Saqib Choudhary: US FDA defines data integrity as "the completeness, consistency and accuracy of data. Complete, consistent and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate." It is very important to understand the best practices for the capture and maintenance of source data, as well as record retention, and comprehend how the gaps could easily be filled. There are many areas where data integrity could potentially be compromised, including hostile parties obtaining data captured from lab instruments, site monitoring, CRF entries, general record-retention practices and many more.
As subject-matter experts on source-data integrity who also specialise in computer-systems quality, our auditors have vast experience in dealing with gap analysis and providing consultancy. This gives LabQ a distinct advantage over other consultants. We provide a two-in-one service where we can help from a quality and technology perspective. In my experience, I have personally helped more than two dozen contract research organisations (CROs) in the past year alone to mitigate critical and major issues related to the gaps within source-data integrity, and I provided them with advice that was compliant yet feasible from a budget and technology point of view.
One of the most common problems is a lack of source-data integrity. When electronic data is transferred, any associated metadata must also be moved. Both pieces of data together constitute source data, and are required for it to be deemed complete and accurate.
FDA defines 'metadata' as "structured information that describes, explains, or otherwise makes it easier to retrieve, use, or manage data. For example, the number '23' is meaningless without metadata, such as an indication of the unit 'mg'. Among other things, metadata for a particular piece of data could include a date/time stamp for when the data was acquired, a user ID of the person who conducted the test or analysis that generated the data, the instrument ID used to acquire the data and audit trails."
Another misconception is the correlation of source data with backups. Usually, people mistakenly consider backup copies for disaster recovery as an archive, which leads to incomplete data and therefore affects source-data integrity. FDA uses the term 'backup' in section 211.68(b) to refer to a true copy of the original data that is maintained securely throughout the records retention period (for example, 211.180). The backup file should contain the data (including associated metadata) in the original format or in a format compatible with it. This should not be confused with backup copies that may be created during normal computer use and temporarily maintained for disaster recovery; for example, in the case of a computer crash or other interruption. Such temporary backup copies would not satisfy the requirement in 211.68(b) to maintain a backup file of data.
We advise all our clients to move data from one location to another using algorithms or applications that guarantee the transfer of any associated metadata, or checksum validation to ensure a complete transfer. We also advise all our clients with regard to backup and retention facilities and management to meet regulatory and sponsor requirements.
CROs and biopharma working with Chinese CROs always struggle with the ownership of data. In compliance with Chinese law, no health data or human tissue samples may be moved outside of China. Therefore, foreign biopharma and CROs working with sites and CROs in the country have the challenge of working out how to secure the data within the Chinese territorial space so that it is not prone to vulnerabilities. One way to resolve such an issue is to create a point-to-point connection with the vendor in China, and have your own network switch reconfigured to provide for them. You can then use a secure service provider, and create your own cloud environment that is secure and within the Chinese territorial boundaries while remaining well within your control.
LabQ has been providing specialised and custom-made quality assurance services to various biopharma and CROs at a global level. LabQ primarily operates through its UK office, and has a presence in the US, China, Korea, Singapore and India. LabQ has experience to deal with various regulations, including those of US FDA, MHRA, EMA, PMDA, MFDA and GCC countries. We have a proven track record of mock inspections and helping to achieve inspection readiness in these countries, and have a network of regional and international experts.
We've recently expanded our services by partnering with ITSSRC in Bangalore and Dubai. LabQ has developed a clinical trial management system (CTMS) called CATMUS. The system serves as a state-of-the-art data-capture system. Currently, one of the major citations by various regulatory agencies is related to gaps in site management and monitoring due to monitors failing to accurately capture deviations in most cases.
LabQ's CTMS provides a perfect platform to capture data in real time, and has a built-in training and deviation-management system as well. The entire system is not only 21 CFR Part 11-compliant, but also compliant with HIPAA, and other-data protection guidelines and regulations. We are offering our potential customers access to a demo environment to see the merits of the system.