Applying Data Integrity Principles to the Cleanroom

• Bio Products Laboratory Ltd

Introduction

Data integrity relates to any type of ‘data’, and the degree to which a collection of data is complete, consistent, and accurate. Data can exist in a variety of forms – as numbers or text on paper or as bits and bytes in electronic form. No single type of data is exempt from data integrity concerns, and such concerns have been part of a growing focus from regulators across pharmaceuticals and healthcare.¹ Each regulatory agency has issued data integrity guidance, the most recent, at the time of writing, coming from the U.S. FDA which issued the document titled “Data Integrity and Compliance with Drug cGMP: Questions and Answers” in December 2018.² In many instances data integrity is nothing new, with many of the principles and requirements stretching back to the 21 CFR Part 11 requirements of the late 1990s,³ but the regulatory expectations are certainly higher.

This article assesses some of the data integrity implications applicable to cleanrooms, as used in GMP facilities. The main focus, as an illustrative example and given their centrality for cleanroom assessments, is with particle counters. Reference is also made to viable microbiological monitoring and other areas where cleanroom data is captured, such as the recording of room pressure differentials and gown usage.

What is Meant by Data Integrity?

Data integrity refers to maintaining and assuring the accuracy and consistency of data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes, or retrieves data. Sometimes the term ‘data integrity’ is expanded to become ‘records and data integrity’.⁴ Data integrity is a key regulatory concern and guidance documents have been produced by the U.S. Food and Drug Administration (FDA) and the European Medicines Agency (EMA), together with the MHRA;⁵ plus, WHO and PICS. This regulatory focus is also manifest in an increasing number of regulatory findings pertaining to data integrity, and hence it is incumbent upon those operating a GMP environment to have undertaken data integrity assessments, to understand the risks and to put appropriate measures in place.

Subscribe to our e-Newsletters
Stay up to date with the latest news, articles, and events. Plus, get special offers
from American Pharmaceutical Review – all delivered right to your inbox! Sign up now!

Data refers to a set of values of qualitative or quantitative variables; that is pieces of data are individual pieces of information. Data is something which is measured, collected and reported, and analyzed. An assessment of data integrity should form part of self-inspection. For this it can be useful to use a framework, composed of a series of questions, such as:

• Are controls in place to ensure that data is complete?
• Are activities documented at the time of performance?
• Are activities attributable to a specific individual?
• Can only authorized individuals make changes to records?
• Is there a record of changes to data?
• Are records reviewed for accuracy, completeness, and compliance with established standards?
• Are data maintained securely from data creation through disposition after the record’s retention period?

These questions relate to the common acronym used for data integrity, which is ALOCA, an acronym for: ‘Attributable, Legible, Contemporaneous, Original, and Accurate’.⁶

Particle Counters

When carrying out reviews of particle counters five general and important data integrity questions are:

• Is electronic data available?
• Is electronic data reviewed?
• Is meta data (audit trails) reviewed regularly?
• Are there clear segregation of duties?
• Has the system been validated for its intended use?

To add to the above, ensuring that the counter has been calibrated by a competent person and its optical sensors are free from contamination, enable the data collected to be reliable and representative of the cleanroom environment.

In addition to these broader questions, individual particle counters should be assessed against regulatory data integrity expectations. The types of data integrity issues which can impact upon a particle counter, and thus which need an assessment, include:

