Over the last decade or so, Data Management, and its associated compliance status, has become much more complex, complicated (not synonymous with “complex”), and rigorous. Part of this has been due to regulatory agencies’ findings of data integrity gaffes stemming back to about 10 years ago, when such observations and Warning Letters became much more frequent.

Defining a data management strategy

The first place to start is to determine what you want to do and where you (and your organization) want to go. A data management strategy has behind it a vision for how the data will be used, how those data will be stored, accessed, and documented, and that the original data quality is as pristine as possible, thus capturing one of the four “Vs” of Big Data: Veracity.*

The roles ensuring proper data management and compliance are interdependent and exist to ensure control of the data throughout the lifecycle. The lifecycle at a high level looks something like this: Data purpose > Data creation > Data collection > Data storage > Data use > Data archiving. Of course, certain points in the flow can jump backwards, for example, once data are stored or archived, they can be retrieved and accessed for future reference and use.

Historically, the de rigueur approach is that data and information management is the cache and task of each individual department (function). This leads to marked disparities in data type, data collection methods, data variety, data quality, etc., if, for example, the data are coming from manufacturing, QC labs, clinical, safety, quality, and so on. This siloed approach to data management makes it difficult to properly navigate the entirety of the data picture, where a continuous story should be developing from early research through development to manufacturing, and so on.

Ensuring data quality

Beyond the volume and velocity of the data incoming, data quality is a principle which exists throughout the lifecycle of data management and compliance. Analysis and interpretation of good data can only occur when the data themselves are high-quality; typically, data which are ALCOA+ would qualify for this. To ensure that data are attributable, legible, contemporaneous, original, accurate, complete, et cetera, generally require frequent data checks and review, audits, and human intervention (sometimes with AI). Using high quality data is the only way to avoid garbage-in-garbage-out (GIGO) of analyses. This is also where data metricians can evaluate metadata to understand more deeply the underlying data set(s). The data content (“how” they were collected, and about what), classifying and organizing this information, and how the data will be used and interpreted can be assessed through metadata review.

The FDA has the following to say about metadata:¹

What is “metadata”?

Metadata is the contextual information required to understand data. A data value is by itself meaningless without additional information about the data. Metadata is often described as data        about data. Metadata is structured information that describes, explains, or otherwise makes it easier to retrieve, use, or manage data. For example, the number “23” is meaningless without metadata, such as an indication of the unit “mg.” Among the other things, metadata for a particular piece of data could include a date/time stamp for when the data were acquired, a user ID of the person who conducted the test or analysis that generated the data, the instrument ID used to acquire the data, audit trails, etc.

Data should be maintained throughout the record’s retention period with all associated metadata required to reconstruct the CGMP activity (e.g., 211.188 and 211.194). The relationships between data and their metadata should be preserved in a secure and traceable manner. 

Keeping data user-friendly

Aside from those in data management and/or compliance roles, others in the clinical and operational chain have vested interests in what the data have to say. Ensuring that data are used, and used appropriately is the only reason to having those data in the first place. A separate primer could include all the ways to avoid pitfalls of data analyses and informational interpretation, but data should be used for their purpose: To drive knowledge-building and decision-making. Unused data in a warehouse is not helping anyone—aside from the compliance requirements to properly archive certain data.

Data leads to information, information builds knowledge, and knowledge begets wisdom (see Figure 1).


Industry data management is facilitated by data standards such as CDISC and ISO IDIMP, and the standards (and associated consortia) exist to help streamline the methods in which the data are properly and compliantly housed and shared. It also helps level the playing field across companies, so that mature companies’ financial advantages don’t have an outsized influence in the final state of data submitted through a standard format to regulatory authorities.

Compliance built-in, not an afterthought

The governance of all these types of data includes not only the source data themselves, but the security of personal data associated with, for example, patients enrolled in clinical trials. Various international rules and regulations surrounding the use and sharing of data have made the compliance landscape more complex than ever before. Ensuring that your data are properly handled necessarily includes the protection and sharing requirements for those data, and that must be acknowledged and built-in at every stage of the data management process, NOT as an afterthought further down the road; to try to do it later is an exercise in wasted costs. Again, our industry data are all sensitive pieces of critical information and should be treated as such throughout their lifecycle. This is why the legislative requirements and regulations exist in the first place. At the end of the day, the data are about medicinal products which treat patients, the patients’ data, or both. 

*The 4 Vs of Big Data are Volume, Variety, Velocity, and Veracity.

References
1. US Food and Drug Administration. (2016). Data integrity and compliance with cGMP, Guidance for Industry.