Deflecting responsibility is a timeless tactic for the young. While it was easy to simply point the finger and say, “I didn’t do it, they did,” as children, this approach is not viable in the life-sciences industry when things go awry. In this sector, we can’t simply transfer our responsibilities without written agreements and clear accountability. Ensuring data integrity is paramount, and responsibility cannot be deflected. After all, the stakes here are much higher than in a sibling squabble!

Accountability cannot be outsourced. In biotech and pharma, the contract giver (or license holder/Marketing Authorization Holder (MAH)) remains accountable for the contracted work; this is clearly outlined by several global regulatory agencies. For example, according to ICH Q10, “The pharmaceutical company is ultimately responsible to ensure processes are in place to assure the control of outsourced activities and quality of purchased materials.” Similarly, EudraLex Volume 4 Chapter 7 and 21 CFR Part 211.22 specify responsibilities of the contract giver and its quality unit for overseeing contracted activities. Check out our previous blog related to the responsibilities for conducting OOS investigations generated at contract laboratories.

The output of a contract lab is data. The GMP decision resides with the contract giver. Using contract laboratories for testing raw materials as well as in-process and final product is often a necessity in the life-sciences industry for various reasons, such as the time and cost of validating new methods in-house, the specific expertise of contract laboratories, etc. How do you ensure the integrity of data generated at your contract laboratory? Let’s discuss how effectively a license holder or an MAH can manage data generated by a contract lab. Is it prudent and effective to review all raw data generated by the contract laboratories? How about reviewing the audit trails? According to the PIC/S guidance Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments, “It is often not practical for the contract giver to review all raw data relating to reported results.” However, the contract giver must exercise its due diligence to ensure the integrity of its GMP decision, based on data of high integrity.

So, how could a contract giver ensure that the principles of ALCOA+ are equally maintained for the data generated in-house and the data generated at a contract lab? How can a contract giver ensure complete review of the audit trails of data generated by a contract lab if there is no direct access to the contract lab’s computerized system? There is no straightforward answer to this but a series of well-structured steps can be taken to ensure that the contract giver achieves the desired outcome and remains accountable. By following these steps, the contract giver’s data-review process can be less daunting while simultaneously minimizing the risk of data integrity violations.

A risk-based approach following the principles of ICH Q9 should be taken to minimize the risk to data integrity for all GMP-relevant data generated, regardless of the source. Following this principle, the steps provided here can lead to the desired outcome of ensuring data integrity at contract laboratories:

    1. Establish a comprehensive qualification program for contract labs that includes assessment of Data Integrity.
    2. Develop a clear quality agreement with the contract provider that includes a requirement for notifications to the contract provider in cases of data integrity violations.
    3. Transfer/validate and/or qualify methods at the contract lab following ICH guidelines.
    4. Monitor contact laboratory performance for discrepancies and errors during routine reviews. Establish a clear escalation process (such as ad hoc audits) if negative trends are observed.
    5. Conduct periodic, full data reviews and ad hoc audits based on adverse trends.
    6. Include forensic data integrity assessments in routine periodic audits. For example, performing audit trail reviews, which otherwise may not be possible during routine checks of raw data packets, must be done here.
    7. The level of surveillance of the contract lab’s test data should be based on the assessments performed per points 1 and 4-6 above. In some cases, it may be necessary to discontinue the service of a contract laboratory following the contract giver’s corrective action procedure for suppliers.

 

The bottom line is that accountability looks like this in action: The contract giver performs Data Integrity assessments during qualifications as well as ad hoc and routine audits. It is very important that the qualification and audit teams include relevant SMEs who are knowledgeable not only in quality and analytical aspects, but also in Data Integrity aspects. By following these principles, if it can be established that a contract laboratory has a robust Data Governance and Data Integrity program and the risk of data integrity lapses is minimal, the number of data reviews could be reduced. After all, reviewing the same data multiple times does not make it better if the first review is robust!

If you have any questions relating to your site’s Data Integrity, Supplier Qualification, or Audit programs, we can help you! Please contact us at LCS@LachmanConsultants.com for a consultation.