2024 Top Data Integrity Audit Issues

Picture of Dr Eva Kelly

 

In the fast-evolving world of life sciences, ensuring the integrity of GMP records has never been more critical. Regulatory bodies like the FDA and EMA continue to emphasize data integrity as a cornerstone of GxP compliance, with ALCOA+ or ALCOA++ principles serving as a guiding framework.

Whether you’re transitioning to manufacturing operations, implementing serialization systems, or embracing risk-based approaches, understanding and mitigating uncovered data integrity issues is essential to patient safety and product quality.

Here, we’ll delve into the most common data integrity issues we found in 2024 and offer insights to strengthen your compliance strategies for 2025.

Some Familiar Faces

Data integrity issues typically fell into the categories below:

  • Governance and SOP Weaknesses:

    • Insufficiently detailed procedures to guide data and record activities

      • High-level audit trail review instructions only, leading to inconsistency across reviewers

      • Uncertainty on how to confirm access for the right role at the right time, including user role changes

      • Uncertainty on how to confirm vendor activities when they may have elevated roles in the system

      • Poor instructions describing  static and dynamic data, with over reliance on printed reports rather than original electronic record review

      • Inadequate procedures for end-to-end backup and restore processes

  • Missing or Outdated Procedures

    • Absent procedures for managing data across the full data lifecycle with backups described in detail but restore procedures falling short of the mark

    • Referenced templates or forms used to manage data activities that are missing or obsolete

  • Backup, Restore, and Disaster Recovery Validation Deficiencies

    • Insufficient validation of production ecosystems, including use of network or cloud solutions to manage short and long term data storage

    • Validation of backup and restoration mechanisms performed but only to discrete drives with no real challenges considered such as full DB backup, single file backup, AT record backup or configuration setting backup and no end to end attempt to restore and confirm restored files beyond a volume or integrity check

  • System Inventory Gaps

    • Outdated or incomplete inventory lists, leading to uncontrolled data and records

    • Retired systems not appropriately tracked but still containing GxP-relevant data

  • Records missing key ALCOA++ Attributes

    • The good news is that missing records did not feature largely during our inspections. The bad news is that insufficient data attributes to provide data integrity assurance are still an issue.

    • Main offenders included

      • Poor or No Attribution of activities: Lack of segregated roles, use of generic accounts leading to confusion of who had actually completed GMP activities

      • Poor or No Legibility: Overwritten or altered records and no justification recorded for changes made or audit trails disabled with no explainable reason

      • Questionable Accuracy: Uncontrolled data transformations and manual calculations performed without independent oversight.

        • Data Transformation Errors

          • Unverified transformations compromised accuracy

          • Transformation tools used with no version or coding controls

  • Physical and Logical Security Issues

    • Governance and controls associated with physical records continue to be an issue with archive rooms left open or insufficient logging controls around removal and additions to the archive facility

    • The biggest issue associated with logical controls continues to be generic accounts use and often these generic accounts being used by vendors

Mitigating Data Integrity Risks

To address these issues, site leadership teams, IT and quality directors and data stakeholders must adopt proactive measures

  • Enhance Training: Ensure that all staff understand the importance of ALCOA++ principles and their practical application

  • Regularly Revise SOPs: Regularly review and update procedures to include detailed instructions for audit trails, backup and restore, system and data lifecycle management

  • Conduct Regular Audits and Assessments: Perform internal data integrity audits and GEMBA walks to identify and address gaps

  • Leverage Technology: Implement GxP-compliant systems that streamline audit trail reviews, data security exception reporting, and lifecycle management

  • Maintain a Centralized Inventory: Use validated tools to manage system inventories and ensure retired systems are monitored appropriately

Conclusion

Data integrity remains a top priority for life sciences organizations navigating complex regulatory landscapes. By addressing governance weaknesses, enhancing SOPs, and leveraging robust systems, it is possible to ensure GxP compliance and audit readiness.

How can we help you?

Are you ready to strengthen your data integrity practices? Sign up for one of ERA Sciences’ comprehensive data integrity courses and equip your team with the knowledge and tools to safeguard patient safety and regulatory compliance. Or simply reach out to one of our data integrity experts and start the success conversation today.

Contact us at info@erasciences.com

 
, , , , , ,
Dr Eva Kelly

Dr Eva Kelly

Eva holds a degree in Analytical Science and a PhD in Chemistry from Dublin City University, bringing over 25 years of experience in site solutions and learning management across various sectors, including pharmaceuticals, medical devices, and FMCG. She has specialized as a Data Integrity SME, with expertise in 21 CFR Part 11 and Annex 11 compliance, and has led Data Integrity and QA IT roles within pharma and biotech companies, focusing on GxP SAAS, hosted, and on-premise solutions. Eva is passionate about fostering a culture of Data Integrity (DI) excellence, working directly with clients to implement DI governance strategies that prioritize people, processes, and technology. Over the past decade, she has honed her skills in stakeholder presentations, quality risk management, and the implementation of systems such as SABA Cloud, EtQ Reliance, VEEVA Vault, and Axway Track and Trace, among others. With a deep understanding of DI's evolving role, Eva is dedicated to helping clients achieve thorough GxP record compliance and successful DI initiatives.

Follow me on LinkedIn

Comments

Related posts