Background

FDA released its final guidance on “Data Integrity and Compliance with Drug cGMP” in December 2018. The main purpose of this guidance was to clarify the role of data integrity in current good manufacturing practice (cGMP). This guidance provides the Agency’s current thinking on the creation and handling of data in accordance with cGMP requirements.

I wrote a blog post based on the DRAFT guidance in 2017. This post is a followup post based on the final guidance.

Why is this guidance important?

If you are using a cloud app to manage any GxP function, understanding the current thinking within the FDA is of paramount importance for ensuring regulatory compliance. The expectations of the FDA to ensure data integrity will impact:

1. Cloud App Design & Implementation

2. Validation

3. User Access Controls

4. Segregation of Duties

5. Audit Trail / Electronic Signature Implementation

6. Data Backup, Archiving & Retention

7. Disaster Recovery & Business Continuity (BCP)

8. Ongoing Validation & Maintenance

9. Audit Trail Reviews

What Questions Do You Need to Ask to Ensure Cloud App Compliance?

1. Am I prepared to keep my Cloud App in a “Validated State” considering the frequency of changes not just at the SaaS level but also at the IaaS/PaaS levels?

2. Do I have a robust validation process to ensure my Cloud App stays validated in spite of the frequent patches and new releases?

3. Can I unequivocally state that my cloud app validation meets the current FDA requirements for data integrity?

4. Do I have a process not to just validate the audit trail transactions but review them per current FDA expectations?

Cloud App Validation Strategies for Data Integrity

Your validation strategy needs to provide assurance that the intended use of the app is met on a “continuous” basis. You need to take a risk based approach to ensure the intended use is not just met during initial validation but continues to meet through the myriad of patches and releases. To ensure data integrity your program must validate that the historical data can be retrieved without any compromises. In addition, your program must ensure that the audit trail transactions function as expected and there is a process for scheduled reviews.

xLM TestOps Framework for FDA Data Integrity Compliance

xLM’s TestOps managed service is designed to meet the FDA’s Data Integrity guidance in the context of cloud app validation. TestOps framework is based on “continuous validation” which is specially designed for GxP compliance in the cloud. Here is how it works:

1. TestOps is a modern framework based on software test automation. It provides end to end automated validation for any cloud app. The initial validation package is purposefully built for your instance based on your intended use. Read more…

2. Validation runs can be scheduled or run on-demand (for example: when a patch is released). During any of these subsequent runs, the intended use is not only affirmed but also the integrity of historical data is confirmed.

3. During the above steps, the audit trail and e-sig transactions are validated for all critical GxP functions.

4. A Big Data/AI based audit trail log analysis system automates the “scheduled” reviews.

Conclusion

FDA mandates that the “system design and controls should enable easy detection of errors, missions, and aberrant results throughout the data’s life cycle” to ensure data integrity. xLM TestOps managed service is designed to ensure data integrity by leveraging its “continuous validation” framework. It ensures your intended use is met on an ongoing basis while always checking for data integrity. Its focus on audit trail validation as well as automated reviews positions itself as premier service that can ensure your data integrity in the cloud.