IMA Active KORTEX/Maestro: supervision system compliance to data integrity expectations.

Introduction

The pharmaceutical industry has a critical responsibility to produce safe and effective drugs that meet regulatory requirements. Compliance with regulatory requirements, including those related to data integrity, is crucial to ensure patient safety and the efficacy of the drugs produced.
Data integrity is defined as the completeness, accuracy, and consistency of data over its entire lifecycle. In the pharmaceutical industry, data integrity is essential to ensure that the data used for product quality and safety assessments are accurate, reliable, and traceable.
Regulatory bodies, including the US Food and Drug Administration (FDA) and the European Medicines Agency (EMA), have issued guidelines and regulations related to data integrity in the pharmaceutical industry. These guidelines require that pharmaceutical manufacturers implement appropriate controls and processes to ensure data integrity throughout the data lifecycle, including data collection, processing, analysis, and reporting. Failure to comply with data integrity requirements can result in regulatory action, including product recalls, warning letters, and even criminal charges.
Since the ultimate responsibility for system compliance rests with the regulated company using the system, to achieve data integrity compliance the pharmaceutical manufacturers shall develop and implement a comprehensive data integrity governance. Data governance is the sum total of arrangements which provide assurance of data integrity. These arrangements ensure that data, irrespective of the process, format or technology in which it is generated, recorded, processed,
retained, retrieved and used will ensure an attributable, legible, contemporaneous, original, accurate, complete, consistent, enduring, and available record throughout the data lifecycle.

The key components of a data integrity governance in the pharma industry would include:

1. Management commitment: senior management should be committed to ensuring data integrity, and should provide resources, guidance, and oversight to support data integrity efforts.
2. Risk assessment: a risk-based approach should be taken to identify areas of the business where data integrity risks are highest, and where controls should be implemented to mitigate these risks.
3. Policies and procedures: clear and comprehensive policies and procedures should be in place to guide employees on data integrity requirements, including the ALCOA CCEA principles.
4. Training: all employees involved in data generation and management should receive regular training on data integrity requirements and best practices.
5. Quality control: quality control processes should be implemented to ensure that data are complete, accurate, and reliable, including regular review of data and audit trails.
6. Audit and monitoring: regular audits and monitoring should be conducted to identify potential data integrity issues, and to verify compliance with data integrity requirements.
7. Continuous improvement: ongoing monitoring and review of data integrity processes should be conducted to identify areas for improvement and to ensure that the program remains effective and up-to-date.

Data Integrity by design can give an important contribution to the data integrity governance that each pharma industry has to implement.

Data Integrity by design refers to the proactive approach of incorporating data integrity principles and controls into the design and development of systems, processes, and workflows. It involves building data integrity measures into the core architecture and functionality of systems to ensure the integrity, reliability, and security of data throughout its lifecycle.

Key aspects of implementing Data Integrity by design are:

1. System architecture: designing systems with a focus on data integrity by implementing appropriate data structures, data capture mechanisms, and data flow controls. This includes defining data relationships, validation rules, and error-checking mechanisms to ensure the accuracy and completeness of data.
2. User access controls: implementing robust user authentication and authorization mechanisms to ensure that only authorized individuals have access to sensitive data. Role-based access controls and user permissions should be defined and enforced to restrict unauthorized changes to data.
3. Audit trails and logging: incorporating comprehensive audit trail functionality to track all data-related activities and system events. This includes recording user actions, system changes, data modifications, and access attempts. Logs should be protected from tampering and made easily accessible for review.
4. Data validation and verification: implementing automated data validation and verification checks at various stages of data entry, processing, and storage. This helps ensure that data adheres to predefined rules, standards, and quality requirements. Validation checks should be performed on input data, calculations, and data transformations.
5. Data backup and recovery: designing systems with robust data backup and recovery mechanisms to prevent data loss or corruption. Regular backups should be taken and stored securely to ensure the availability and integrity of data in the event of system failures, disasters, or cyber-attacks.
6.  Cybersecurity: designing measures and controls to protect data from unauthorized access, breaches, or tampering. This can be achieved by designing secure network architectures that segment and isolate critical systems and sensitive data and applying encryption techniques to protect data during transit and at rest.

