Products Services Information About Contact
Products
Ofni Systems provides your FDA-regulated business with software and products to assist with 21 CFR 11, Annex 11, HIPAA, and other regulatory requirements for electronic data and signatures.
ExcelSafe
Part 11 Compliance For
MS Excel® Spreadsheets Simple To Use
Get spreadsheet control in a matter of hours Full Part 11 Compliance
Audit trails, electronic signatures and user security Spreadsheet Validation
We are FDA experts on spreadsheet validation Free Trial
Get a copy of Excelsafe to test today
FastVal
A Complete Validation Management Solution Create Documents
Fastval creates all your validation documents Electronic Execution
Execute validation protocols electronically Deviation Tracking
Deviation generation, tracking and management Project Management
Tools and reports to help manage people & projects
Ofni Clinical
eCRF Data Collection Database For Clinical Trials Case Report Forms
Converts your paper CRF's into eCRF's Edit Checks
Ensure data integrity with validation rules MedWatch Reporting
Automatically generates MedWatch FDA Form 3500A Rapid Implementation
Ready to use in days, not weeks or months
Part 11 Toolkit
Makes Any MS Access® Database Part 11 Compliant Audit Trails
Track all changes made in a database Electronic Signatures
Secure data with electronic signatures Database Validation
Let us validate your database for you Free Trial
Try the Part 11 Toolkit in your own database
Part 11 Advisor
Part 11 Auditing, Remediation and Training Tool Starting Gap Analysis
Facilitates the process of starting gap analysis Assessments
Collect and review data to identify Part 11 gaps Long-Term Tracking
Track the completion of your corrective action plan On-site Implementation
Hands on training on 21 CFR Part 11
Services
Ofni Systems provides your business with the highest quality consulting services to meet all of your compliance and quality needs.
Validation Services Software Validation
 Method Validation
 Process Validation
 Equipment Validation
21 CFR Part 11 Part 11 Training
 Part 11 Auditing
 Compliance Testing
 Software Assesments
Clinical Trials Custom Databases
 Database Testing
 Statistical Analysis
 Statistical Reporting
Other Services Data Migration
 SOP Writing
 Process Automation
 Mock Audits
Information
Ofni Systems is committed to assisting organizations with electronic records compliance, such as 21 CFR Part 11 and Annex 11. Let Ofni Systems make knowledge management simple for you.
21 CFR Part 11
A complete set of resources for 21 CFR Part 11 21 CFR 11.10(a)
Validation of computer systems 21 CFR 11.10(b)
Accurate Generation of Records 21 CFR 11.10(c)
Protection of Records 21 CFR 11.10(d)
Limited System Access 21 CFR 11.10(e)
Audit Trails 21 CFR 11.10(f)
Operational System Checks 21 CFR 11.10(g)
Authority Checks 21 CFR 11.10(h)
Input Checks 21 CFR 11.10(i)
Education, Training and Experience 21 CFR 11.10(j)
Policies for Electronic Signatures 21 CFR 11.10(k)
Document Control Part 11 FAQ
Validation of computer systems
Validation Resources
On selected validation documents Validation Planning
Define the scope and goals of a validation project. Requirement Gathering
Operations and activities that a system must be able to perform. Design Specification
Design Specifications describe how a system performs the requirements Installation Qualification
Verifies the proper installation and configuration of a System. Summary Report
Provides an overview of the entire validation project.
Other Resources
More information on FDA compliance FDA Warning Letters
Sample FDA 483 and Warning Letters Part 11 Publications
Useful 21 CFR 11 resources. Clinical Data Management
Best practices in handling data from clinical trials. Ofni Compliance Blog
Resources and information straight from the Ofni team.
About Ofni Systems
Ofni Systems is dedicated to helping companies address the requirements of 21 CFR Part 11, Electronic Records and Electronic Signatures.
Clients
Alliances
Employment
Customer Support
  • (919) 844 2494

    • FDA Warning Letters


    Page 7 of 25« First...3456789101112...20...Last »

    1. Warning Letter: Failure to adequately validate software (ucm441879)

      Tags: |

      “Failure to adequately validate software used as part of production and quality systems for its intended use according to an established protocol as required by 21 CFR 820.70(i). Specifically, you did not validate your CNC Lathe and MAS 90 software used in manufacturing and labeling, respectively.”

