ALCOA Plus Principles for Data Handling
June 9, 2021
Data can be extremely valuable in the drug development process, but only if it is collected and stored appropriately. As today’s drug products and their manufacturing platforms become more advanced, digital technologies are advancing, meaning that regulatory requirements for data integrity are also evolving.
Audit Trail Compliance
Audit trails are important for assuring the security of electronic pharmaceutical testing records because they provide a means for tracking all changes and events that have occurred during the use of a system or instrument without the need for a physical logbook.
There are two types of audit trails required for electronic records used in bioprocessing:
- Primary audit trails record all changes to records used for batch release and other good manufacturing process (GMP)-related activities.
- Event audit trails relate to events not directly linked to a record and therefore do not become part of the record, such as failed login attempts.
Both types of audit trails must be regularly reviewed by the quality unit to determine if any manipulation of the records has occurred or if there have been unusual activities performed on the instrument.
Prioritizing Audit Trail Entries
For filter integrity test instruments, it can be helpful to sort the audit trail entries according to their risk and impact, with thresholds set to indicate concerning results.
The test result is the most important electronic record on a filter integrity test instrument because it is used as a batch release criterion. However, because it is a static record, there is no audit trail. Thus, date and time changes are the top priority as a date/time change may indicate an attempt to falsify a record. Monitoring changes in filter test programs is also critical, as too frequent changes may suggest that a problem exists.
Changes in the access management records and user access are also important because these systems are designed to provide control of access to the instrument programs and records and assure the value of the electronic signature. They are key controls to mitigate risks of a data breach.
All other records and their audit trails are relevant for the management of the instrument in accordance to GMP requirements, but less critical with respect to assuring the safety of the electronic records and electronic signatures generated and maintained in the software of the filter integrity test instrument.
Test Program Audit Trails
Filter integrity test instruments should ensure that static records, such as test results, can never be altered after their generation and storage other than to add comments with the signature. Other records, including test program, user name, and date/time change, have audit trails that include information on what has been changed by whom, when, and why.
The instrument should have an event audit trail to log system-related activities. Because unusual activities around access control and the electronic records are visible in the event audit trail, software should enable regular audit trail review.
The ALCOA Plus principles can lead design to ensure that data security and data protection are observed and maintained.
- Attributable: there are four access levels (Operator, Supervisor, Administrator, and Super Administrator) and an advanced Login management function not only provides control of access but also records the user, time, and date for each test, creation/modification of tests and configuration and date/time changes, all of which become part of the record audit trail.
- Legible: all parameters defining a test and all metadata are included in the test results so the raw data can be understood.
- Contemporaneously recorded: test results are recorded when the test is completed.
- Original: test results are the first captured data and do not require recalculation, and only electronic signatures with comments can be added.
- Accurate: test results are based on flow measurements that are properly calibrated against traceable pressure and flow references and the system verifies that the screen display, print result and data contents all match.
- Complete and Consistent: test results are static records; they contain all data relevant to the test and cannot be deleted.
- Enduring: test results are recorded with a time stamp, and each test is linked to the serial number of the instrument, which has the time synchronized with the time of the host PC or relevant server. A continuous test counter also maintains the sequence of tests independent of the time stamp.
- Available: configuration, test programs, user data and test results can be easily exported to a computer network or an external flash drive for long-term storage.
Designed Around Data Integrity
Test results for filter integrity test instruments are used to make important batch release decisions that become part of the batch record. The assurance that electronic records are accurate and protected is therefore essential.
As a result the design of the integrity test instrument should comply with FDA, MHRA and EudraLex regulations regarding electronic records and electronic signatures. These regulations need to be considered for the specific implications of the records generated by a filter integrity test instrument.
Making sure that the instrument includes all the features is necessary to ensure operation in compliance with the guidelines for data integrity of electronic records and electronic signatures and thus the highest product quality and patient safety. It is also sufficiently flexible to accommodate specific requirements and guards against foreseeable regulatory developments.
- Sort By