FDA updated its FAQ page on Good Manufacturing Practices with several data integrity and Part 11 related questions and answers, including:
- Why does FDA object to using actual samples to perform system suitability testing?
- Why is FDA concerned with the use of shared login accounts for computerized systems?
The answer to the latter should be obvious. You can't prove the authenticity of the data or hold the data owner accountable if you cannot identify who actually created or modified the data. Shared logins blur the lines and hide clarity around who created, or modified, or destroyed data.
As regards to using actual samples to perform system suitability testing, here's what FDA states:
"FDA wants to discourage the practice of “testing into compliance.” In some situations, the use of actual samples to perform system suitability testing can be a means of testing into compliance.According to USP, system suitability tests should include replicate injections of a standard preparation or other standard solutions to determine if requirements for precision are met (ref. USP General Chapter <621> Chromatography). System suitability tests, including the identity of the preparation to be injected and the rational for its selection, should be performed according to the firm’s established written procedures and the approved application or applicable compendial monograph (§ 211.160).If an actual sample is to be used for system suitability, it should be a properly characterized secondary standard and written procedures should be established and followed (§ 211.160 and 211.165). All data should be included in the data set that is retained and subject to review unless there is documented scientific justification for its exclusion."
- Reliability and integrity of the regulated data and records; and/or
- Reliability and consistency of any automated process that is a regulated process (e.g., an automated GMP or GLP or GCP processes).
If your firm needs independent guidance on data integrity, FDA recordkeeping and cost-effective Part 11 compliance, consider an onsite, private data integrity best practices workshop or an expert data integrity consultant.