      View the original warning letter.


      Recommended Solutions

      FastVal Validation Document Generator v3.0 >>

      Recommended Solutions

      Compliance Training >>

      Recommended Solutions

      ExcelSafe >>

      Recommended Solutions

      Ofni Clinical >>

      Recommended Solutions

      Part 11 Toolkit >>

      Recommended Solutions

      Part 11 Advisor >>

      Recommended Solutions

      MedWatch Reporter >>

      Recommended Solutions

      Computer Validation >>

      Recommended Solutions

      Part 11 and Compliance Assessments >>

      Recommended Solutions

      Custom Programming >>

      Recommended Solutions

      Data Migration in a GxP Environments >>

      Recommended Solutions

      GxP and Compliance Auditing Services >>

      Recommended Solutions

      Validating MS Excel Spreadsheets >>

      Recommended Solutions

      Access Databases >>

    2. Warning Letter: Failure to develop adequate written procedures (ucm442577)

      Tags: |

      1. Failure to establish and maintain adequate procedures for implementing corrective and preventive actions, as required by 21 CFR 820.100(a). Specifically, Your procedures addressing corrective and preventive actions, “Procedures for Corrective and Preventive Action”, PCPA-00, dated10/5/10 and “Measurement and Analysis” procedure, MA-00, dated 10/5/10, are not adequate in that: a) Your procedures do not address:

      1. How and how often each data source will be analyzed to identify existing and potential causes of nonconforming product.

      2. Initiating a corrective and preventive action commensurate with the significance and risk of the nonconformity.

      3. Verifying and validating corrective and preventive actions to ensure such action is effective and does not adversely affect the finished device.

      4. Implementing and recording changes in methods and procedures needed to correct and prevent identified quality problems.


      5. Failure to establish and maintain procedure for identification, documentation, validation or where appropriate verification, review and approval of design changes before their implementation, as required by 21 CFR 820.30(i). For example, a sticky note on the “Chaps” instructions sheet stating “No Longer Need F Velcro Lengths” is the only documentation for the change to receive the elastic with the Velcro already sown onto it. This design change did not go through your formal change control as required by “Change Control” procedure, CC-00, dated 10/5/10.

      View the original warning letter.


      Recommended Solutions

      FastVal Validation Document Generator v3.0 >>

      Recommended Solutions

      Compliance Training >>

      Recommended Solutions

      ExcelSafe >>

      Recommended Solutions

      Ofni Clinical >>

      Recommended Solutions

      Part 11 Toolkit >>

      Recommended Solutions

      Part 11 Advisor >>

      Recommended Solutions

      MedWatch Reporter >>

      Recommended Solutions

      Computer Validation >>

      Recommended Solutions

      Part 11 and Compliance Assessments >>

      Recommended Solutions

      Custom Programming >>

      Recommended Solutions

      Data Migration in a GxP Environments >>

      Recommended Solutions

      GxP and Compliance Auditing Services >>

      Recommended Solutions

      Validating MS Excel Spreadsheets >>

      Recommended Solutions

      Access Databases >>

    3. Warning Letter: No audit trail function was enabled (ucm440966)

      Tags: | |

      “Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

      Specifically, your high performance liquid chromatography (HPLC) and gas chromatography (GC) data acquisition software, TotalChrom®, did not have sufficient controls to prevent the deletion or alteration of raw data files. During the inspection, the investigator observed that the server that maintains electronic raw data for HPLC and GC analyses (the J drive) contains a folder named “Test,” and that chromatographic methods, sequences, and injection data saved into this folder can be deleted by analysts. The investigator also found that data files initially created and stored in the “Test” folder had been deleted, and that back-up files are overwritten [redacted].

