Two years after the release of a draft data integrity document, the British MHRA published the final version of its GxP data integrity guide on March 9, 2018. Data integrity (DI) is important throughout the pharmaceutical lifecycle.
Not least because of the warning letters made public by the US FDA it has been shown that DI has become a serious issue over the past few years. In today’s data-driven world the quality and integrity of data is imperative and the regulatory authorities worldwide published guidance documents to underpin their expectations on data management and data safety. The WHO and the EMA (Q&A) have already released final documents. Now the MHRA has followed. There has been significant stakeholder interest in the development of the guide, as illustrated by the receipt of over 1300 comments from industry, and trade and professional groups across all GXPs during the consultation process. According to the MHRA data integrity team, the comments received have all been taken into consideration. It comes as no surprise that the final version has grown considerably in size, which is now 21 pages compared to 14 pages of the draft.
Some content amendments:
- A new chapter 3 covers the principles of data integrity. The topics range from organisational culture and the need to take responsibility up to the ALCOA-principle.
- As the title suggests, chapter 6 comprehensively defines and explains more than 20 terms and requirements to assure data integrity. From “recording and collection of data” to “data transfer/migration” to “IT suppliers and service providers (including cloud providers and virtual service/platforms)” chapter 6 forms the core element of the guideline.
- Point 6.19 Validation of computerised systems refers to Annex 11 and Annex 15 of the EU GMP Guide. The MHRA states that "These should be validated for their intended purpose which requires an understanding of the computerised system’s function within a process. The acceptance of vendor-supplied validation data in isolation of system configuration and users intended use is not acceptable. Validation for intended purpose ensures that the steps reflect the data checking SOP.
- Under Point 6.20 (new) cloud or virtual services are addressed. It is emphasised that the understanding of services, ownership, retrieval, retention and security of data is a must.
All in all, it can be said that the GXP data integrity guidance has a high degree of alignment with documents published by other regulators such as PIC/S, WHO, OECD (guidance and advisory documents on GLP) and EMA. Those documents are also listed as references.