FDA updated its FAQ page on Good Manufacturing Practices with several data integrity and Part 11 related questions and answers, including:
- Why does FDA object to using actual samples to perform system suitability testing?
- Why is FDA concerned with the use of shared login accounts for computerized systems?
The answer to the latter should be obvious. You can't prove the authenticity of the data or hold the data owner accountable if you cannot identify who actually created or modified the data. Shared logins blur the lines and hide clarity around who created, or modified, or destroyed data.
As regards to using actual samples to perform system suitability testing, here's what FDA states:
"FDA wants to discourage the practice of “testing into compliance.” In some situations, the use of actual samples to perform system suitability testing can be a means of testing into compliance.According to USP, system suitability tests should include replicate injections of a standard preparation or other standard solutions to determine if requirements for precision are met (ref. USP General Chapter <621> Chromatography). System suitability tests, including the identity of the preparation to be injected and the rational for its selection, should be performed according to the firm’s established written procedures and the approved application or applicable compendial monograph (§ 211.160).If an actual sample is to be used for system suitability, it should be a properly characterized secondary standard and written procedures should be established and followed (§ 211.160 and 211.165). All data should be included in the data set that is retained and subject to review unless there is documented scientific justification for its exclusion."
One way to read this is to state that the use of actual samples can be too tempting for some firms. Better for firms to all use industry-standard samples (e.g., standard solutions).
From FDA's perspective, if a system is tested using a standard solution, and the system works fine; then when using the firm's actual production samples, the system produces errors, the system is not at fault - the firm's actual product is faulty. This is FDA's logic and aside from some unique, one-off situations, it's difficult to disagree.
Notice that all data integrity FAQs at FDA are filed under the "Records and Reports" heading; again emphasizing that data integrity and Part 11 compliance are NOT about computerized systems and software per se, and instead about:
- Reliability and integrity of the regulated data and records; and/or
- Reliability and consistency of any automated process that is a regulated process (e.g., an automated GMP or GLP or GCP processes).
If your firm needs independent guidance on data integrity, FDA recordkeeping and cost-effective Part 11 compliance, consider an onsite, private data integrity best practices workshop or an expert data integrity consultant.