      In addition, because no audit trail function was enabled for the “Test” folder, your firm was unable to verify what types of injections were made, who made them, or the date or time of deletion. The use of audit trails for computerized analytical instrumentation is essential to ensure the integrity and reliability of the electronic data generated.”

      View the original warning letter.


      Recommended Solutions

      FastVal Validation Document Generator v3.0 >>

      Recommended Solutions

      Compliance Training >>

      Recommended Solutions

      ExcelSafe >>

      Recommended Solutions

      Ofni Clinical >>

      Recommended Solutions

      Part 11 Toolkit >>

      Recommended Solutions

      Part 11 Advisor >>

      Recommended Solutions

      MedWatch Reporter >>

      Recommended Solutions

      Computer Validation >>

      Recommended Solutions

      Part 11 and Compliance Assessments >>

      Recommended Solutions

      Custom Programming >>

      Recommended Solutions

      Data Migration in a GxP Environments >>

      Recommended Solutions

      GxP and Compliance Auditing Services >>

      Recommended Solutions

      Validating MS Excel Spreadsheets >>

      Recommended Solutions

      Access Databases >>

    4. Warning Letter: Inadequate audit trails and password protection (ucm436268)

      Tags: | |

      “a. You did not retain complete raw data from testing performed to ensure the quality of your APIs. For example, your firm could not provide electronic raw data supporting your High Pressure Liquid Chromatography (HPLC) testing in your Validation Report BP-VR-0701/2010.

      b. You failed to retain complete raw data documenting the weights and calculations used in method validation as specified in your standard operating procedure (SOP) “Recording of Raw Data.”

      c. Your analyst selectively invalidated data during related substance testing. For example, for [redacted], batch [redacted] on May 15, 2013; you did not retain data from all six injections used for the initial system suitability. Your analyst discarded one of the six injections performed with no justification.

      3. Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

      The inadequate controls over access to your data raise questions about the authenticity and reliability of your data and the quality of the APIs you produce. Specifically,

      a. Your firm did not have proper controls in place to prevent the unauthorized manipulation of your laboratory’s raw electronic data. Your HPLC computer software lacked active audit trail functions to record changes to analytical methods, including information on original methodology, the identity of the person making the change, and the date of the change. In addition, your laboratory systems did not have access controls to prevent deletion or alteration of raw data. During the inspection, your analysts demonstrated that they were given inappropriate user permissions to delete HPLC data files.

      b. Moreover, the gas chromatograph (GC) computer software lacked password protection allowing uncontrolled full access to all employees.”

      View the original warning letter.


      Recommended Solutions

      FastVal Validation Document Generator v3.0 >>

      Recommended Solutions

      Compliance Training >>

      Recommended Solutions

      ExcelSafe >>

      Recommended Solutions

      Ofni Clinical >>

      Recommended Solutions

      Part 11 Toolkit >>

      Recommended Solutions

      Part 11 Advisor >>

      Recommended Solutions

      MedWatch Reporter >>

      Recommended Solutions

      Computer Validation >>

      Recommended Solutions

      Part 11 and Compliance Assessments >>

      Recommended Solutions

      Custom Programming >>

      Recommended Solutions

      Data Migration in a GxP Environments >>

      Recommended Solutions

      GxP and Compliance Auditing Services >>

      Recommended Solutions

      Validating MS Excel Spreadsheets >>

      Recommended Solutions

      Access Databases >>

    5. Warning Letter: Failure to prevent unauthorized access or changes (ucm421544_Amended)

      Tags: | |

      Your firm released [redacted] API batch [redacted] with an unknown peak present in the residual solvents chromatogram. Although this unknown peak was not a part of your historical impurity data, neither the analyst nor the supervisor apparently noticed or evaluated this unknown peak during their reviews.

