Optimal handling of analytical data in regulated laboratories
How to deal with stricter requirements of cGMP
Shimadzu Laboratory World in Duisburg
The increase in digital evaluation and approval of measured data in recent years has led to data integrity – i.e. the unalterability of data – becoming more and more important. Electronic data processing enables data to be modified intentionally or unintentionally, e.g. changes to evaluations or substitution of datasets. For example, if these data are used for the release of medicinal products or active substances, such manipulation could lead to serious consequences for the health of the patient. Regulatory auditors therefore pay particular attention to data integrity measures during audits.
Controls by the US FDA (Food and Drug Administration) have revealed a number of instances in which companies could not demonstrate compliance regarding data integrity, prompting the FDA to publish a guideline in April 2016. “Data Integrity and Compliance with cGMP” emphasizes that the FDA regards data integrity as a key quality topic. As a result, numerous measures have been published in recent years, e.g. “warning letters.” They discuss the most common problems regarding Guideline 21 CFR 211 & 212 as well as the principles of electronic record keeping according to Guideline 21 CFR Part 11. In other cases, import bans were imposed as a consequence of contraventions.
The Guideline also includes precise explanations of commonly used terms such as data integrity, audit trails and metadata. Even where meeting of requirements is not specified in detail, the topics the FDA regards as most important are discussed in 18 questions and answers.
Data integrity is not a new concept; it is an integral part of cGMP requirements such as:
- § 211.68 requiring that backup data is exact and complete, and secure from alteration, inadvertent erasures or loss
- § 212.110(b) requiring that data be stored to prevent deterioration or loss
- § 211.100 and § 211.160 requiring that certain activities be documented at the time of performance and that laboratory controls be scientifically sound
- § 211.180 requiring true copies or other accurate reproductions of the original records; and
- § 211.188, § 211.194, and § 212.60(g) requiring complete information, complete data derived from all tests, complete record of all data and complete records of all tests performed. 
ALCOA – good data handling practice
The “ALCOA” principle applies to good data handling practice. The acronym stands for Accurate, Legible, Contemporaneous, Original and Attributable (to the respective person). This principle can be applied to the entire life cycle of the data.
- “Accurate” refers, for example, to the validation of instruments to prove that the measured data are recorded correctly, the data are approved by a laboratory manager using the four-eyes principle and that the software and electronic systems are validated to verify that data are also stored correctly.
- “Legible and permanent” primarily concerns the security measures to protect data against change. Handwritten data must be recorded legibly in indelible ink, and corrections to the data must be carried out in an appropriate manner. Furthermore, all data must have a change history by means of an audit trail.
- “Contemporaneous” refers to acquisition of the data. This must be carried out immediately after the respective process, for example, a measurement in the laboratory, and must not be predated or backdated. In electronic systems, it must not be possible to change the time or the date, and every change to the dataset must be saved immediately after it has been entered.
- Since the “original” data must also be available, the respective set of raw data from every measurement must be kept and remain archived, and any changes must be traceable.
- The last item, “attributable to the respective person”, means that all the previously mentioned processes must be attributable to the person who carried it out. Anyone who records or processes data must identify themselves with a dated personal signature. If electronic systems are used, this means that a personalized access as well as electronic signature control are absolutely essential.
For further information, please refer to “Data Integrity and Compliance with cGMP.” 
Instrument manufacturers support the integrity of measured data
Due to the many contraventions in recent years, FDA auditors meanwhile apply a “guilty until proven innocent” approach during their inspections, meaning that they assume non-compliance with the regulations. As a consequence of this change compared to previous audits, end-to-end proof of the integrity of measured data has become essential in a controlled environment. 
Suppliers of chromatography data systems, i.e. software for acquisition, processing, administration and storage of data arising from analytical measurements have also adapted to these changed circumstances by implementing dedicated functions for data integrity to support companies operating in a controlled environment with regard to data integrity and FDA compliance.
Pitfalls associated with data integrity exemplified by an HPLC analysis
To illustrate the necessary functions and precautions during day-to-day analytical work, the possible pitfalls associated with data integrity are highlighted using an HPLC analysis as an example. In a purely paper-based laboratory, the workflow follows the scheme shown in figure 1.