By integrating Data Integrity by design, organizations can proactively mitigate risks, detect and prevent data integrity issues, and establish a robust foundation for maintaining the accuracy, completeness, and reliability of data throughout its lifecycle.
IMA Active (hereafter referred to as IMA), as a supplier of high-quality pharmaceutical equipment, is aware that their control systems play a critical role in data collection and management, and that any errors or inaccuracies in the data collected can have severe consequences, including compromised product quality and safety. Therefore, IMA has adopted appropriate Data Integrity by design technical arrangements (such as audit trail, user authentication, access controls, etc.) to support regulated companies’ data governance.
This document describes how data integrity principles applicable to the IMA automation platform “KORTEX/Maestro” supervision system (in the document generically referred to as “KORTEX” or “System”) are addressed through robust technical controls (design and configuration) that can be validated by the customer as “fit for purpose”.

The ALCOA+ requirements

To comply with the ALCOA+ principles of data integrity (Attributable, Legible, Contemporaneous, Original, Accurate, Complete, plus Consistent, Enduring and Available), the following best practices should be implemented in a control system:

Attributable: all data generated by the control system should be attributed to a specific user (for manually entered data) or system, and any changes or modifications should be tracked and attributed to the responsible party.
User authentication and authorization should be implemented, with access controls based on the principle of least privilege, meaning that users should only have access to the data and functions that are necessary to perform their job duties.
The System allows you to define different user roles and relevant rights, including administration role. Authentication is provided through unique User ID and Password, so the captured data are traceable to the single logged-in individual. They are personal also for the administrator and username uniqueness is ensured by the Windows Operating System.
The electronic signature entails the request of ID and password to change data and acknowledge GMP alarms within a single period of uninterrupted use. The password policy, their complexity, expiration, etc., can be set according to the customer’s user domain controller or local Windows OS security policies. It is also possible to use devices as public keys.
On a single HMI, only one login can be active simultaneously. When the System is equipped
with multiple interfaces, specific controls prevent simultaneous login of the same user on different interfaces. 
The System relational database provides strong traceability and audit trailing that captures for each data change, the before and after values, the user identification (ID), date and time stamps, and a comment field used to explain the reason for the change. The audit trail functionalities are always active by design, and cannot be disabled. Audit trail information can be displayed on reports, where applicable.
Any parameter modifications are configuration changes that can be executed only by individuals with specific privileges, and they are tracked in the audit trail.
Data acquired by the field are attributable to the device. The addition of any new devices connected to the system is a configuration change that can be executed only by individuals with specific privileges, and it is tracked in the audit trail.
Alarm acknowledgment is tracked in the alarm log. Recipes are managed under version control and audit trail. It is not possible to physically delete a recipe: it is only possible to mark them as “deleted” but data remain available.
Batch report contains the ID of user printing the report.

Legible: all data generated by the Control system should be easily readable and interpretable throughout the retention period.
This may require the use of standard data formats and the adoption of consistent naming conventions for data elements.
The System provides look-up lists as well as automatic checks on field type and format (date, number, string, etc.). Data and metadata are recorded together. The audit trail record is populated with human readable data. Considering the ‘dynamic’ nature of data, KORTEX allows you to interact with data, directly from the user interface. It is possible to search and query data, and zoom trends to analyse the details.
The System allows data exchange through a Kepware OPC server installed on the HMI PC or dedicated Edge PC. It also allows secure and consistent historical data exchange with the ODBC interface (SQL Server installed on the HMI PC or a dedicated Edge PC). KORTEX also allows report printouts, that can be generated using filters.

Contemporaneous: all data generated by the control system should be recorded in real time and accurately timestamped to ensure that it is contemporaneous. The system should be configured to ensure that data is not backdated or otherwise manipulated.
Data and metadata are recorded together. Each record in KORTEX includes a timestamp. Date and time are automatically acquired by the operating system of the database server that can be aligned with the customer’s NTP server.
As a (configurable) alternative, the date and time can also be changed via the application. This feature is subject to specific user privileges and the date and time changes are tracked in the Audit Trail.
The System allows real-time data publication with the OPC UA protocol. There are no temporary databases or “buffering” of data for later writing. All data are saved in the permanent storage at the end of each transaction. All the data reported into the audit trail record are populated in this writing.

Original: all data generated by the control system should be stored in its original format, without modification or alteration. Only a true copy can replace the original record. A true copy is a copy of an original record that is accurate and complete, and that has been verified as such.
Any changes or modifications should be tracked and recorded, along with the reason for the change and the identity of the responsible party.

