Data integrity is essential for any pharmaceutical company launching a product. Regulations dictate what must be done to assure integrity, but achieving it is often complex. In part one of our series, we look a little closer at some key challenges and how they can be overcome through the ALCOA lens. In part two we will take a closer look at ALCOA+.
Data integrity 101
ALCOA and ALCOA+ are common methods for managing data integrity and good documentation practices for the pharma and medtech industries. ALCOA, a term and framework originally introduced by the FDA stands for:
- Attributable, refers to the ability to trace data and actions back to people, systems, or products.
- Legible,is the ability to legibly read the data for as long as it must be stored.
- Contemporaneous, relates to the recording of data in real-time.
- Original isstoring raw data in its true form, i.e., unaltered.
- Accurate, covers everything from ensuring the error-free recording of data through to accurately recording modifications to it.
Young vs. well-established organizations
Regardless of the size or maturity of your organization, you must adhere to the five ALCOA points if you want to meet compliance and take a product to market. For smaller, relatively young companies, knowing where to start and how to ensure ALCOA can be difficult. In such cases, a gap analysis is the best way to identify what is needed to fulfill requirements. Based on this, an implementation plan can be developed. Large, well-established companies often have processes in place for ALCOA. However, that doesn’t mean they don’t face challenges; processes or not, new product development comes with new data integrity challenges.
Typical ALCOA data-integrity challenges
One of the key challenges within attributable, is people not following official processes or not having the processes in place to ensure data integrity. A classic example of this is the use or rather misuse of passwords. This can be anything from a user sharing their login password details with another user or having one group login for all users. Processes need to be in place, and staff need to be educated to ensure this does not occur. Besides, enforcing proper access control – i.e., ensuring only the right people have access to the correct data – isn’t only a prerequisite for compliance, it’s also an essential part of IP protection.
In today’s digital world, legibility is becoming less and less of an issue – unless you are redacting much of your data. Legibility typically concerns handwritten notes. which must be accurately transcribed and stored. If you are taking notes as part of the development process, consider using a digital tablet or setting up a daily procedure for transcribing them.
Many new products utilize off-the-shelf, third-party software, which can result in unforeseen data integrity issues For example, they may only support manual backups locally on a machine. In such instances, you should deploy scripts to automate server backups at least once a day. Relying on users to backup data will backfire at some point; we’re only human, after all.
Many new products utilize off-the-shelf, third-party software, which can result in unforeseen data integrity issues. For instance, configurable date and time formatting is surprisingly non-standard in some off-the-shelf software. You don’t want to get close to launch and find that your data has been time- or date-stamped incorrectly. It’s therefore vital to set the time and date once a third-party product is utilized. If this functionality is missing, find an add-on to do it. The same also applies to hand-written notes which must be signed, and data-stamped, along with a record of any actions performed based on them.
Production, testing, and quality control generate large amounts of data. This must be securely stored in its true form in real-time, even though it will be manipulated as you progress with product development. A typical challenge is ensuring “old data” is not replaced with manipulated data. This can be overcome by using a secure database to automatically store data at the time of creation.
To ensure accuracy, all data must be recorded as it is manipulated during product development. As mentioned above, version control is therefore essential. As is data protection, to ensure there is no unauthorized tampering of data. You will also need a library of component specifications, assembly, quality control checks, and much more. Essentially, effective document management is vital both to meet accuracy compliance and to streamline data integrity.
Overcoming the ALCOA challenges
If you are just getting started with data integrity, we provide workshops and gap analyses to help you understand the ALCOA process and help define a way forward for you to meet compliance. For larger organizations, we can develop tailored solutions to meet the ALCOA challenges and ultimately help you get products to market quicker.
Meet Anders Christensen
Anders Christensen is a Doctor in Analytical Chemistry. As an expert consultant and educator at Plantvision, he has been supporting pharmaceutical companies with validation and qualification of process equipment, computerized systems and lab instruments.