Data Integrity, it has been a hot topic over the recent years in each segment of the pharmaceutical industry, continuously changing over short periods of time. We have noticed that the overall approach to data integrity has been evolving.
Initially, it has been driven by rapid and more tactical responses to major citations and regulatory focus areas. Actions were prioritised by regulatory visibility, but they were not necessarily strategic, consistent, complete or holistic. Times changed, and so did the system, moving to a more check-list driven approach, in a bottom-up manner. This manner of working increased coverage of consistency, but was not necessarily imbedded in the company culture. More recently the focus has been more on the bigger picture: leadership, culture, organisational excellence and organisational maturity.
In this context ISPE has released GAMP® RDI Good Practice Guide: Data Integrity - Key Concepts, which is aligned with GAMP® 5: A Risk-Based Approach to Compliant GxP Computerized Systems and part of the bigger Guide: Records and Data Integrity. One of the main objectives of these guidelines is to encourage innovation and technological advancement while also avoiding unacceptable risk to product quality, patient safety and public health. This in turn can improve data integrity and promote better use of data for the benefit of patients and the larger public in general. The guide integrates the following three key aspects into data integrity: human factors, procedural and technical controls and last but certainly not least: governance and management.
Governance and Management
Motivational speaker Simon Sinek says: “Corporate culture matters. How management chooses to treat its people impacts everything – for better or worse.” A large part of governance is dependent on leadership, company culture and company maturity. Other included topics are human factors, defined roles and responsibilities, presence of policies, standards and procedures. Most problems in data integrity aren’t caused by people with malicious intents, but by people just like you and me put in situations where they are under pressure, don’t have time or resources, and make mistakes. The problem typically doesn’t only lie with individuals, the system also has its part in it. If a system is not mature enough, developed enough, how can you expect it to run at the highest quality levels? This brings us to the company maturity model, which can be applied to any level or subject of an organisation. It builds around a defined area and the maturity factor connected to it, which is then scored according to defined maturity levels. It creates clear visuals to discover which areas in a company are at which level and might even promote ideas on how to move on to the next level.
A practical household example related to the maturity model would be making a recipe for cake dough:
Level 1: Here is some flour, butter, eggs and sugar. Make cake. This is very chaotic and haphazard. No regulation is available.
Level 2: Here is 250 grams flour, 4 eggs, 250 grams of butter and 250 grams of sugar. Make cake. The recipe becomes more defined, and it is clear for the user what is required.
Level 3: Here is 250 grams flour, 4 eggs, 250 grams of butter and 250 grams of sugar. Mix the butter with the sugar, add the flour, then the eggs. Again, the recipe becomes a lot clearer, what needs to be done is being defined as well.
Level 4: Here is 250 grams flour, 4 eggs, 250 grams of butter and 250 grams of sugar. Mix the butter with the sugar while continuously stirring, then add the flour in 4 equal portions, stirring in between. Add each egg while stirring. The recipe is completely defined and easy to follow. Everyone is able to make the cake dough.
Level 5: Add in a pinch of continuous improvement: stirring speed, stirring time, melting the butter beforehand or not, …
When translated to the industry, more specifically for data governance, the maturity model could look as follows:
Level 1: Process is unpredictable, poorly controlled and reactive (ad hoc). No oversight is present. Data is seen as a requirement for compliance.
Level 2: The process has been characterized for projects and is manageable due to limited oversight. Awareness is being created of the importance of managing data as an asset.
Level 3: The process has been characterized for the entire organization and is proactive due to the gathering of quality metrics. Data is treated as critical for performance.
Level 4: The process is quantitatively measured and controlled through quality metrics. Roles and responsibilities are clearly defined. Data is now treated as a competitive advantage.
Level 5: The focus is on continuous improvement. Data is seen as critical for survival.
Alyson Noel, author of children’s fiction beautifully stated: “As above, so below, as within, so without.” Besides relating to the laws of attractions, this statement holds true for any company and any policy that is to be implemented. If policies are not followed by the leadership, this will eventually lead to resistance in other echelons of the company down the hierarchical line, possible formed by complaint parties by the water cooler, and in general started with: “If they don’t, why should we?”, or the ever popular: “But we’ve always done it this way!”. Resistance to rules is very common in our daily life such as speeding on the highway or jaywalking. But what if we accept these rules as they are? A whole different world opens up, one where you can freely move within that set of rules, and even grow and learn within that environment. This is very much aligned with the ISPE Cultural Excellence Report which describes the six elements of cultural excellence. A cultural shift is taking place from the traditional culture of compliance (where the rules are followed because they have to be followed, relying on baseline regulatory compliance), towards a culture of excellence (where the rules are followed because they lead to continuous quality improvement).
