cGMP violations, who has time for that? If your goal is impeccable data integrity, you don’t.

To what extent would a cGMP violation damage your operation? Do you know?

Every organization has a set of guidelines, rules and regulations they need to adhere to and these are usually industry specific. If you are in business, this is common knowledge, or should be. You may also realize that if you contravene these regulations intentionally, by mistake, or via gross negligence it can result in lawsuits, federal fines, public backlash, and damage to you or your company’s reputation.

However, it’s important to note that government regulations can and often do change and, as a result, comporting to these regulations will be akin to a moving target.

Regarding helping you stay on the yellow brick road, so to speak, the FDA is a friend. The regulations in place are there to help you, your process, and your product via the creation and handling of very important data. In the world of BioPharma, this is usually data that will have a direct effect on the lives of eventual customers or patients.

So, what’s the FDA’s role in Pharma?:

The FDA helps to ensure the quality and safetly of drug products by carefully monitoring drug manufacturers’ compliance with its cGMP regulations (and yes, they do update this information). The CGMP regulations for drugs contain minimum requirements for the methods, facilities, and controls used in manufacturing, processing, and packing of a drug product. If followed, the regulations help confirm safe product usage, product purity, and product strength. Essentially, if you are making any claims to your process or product these regulations make sure you can back it up.

Code of Federal Regulations (CFR).  The FDA’s portion of the CFR is in Title 21, which interprets the Federal Food, Drug and Cosmetic Act and related statutes, including the Public Health Service Act. The pharmaceutical or drug quality-related regulations appear in several parts of Title 21, including sections in parts 1-99, 200-299, 300-499, 600-799, and 800-1299.”

The general sections 210, 211, and 212 help clarify the role of data integrity in current cGMP for drugs (and this includes biologics).

The FDA’s authority for cGMP comes from section 501(a)(2)(B) of the Federal Food, Drug, and Cosmetic Act (FD&C Act).

  • Part 210 covers Current Good Manufacturing Practice in Manufacturing, Process, Packing, or Holding of Drugs.
  • Part 211 covers Current Good Manufacturing Practice for Finished Pharmaceuticals, and
  • Part 212 covers Good Manufacturing Practice for Positron Emission Tomography (PET) Drugs.

Ok. What the heck does this mean?

Essentially, there are guidelines in place to help you implement meaningful and effective strategies to manage your data integrity risks. However, you will want to make sure what you do is based on the understanding of your specific processes and how information related to technologies and business models are handled.

A quick way to wrap your mind around this is to take care of the 3 Ps. According to the FDA, “Meaningful and effective strategies should consider the design, operation, and monitoring of systems and controls based on risk to patient, process, and product.” Yes, there is more involved, and you can’t really deduce this to ONLY a “follow the Ps 3 step process” but it does point you in the right direction and provides a good foundation for best practices regarding data integrity and compliance.

If you work to establish a culture of quality where everyone understands data integrity as a core value of the organization it can help minimize the possibility of cGMP violations. Even better, if there is support from the top down which encourages employees to identify and quickly report data integrity issues this can help prevent systems from deteriorating with eventual breakdown. Not doing this is what leads to noncompliance of cGMP guidelines. If you want to see real warning letters where the FDA has notified companies of cGMP violations, just search “warning letters” from the homepage.

The FDA keeps receipts.

It’s the responsibility of those in the pharmaceutical industry to ensure the safety, efficacy, and quality of drugs, and this helps the FDA protect public health.

The BioKive

Prior to December 2018, the FDA noticed an increase in cGMP violations involving data integrity during cGMP inspections/audits. In short, companies were not taking data integrity seriously. Remember, it’s the responsibility of those in the pharmaceutical industry to ensure the safety, efficacy, and quality of drugs, and this helps the FDA protect public health. Note, if you are in violation of cGMP compliance or one of your products was considered “adulterated” there will be numerous regulatory actions against you.

Here’s what you can do.

The best approach would be to prevent violations. You can proactively avoid cGMP violations by taking some time to understand Sections 210.1 and 212.2 for “minimum requirements needed to assure manufactured drugs meet standards set by the FD&C Act regarding safety, identity, strength, quality, and purity.” Also, the requirements focusing on data integrity located in parts 211 and 212 should be adhered to and cover the following:

  • Make sure back up data is exact and complete, secure from alteration, inadvertent erasures, or loss.
  • Any output from a computer should be checked for accuracy
  • Certain activities and tests must be documented at the time of performance or testing
  • Laboratory controls must be scientifically sound
  • Records must be retained as original records or true copies. Accurate reproductions of original records are also allowed
  • Requires complete information, complete data from all tests, complete records of all data, complete records of all tests performed.
  • Data must be stored to prevent deterioration or loss
  • Production and controls must be reviewed
  • Lab records must be reviewed for accuracy

Begin now working with your quality, compliance or regulatory, project management, operations, and IT teams to make sure your processes and products are aligned with regulatory guidelines.

This is part of a series of blog posts on topics surrounding 21 CFR Part 11, data integrity, and data connectivity so stay tuned by subscribing. See our earlier post on open and closed systems here. Thanks for reading!


Center for Drug Evaluation and Research. (n.d.). About FDA guidances. U.S. Food and Drug Administration. Retrieved April 1, 2023, from

Center for Drug Evaluation and Research. (n.d.). Current good manufacturing practice (CGMP) regulations. U.S. Food and Drug Administration. Retrieved April 1, 2023, from

FDA. (n.d.). Part 11 electronic records electronic signatures scope and application. U.S. Food and Drug Administration. Retrieved April 9, 2023, from

FDA. (n.d.). Warning letters. U.S. Food and Drug Administration. Retrieved April 9, 2023, from

Food and Drug Administration. (2016, April). Data integrity and compliance with CGMP guidance for industry. Data Integrity and Compliance withy CGMP Guidance for Industry. Retrieved April 10, 2023, from

The Federal Register. Federal Register :: Request Access. (n.d.). Retrieved April 5, 2023, from

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s