未分類

Understanding the “Typewriter Excuse”: Essential Perspectives on Data Integrity

Understanding the “Typewriter Excuse”: Essential Perspectives on Data Integrity

Introduction: Discovery During an Audit

Recently, I had the opportunity to audit a pharmaceutical company in Belgium. Many processes were properly managed, and there appeared to be no particular issues.

However, I discovered that Excel sheets used to create test result reports and analytical reports in the QC laboratory were being deleted after printing to paper. The rationale provided was that GAMP 5’s appendix “Appendix S3: Spreadsheets Including End User Applications,” Section 2.1 “Temporary Use of Spreadsheets,” permits the deletion of Excel files.

This interpretation is incorrect. The guidance refers only to situations where Excel is used temporarily for calculations, essentially as a calculator replacement. The company’s usage pattern—creating and maintaining GxP records—requires that electronic records be properly managed and retained.

Historical Background of the Typewriter Excuse

When 21 CFR Part 11 was issued in March 1997, the U.S. pharmaceutical industry made the following argument:

“The true record is the paper record. We are merely using computers to create records.”

This argument from pharmaceutical companies suggested that computers were being used as typewriters and therefore were not subject to 21 CFR Part 11. This explanation became known mockingly as the “Typewriter Excuse.”

FDA’s Position

The FDA clearly responded in the 1997 final rule for 21 CFR Part 11:

“Part 11 is not intended to apply to computer systems that are merely incidental to the creation of paper records that are subsequently maintained in traditional paper-based systems. In such cases, the computer systems would function essentially like manual typewriters or pens and any signatures would be traditional handwritten signatures. Record storage and retrieval would be of the traditional ‘file cabinet’ variety.”

In other words, Part 11 applies only when computers are truly used like typewriters, such as when no electronic record is created at all.

Fundamental Differences Between Typewriters and Computer Systems

The critical differences between typewriters and computer systems are as follows:

Typewriter:

  • “One Time Printing” (can only print once)
  • Original exists only on paper
  • Alterations can only be made on paper (leaving visible traces)

Computer System:

  • Can print the same record multiple times
  • Electronic original exists
  • Electronic records can be altered between the first and second printing
  • Signatures can be backdated after printing

This fundamental difference is precisely why the FDA requires stricter controls for electronic records.

Critical Insights on the Reliability of Printouts

Paul Motise, who was deeply involved in the development of 21 CFR Part 11, stated in a 2002 presentation:

“Printouts cannot be inherently trusted because they do not contain the metadata necessary to reconstruct the data or reproduce it from raw data.”

This statement clearly indicates that printing to paper alone is insufficient, and that retention of electronic records with their associated metadata is essential.

Obligation to Retain Electronic Records

FDA’s Fundamental Position

According to the FDA, electronic records (such as Excel files) must not be deleted simply because they have been printed to paper. The reason is that one must be able to demonstrate that the content of the printed paper matches the original Excel file.

If the Excel file is deleted, the company cannot prove that no misconduct occurred. This means that the burden of proof falls on the company, without the benefit of presumption of innocence.

Regulatory authorities fundamentally do not trust printed paper records, which is why they investigate electronic records. The primary purpose is to detect manipulation or falsification.

Specific Requirements of 21 CFR Part 11

21 CFR Part 11.10 (c) states:

“Protection of records to enable their accurate and ready retrieval throughout the records retention period.”

This means that electronic records cannot be discarded during the required retention period. Furthermore, companies must be able to promptly search for and present electronic records during FDA inspections.

21 CFR Part 11.10 (e) states:

“Audit trails shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.”

In other words, audit trails, in addition to electronic records, may be reviewed by the FDA and must not be discarded.

International Regulatory Developments Regarding Data Integrity

MHRA (UK Medicines and Healthcare products Regulatory Agency) Guidance

The “MHRA GMP Data Integrity Definitions and Guidance for Industry” issued by MHRA in March 2015 states:

A system with audit trail functionality means either a system with built-in audit trail capabilities or a system to which validated external audit trail software with a validated interface has been added. Paper-based audit trails in hybrid systems are acceptable if they can achieve the same level of control as the built-in audit trails described in GMP Annex 11. If this equivalence cannot be demonstrated, it is expected that systems should be upgraded to include audit trails by the end of 2017.

Important Update: This guidance was updated in March 2018 as “GXP Data Integrity Guidance and Definitions, Revision 1.” The updated version softened the explicit 2017 deadline requirement, revising it as follows:

“It is expected that companies should be implementing systems that comply with current regulatory expectations. It is expected that GMP facilities with industrial automation and control equipment/systems such as programmable logic controllers should be able to demonstrate working towards system upgrades with individual login and audit trails (reference: Art 23 of Directive 2001/83/EC).”

In other words, MHRA acknowledges a phased approach while clearly indicating the direction toward system upgrades to ensure data integrity.

Evolution of FDA Data Integrity Guidance

The FDA issued a draft of “Data Integrity and Compliance With Drug CGMP Questions and Answers Guidance for Industry” in April 2016, with the final version published in December 2018. This guidance defines important concepts, including:

Definition of Data Integrity: “The accuracy, completeness, and reliability of data”

Data should satisfy the following characteristics (ALCOA+ principles):

  • Attributable: The person who generated the data can be identified
  • Legible: The data is readable
  • Contemporaneous: Data is recorded at the time of generation
  • Original: Data is the original or a true copy
  • Accurate: Data is accurate

Recent regulatory developments have added:

  • Complete: All data is included
  • Consistent: Data is consistent
  • Enduring: Data is maintained throughout the retention period
  • Available: Data can be retrieved when needed

Latest Development as of October 2024: The FDA issued the final version of “Electronic Systems, Electronic Records, and Electronic Signatures in Clinical Investigations: Questions and Answers” guidance, clarifying electronic record management requirements in response to advances in Digital Health Technologies (DHT).

