transaction associated with the batch produced.

User Authentication

It’s important to know who was running the equipment and who performed which operation. The domain controller maintains and automatically authenticates a central list of unique user accounts and passwords, with privileges defined by login to limit activities. Additionally, it allows for a single control of all users and password policies across all the machines, so any kind of “reporting”—viewing who logged in, when, and why—can be done easily. Operational executions, entries, and actions are linked to user ID logins and recorded in the historian.

Time

Time refers to when relevant events occur. It is synchronized to central time at the domain controller. Date and time for the equipment reference to the domain controller system time to assure accuracy across equipment.

History

The historian is the heart of vertical integration design and the only source of data storage. Equipment process events and data changes can be reconstructed through its records. Configurations and records are audit-trailed and protected from any change. Data is distributed to report generation systems and can be extracted by other reporting and data visualization systems to support various plant operations for GxP and non-GxP usage.

Conclusion

The vertical integration concept can dramatically reduce the effort to meet regulatory requirements and expectations in an efficient and advanced way. A single and harmonized RUTH “backbone” specification can allow an easy and efficient vertical integration of every piece of equipment. ALCOA+ data requirements can be fulfilled almost entirely by the backbone, reducing overall effort and cost to develop, implement, qualify, and maintain the equipment in the working environment. Because energy is not being used to manage silos of data, vertical integration frees both machines and personnel to focus on what they need to do: produce high-quality medicines in an efficient manner.

The content of this article was presented at the ISPE DACH Workshop, Basel, Novartis Campus, 14–15 November 2018.