When metadata is used in the context regulated GxP activities, we must carefully consider its relationship with GxP electronic records and its regulatory impact. The regulatory requirements for electronic records are defined within the FDA’s 21 CFR Part 11 regulations, however, the requirements pertaining to metadata are less clear. In the following blog, I will be discussing the regulatory impact of metadata and what actions could be taken to mitigate regulatory risks
What is Metadata?
For those who are not too familiar with what metadata is, a commonly used analogy is that of a library catalog card, which contains high level information about a book, including, its author, title, subject, etc. The purpose of the catalog card is to make it easier for a person to find a specific book stored within the library’s entire collection.
Likewise, the main purpose of metadata is to facilitate in the discovery of relevant information. In some cases, metadata may also be used to provide supplementary information about the data, such as:
- To capture audit trail information about the electronic record
- To classify the electronic record and facilitate navigation
- As a parameter within an automated business process
- To provide business intelligence metrics
Regulatory Impact
In order to determine the specific regulatory impact, the first thing we need to do is identify the electronic records that are being managed within a given computerized system. In some cases, the electronic records may be in the form of discreet data elements, such as test results from an HPLC laboratory instrument. In other cases, the records may be in the form of documents, stored within an Electronic Document Management System (EDMS)
Let’s take a look at a typical example of a GxP record and its associated metadata:
A Standard Operating Procedure (SOP) is stored as a PDF document within an EDMS and is used in the context of regulated activities. Metadata is used to describe key attributes of the document, including its Title, Document Type, Effective Date, Department, etc. Metadata is also used to capture audit trail information and to automatically provide users with access to the record based on the department to which they belong.
Should the metadata on the document not accurately reflect the SOP’s information, the system could mistakenly provide users with access to the incorrect SOP, or the record’s audit trail information could be inaccurate. In this example, the metadata plays a crucial role in a regulated process and therefore poses a regulatory risk.
Related: Train Your Staff in Laboratory Data Integrity
How Do We Mitigate the Regulatory Risks?
To mitigate regulatory risks it is vital that proper controls be implemented to ensure the accuracy and integrity of the metadata be maintained throughout the SOP’s lifecycle. These controls can be both technical and procedural, as described in the following table.
The Key Steps
We have seen that through its relationship with electronic records, metadata can have a direct regulatory impact and actions should be taken to ensure regulatory risks are mitigated. So to summarize briefly, the following are the steps that I recommend following whenever dealing with metadata in the context of GxP regulated electronic records:
