Navigating Data Management Requirements For Sterile Manufacturing

A conversation with Ronald Bauer, Christina Meissner, and Michael Zwitkovits — Austrian Medicines Agency

In sterile manufacturing, data is both a lifeline and a liability. Managing it well requires a risk-based mindset from day one.

Ronald Bauer, an authority on pharmaceutical inspections and data integrity, spoke at the International Society for Pharmaceutical Engineering’s 2025 ISPE Biotechnology Conference in June. He addressed the challenges and expectations of data governance in sterile manufacturing.

Bauer and his colleagues, Christina Meissner and Michael Zwitkovits, shared insights on validation strategies, ALCOA++ compliance, the role of metadata, and how manufacturers can avoid common pitfalls in contamination control. Their insights catch us up on some of the themes from his talk at the conference.

Can you elaborate on key elements of an effective validation approach for data governance in sterile manufacturing?

Bauer: A regulated user must be able to demonstrate their competence for validation. The validation approach should be based on a well-considered validation strategy that rests on three pillars:

1. risk assessment,
2. system assessment, and
3. supplier evaluation.

A well-thought-out and clear risk assessment ensures that all functionalities of a system receive the necessary attention according to risk.

The system should include an assessment of the extent to which its functionalities pose a risk to data integrity, and appropriate preventative measures should be implemented. Given the typically high volumes of data generated in sterile manufacturing, the management of electronic data and its integrity protection within a data governance system is of utmost importance. The data governance system should therefore be an integral part of a pharmaceutical quality system and should consider the design, operation, and monitoring of processes and systems to ensure compliance with the principles of data integrity.

Controls should be established throughout the data life cycle that comply with the principles of quality risk management. The depth of data governance and risk management activities should be justified and appropriate to the risks to product quality and patient safety. Regardless of the processes leading to the generation of electronic data, they must be included in the qualification or validation requirements of the corresponding computerized systems in accordance with the relevant legal provisions.

How do you assess compliance with ALCOA++ principles during inspections? What common pitfalls do manufacturers encounter when implementing them?

Bauer: The course of an inspection is typically determined by the complexity of the regulated user’s computerized systems and follows a top-down approach. This means that the horizontal requirements, such as the validation guideline, the requirements for developing a validation strategy, the requirements for conducting a risk assessment, and the pharmaceutical quality assurance system, are assessed at the beginning. This is followed by the system-specific assessment of the validation planning, as well as various requirements for conducting and documenting the validation, with the final assessment of whether the system that generates electronic data meets the legal requirements for the qualification or validation of a computerized system.

If the focus of an inspection is on electronic records and their integrity protection, the inspector must understand which data a system generates and the data flow, how the regulated user assesses this data in terms of its criticality, and what preventative measures are in place to protect it. To understand how the operation and monitoring of compliance with the principles of data integrity are considered, the inspector must assess how the data governance system interacts with the pharmaceutical quality system and whether it is implemented effectively. The inspector must be able to evaluate whether, based on the mitigation measures found, the completeness, consistency, and accuracy of all data (raw data and derived data) are ensured, and whether derived data can be traced back to the raw data. For derived/processed data, it must be possible to assess whether all data processing activities can be reconstructed.

Environmental monitoring produces vast amounts of data in sterile manufacturing. What are your expectations regarding their collection and analysis? How should this data inform continuous improvement in contamination control?

Bauer: If data from environmental monitoring is used for the continuous improvement of contamination control, this data must be representative and trustworthy. The technical basis for contamination control is the contamination control strategy. It specifies which control points are meaningful and which data filters shall be used, how associated data should be interpreted, and which decisions should be linked to them.

The inspector must evaluate the development and quality of the contamination control strategy in conjunction with the personnel deployed and the manufacturing process affected. Records created during contamination control must follow complete specifications that correspond to the strategy and be recorded by the pharmaceutical quality system supplemented by the data governance system. The completeness, consistency, and accuracy of all data (raw and derived data) must be ensured through a risk-based approach throughout their entire life cycle, regardless of whether they are created, recorded, and stored on paper or electronically. If computer-based systems are used to create and/or record risk control data, they must meet the legal requirements for qualification and validation.

Decisions regarding the further development of a sterile manufacturing process, which are rooted in data from risk control, must be traceable to the raw data over the legally relevant period. Data completeness and integrity must be ensured during both the operational and archiving phases. Identified risks to the data should be accompanied by risk mitigation measures in both phases.

How effectively are companies deploying metadata to enhance process understanding and control? Do any examples stand out where metadata analysis has led to significant improvement?

Meissner: Currently data is often managed in parallel existing silos, and we have not seen many manufacturers where this data is used and combined in a way to aid process control and optimization.

Where do you draw the line between acceptable residual risk and an inherently flawed control strategy? Have you seen cases where manufacturers pushed a mitigation approach too far, rather than reevaluating the component or process altogether?

Meissner: As defined within ICH Q9(R1), the formality of the risk assessment is linked to the level of risk and facilitating risk-based decision-making. The most common mistakes seen in inspections are: 

1. The most suitable tools are not used, or tools are used incorrectly or incompletely. For example, this could occur when applying a HACCP tool and the identified critical control points are not brought in context with the manufacturing process.
2. Hazard identification, risk analysis, and risk evaluation are seen as their own steps and results are combined. In the outcome of the assessment, it is not clear what mitigation actions are needed, and it can’t be concluded whether risks are under control.
3. Since pharma is a risk-adverse industry, we noticed that residual risks are downgraded to low or zero risk by mathematical means to achieve the desired outcome. 
4. Process steps are not assessed in depth or multiple process steps are assessed as one, making it difficult to clearly identify hazards. This results in a superficial risk assessment that does not add to meaningful risk-based decision-making.

Zwitkovits: Drawing the line between acceptable residual risks and an inherently flawed risk control strategy depends heavily on data provided by a manufacturer and is a case-by-case decision. We have seen cases where a mitigation approach was pushed too far. However, it is challenging to demonstrate that a manufacturer’s approach is not sufficient, since the procedure used to assess the data as the foundation of any risk identification/analysis/assessment is defined by the company.

Based on the company’s quality culture, this procedure can show tendencies toward either risk-taking or risk-preventing directions. The risk-taking concepts tend to be reactive, not proactive, to preserving the status quo. In the end, if a hazard is not identified or a mitigation measure is not implemented due to risks being intentionally downplayed, the manufacturer will be held accountable for the consequences of a failed or contaminated batch.

About The Experts:

Dr. Ronald Bauer is head of Institute Surveillance of the Austrian Agency for Health and Food Safety. His role includes surveillance of the Austrian medical market, including authorization for pharmaceutical companies and inspections of GMP facilities and their products. He is a lecturer at the Medical University of Vienna. He has a degree in technical chemistry from Graz University of Technology.

Dr. Christina Meissner is a GMP inspector at the Austrian Agency for Health and Food Safety. Previously, she worked as a quality assessor for clinical trials at the Austrian Agency for Health and Food Safety and as a research scientist at the Department of Medical Virology at Charite University Hospital in Berlin. She received her doctorate in biology from the Humboldt University of Berlin.

Dr. Michael Zwitkovits is a GMP inspector at the Austrian Agency for Health and Food Safety. Previously, he was an analytical chemist for the agency. He received his M.Sc. in pharmaceutical quality assurance from the Dublin Institute of Technology and his doctorate from the University of Vienna.