Part 1: Analysis of CY2018 FDA Warning Letters That Cite Data Integrity Failures

This report represents the fourth year I have published an evaluation of warning letters associated with data governance and data integrity deficiencies.  Articles for 2016 and 2017 and 2018 may be found here:

Enforcement for failures in data integrity and data governance began almost 20 years ago. This year, however, we may have turned the corner which we’ll address below.  The FDA is not the only health authority that identifies these issues in inspections and enforcement actions, but their transparency ensures the data is readily available. In this summary, we identify:

  • CY2018 warning letters that cite data integrity deficiencies
  • The number of warning letters citing this topic in the past 11 years and the countries where these sites are located
  • The regulations identified most frequently in CY2018 drug GMP warning letters citing data integrity failures

As in past years, all data integrity deficiencies identified in Form 483s and warning letters are failures to follow CGMPs as specified in the predicate rules. The FDA has not implemented novel interpretations or requirements applicable to data governance.  The use of computer systems and other electronic systems require different approaches to ensure compliant practices, but these are all based on the existing regulations in 21 CFR211.

[NOTE: Don’t feel like waiting for the second part of this report?  You don’t have to – download the full report now instead!]

DI Failures CTA

Data Integrity GMP Warning Letters And Trends From The Past 11 Years

Figure 1 lists the warning letters issued to drug manufacturers in CY2018 that include data integrity deficiencies.  The list includes the date of issuance and the country where the facility is located. Rows are color-coded.

DI Failures Figure 1

The FDA issued 85 drug GMP warning letters in CY2018, excluding those issued to compounding pharmacies and outsourcing facilities.  Forty-two included a data integrity component for a total of 49% of the warning letters. In December no warning letters were posted due to the partial government shutdown.

DI Failures Figure 2

DI Failures Figure 3

Figures 2 and 3 present data over the last 11 years, CY2008 through CY2018, along with a cumulative total.

  • The number of warning letters including this topic ranged from four to six from 2008 through 2013, doubled in CY2014 to 10. 
  • The number of warning letters increased from 15 in 2015 to 41 in 2016 and 56 in 2017.
  • In 2018 the number de­creased substantially to 42.
  • The number of countries associated with these warning letters continues to increase.
  • In 2018 11 countries were associated with the sites that were the subject of warning letters.

Figure 3 also shows that nearly 80% of warning letters with data integrity components were issued in the past four calendar years.  Even though this enforcement action started almost 20 years ago, the past four years shows a dramatic uptick in number, peaking in CY2017.  It will be interesting to monitor CY2019 warning letters and determine whether their number continues to decrease.

Figure 4 shows the data integrity associated warning letters by country from CY2015 through CY2018.  South Korea is newly represented in this group of countries in the past two years. Canada and Mexico have been members of the group since 2011 and 2012 respectively.  Singapore is new in 2017 and Australia, Taiwan and the Dominican Republic are new to the group in 2018.

DI Failures Figure 4

Figure 5 compares the number and percentage of warning letters citing data governance and data integrity in both the past 11 years and the most recent four years.

  • China tops the list in both the last four years and the last 11 years.
  • In the past four years China significantly outperforms India in this area and the US comes in third.
  • Europe remains constant at 9% of the total for both periods and the rest of the world is constant at approximately 20% of the totals. 

DI Failures Figure 5

Figure 6 shows the regulations most frequently cited in the warning letters in CY2018.  Many of the deficiencies did not identify a regulation or are provided by the FDA as “conclusions” or “data integrity remediation” instructions to which the firms must respond.  Warning letters issued to API manufacturers do not identify 211. The citation of regulations continues the FDAs stated goal of focusing on the evaluation of predicate rule requirements.

DI Failures Figure 6

In the second part of this report, we will:

  • Look at the actions firms can take to prevent, identify, and remediate issues
  • Expand upon key findings in the data
  • Summarize trends with notable cases
Click here to continue to part two.

[NOTE: No need to flip back and forth between pages – download the full report for yourself here!]

DI Failures CTA


Want this and more?
Sign up to get free weekly content updates
designed to make your job easier


Learn how FDAzilla can help you achieve your quality and inspection preparation goals:
Enforcement Analytics
GMP Regulatory Intelligence

Contact us if you ever have questions at

Like this post? Don't forget to share it!

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on print
Govzilla Bug

Don’t miss out! Subscribe now

Experience the Power of Govzilla

Get your FREE account to search sites, inspections, & warning letters