From paper to electronic data Bioindustrypark, October 10, 2013 Dr Alessandra Grande Ivrea GxP Test Facility QA Manager, Head Global BMT QA Research & Development Quality Assurance MerckSerono RBM
Outline Kind of data Requisites Applications Conclusions
Outline Kind of data Requisites Applications Conclusions
Guideline evolution OECD Monogr aph No. 10; The Applicat ion of the Principl es of GLP to CS 1995 EPA GALPs Good Automat ed Laborato ry Practice 1995 21 CFR 11, Electronic Records; Electronic Signatures final rule, 1997 FDA Guidance for Industry, Part 11 Scope and Applicatio n, 2003. AGIT, Guidelines For The Acquisition And Processing Of Electronic Raw Data In a GLP Environment, 2005. ISPE GAMP Good Practice Guide, Part 11 Compliant Electronic Records and Signatures 2006. FDA Guidance for Industry; CS used in Clinical Trials Updated May 2007 Red Apple II CS in Nonclinical Safety Assessment: Current Concepts in Validation and Compliance 2007 Peach EU CS in GMP Clinical Annex Research: 11 CS, Current 2011 Quality and Data Integrity Concepts 2008 ISPE GAMP Good Practice Guide: Risk-Based Approach to GxP Compliant Laboratory CS, 2012. Paper homogeneous Paper and electronic system hybrid Electronic homogeneous
Paper vs e-data At the beginning of 2000, after the FDA 21 Part 11 publication moving from paper to electronic seemed to have some pro and some cons: Lack of - confidence - CS knowledge - guideline interpretation Trendy Costs Space
Paper vs e-data Paper Methodologies well established and stable Electronic Computer technologies & languages change frequently Information can be read without any tools e-management requires the use of computer languages & technology Paper records are understandable without the use of additional records. e-record is not self contained & requires other records to understand its meaning
Data definition in regulated environment GLP OECD Raw data means all original test facility records and documentation, or verified copies thereof, which are the result of the original observations and activities in a study. Raw data also may include, for example, photographs, microfilm or microfiche copies, computer readable media, dictated observations, recorded data from automated instruments, or any other data storage medium that has been recognised as capable of providing secure storage of information.. GCP ICH Source Data: all information in original records and certified copies of original records of clinical findings, observations, or other activities in a clinical trial necessary for the reconstruction and evaluation of the trial EU GMP Chapter 4 Documentation may exist in a variety of forms, including paperbased, electronic or photographic media. The term 'written' means recorded, or documented on media from which data may be rendered in a human readable form. Records include the raw data which is used to generate other records. For electronic records regulated users should define which data are to be used as raw data. At least, all data on which quality decisions are based should be defined as raw data
Raw Data/Source Data - Meta Data Raw data: original observations/activities recorded contemporaneously Raw/source data collected on a computer system can be: Electronic records Computer generated printouts Other media Meta Data: information held in the computer system which translates and/or supports the data (e.g Instrument settings). - Must be maintained for as long as the data is required - Specific to the software application - Integrity of data requires integrity of metadata
Data in the e-environment In computer science, data is anything in a form suitable for use with a computer. If a program is a set of instructions that detail a task for the computer to perform; data is everything that is not program code. Data is what the users and regulators are interested in. Binary files (which are not human-readable) are sometimes called "data" as distinguished from human-readable text
e-data systems in drug development Pre-clinical Laboratory Information Management Systems, Clinical pathology Phase I Safety and tolerance CRF data management, EDC (Electronic Data Capture) Phase II - Safety and Efficacy Phase III Study enrolment, Drug supply, Data capture, Clinical records Statistics, Regulatory Submissions, Health Economics Pharmacovigilance Adverse Events Reporting Documentation management Change control (TW), Procedures (EDMS) E&V/Maintenance SAP, Building Management System
Outline Kind of data Requisites Applications Conclusions
Data requisites Independently of the support, the data must be ALCOA Attributable Legible Contemporaneous Original Accurate
E-data requisite In particular e-data must guarantee data integrity. Data without integrity is not worth keeping Must for GxP compliance Business needs Integrity from collection to submission From cradle to grave
Data integrity Data integrity depends on these attributes Reliable Available Accurate Attributable Accountable Data Integrity Legible Contemp Original Secure
Data Must be Accurate and Reliable In order to ensure reliable data: Computerised systems must be validated to current standards Validation status must be maintained - change control - periodic review IT infrastructure must be controlled and qualified through - maintenance - IT continuity - disaster recovery
Data Must be Accountable/Attributable Data must be: Authenticated I did it Attributable He did it Who recorded the original data and when? Who s worked on derived data and when? Who is responsible for the data?