      Subsequently, a customer complaint was received for this batch, and your investigation identified the unknown peak as [redacted]. Your firm found that this peak was a result of a contamination that occurred during your manufacturing process.

      In response to this letter, provide the corrective actions implemented to ensure that all laboratory data is appropriately analyzed, accurately reported and approved by your quality unit.
      Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

      Your firm did not have proper controls in place to prevent the unauthorized manipulation of your electronic raw data. For example,

      a. The inspection found that the audit trail feature for your gas chromatography (GC) instruments was not used until October 2013, even though your 2009 GC software validation included a satisfactory evaluation of the audit trail capability.

      b. There is no assurance that you maintain complete electronic raw data for the [redacted] GC instruments, the Malvern particle size analyzer, and the ultraviolet (UV) spectrophotometer. Our inspection found that these instruments were connected to stand-alone computers that stored the data and that the data could be deleted.

      c. Prior to our inspection, your firm failed to have a back-up system for the data generated by one of the [redacted] Fourier transform infrared spectrometers, the polarimeter, the UV spectrophotometer and the Malvern particle size analyzer.

      View the original warning letter.


      Recommended Solutions

      FastVal Validation Document Generator v3.0 >>

      Recommended Solutions

      Compliance Training >>

      Recommended Solutions

      ExcelSafe >>

      Recommended Solutions

      Ofni Clinical >>

      Recommended Solutions

      Part 11 Toolkit >>

      Recommended Solutions

      Part 11 Advisor >>

      Recommended Solutions

      MedWatch Reporter >>

      Recommended Solutions

      Computer Validation >>

      Recommended Solutions

      Part 11 and Compliance Assessments >>

      Recommended Solutions

      Custom Programming >>

      Recommended Solutions

      Data Migration in a GxP Environments >>

      Recommended Solutions

      GxP and Compliance Auditing Services >>

      Recommended Solutions

      Validating MS Excel Spreadsheets >>

      Recommended Solutions

      Access Databases >>

    6. Warning Letter: Failure to establish and maintain procedures for validation (ucm436707)

      Tags: | |

      “Your software development / validation does not include written procedures, structural and regression testing, and code reviews.

      1. Failure to establish and maintain procedures for validating the device design, as required by 21 CFR 820.30(g). Specifically,

      a. Your software development /validation:

        1. does not include written procedures covering the development/validation of the software used in your devices
        2. documentation for your Evolution Oxygen Conserver device does not include structural testing at the code level (use of static code checkers, independent code review, etc); and
        3.  software product testing procedure, Database/Software Controls IQP 030 Rev A dated 10/20/08, does not require structural testing and does not include provisions for the adequate description of regression testing.

      ….

      c. The available clinical studies documentation for the following Evolution Oxygen Conservers:

          1. did not include the written protocol or the patient’s baseline saturation levels for the 900M model; and
          2. did not include the baseline saturation levels or the device settings for the patients.”

      View the original warning letter.


      Recommended Solutions

      FastVal Validation Document Generator v3.0 >>

      Recommended Solutions

      Compliance Training >>

      Recommended Solutions

      ExcelSafe >>

      Recommended Solutions

      Ofni Clinical >>

      Recommended Solutions

      Part 11 Toolkit >>

      Recommended Solutions

      Part 11 Advisor >>

      Recommended Solutions

      MedWatch Reporter >>

      Recommended Solutions

      Computer Validation >>

      Recommended Solutions

      Part 11 and Compliance Assessments >>

      Recommended Solutions

      Custom Programming >>

      Recommended Solutions

      Data Migration in a GxP Environments >>

      Recommended Solutions

      GxP and Compliance Auditing Services >>

      Recommended Solutions

      Validating MS Excel Spreadsheets >>

      Recommended Solutions

      Access Databases >>

    7. Warning Letter: QC personnel created unauthorized data folders on laboratory computerized systems without appropriate oversight (ucm432709)

      Tags: | |

      “Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

      QC personnel created unauthorized folders on laboratory computerized systems without appropriate oversight. Our review of the HPLC Empower III data collected in 2013-2014 in the commercial QC laboratory found a data folder entitled “WASH.” According to your management, the folder was intended for column wash injections using blank solvent prior to and following sample runs, although you have no standard operating procedure (SOP) detailing this process. One of your laboratory analysts stated that this folder does not contain any standard or sample injection results. However, our investigator found that this folder contained a total of 3,353 injection results, some of which appeared to be samples.