Problems with Excel Use in QC Laboratories

Given the above regulatory trends, it is fundamentally undesirable to use Excel for QC laboratory test results, analytical reports, and batch disposition decisions.

Limitations of Excel

Standard Excel has the following limitations:

RequirementExcel Standard FeaturesIssues
Audit TrailNoneCannot automatically record change history
Electronic SignaturesNoneCannot provide 21 CFR Part 11 compliant electronic signatures
Access ControlsLimitedFile-level protection only
Database FunctionalityLimitedInsufficient as a relational database
ValidationComplexVerification of custom development required

Recommended Solutions

MHRA and FDA recommend implementation of systems such as:

  1. LIMS (Laboratory Information Management System)
    1. Integrated management of test data
    1. Built-in audit trail functionality
    1. Electronic signature capabilities
    1. Workflow management
  2. Other Database Systems
    1. Quality control modules of ERP (Enterprise Resource Planning) systems
    1. Dedicated QC data management systems

These systems are designed to meet the requirements of 21 CFR Part 11 and EU GMP Annex 11, making it easier to ensure data integrity.

Classification of Spreadsheets in GAMP 5

GAMP 5 (Good Automated Manufacturing Practice Guide, Second Edition, issued July 2022) classifies spreadsheets as follows:

Category 1: Product Software

  • Microsoft Excel or Access itself
  • Can be used without configuration or customization
  • Using vendor standard features only

Category 3: Configurable Software

  • Spreadsheets containing simple formulas
  • Used as templates
  • No macros or VBA

Category 4: Customized Software

  • Complex spreadsheets with statistical functions
  • Simple Boolean functions (IF, AND, OR, etc.)
  • May include macros or VBA

Category 5: Custom Software

  • Complex VBA programs
  • Implementing proprietary functionality

Important Note: The “temporary use” described in GAMP 5 Appendix S3 refers to use within Category 1, specifically:

  • Simple calculations as a calculator replacement
  • Temporary aggregation of data
  • Calculations that do not need to be retained as GxP records

Creating test result reports and analytical reports in QC laboratories clearly does not fall under this “temporary use” and must be managed as formal GxP records.

Conclusions and Recommendations

Reaffirmation of Basic Principles

  1. Printing electronic records to paper alone is insufficient
    1. Both electronic records and metadata must be retained
    1. Audit trails must also be maintained during the retention period
  2. The typewriter excuse is not applicable
    1. Records created on computers must be managed as electronic records
    1. Deletion after printing constitutes a violation of 21 CFR Part 11
  3. Beware of misinterpreting GAMP 5
    1. “Temporary use” refers only to limited situations
    1. Not applicable to creation of GxP records

Practical Recommendations

Short-term Actions (if already using Excel):

  1. Proper storage of Excel files
    1. Save to read-only network shares
    1. Regular backups
    1. Appropriate access permissions
  2. Implementation of validation
    1. Creation of user requirement specifications
    1. Verification of formulas
    1. Establishment of change control procedures
  3. Establishment of procedures
    1. Procedures for creating, using, and storing Excel files
    1. Data review procedures
    1. Audit trail review procedures (where possible)

Medium to Long-term Actions (Recommended):

  1. Migration to Database Systems such as LIMS
    1. Conduct risk assessment
    1. System selection and implementation planning
    1. Phased migration implementation
  2. Fostering a Data Integrity Culture
    1. Training and education on data integrity
    1. Building a quality culture
    1. Establishing mechanisms for continuous improvement

Responding to Latest Regulatory Trends

As of 2025, regulatory authorities are paying particular attention to:

  • Data integrity in cloud computing environments
  • Validation of Artificial Intelligence (AI) and Machine Learning (ML) systems
  • Data management from Digital Health Technologies (DHT)
  • Ensuring data integrity across the supply chain

Even in these new technological environments, the basic principles outlined in this article remain unchanged. Ensuring the completeness, accuracy, and reliability of electronic records, and properly storing and managing them, forms the foundation for protecting product quality and patient safety.

References and Regulatory Documents

  1. 21 CFR Part 11 – Electronic Records; Electronic Signatures (effective March 1997)
  2. FDA Guidance for Industry: Part 11, Electronic Records; Electronic Signatures – Scope and Application (August 2003)
  3. FDA Guidance for Industry: Data Integrity and Compliance With Drug CGMP Questions and Answers (Final, December 2018)
  4. FDA Guidance: Electronic Systems, Electronic Records, and Electronic Signatures in Clinical Investigations: Questions and Answers (Final, October 2024)
  5. MHRA GMP Data Integrity Definitions and Guidance for Industry (March 2015)
  6. MHRA GXP Data Integrity Guidance and Definitions, Revision 1 (March 2018)
  7. EU GMP Annex 11: Computerised Systems (June 2011)
  8. GAMP 5 Guide: A Risk-Based Approach to Compliant GxP Computerized Systems, Second Edition (July 2022)
  9. PIC/S Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (PI 041-1, September 2021)
  10. ICH Q9: Quality Risk Management (Revised 2023)

This article aims to deepen understanding of regulatory requirements regarding data integrity in the pharmaceutical industry. For specific applications, please consult with your company’s quality assurance and regulatory affairs departments to determine appropriate responses.

Understanding ALCOA: The Foundation of Data Integrity in the Pharmaceutical Industry Previous post The Nature and Approach of Regulatory Requirements in Pharmaceutical Manufacturing Next post

Related post

Comment

There are no comment yet.