KORTEX saves raw data, either entered by an operator or acquired by the system, directly in a secure incremental database. Therefore, data cannot be overwritten, and changes are recorded in the audit trail. Data are not duplicated in different locations within the application database.

Accurate: all data generated by the control system should be accurate and reliable. This may require the implementation of data validation checks and data quality control measures to ensure that the data is consistent and reliable.
KORTEX provides a number of features to reduce the risk of error in manual data entry. Each input data is constrained by engineering and/or process limit values that prevent inconsistent data entry. All input data (except passwords) are displayed to give obvious feedback on the input data. Look-up lists are available as well as automatic checks on field type and format (date, number, string, etc.).
The audit trail functionality tracks data changes. The System supports data review and investigation processes.
Note: The customer is in charge of maintenance and calibration activities. However, the system supports these activities since it tracks each configuration adjustment made to the sensors.

Complete: all data generated by the control system should be complete and comprehensive. This may require the implementation of data completeness checks and the adoption of standardized data collection procedures to ensure that all necessary data elements are captured.
Data and metadata are recorded together, and they are automatically captured into a secure incremental database at the time of creation.

Therefore, data cannot be deleted or overwritten. Modifiable data (e.g. recipes) are version controlled, and changes are recorded in the audit trail.
Recipes are managed under version control and audit trail. It is not possible to physically delete a recipe: it is only possible to physically delete a recipe: it is only possible to mark them as “deleted” but data remains available.

Consistent: all data generated by the control system should be consistent across different phases of the pharmaceutical manufacturing process. The System should also ensure that all data is consistent with the manufacturing process and the intended use of the pharmaceutical product.
Each record in KORTEX includes a sequential timestamp. Date and time are automatically acquired by the operating system of the database server that can be aligned with the customer’s NTP server.
To avoid misunderstanding due to date format or summertime, the batch report contains indication of the printout date/time, the used date format (e.g. dd/mm/yyyy) and the current time zone.
KORTEX provides a number of design controls and features to standardize the data entry and prevent from inconsistencies, starting from the ISA S88 schema of Master and Control recipes. Each input data is constrained by engineering and/or process limit values. Look-up lists are available as well as automatic checks on field type and format (date, number, string, etc.). Considering the recipe lifecycle and version control, the configurable recipe status uniquely identifies which operations are possible (e.g. obsolete versions or deleted recipes cannot be used in production).
The System does not duplicate data. The archive of live data is unique. The backup copies cannot be accessed.

Enduring: all data generated by the control system should be stored in a secure and durable manner, ensuring that the data remains intact and accessible for the required retention time. The System should also be configured to prevent data loss or corruption during storage and retrieval.
The System is based on the well-proven and known GE IFIX HMI/SCADA system (https://www.ge.com/digital/applications/hmi-scada/ifix).
Only reliable data storage systems are chosen, both in terms of software (Microsoft SQL database) and hardware (e.g. disks). The data storage can be either on the local disk or on an external secure storage location: it is possible to integrate the System with storage systems (NAS) with multiple HW redundancy and high-reliability disks and/or remote locations with the customer.
In the case in which the System is integrated into the customer’s IT infrastructure, its architecture allows segregation of networks and specific devices for the cyber security of the entire System.
KORTEX allows data to be exported securely and consistently through secure (OPC UA) and transactional (SQL) protocols without manual operations. Historicized data can be transferred off-line, continuing to be accessible through current-use software tools; furthermore, data can be saved on different media for long-term archiving (retention period defined by the customer).
The System is equipped with a power supply system featuring a buffer battery, ensuring controlled shutdown. On request, it can be connected to a factory UPS and/or the supply of a dedicated UPS. Considering protection against external intrusion, every System is equipped with the “Secure Desktop” application (https://www.visualautomation.com/index. html). When outside the electrical panel, USB and Ethernet ports are provided with hardware-locking devices. Cyber Security aspects such as malware protection, remote-controlled (by end-user) access for machine maintenance reasons, etc., have been considered taking IEC 62443 as a standard reference. The System can be integrated with the IMA DIGITAL Cybersecurity certified solution device A4GATE.
Note: backup, archiving and disaster recovery processes are the responsibility of the customer. But a disaster recovery kit is provided to restore the entire software system to the last safe configuration.

