Compliance Zen

Looking for reliable, "how to" information around data integrity on the web can be a bit of a challenge. One man's "data integrity" is another man's "data quality" is another man's "data governance."  Without delving into the minutiae of each of these perspectives, I thought I'd offer up five of the resources I frequently call upon when conducting data integrity audits and data integrity training.

MHRA Inspectorate Blog on cGMP Topics

Recently, the UK's MHRA has run a series of blog postings on data integrity - what it is and what it ain't from the regulators perspective.  Here are the three worth reviewing:

• GMP Data Integrity: A New Look at an Old Topic, Part 1
• GMP Data Integrity: A New Look at an Old Topic, Part 2
• Inspecting Clinical Trials - the Trial Master File

The last one is of particular importance because so often cGCP compliance gets the short end of the stick when it comes to public data integrity enforcement.  While GMP warning letters get media attention, when clinical data integrity fails, firms can actually go out of business as FDA and other regulators reject significant parts of submissions such as multiple investigator sites or send back complete response letters that jeopardize investments and raise the ire of shareholders.  Clinical data integrity issues don't make the news often, but just one clinical trial with poor data integrity can easily cost a company years of effort and millions of dollars down the drain.

FDA Guidance on BECS Computerized System Validation

If you've been wondering why people are reopening and reviewing FDA's 2013 guidance, Blood Establishment Computer Validation in the User's Facility, then the short answer is that it offers fairly concise information and guidance on what FDA expects around modern computerized system validation when it comes to testing and ensuring data integrity.  Be aware that way back in the preamble to 21 CFR 11 Electronic Records; Electronic Signatures, question #65, FDA strongly suggested that this guidance (the draft version at least) was essential reading for all industries.

Responsible Conduct of Research at Northern Illinois University

This collection of webpages includes a nice summary of data integrity control points around data collection for scientists and researchers. It includes elements of both quality control and quality assurance, and provides additional reference documents.

HHS HIPAA Security Series

Whether your organization is regulated by HIPAA or not, a review of the HIPAA Security Series #4 Security Standards: Technical Safeguards newsletter from 2007 is well worth your time. The 17-page newsletter walks through specific technical security safeguards to put in place and test around data; safeguards that look remarkably (or not so remarkably, depending on your perspective) like those found in 21 CFR 11, Annex 11 and multiple guidance documents.

FDA's Application Integrity Policy - Points to Consider

Primarily used for submission-related data integrity concerns, parts of FDA's Application Integrity Policy are important to review regardless of where you sit on the cGXP continuum.  In particular, review FDA's Points to Consider for Internal Reviews and Corrective Action Operating Plans (caution: this FDA link can sometimes take forever to open). Even though this is from 1991, there is a lot of good information within this section of the policy (e.g., it's an oldie but a goodie).

Of course, this all presumes you haven't already bookmarked Cerulean's resource library for data integrity-related articles, case studies, interviews, and so on.