Data integrity for equipment/method used for combination device design verification

MedDevGuy

Registered
Hello, i am working in a team developing a new combination device; a medical device containing a pharmaceutical. The product is intended for the US.

The regulatory pathway is complex, but essentially there is an existing device with separate pharmaceutical. The drug substance is unchanged, so we intend to prove equivalence of the new combination device with the old 1+1 product through bench testing during a design verification (development) phase.

One aspect of bench testing is to be performed with a bespoke piece of equipment, developed in-house, which measures drug delivery from the device. The equipment is of medium complexity and involves software logging of the data it captures.

In terms of risk, if the bench testing was inaccurate this could result in increased adverse events e.g. lack of efficacy or side effects more pronounced/frequent etc.

My question are as follows:
- do we need to apply data integrity principles, as typically applied to pharma processes, for example secondary verifiers present during testing to ensure the device has been prepared correctly, records have not been falsifed, no results thrown away etc.?
- do requirements of 21 CFR part 11 apply for the computerised system? more specifically, does the system require an audit trail to track changes to configuration, who started a test etc.?

I come from a medical devices background and only know the basics on ALCOA+.

I have had mixed answers from colleagues / consultants.

TIA
 

chris1price

Trusted Information Resource
As a device based combination product, you might not get the same level of scrutiny for data integrity as a pharma or biologics based combination product, but if you have computerised records, I would certainly apply Part 11 to electronic signatures.

You don't necessarily need a second verifier when running the test, but you do need processes to handle original data, ensure records are not falsified, data thrown away, etc. So keep your original data secure, if its copied to another system have someone double check its correct, and perform thorough investigation into out of specification results before just repeating them. You should also have an audit trail or logbook for the test. If you have a logbook, it should be controlled and reviewed at regular intervals.

The FDA guidance on data integrity doesn't really have a lot of detail. Take a look at the MHRA guidance, it has a lot more information in it; maybe too much for devices but it should give you a good understanding. of the subject.
 

MedDevGuy

Registered
As a device based combination product, you might not get the same level of scrutiny for data integrity as a pharma or biologics based combination product, but if you have computerised records, I would certainly apply Part 11 to electronic signatures.

You don't necessarily need a second verifier when running the test, but you do need processes to handle original data, ensure records are not falsified, data thrown away, etc. So keep your original data secure, if its copied to another system have someone double check its correct, and perform thorough investigation into out of specification results before just repeating them. You should also have an audit trail or logbook for the test. If you have a logbook, it should be controlled and reviewed at regular intervals.

The FDA guidance on data integrity doesn't really have a lot of detail. Take a look at the MHRA guidance, it has a lot more information in it; maybe too much for devices but it should give you a good understanding. of the subject.
Thankyou for your fast response.

The electronic record will be uploaded to our eQMS system which is compliant with part 11. I think that covers off your first point.

Where you say we dont necessarily need a second verifier for running the test - how can we decide on this? through a risk assessment?

Rather than a logbook, which can be inconsistent, current intentions are to issue a paper-based form which will be the record of the who, what, when, how. The time can then be cross checked against the electronic log during data verification steps of the test report review. The paper records will be retained as originals and copies will be uploaded to the eQMS along with the data generated by the equipment.

Keeping the original data secure will certainly be a focus point, and verifying the data migration has been a consistent "yes" from each of the people i have saught advice from on this topic.

Given this is a new process, would using a paper-based form for the audit trail be challenge by the regulator? I know that paper based records are still accepted but best practice seems to be migrating towards electronic records which can be made more difficult to 'throw in the bin' if the test result is OOS. One counter to this is if we can prove the electronic log is secure, and therefore complete, this would provide evidence that there was no discarded results etc.

Thankyou for the suggestion on MHRA guidance - i wasn't aware of this.

Cheers
 
Top Bottom