      As part of your comprehensive evaluation and risk assessment, include a detailed description of all computerized systems in your facility used for testing drugs. This description should include information on each electronic folder that was not created pursuant to a valid SOP and an assessment of every file in each such folder, including information about the sample (product), date of test, lot number and original test result over the last five (5) years, except for data relating to exhibit batches, in which case there is no time limitation. Also provide specific information about all retests during these time frames, where an initial out-of-specification or out-of-trend result was disregarded without an investigation and the date on which you became aware such information had been disregarded. In addition, for each batch, provide the number of injections performed and chromatograms reviewed, and of those, the number that were used to generate a reported result. Furthermore, provide an updated assessment on the possible effects of your firm’s practices on the quality, safety, and efficacy of the drugs you manufacture or plan to manufacture, including drugs covered by approved or pending applications.

      Also describe the procedures established to manage and retain all computerized data.

      View the original warning letter.


      Recommended Solutions

      FastVal Validation Document Generator v3.0 >>

      Recommended Solutions

      Compliance Training >>

      Recommended Solutions

      ExcelSafe >>

      Recommended Solutions

      Ofni Clinical >>

      Recommended Solutions

      Part 11 Toolkit >>

      Recommended Solutions

      Part 11 Advisor >>

      Recommended Solutions

      MedWatch Reporter >>

      Recommended Solutions

      Computer Validation >>

      Recommended Solutions

      Part 11 and Compliance Assessments >>

      Recommended Solutions

      Custom Programming >>

      Recommended Solutions

      Data Migration in a GxP Environments >>

      Recommended Solutions

      GxP and Compliance Auditing Services >>

      Recommended Solutions

      Validating MS Excel Spreadsheets >>

      Recommended Solutions

      Access Databases >>

    8. Warning Letter: Lack of controls, such as audit trails, to prevent substitution, overwriting, or changes of electronically stored data (ucm431456)

      Tags: | |

      “The trial injection data was stored in the “Trial” folder located on a PC with no audit trail linked to the HPLC instrument…

      The audit trail for the dissolution analysis of the 9-month long-term stability sample of [redacted] USP [redacted] mg Tablets batch [redacted] conducted on March 22, 2014, showed a single manual injection that was not included in the official test results package. A manual “trial” sample injection from vial position [redacted] at 12:29 pm was injected between the Set [redacted] and Set [redacted] analytical sequences. No deviation was documented regarding the extra sample injection. In addition, the original injection data obtained for vial position [redacted] was overwritten and not saved. Because the original data was overwritten, you did not review and evaluate it as part of your batch release decision…

      Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

      FDA investigators discovered a lack of basic laboratory controls to prevent changes to electronically stored data. The following examples show that you lack effective control of the integrity of instrument output data:
      The ten Shimadzu HPLC instruments in the QC “commercial” laboratory were configured to send acquired injection data to PCs without audit trails.

      There was a lack of controls to prevent substitution or overwriting of data. The [redacted] audit trail dated January 6, 2014, for HPLC MLG/QC/12/026 and the [redacted] audit trail dated January 15, 2014, for HPLCs MLG/QC/12/031 and MLG/QC/12/027 each showed sample injections marked with the same small graphic symbol. For each of these entries, you replaced the original injection sequence data with data from a single manual injection and failed to save the original sequence data.