1. Lack of definitions of data, leading to incorrect record storage. This can arise if personnel are unaware of what the raw data and the original record are (such as a print-out or a pdf of particle data), what comprises a complete record. The definition of data should be captured in a procedure.
2. System access. Particle counters should require password access, with each user having a unique password. This ensures that each particle counting event is tied to a specific user, with date and time information additionally captured.
3. Hierarchy of control. The particle counter should come equipped with different levels of access. This would include, as a minimum, a basic user, who can turn the counter on and off; a supervisor level, who can change location settings and review audit trails; and an administrator who can change limits or delete data or clear buffers. The administrator is typically someone independent of the users, as required in data integrity guidance, and ideally independent of the departments who use the particle counter.
   With control of location settings, technology is available for remote particle counters where the location identification is embedded in a location mounting bracket rather than the particle counter, which is more reliable for trending a given location of the level of airborne particles at a specified position in the cleanroom.
4. In relation to passwords and access levels, each instrument is expected to have an approved list of users along with their job titles. As people leave an organization, their user name and password need to be removed from the counter and the user list updated by the administrator.
5. Data capture, where data is captured in temporary files. Unless particle counters are connected to a facilities management system, the long-term storage of the raw data is not possible since a typical portable particle counter will only hold a buffer of a set number of data points and once the buffer is full the data is overwritten. This means data must be printed-out or transferred at regular intervals in order to prevent data loss.
6. Data retrieval, which follows on from data capture. This concerns the ability to retrospectively retrieve data after a particle counting session and this is again linked to the ability to retrieve stored data, which will be limited by the buffer overwriting and the inability to store data in an electronic format for long periods of time without removing that data to a secondary source or turning that data into a record (print-out or pdf).
   Where data can be produced as a portable document file rather than as a print-out, this adds greater security. The pdf cannot be adjusted, and the paper is less likely to fade. With the print-out, this is often on thermal paper, which is prone to fading. Where a facilities monitoring system is used this will bring with it similar data integrity concerns as with a particle counter. However, the data is captured electronically leading to fewer ‘touch points’ compared with the standalone counter where data typically has to be transcribed or entered into a database. Each data entry is a step where error can occur. To overcome this, some particle counters have the functionality for data transmission where data is transmitted via wired or wireless ethernet to a secure server where the user keeps the final records. This form of data transfer can prove to be robust provided the process of data transfer has been qualified.
7. File deletion can occur where raw data and metadata (‘data about data’, such as the time of sampling) are deleted from the counter before the data has been printed-put or transferred. An effective counter will have different levels of password access, with data deletion only permitted by an administrator. Furthermore, the counter should have an electronic audit trail in place so that any deletion of data is traceable.
8. System security. In relation to a particle counter this relates to access to the clock and calendar functions. It should not be possible for the user to alter the date or time, and such permission should rest with the administrator. Where the time is changed (such as switching from daylight saving) this must be captured in the audit trail. Not having the particle counter clock in synchronicity with ‘real time’ would result in the inability to link any significant particle count fluctuations with specific events.
   
   A further best practice element of data integrity is what to do during a ‘disaster’. This can range from a systematic failure where no data can be recovered to failure of instruments. The risks surrounding the irretrievability of data will depend on the particle counter use, with a scheduled monitoring session, which can be repeated, being a lower risk than a batch specific event. The expectation is that disaster scenarios are documented. While this is unlikely to go into a standard operating procedure for a counter it might be captured in a site policy or position paper.

Other Areas of Cleanroom Operations

There are other areas to which data integrity can be applied. These include the systems designed to monitor cleanrooms for pressure differentials. Such data is required to assess that the pressure differential between adjacent areas of a different cleanroom class, or in relation to an airlock, have not fallen too low or gone negative, as well as to assess trends so that performance of the overall air control system can be assessed. As with the particle counter, the data needs to be time and date related; to be backed-up or stored long-term. In addition, the data capture system needs to be password controlled.

Data integrity also extends to good practices in relation to assessing critical cleanroom parameters, such as pressure, temperature and humidity. The failure to acknowledge and investigate alarms would, for instance, be raised as a data integrity citation by a regulator. Where there is no system in place for automated data capture, other data integrity concerns, which link to ethical behavior to support GMP, would extend to overwriting of data; backdating of records; ineligible data; failure to give data context in terms of date and time; incomplete data; and to missing data.

Other areas where verification is important relate to gown control. Where reusable gowns are in place, the supply chain needs to be controlled to ensure that gowns are collected, washed, laundered and (if required) sterilized. Many facilities have restrictions on the number of times that a gown can be used since the cycle of laundering and sterilizing will, at some point, affect gown integrity. While this can be recorded manually, a more secure and reliable way to control gown use is through the use of barcodes.

A different application of data capture and one applicable to aseptic processing is with operator glove sanitization. Many cleanroom contamination control regimes require operators to sanitize their gloved hands at given intervals and for a pre-determined period of time (such as for thirty seconds, ensuing that the sanitisation agent covers all areas of the glove and for the disinfectant contact time to be achieved). Sanitization agent dispensers can record each time the glove sanitization station is used and this information could be held in a batch record, for example.

