to paper records to validate electronic entries, indicating a lack of confidence in the ERES system.

Such symptoms indicated potential systemic issues with the electronic record-keeping practices, raising alarms about overall data integrity, which necessitated immediate attention.

Likely Causes

Upon further analysis, the team categorized potential root causes of the discrepancies using the “5Ms” framework: Materials, Method, Machine, Man, Measurement, and Environment.

• Materials: Could there be issues with software used for electronic records? Were there updates or patches that were not installed?
• Method: Were the procedures for entering and verifying records adequately documented and followed? Was staff training up-to-date?
• Machine: Was there a failure or lag in the computerized system responsible for capturing records? Were backups functioning correctly?
• Man: Were there lapses in personnel compliance regarding record-keeping protocols? Was there a high turnover within staff impacting consistency?
• Measurement: Were the electronic signatures failing due to system errors, untrained employees, or manual over-rides during the process?
• Environment: Was the working environment conducive to maintaining systematic and regulated practices for electronic documentation?

Immediate Containment Actions (first 60 minutes)

During the first hour after the discrepancies were noted, immediate containment actions centered on halting further production processing involving electronic records. The QC department implemented the following:

1. Notify all relevant personnel, including IT and Quality Assurance (QA) teams, to evaluate the situation.
2. Restrict access to the electronic record-keeping system to prevent further entries until the investigation was complete.
3. Switch to manual data entry and paper records as an interim measure to ensure that essential testing could continue without interruptions.
4. Conduct a quick survey of lab personnel to gather insights on any recent changes in working procedures or system functionalities.

These actions minimized the risk of further data integrity breaches while allowing the investigation process to commence without additional complications.

Investigation Workflow (data to collect + how to interpret)

The investigation process was critical to identify the root causes. An systematic approach was adopted, whereby the following data points were collected:

• All electronic records associated with the affected batches, including timestamps, user IDs, and associated electronic signatures.
• Logs from the batch record system to determine the timing of the discrepancies.
• Audit trails for the electronic signature authentication process to evaluate where failures occurred.
• Documentation related to any recent maintenance or changes to the electronic record system.

Data interpretation involved comprehensive reviews of all collected documents and cross-referencing to ensure compliance with regulatory standards. A team of cross-functional stakeholders, including IT specialists and QA representatives, also worked diligently to provide a multifaceted view of the findings.

Root Cause Tools (5-Why, Fishbone, Fault Tree) and When to Use Which

Selecting the appropriate tool for root cause analysis was imperative to unraveling the discrepancies. The QC team employed the following tools:

• 5-Why Analysis: This technique was effective for investigating the causative relationships, leading to a deeper understanding of the missing electronic signatures. Each question helped the team drill down to the core issue.
• Fishbone Diagram: This visual tool assisted in categorizing possible causes identified during the brainstorming session. It helped outline the systemic issues related to personnel training, software malfunctions, and procedural inadequacies.
• Fault Tree Analysis: For complex issues, especially concerning system failures, this method was used to dissect various fault pathways that could contribute to the discrepancies observed.

The structured approach in using these root cause tools enabled the team to clarify the true origins of issues impacting electronic records and signatures, ensuring that remedial actions targeted the correct underlying causes effectively.

CAPA Strategy (correction, corrective action, preventive action)

Effective CAPA strategy consisted of three segments: correction, corrective action, and preventive action.

• Correction: Implementing a full review of all affected records, validating their integrity, and completing any entries missing signatures. Documentation entries were cross-verified against hard copy records.
• Corrective Action: The IT department undertook a software validation process, rectifying any identified software faults, and conducted training sessions with laboratory staff to ensure adherence to protocols on electronic entries and signatures.
• Preventive Action: The organization redefined ERES policies and procedures, aligned them with 21 CFR Part 11 and EU Annex 11, and initiated regular audits of the electronic systems. Continuous staff education was implemented to minimize future lapses in record-keeping and signature verification.