Figure 1: Schematic workflow for acquisition and processing of data using the example of an HPLC analysis
A lab technician logs in on the PC, records data, processes and prints them. The printed chromatograms are checked, approved and then archived in a filing system. At first glance, it appears as though this procedure would be acceptable, provided that the corresponding security settings such as access data, settings for the audit trail and user privileges for deleting data have been chosen appropriately.
In the normal case of paper-based documentation, only the printed chromatograms are evaluated. The settings for the instruments, data processing, sample table or other parameters are usually not taken into account. However, all these factors are necessary to obtain a reliable evaluation. 
The printout does not show the exact structure of the total dataset at the time it was printed. Regardless of how secure an electronic data processing system or software is, it always depends on the entries made by the user. Thus, even if the strictest security measures are implemented on the computer, it is very difficult to prevent inadmissible actions, e.g. specification of analytical parameters or evaluation of the analytical data.
Clear visualization of every manual manipulation
How can it be proven that no inadmissible actions whatsoever occurred during acquisition or evaluation of the data that would falsify the analytical results? Such proof can only be furnished if all calculations and operations during data processing are easy to see. This can be achieved by gathering all human-mediated processes, such as setting of the chromatography parameters or evaluation of analytical data, and making them easily recognizable as manual steps. By making every manual change visible, any inadmissible processes, such as modification or substitution of data, can be easily identified.
Shimadzu’s LabSolutions CS or DB uses the so-called “Report Set” function. It creates a set of PDF reports automatically, such as batch analysis, operational log, and chromatograms that are subsequently converted into a single document. This Report Set also includes information on manual and automated actions so that any data manipulation leads to documented deviation from defined procedure that is immediately recognizable.
Figure 2 shows a schematic workflow for computer operations using the “Report Set” function in the LabSolutions DB/CS software, which links and displays data.
Figure 2: Compliant data integrity using the LabSolutions DB/CS Report Set
The three main features of the “Report Sets” are described below.
Visualization of the individual analysis steps makes it easier to check results while providing reliability.
The “Report Set” function includes not only the results of a sequence of analyses (batch), but also the results and steps during processing in the postrun. The Operational Log Report tracks data capture and evaluation from start to finish of the analytical process. Similarly available as an e-book, the individual steps can be followed from page to page without the user having to switch back and forth between windows to check user steps and settings. This makes the work not only easier, but also more reliable.
Batch results are protected automatically against modification.
Once a digital link has been generated between a sequence run, analytical results (digital data) and the report set, further data manipulation is no longer possible. This ensures that modifications such as substitution or deletion of data are prevented.
This digital linking of the individual data set offers not only a unique relationship between the report and the analytical results (digital data), but also allows the data to be searched and checked easily.
Increased productivity thanks to digitization of the verification process of analysis reports.
Verification of the reports (Report Confirmation function) serves as proof that the analysis reports have been reviewed in the PDF report. If this has not taken place, an integrated monitoring function generates an error message.
Advantages of the paperless system:
Electronic signatures are used for reviewing and releasing reports, for which the original digital analytical data are consulted at the same time. The use of an electronic signature obviates the need to print out the reports for a manual signature. Accordingly, this avoids problems with printed analysis reports, as shown in figure 3, and also saves time.
Figure 3: Problems associated with printed analysis reports
For users operating in a controlled environment, data management and data integrity offer the necessary security to comply fully with official regulations. The “Report Set” function of LabSolutions DB/CS supports data integrity while drastically simplifying routine laboratory work.
 Data Integrity and Compliance With CGMP Guidance for Industry
 Data Integrity in the Analytical Laboratory, (accessed March 7, 2016).
 Keiko Bansho. Chapter 5 Operations and Management for Paper-Based and Electronic Data for Compliance with Regulations by the Three Authorities. Recording and Managing Data and Migration to Digitization at Laboratories Based on the Issues Raised by the Three Authorities. Science & Technology, May 15, 2015, pp. 127-146.