The pharma manufacturing industry has seen an escalated regulatory focus on data integrity. With an increasing wave of new treatments entering the global market, regulatory bodies continue to sharpen their focus to ensure that data is complete, consistent and accurate for every batch or continuous process.
When good manufacturing practices (GMP) are not followed, or if documentation cannot be verified, manufacturers face potentially serious consequences. Whether an organization receives fines, recalls product(s), receives more frequent inspections, or suffers from a damaged reputation, the costs of remediation can be high, both in time and money.
More recently, regulators have increasingly recognized automation as a way to ensure integrity, and various regulatory bodies have encouraged the use of automation technologies in their guidelines. These agencies recognize that automation empowers manufacturers to more easily minimize errors, optimize resources, and reduce patient risk, leading to improved availability and sustained quality.
As global competition increases, facilities will need a distributed control system (DCS) for process automation and a manufacturing execution system (MES) for electronic batch records to lock in competitive advantage and ensure fast, safe delivery of treatments to patients. Fortunately, choosing the right solutions for pharma manufacturing is not as difficult as it may seem. By selecting a system inherently designed to support ALCOA+ guidelines for GMP applications, drugmakers will have completed a critical step toward ensuring data integrity practices, which will also promote safe and efficient production.
Risks of poor data integrity practices
Poor batch records and sloppy documentation practices are two of the most common data integrity issues that draw regulators’ attention during an audit. Proper, contemporaneous recording of data is a critical step, but this can often be overlooked — especially when an organization is relying on paper records.
For example, in one recent FDA audit of a pharma manufacturer, investigators noted that an employee performed multiple manufacturing steps on two separate dates, with a second employee documenting verification of those activities. During the audit, however, the investigator determined that the verifying employee was not physically present in the facility when the steps were documented as having been performed. This data integrity error noted by the FDA put the company and its reputation at risk.
Other risks come from systemic issues. Failure to ensure logins are secure and never shared, or not properly restricting system administration rights, prevents teams from identifying who made changes in operations and if those changes were authorized — ultimately creating significant safety and quality risks. The same can be said of issues with electronic signatures and validation documentation for computerized systems and software.
Improving data integrity compliance
One key benefit of leading DCS is the functionality to ensure data collected during manufacturing is generated while inherently incorporating the elements of data integrity. There are also several benefits provided by the MES, since it can be used to ensure data capture, data flow and signatures are enforced. As a result, issues due to poor data collection are automatically avoided.
Electronic records, electronic signature capabilities, and built-in computer system regulations create an automated foundation for managing GMP data. The most advanced systems include capabilities to support compliance with 21CFR Part 11, and they provide built-in mechanisms (such as security controls, revision tracking and change management) to protect underlying software and maintain its validated state.
Most importantly, the best systems also have capabilities to ensure teams can automatically meet key ALCOA+ standards. Nearly every DCS and MES will provide some ALCOA+ support, but organizations looking to capture competitive advantage should seek out systems that address every element. Finding such a system is not difficult when project teams focus on these requirements.
Attributable
To help teams automate provenance, the systems need to know who is doing what task, along with the context and store both data points so they can be verified later. Project teams should seek out solutions that record actions and the identity of the operator performing the action. Both batch-related events, as well as the identity of the person making the entry, should be captured in the system’s electronic records (e.g., batch historian, database).
For example, consider an operator who, during a phase of batch processing, is asked to change a filter. When the operator performs that task and confirms completion, both the action and identity of the person performing the action should be recorded.
In addition, the solution should be capable of tracking changes to the underlying software running any validated process. Configuration audit trail tools should automatically record who made the change, and the date and time the change occurred.
Legible
Paper records are the antithesis of data integrity. Paper is easy to lose, costly and time-consuming to store, and, if not used carefully, can result in records that are difficult or impossible to use months or years later. Even if paper records can be located quickly for auditors, organizations must put forth extra effort to ensure that manual entries are discernable.
A DCS with an MES eliminates the need for paper handling and legibility concerns. The DCS automatically stores process control data and records operator actions, while the MES enforces and electronically captures operator actions of remaining manual activities. With these systems, teams know their records are safe, accessible, and legible.