Control Strategy & Monitoring (SPC/trending, sampling, alarms, verification)

To bolster data integrity moving forward, a robust control strategy was established, emphasizing statistical process control (SPC) and continuous monitoring:

• Regular trends were analyzed for frequency of discrepancies in records and signatures, providing insight into workflow efficiency and potential issues.
• Statistical sampling of electronic records was introduced, with pre-defined error thresholds to determine when an investigation should be triggered.
• Automated alerts indicated if electronic signatures weren’t recorded in real-time, ensuring that personnel addressed issues without delay.
• Periodic review of the electronic records system’s validation status was scheduled to ensure ongoing compliance with regulatory requirements and internal procedures.

Validation / Re-qualification / Change Control Impact (when needed)

The investigations highlighted several areas necessitating re-validation or change control measures for the electronic record systems. The QA team undertook a thorough risk assessment regarding:

Related Reads

• Ensuring EHS Regulatory Compliance in Pharmaceutical Manufacturing
• Ensuring Audit Readiness and Successful Regulatory Inspections in Pharma

• Vendor-led updates and patch installations, ensuring that each change was qualified to assess potential impacts on system functionalities.
• The necessity for a re-validation of the ERES systems, including both formal documentation and practical testing across systems.
• Documentation of any modifications to procedures or software that may affect aspects governed by 21 CFR Part 11 and EU Annex 11.

By adhering to strict change control protocols and validation practices, the organization aimed not only to address immediate issues but also to strengthen compliance for future operations.

Inspection Readiness: What Evidence to Show

As part of ongoing inspection readiness, the facility organized evidence to substantiate compliance with regulatory expectations. The following documents were compiled:

• Records of the investigation, detailing methodologies, findings, and personnel involved in addressing the discrepancy.
• Training records showcasing staff education and understanding of ERES protocols and systems.
• Updated electronic and paper procedures documenting changes made post-investigation.
• Reports from audit trails showing consistent monitoring of electronic records and signatures.

By ensuring a comprehensive set of documented evidence, the facility aimed to present a transparent overview of its commitment to data integrity during inspections by regulatory bodies such as the FDA, EMA, and MHRA.

FAQs

What are electronic records and electronic signatures?

Electronic records are digital versions of documents that traditionally exist in paper form. Electronic signatures are digital representations of a person’s intent to sign a document, required to ensure authenticity and integrity as per regulatory standards.

How do I ensure compliance with 21 CFR Part 11?

To ensure compliance, organizations must maintain data integrity, ensure traceability of data changes, validate electronic systems, implement access controls, and ensure training and adherence to procedures related to electronic records.

What steps should I take if I find a discrepancy in electronic records?

If discrepancies are found, halt further processing immediately, notify relevant teams, document the findings, contain any potential impact, and initiate an investigation following established protocols.

How to approach root cause analysis effectively?

Root cause analysis can be approached using structured tools like the 5-Why technique, Fishbone diagrams, and Fault Tree analysis, based on the complexity and nature of the issue to identify what truly led to failures.

How can we prepare our ERES system for inspection?

To prepare for inspection, maintain accurate records, conduct regular internal audits, provide staff training, and have robust, documented CAPA processes in place that address previous findings and potential risks.

What documentation should be prepared for QA reviews?

Documentation for QA reviews should include records of investigations, employee training records, system validation documents, updated SOPs, and evidence of corrective actions taken after previous findings.

Why is a Control Strategy important?

A Control Strategy is essential as it maintains the quality and integrity of pharmaceutical operations. It ensures ongoing compliance to regulations while proactively managing risks related to electronic records.

What is the importance of validation in ERES?

Validation in ERES verifies that electronic systems and processes work accurately and reliably, ensuring they comply with regulatory frameworks and organizational policies, thus safeguarding data integrity.

How do I choose the right root cause analysis tool?

Choose a root cause analysis tool based on the complexity of the issue. For simple problems, the 5-Why might suffice, while more complex issues may necessitate Fishbone diagrams or Fault Tree analysis to capture multiple factors.

What impact does change control have on ERES?

Change control ensures that any updates or modifications to processes and systems are documented, assessed for risk, and validated, minimizing the chances of introducing new issues and ensuring compliance with FDA, EMA, and MHRA standards.