Available: all data generated by the control system should be easily accessible to authorized users. The system should also be configured to provide access to historical data as required for audit or regulatory purposes.

KORTEX supports data review and investigation processes. Considering the ‘dynamic’ nature of data, it allows you to interact with data, directly from the user interface. It is possible to search and query data, and zoom trends to analyse the details. As long as data remain on the machine, they are always accessible for review.
The System allows you to define different user roles and relevant rights.
KORTEX also allows human-readable report printouts and secure and consistent data export. Historicized data can be transferred off-line, continuing to be accessible through current-use software tools; furthermore, data can be saved on different media for long-term archiving (retention period defined by the customer).

Best practices

In the context of data integrity, alongside ALCOA, the following best practices can be implemented to ensure comprehensive data integrity.

Data backups: regular backups of all control system data should be taken and stored securely off-site to prevent data loss in the event of a system failure or disaster.
Note: backup process is the responsibility of the customer. However, the installation of the customer’s software agents for backup is allowed, after a compatibility check performed by IMA.

Audit trails: the control system should be configured to generate audit trails that capture all system activities, including user logins, data changes, and system configuration changes.
KORTEX provides authentication through unique User ID and Password, so the captured data are traceable to the single logged-in individual. They are personal also for the administrator and username uniqueness is ensured by the Windows Operating System.
The System relational database provides strong traceability and audit trailing that captures user identification (ID), date and time stamps, and a comment field used to explain the reason for the change. The audit trail functionalities are always active by design, and cannot be disabled. Audit trail information can be displayed on reports, where applicable.
Any parameter modifications are configuration changes that can be executed only by individuals with specific privileges and they are tracked in the audit trail.
Alarm acknowledgment is tracked in the alarm log.

Change control: any changes to the control system, including software upgrades and system configuration changes, should be subject to a formal change control process.
Note: change control process is the responsibility of the customer. However, Functional Specifications describe what the System does, stating the machine operating modes that have been designed to produce the required functionality and performance. Upon request, IMA provides documentation packages to support customer system validation and change request management.

Data Encryption: all data transmitted between the control system and other systems should be encrypted to prevent unauthorized access.
Data encryption at rest is ensured by the SQL database.
In the case in which data is transferred to external systems, KORTEX can be integrated with devices specifically intended to guarantee cyber-security standards according to EN 62443.

Conclusion

The present White Paper is intended to support regulated companies (pharma, API and medical devices) to comply with data integrity requirements defined by FDA, MHRA, EMA and national Agencies. In particular, the ALCOA requirements and some additional best practices have been analysed to show how a software product like KORTEX can represent a solid basis for compliant collection, memorization and historicization of production data and how it can comply with regulations along the complete product data lifecycle.

References

[1] MHRA
‘GXP’ Data Integrity Guidance and Definitions, Medicines & Healthcare products
Regulatory Agency (MHRA), March 2018
https://www.gov.uk/government/publications/guidance-on-gxp-data-integrity
[2] PIC/S
Good practices for data management and integrity in regulated GMP/GDP environments, © PIC/S guidance July 2021, PI 041-1
https://picscheme.org/docview/4234
[3] WHO
TRS 1033 – Annex 4: WHO Guideline on data integrity
https://www.who.int/publications/m/item/annex-4-trs-1033
[4] EMA
Guidance on good manufacturing practice and good distribution practice: questions and answers – Data integrity; August 2016
https://www.ema.europa.eu/en/human-regulatory/research-development/compliance/good-manufacturing-practice/guidance-good-manufacturing-practice-good-distribution-practice-questions-answers
[5] FDA
Data Integrity and Compliance with Drug CGMP Questions and Answers Guidance for Industry, FDA, December 2018.
https://www.fda.gov/regulatory-information/search-fda-guidance-documents/data-integrity-and-compliance-drug-cgmp-questions-and-answers
[6] ISPE GAMP
Records and Data integrity Guide, ISPE GAMP® 2017
Good Practice Guide: Data integrity – Key concepts, ISPE GAMP ®2018
Good Practice Guide: Data integrity – Manufacturing Records, ISPE GAMP ®2019
Good Practice Guide: Data Integrity by Design, ISPE GAMP® 2020
https://www.ispe.org