Viable Environmental Monitoring

Environmental monitoring using conventional methods, such as air sampling, settle plates and contact plates contributes to a cohesive assessment in the assurance of finished product quality. However, traditional culture-based microbiological methods typically possess inherent and unavoidable variability and as such these might result in erroneous conclusions.⁷ These concerns have been raised in FDA warning letters. Two take two examples: “plate counting, where colony forming units are miscounted” and “missing samples, such as environmental monitoring samples not being taken or dropped on transit to an incubator.” While the latter is careless, colony counting errors can occur where confluent growth occurs.

Hence variability can be divided in to two categories:

1. “Avoidable” variability (variability due to poor practice, such as the microbiologist not counting colonies correctly or not recognizing where two colonies have merged together, as examples). This type of variability can be partly addressed through trending where a larger number of results over time enables isolated events to be distinguished from on-going concerns in relation to the environment. Furthermore, trending can also assist with the evaluation and identification of potential data integrity issues.⁸
2. Inherently unavoidable variability (variability due to limitations of the methods and the vagaries of dealing with biological samples, such as the limitations of the active air-sampler being calibrated to only be capable of detecting 50% of particles of a given maximal diameter – the D50 value of the instrument). While this type of variability cannot be avoided, understanding the limitations of methods does strengthen the need for data trending, repeat sampling in response to an out-of limits result, and the need to develop a comprehensive environmental monitoring program with defined and justified locations and a range of different sample types.⁹

Some regulators have requested secondary checks for plate reading, and there is a reference to this in the 2018 FDA guidance. This is an erroneous demand and unnecessary – personnel are either good at plate reading or they are not. Solutions to correct colony counting include rapid methods; good training in testing (to ensure that colony numbers fall within the countable range for the plate size); and effective training for reading plates, spotting phenomena like merged colonies, spreading organisms, and diminutive colonies that require reading under magnification and with white light.

There are similar, although less extensive, data integrity considerations for instruments used for viable microbiological monitoring, such as active air-samplers (where uncontrolled user access could lead to a technician altering sample time so that a cubic meter is not taken, for instance) or contact plate applicators (which have not been verified for weight or sample time, as an example). These require the similar, robust assessments as would be applied to particle counters, as discussed above.

Summary

Data integrity is important for ensuring that the information pertaining to a cleanroom is secure and reliable, especially where such data is used to verify GMP status and to make decisions that ultimately impact upon product quality and patient safety. Adhering to data integrity guidance is also necessary for passing an audit or inspection, not least because data integrity is a regulatory ‘hot topic’.

On this basis the subject matter can directly inform an auditor or inspector about the organization. If data integrity issues occur and are identified by auditors, this can suggest a poor quality culture within the organization. Applying some of the examples in this article can help to address potential data integrity concerns and avoid regulatory non-compliances.

References

1. Sandle, T. and Leavy, C. (2017) A focus on regulatory trends: MHRA annual deficiency review, Pharmig News, Issue 69, pp2-5
2. FDA (2018) Data Integrity and Compliance With Drug CGMP Questions and Answers Guidance for Industry, U.S. Department of Health and Human Services, Food and DrugAdministration, Bethesda, MD, USA. At: https://www.fda.gov/downloads/drugs/guidances/ucm495891.pdf
3. FDA. (1997) Title 21 of the Code of Federal Regulations Part 11. Retrieved from https://www.ecfr.gov/cgi-bin/text-idx-?
4. Schmitt, S. (2014a) Data Integrity, Pharmaceutical Technology Europe, 38 (7). Online edition: http://www.pharmtech.com/data-integrity (accessed 10th January 2019)
5. MHRA (2015) MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015, Medicines Healthcare products and Regulatory Agency, London, UK
6. MHRA (2016) GXP Data Integrity Draft Guidance, Medicines Healthcare products and Regulatory Agency, London, UK
7. Tidswell, E. C. and Sandle, T. (2017) Microbiological Test Data - Assuring Data Integrity, PDA Journal of Pharmaceutical Science and Technology, doi:10.5731/pdajpst.2017.008151
8. Sutton, S. (2011) Accuracy of plate counts. Journal of Val. Technol., 17(3), 42-46
9. Singer, D., Sutton, S. (2011) Microbiological Best Laboratory Practices, USP <1117> Value and Recent Changes to a Guidance of Quality Laboratory Practices, American Pharmaceutical Review, 14 (4), 41-47