The pharmaceutical industry has to ensure a constant quest for quality in an ever-changing regulatory environment. To achieve this, the generation of electronic data has become an inevitable solution, and one that has been implemented in many organisations. Data servers, clouds… the practicality and time-saving benefits of digital technology are major advantages that promote functional quality systems. But like all developments, there is a corollary that must not be overlooked: data integrity. This has become a major security issue for pharmaceutical organisations. Find out below about the different phases you need to consider in order to achieve compliance and take the first steps in your data management policy.
Data integrity in the pharmaceutical industry is closely linked to Good Manufacturing Practice (GMP) and the GxP environment, encompassing Good Manufacturing Practice (GMP), Good Laboratory Practice (GLP) and Good Distribution Practice (GDP). These standards govern the processes and systems used in the production and distribution of medicines, guaranteeing their quality and safety. In France, compliance with these standards is mandatory under the Public Health Code, in particular articles L. 5111-1 and R. 5121-114, on pain of severe penalties and repercussions for the company’s reputation.
As a reminder, you will find below a summary of the regulatory texts on data integrity in the pharmaceutical industry:
Failure to comply with the regulatory texts on data integrity in the pharmaceutical industry obviously entails its share of sanctions: warnings, injunctions, withdrawal of marketing authorisations and criminal proceedings. It also has collateral consequences that I leave to you to assess:
Compliance requires a collaborative approach, involving various stakeholders such as quality, IT and possibly legal teams. A project manager with data-integrity expertise is essential to structure the efforts and guarantee the effectiveness of the actions undertaken. A typical team dedicated to data integrity could be made up as follows:
An in-depth understanding of the flow of data is needed to identify points of vulnerability and implement appropriate controls. The dematerialisation of documents can facilitate this understanding by making data more accessible and more easily traceable, but it is important to know how it is organised and classified. The first steps to be taken are therefore to :
La sécurité des données est un aspect critique de la gestion de l’intégrité des données. Cela comprend à la fois la sécurité physique des infrastructures et des supports de stockage, ainsi que la sécurité logique pour contrôler l’accès aux systèmes et aux données. Les mesures de sécurité doivent être robustes pour prévenir toute altération ou accès non autorisé aux données, et des plans de continuité d’activité doivent être établis pour garantir la disponibilité des données en cas d’incidents ou de sinistres. Votre plan doit ainsi prévoir d’effectuer un inventaire des systèmes informatiques et des processus associés. Il conviendra de s’assurer qu’ils sont conformes aux normes de qualité et de sécurité. Ensuite, il faudra identifier les lacunes potentielles dans les systèmes et proposer des solutions pour les corriger et améliorer l’intégrité des données.
Some data is more critical than others and deserves special attention in terms of protection. An in-depth analysis of the criticality of data enables you to prioritise actions and concentrate efforts where they are most needed. For example, you could start by assessing the criticality of data in terms of its impact on the quality of pharmaceutical products and on patient safety. Then prioritise data governance efforts by focusing on the data that is most critical to the business.
A systems audit is based on a number of principles, including the ALCOA + principle. ALCOA + is an extension of the ALCOA principle, which stands for Attributable, Readable, Complete, Original and Accurate. It addresses the complementary concepts of Integrity and Traceability. This framework provides essential guidelines for ensuring the quality and reliability of data throughout its lifecycle, from creation to archiving.
Identifying deviations from the ALCOA+ principle involves an in-depth analysis of the processes and practices in place, highlighting any potential shortcomings in terms of attribution of data to its source, legibility, completeness, originality, accuracy, integrity and traceability. Gaps can be identified through audits, documentary reviews and assessments of the IT systems used to collect, store and manipulate data.
Once the gaps have been identified, a remediation plan needs to be implemented. This remediation plan aims to correct the shortcomings detected and to reinforce the integrity of the data. It may include actions such as updating procedures and protocols, training staff in good data management practices, and improvements to IT systems to ensure that data is collected, analysed and stored in accordance with ALCOA+ requirements.
Drawing up a detailed action plan is essential for implementing the measures needed to guarantee data integrity. In particular, it will be used to assign specific responsibilities and deadlines for each action in order to monitor progress and ensure that objectives are met.
Another important aspect is the behaviour of employees and managers with regard to data integrity management. It is vital that the company’s management actively supports data integrity initiatives and encourages an open culture where employees can report problems without fear of reprisal. Employee training and awareness of the importance of data integrity and the best practices to follow are also essential to ensure compliance and vigilance.
By following this plan, a pharmaceutical company can develop an effective strategy for managing data integrity and ensuring regulatory compliance throughout its lifecycle. In the long term, it will be sufficient to :
Implementing a data integrity management system as part of a pharmaceutical company’s quality system requires a holistic and integrated approach. By combining clear policies, thorough risk analyses, robust security measures and a corporate culture focused on transparency and accountability, companies can ensure regulatory compliance and maintain the quality and integrity of their data throughout its lifecycle. LUGAN CONSULTING has the expertise and tools to help you implement your data integrity policy, save you time and ensure that your strategy is compliant.