News about GMP/cGMP


FDA Finalises Guidance on Data Integrity

On 13 December 2018, the US FDA has announced the availability of the final guidance for industry “Data Integrity and Compliance with Drug CGMP: Questions and Answers.” The guidance updates a draft version released in 2016. It has been revised to include additional information on the agency’s current thinking on best practices and covers the design, operation and monitoring of systems and controls to maintain data integrity.

The document reflects the FDA's current data integrity considerations and takes into account various aspects outlined in a parallel press announcement issued by FDA commissioner Scott Gottlieb. An increasing number of warning letters directly related to lack of data integrity is one of the issues he addresses. Often these deficiencies are the result of inadequate processes and systems, unfortunately often of misleading practices. However, he also points out new ways the FDA has taken, such as the MRA between the US and the EU on mutual recognition of GMP inspections, to increase the authority's reach in identifying violations of data integrity.

The 17-page document itself is structured into 18 questions and answers and describes the FDA's expectations as follows:

"The FDA expects that all data be reliable and accurate. CGMP regulations and guidance allow for flexible and risk-based strategies to prevent and detect data integrity issues. Firms should implement meaningful and effective strategies to manage their data integrity risks based on their process understanding and knowledge management of technologies and business models.”

In addition to a definition of terms such as data integrity, metadata, audit trail, from the FDA's point of view, the requirements for data integrity from 21 CFR 210, 211, 211 and Part 11 are examined in more detail. Required is a risk-based approach with a meaningful and effective strategy for collecting reliable and accurate process data based on process knowledge and empirical values. However, it is also explicitly pointed out that scientifically detailed reasons and evidence must be provided if data are not included in the decision-making process for approval. Further it is explained, e.g.

  • how access to computer systems should be limited,
  • how blank forms should be handled,
  • when electronic data become a GMP-relevant record,
  • which electronic records the FDA is allowed to look at during an inspection,
  • when electronic signatures are allowed and when not,
  • how and how often audit trails should be monitored, or also
  • how best to address data integrity issues.

For more details on data integrity from a US FDA perspective, take a look at the document here.


FDA: Guidance on Data Integrity
FDA: Press Announcement