Data Must be Accountable/Attributable Data Audit Trail Proof of data authenticity Allows study/trial reconstruction May also contain details of computer system configuration Reports changes made, who made them, when and their reason (not obscuring original data) Reports date and time of data (controlled by the Server) Users must not be able to change audit trail information
Data Must be Available Data must be available for all the data life. - after their recording and before archiving - after archiving - after system retirement
Data Must be Available Back-up and Recovery Agreed frequency Suitable media Secure storage of back-ups Routine testing to verify accuracy Procedure for handling failures Documentary evidence Backup is NOT archival!
Data Must be Available Data Archiving Assurance that archiving information in an electronic medium will be usable (readable and extractable) in many years Hardware, software and algorithms evolve is data integrity maintained during technology change? GLP principles require study material to be archived after the final report signature. This applies also to electronic data. For other GxP principles the archival requirement is not statute even if they do archive
Data Must be Available System Retirement Ensure e-data continue to be available and are humanly readable Consideration of Regulatory retention period Business needs IT issues Practicalities. Solutions to keep data available Migration of e-data to a new system Transform data into common format Systems are not available forever, however data may need to be!
Data Must be Secure There are 2 kinds of security Physical Logical
Data Must be Secure Physical security Records: restricted access to records and materials People: proof of authentication, e.g. staff ID badges Area: restricted access to buildings, laboratories, server
Data Must be Secure Logical security Data entry Passwords Biometrics: User ID authenticated by unique body part (e.g. retinal scans, finger prints) 21 CFR Part 11. Concept not usually implemented in GxP environment Different access rights (Who manages and maintains access controls) Infrastructure Control receipt of transmission through Firewall Monitor network for viruses and isolation of detected viruses Update of antivirus & firewall software.
QA involvement in Computerised Systems Computerised systems are no different from any other system/process QA may encounter (but require special considerations) QA are required to indicate the extent of their involvement in computer activities. GLP regulations mention auditing of computerised systems OECD Monograph No 10 The Application of the Principles of GLP to Computerised Systems specifically indicates: QA responsibilities must be defined by management and described in written policies and procedures QA personnel are required to audit and monitor the compliance of computerised systems. GCP and GMP do not mention any QA activities specific to computerised systems
Outline Kind of data Requisites Applications Conclusions
electronic Common Technical Document (ectd) The ectd is an interface for industry-to-agency transfer of regulatory information and documents in a regulatory submission The specification of the ectd is based up on the content defined in the International Conference on Harmonisation (ICH) M4 expert working group (EWG)
Standard for Exchange of Nonclinical Data SEND (Standard for Exchange of Nonclinical Data), is an implementation of the Standard Data Tabulation Model (SDTM) for nonclinical studies. It specifies the format for reporting non-clinical study to the FDA. Past/now Report and tables Now/Future Report and tables SEND files
EudraCT EUDRACT is the European Clinical Trials Database of all clinical trials of investigational medicinal products with at least one site in the EU (since 1 May 2004). This database has been established to: Facilitate communication between competent authorities Link with other databases such as EudraVigilance and EU Clinical Trials Register. Facilitate communication on trials between authorities Improve oversight of medicinal product development Enhance protection of clinical trail subjects Legal basis is Clinical Trials Directive 2001/20/EC
Outline Kind of data Requisites Applications Conclusions
Conclusion To move to e-data is no longer a choice for various reasons: Business Regulatory
Business Requirements Intellectual property issues, establish ownership Most information generated today is in electronic format Logistics: 250,000 pages can be stored on a single DVD ROM Templates: Data manipulation requires standard formats for efficiency Electronic data capture obviates the need for paper (e.g. Patients can enter their own results using a PDA) Statistical analyses can be validated, automated calculation eliminates the human factor
Compliance/regulatory Requirements Raw data definition: for hybrid systems, it has to be demonstrated that both the signed paper printout and the electronic records that generated it are defined as raw data / electronic records and they are maintained and protected throughout the record retention period. Process more transparent to inspectors Approval: Regulatory authority queries can be answered immediately
Paper vs e-data Lack of - confidence - CS knowledge - guideline interpretation Trendy Costs Space
Paper vs e-data Costs of validation maintenance Confidence CS knowledge guidelines interpretation Space Susteinability Compliance
Some open issues Data availability: how can you demonstrate that your data will be readable in 20 years data reliability in hybrid systems: how do you keep electronic and paper records synchronised so that they say the same thing? data reliability: how to manage manual entry (retrospectively) of critical data; checked by a second person or a validated process using the computer itself?
Thanks for your attention