Identifying and Preventing Common Data Integrity Issues

  • Missing raw data files associated with recovered solvent testing were observed in folders on the local hard drive of the operating system connected to the gas chromatography (GC) instrument. Your firm indicated that the files appear to have been deleted.
  • [Employees] shared the same username and password for the operating system on each workstation and the analytical software for the GC.
  • Recovered solvent data on the stand-alone computerized system for the GC were not backed up as required per your approved procedure.
  • Failure to have a procedure governing the audit trail or its retention.
  • Failure to include a comprehensive, systematic plan for evaluating your practices and procedures to ensure data integrity controls are applied throughout your firm.
  • Failure to conduct a risk assessment addressing potential impacts to product as a result of the inadequate data integrity controls.

Data Integrity Compliance

Employee Participation

  • 21 CFR Part 11 requirements and expectations.
  • Company code of conduct, ethics, and fraud policies.
  • Data management standard operating procedures (SOPs).
  • Validation and change control.
  • Use of audit trails.

IT Data Management Processes

  • Complete frequent backups of electronic data per CGMP requirements.
  • Do not overwrite pre-existing data during its retention period.
  • Securely store data and backups during their retention periods — including using off site storage as warranted.
  • Limit access to data, including rights to change, edit, or delete data or operational parameters to only authorized roles and security levels.
  • Set up password controls, including expiration dates, lockouts after a set number of failed attempts, secure reset processes, etc.
  • Frequently audit/crosscheck employee accounts, permissions, and credentials.

Company Policies

  • Identify anything questionable in data and records, including where they are generated and stored, i.e., paper records in banker’s boxes, notebooks or binders, around equipment in the lab, etc.
  • Evaluate electronic systems and paper records to verify controls are working appropriately and no inaccuracies exist.
  • Check production areas during operations/testing to verify that people are following procedures documented in the policies and SOPs.
  • Assess employees’ qualifications and ability to perform the tasks required for their roles.
  1. “Vega Life Sciences Private Limited,” Warning Letter, U.S. Food and Drug Administration (FDA), July 7, 2020.
  2. “Data Integrity and Compliance With Drug CGMP Questions and Answers,” U.S. Food and Drug Administration (FDA), Dec. 2018.
  3. “An Analysis of 2018 FDA Warning Letters Citing Data Integrity Failures,” Barbara Unger, Pharmaceutical Online, June 12, 2019.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store