Additionally, ease-of-use should be a concern for evaluating solutions. Teams should seek out flexible systems that allow both viewing records in their native format and exporting true copies. And for quick auditing of validated processes, the systems should offer fast and easy access to review configuration data, configuration audit trails, and historical data.
Contemporaneous
Ensuring contemporaneous data seems like an easy task for any DCS or MES — and for the most part, that is true. Most solutions can record operator actions and configuration changes at the time they occur, along with a secure time and date stamp. But the best solutions also use network time protocol, a standard communication protocol that allows computers to synchronize with a time server. Project teams should seek such a solution to ensure workstation, servers, controllers, and embedded nodes are kept in synchronization.
Original
In an audit, teams must prove the validity of their data, which is one key area where DCS and MES solutions tend to shine or fall short. Project teams should seek a DCS that ensures the validity of input source data as restricted to devices within the system. All workstations, controllers, and I/O devices should be defined in the system and downloaded before they can generate, enter, record, or process data. Connected devices not registered should be restricted from participating in any DCS communications.
All configuration and historical data files should be able to be stored in a secure data repository, with write access only given to applications that need to write data to those files. All historical data should be prohibited from deletion until after it is archived.
The best DCS solutions simplify validation by employing a class-based approach, where engineers can use control modules, equipment modules, units, and phases to ensure each instance is inherently linked to the original class-based entity. With this approach, all software associated with functionality of the class is tested once and inherently instantiated for every instance. Each item, though uniquely tagged, is connected to the single class. If a change is made to the class, it replicates across every instance of that class automatically.
The best MES solutions have similar characteristics, such as a class-based architecture concept for ease of validation, restricting access, and providing other required capabilities. Such solutions ensure consistency, while reducing testing and configuration.
Accurate
The best data management is useless if data collected is inaccurate, so teams should seek solutions with built-for-purpose data protection mechanisms in place. The best systems provide built-in, intuitive security controls for access to configuration, data, and history to protect against falsification. At a base level, any solution used for drug manufacturing should support unique usernames and passwords for anyone who accesses the system, and it should provide comprehensive version management and change tracking.
Teams should seek systems that do not just log new values when data has been changed, but also retain the previously captured value, so others can see how and why changes occurred. These systems log all operator actions with both old and new data values.
Organizations can also help to ensure accurate data by using a DCS that supports an asset management package to monitor maintenance of sensors providing incoming data to the control system. These solutions help teams ensure sensors are calibrated or replaced at the right time.
Complete
By using the right DCS and MES solutions for operations, an organization is already taking critical steps to ensure complete data collection. The digitization of data provided by these solutions helps avoid the risk of loss or destruction inherent with paper records, and it simplifies storage. However, for assurance, project teams should seek complete solutions that retain associated metadata to ensure data context.
Consistent
DCS and MES solutions inherently ensure complete data and force consistency, but organizations should ensure their solutions enforce the validated workflow at every stage of operations. With this enforcement, teams can be confident they are generating GMP data the same way every time.
Enduring/Available
The best solutions will come from expert solution providers that have designed them to work in tandem with necessary backup and recovery tools. Built-for-purpose solutions will have been designed and tested to interface with data storage and recovery tools, without the need for complex custom configuration.
Data integrity and technology
Although selecting the right technology is an important part of data integrity, it is just as important to have overarching governance processes in place. This includes management processes, procedural and technical controls, and consideration of human factors.
Data integrity requires more than just enabling technology; organizational culture and people must also be considered in the overall governance and management processes. Finally, standardized work processes need to be documented and followed to ensure data integrity.
Preparing for modern automation
In coming years, additional regulations and guidelines may set the expectation that teams are implementing more digital plant solutions. Therefore, preparing for that future means starting to implement digital technologies today, beginning with fit-for-purpose DCS and MES solutions.
With a reasonable amount of front-end research, project teams can identify the solutions best designed to support ALCOA+ guidelines. Spending the time on that task will help drive more efficiency and quality, while helping to future-proof the organization’s investments.