Moving to a culture of excellence and increasing company maturity means promoting desired behaviour while identifying and preventing specific undesired behaviours. Let’s dive a bit deeper into these six dimensions.
Leadership and Vision
Being at the start of every company, 5 categories have been discovered that improve company culture, defined as the leader 5V’s:
Vision: clear sense of strategy, unifying goals, game plan, company credo, and the desired state
Values: guiding principles, ethical conduct and expectation, humility, empathy, and patient focus
Voice: passion, credibility, authenticity, and clarity, as well as the ability to articulate the vision, and inspire and motivate others
Vigilance: ability to drive accountability, determination, grit, focus, discipline, and follow-through
Visibility: leader presence, prioritization, reactions and responses
Attitudes and Mindsets
Attitudes influence mindsets. Mindsets drive behaviours, which in turn drive actions. These actions lead to results, and eventually affect performance. Altering mindsets and attitudes can be driven by:
Increasing accountability: everything I do influences another
Ownership: I am responsible for my work, for the quality I deliver, no one else
Action orientation: stimulating proactively identifying quality and compliance risks, being involved
Speaking up: encouraged by leaders to speak up, and having the message being acknowledged
GEMBA walks are the most immediate and direct intervention a company can implement to shift company culture:
Increases the visibility of management commitment
Engages all employees on any level
Enhancing priority communication, as well as desired behaviour
Increases the view on the bigger picture of how everything works and fits together
While they are certainly a worthwhile addition, the walks on their own are not enough to shift company culture.
LQI’s and Triggers
Leading Quality Indicators (LQI) are designed to measure outcomes that matter to patients, not to capture compliance (contrary to traditional quality metrics). These are driven by focusing on desired behaviour within a company. The ABC-model is well-known within the area of cognitive behavioural therapy. The model holds that antecedents lead to behaviour which lead to consequences. For example, when an employee admits to making a mistake and is consequently chewed out by his or her manager it is not very likely to create a positive connection between making mistakes and admitting them. Feedback should be in the form of reinforcement, not enforcement. Inversely, if the employee is coached following a mistake, he is more likely to develop a positive relation to admitting mistakes, as a context has now been created where admitting mistakes leads to growth.
Oversight and Reporting
Creating oversight and reviewing current processes and output enables identification of best practices and areas of opportunities for improvement.
For company cultures to shift cultural enablers needs to be present which allow for professional or even personal growth, such as:
Learning organization: an organization that focuses not only on knowledge gathering, but also knowledge sharing, where coaching and mentoring is ever available, will create a nurturing environment for all of its employees
Model behaviours: As stated earlier, a company rises or falls with its leadership: as above, so below.
Recognition: recognizing and acknowledging employee successes (or even failures) makes a huge impact on their relation to the company.
Identifying and recognizing change: motivated employees will proactively identify and recognize opportunities for change, they feel encouraged, feel responsible for the wellbeing of the company. The more everyone is involved, the easier it will be to implement changes, because it was a decision that was made over all levels of the organization.
Continuous improvement: closely related to identifying and recognizing change, if a company acknowledges and acts (be it by denying or approving) on employee suggestions, their involvement will also increase.
True root cause analysis: It is all to easily decided that a certain deviation is caused by human error. Blaming an individual causes separation, which does not stimulate the development of cultural excellence. When digging a little deeper it tends to expose a weakness in a policy, possibilities of linguistic interpretation and many others. True root cause analysis shifts the blame away from the easy answers and looks for the correct answers.
The whole is bigger than its parts, a saying that rings true for all companies. Using all possibilities above and implementing them in your very own company strategy is when you go from doing data integrity to being data integrity, from doing quality to being quality. Creating a culture of excellence instead of compliance will not be easy, but it shouldn’t be hard either.
QC consultant @ pi
Cultural Excellence Report ISPE
GAMP® Data Integrity Good Practice Guide - ISPE