Data process mapping is being strongly encouraged by inspectors from the UK’s Medicines and Healthcare products Regulatory Agency (MHRA) as a first step in planning, establishing, and maintaining the controls necessary to secure data integrity.
Though the concept of data integrity (DI) is not new, the increasingly complex information systems and data flows generated by modern interoperable equipment present significant challenges in identifying potential DI gaps and allocating resources more efficiently towards points of highest risk.
In a presentation on practical applications of data integrity for laboratories at the March 2019 MHRA Laboratories Symposium held in London, UK, MHRA Lead GCP and GLP Inspector Jason Wakelin-Smith highlighted the important role data process mapping plays in understanding these challenges and moving down the DI pathway.
After highlighting facets of the current DI “scene,” such as the trend towards ever more complexity, Wakelin-Smith explained how the maps trace the interrelationships between systems and provide a picture of how everything fits together. This information subsequently feeds into risk assessments to identify points requiring remediation or more active monitoring.
Wakelin-Smith emphasized that the map, though useful to inspectors, is an important tool for companies in making the subsequent planning steps easier. “It really should not be a document you generate just for me,” he advised. “There is certainly no requirement for you to do the mapping, but in my experience in looking at this over the last few years, it is a really good starting point.”
Involving the users of these systems in the mapping process is critical, he stressed, since real-world usage often widely diverges from standard operating procedures (SOPs), and real-world experience is often the source of identifying gaps or breaches. Also emphasized was that the data maps are living documents and must be revisited as needed to make sure that they reflect the conduct of activities.
He pointed out that understanding of processes and systems, which data maps facilitate, is a key theme in MHRA’s GxP data integrity guidance, finalized in March of 2018. The guidance is intended to be broadly applicable across the regulated practices, but excluding the medical device arena, which is regulated in Europe by third-party notified bodies.
The guidance indicates that “organizations are expected to implement, design, and operate a documented system that provides an acceptable state of control based on the data integrity risk with supporting rationale.” An example of a suitable approach, MHRA continues, “is to perform a data integrity risk assessment (DIRA) where the processes that produce data or where data is obtained are mapped out and each of the formats and their controls are identified and the data criticality and inherent risks documented.”