      A “File Note” dated February 10, 2014, signed by the QC Head, established that the printed data used for batch disposition decisions from the Metrohm Titrando Instrument MLG/QC/12/048 hard drive was not necessarily the complete data for a batch. Our inspection found that data on the instrument was selected for use and was not protected from change and deletion. Notably, the audit trail capability of this QC “commercial” laboratory instrument was not enabled, even after creation of the “File Note.”

      View the original warning letter.


      Recommended Solutions

      FastVal Validation Document Generator v3.0 >>

      Recommended Solutions

      Compliance Training >>

      Recommended Solutions

      ExcelSafe >>

      Recommended Solutions

      Ofni Clinical >>

      Recommended Solutions

      Part 11 Toolkit >>

      Recommended Solutions

      Part 11 Advisor >>

      Recommended Solutions

      MedWatch Reporter >>

      Recommended Solutions

      Computer Validation >>

      Recommended Solutions

      Part 11 and Compliance Assessments >>

      Recommended Solutions

      Custom Programming >>

      Recommended Solutions

      Data Migration in a GxP Environments >>

      Recommended Solutions

      GxP and Compliance Auditing Services >>

      Recommended Solutions

      Validating MS Excel Spreadsheets >>

      Recommended Solutions

      Access Databases >>

    9. Warning Letter: Production Software not validated (ucm446847)

       
      “Software used as part of production and the quality system has not been validated for its intended use according to an established protocol, as required by 21 CFR 820.70(i). Specifically, software validation was not conducted for the following pieces of equipment: [Redacted]”

      Automated Production Equipment
      Quality Inspection Equipment
      [redacted]
      [redacted]
      [redacted]
      [redacted].”

      View the original warning letter


      Recommended Solutions

      FastVal Validation Document Generator v3.0 >>

      Recommended Solutions

      Compliance Training >>

      Recommended Solutions

      ExcelSafe >>

      Recommended Solutions

      Ofni Clinical >>

      Recommended Solutions

      Part 11 Toolkit >>

      Recommended Solutions

      Part 11 Advisor >>

      Recommended Solutions

      MedWatch Reporter >>

      Recommended Solutions

      Computer Validation >>

      Recommended Solutions

      Part 11 and Compliance Assessments >>

      Recommended Solutions

      Custom Programming >>

      Recommended Solutions

      Data Migration in a GxP Environments >>

      Recommended Solutions

      GxP and Compliance Auditing Services >>

      Recommended Solutions

      Validating MS Excel Spreadsheets >>

      Recommended Solutions

      Access Databases >>

    10. Warning Letter: Software specifications were not maintained (ucm429201)

      “A device master record has not been adequately maintained, as required by 21 CFR 820. 181. For example, specifications for the various components of the device were not maintained; software specifications were not maintained; production process specifications and procedures were not maintained; quality assurance procedures and acceptance criteria were not maintained; packaging and labeling specifications were not maintained; and installation, maintenance and servicing procedures and methods were not maintained.

      View the original warning letter .


      Recommended Solutions

      FastVal Validation Document Generator v3.0 >>

      Recommended Solutions

      Compliance Training >>

      Recommended Solutions

      ExcelSafe >>

      Recommended Solutions

      Ofni Clinical >>

      Recommended Solutions

      Part 11 Toolkit >>

      Recommended Solutions

      Part 11 Advisor >>

      Recommended Solutions

      MedWatch Reporter >>

      Recommended Solutions

      Computer Validation >>

      Recommended Solutions

      Part 11 and Compliance Assessments >>

      Recommended Solutions

      Custom Programming >>

      Recommended Solutions

      Data Migration in a GxP Environments >>

      Recommended Solutions

      GxP and Compliance Auditing Services >>

      Recommended Solutions

      Validating MS Excel Spreadsheets >>

      Recommended Solutions

      Access Databases >>

    Page 7 of 25« First...3456789101112...20...Last »
    Ofni Systems Logo
    Products Services Information About Contact Privacy Terms Of Use |   (919) 844-2494 Google+