Products Services Information About Contact
Products
Ofni Systems provides your FDA-regulated business with software and products to assist with 21 CFR 11, Annex 11, HIPAA, and other regulatory requirements for electronic data and signatures.
ExcelSafe
Part 11 Compliance For
MS Excel® Spreadsheets Simple To Use
Get spreadsheet control in a matter of hours Full Part 11 Compliance
Audit trails, electronic signatures and user security Spreadsheet Validation
We are FDA experts on spreadsheet validation Free Trial
Get a copy of Excelsafe to test today
FastVal
A Complete Validation Management Solution Create Documents
Fastval creates all your validation documents Electronic Execution
Execute validation protocols electronically Deviation Tracking
Deviation generation, tracking and management Project Management
Tools and reports to help manage people & projects
Ofni Clinical
eCRF Data Collection Database For Clinical Trials Case Report Forms
Converts your paper CRF's into eCRF's Edit Checks
Ensure data integrity with validation rules MedWatch Reporting
Automatically generates MedWatch FDA Form 3500A Rapid Implementation
Ready to use in days, not weeks or months
Part 11 Toolkit
Makes Any MS Access® Database Part 11 Compliant Audit Trails
Track all changes made in a database Electronic Signatures
Secure data with electronic signatures Database Validation
Let us validate your database for you Free Trial
Try the Part 11 Toolkit in your own database
Part 11 Advisor
Part 11 Auditing, Remediation and Training Tool Starting Gap Analysis
Facilitates the process of starting gap analysis Assessments
Collect and review data to identify Part 11 gaps Long-Term Tracking
Track the completion of your corrective action plan On-site Implementation
Hands on training on 21 CFR Part 11
Services
Ofni Systems provides your business with the highest quality consulting services to meet all of your compliance and quality needs.
Validation Services Software Validation
 Method Validation
 Process Validation
 Equipment Validation
21 CFR Part 11 Part 11 Training
 Part 11 Auditing
 Compliance Testing
 Software Assesments
Clinical Trials Custom Databases
 Database Testing
 Statistical Analysis
 Statistical Reporting
Other Services Data Migration
 SOP Writing
 Process Automation
 Mock Audits
Information
Ofni Systems is committed to assisting organizations with electronic records compliance, such as 21 CFR Part 11 and Annex 11. Let Ofni Systems make knowledge management simple for you.
21 CFR Part 11
A complete set of resources for 21 CFR Part 11 21 CFR 11.10(a)
Validation of computer systems 21 CFR 11.10(b)
Accurate Generation of Records 21 CFR 11.10(c)
Protection of Records 21 CFR 11.10(d)
Limited System Access 21 CFR 11.10(e)
Audit Trails 21 CFR 11.10(f)
Operational System Checks 21 CFR 11.10(g)
Authority Checks 21 CFR 11.10(h)
Input Checks 21 CFR 11.10(i)
Education, Training and Experience 21 CFR 11.10(j)
Policies for Electronic Signatures 21 CFR 11.10(k)
Document Control Part 11 FAQ
Validation of computer systems
Validation Resources
On selected validation documents Validation Planning
Define the scope and goals of a validation project. Requirement Gathering
Operations and activities that a system must be able to perform. Design Specification
Design Specifications describe how a system performs the requirements Installation Qualification
Verifies the proper installation and configuration of a System. Summary Report
Provides an overview of the entire validation project.
Other Resources
More information on FDA compliance FDA Warning Letters
Sample FDA 483 and Warning Letters Part 11 Publications
Useful 21 CFR 11 resources. Clinical Data Management
Best practices in handling data from clinical trials. Ofni Compliance Blog
Resources and information straight from the Ofni team.
About Ofni Systems
Ofni Systems is dedicated to helping companies address the requirements of 21 CFR Part 11, Electronic Records and Electronic Signatures.
Clients
Alliances
Employment
Customer Support

audit trail


Page 2 of 212

Warning Letter: No active audit trail (ucm443247)

Tags: | | |

“Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

You lacked controls to prevent the unauthorized manipulation of your laboratory’s electronic raw data. Specifically, your infrared (IR) spectrometer did not have access controls to prevent deletion or alteration of raw data. Furthermore, the computer software for this equipment lacked active audit trail functions to record changes to data, including information on original results, the identity of the person making the change, and the date of the change. Audit trails that capture such critical data about the quality of your batch production should be reviewed as part of the batch review and release process.”

View the original warning letter.


Warning Letter: Inadequate audit trails and password protection (ucm436268)

Tags: | |

“a. You did not retain complete raw data from testing performed to ensure the quality of your APIs. For example, your firm could not provide electronic raw data supporting your High Pressure Liquid Chromatography (HPLC) testing in your Validation Report BP-VR-0701/2010.

b. You failed to retain complete raw data documenting the weights and calculations used in method validation as specified in your standard operating procedure (SOP) “Recording of Raw Data.”

c. Your analyst selectively invalidated data during related substance testing. For example, for [redacted], batch [redacted] on May 15, 2013; you did not retain data from all six injections used for the initial system suitability. Your analyst discarded one of the six injections performed with no justification.

3. Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

The inadequate controls over access to your data raise questions about the authenticity and reliability of your data and the quality of the APIs you produce. Specifically,

a. Your firm did not have proper controls in place to prevent the unauthorized manipulation of your laboratory’s raw electronic data. Your HPLC computer software lacked active audit trail functions to record changes to analytical methods, including information on original methodology, the identity of the person making the change, and the date of the change. In addition, your laboratory systems did not have access controls to prevent deletion or alteration of raw data. During the inspection, your analysts demonstrated that they were given inappropriate user permissions to delete HPLC data files.

b. Moreover, the gas chromatograph (GC) computer software lacked password protection allowing uncontrolled full access to all employees.”

View the original warning letter.


Warning Letter: Lack of controls, such as audit trails, to prevent substitution, overwriting, or changes of electronically stored data (ucm431456)

Tags: | |

“The trial injection data was stored in the “Trial” folder located on a PC with no audit trail linked to the HPLC instrument…

The audit trail for the dissolution analysis of the 9-month long-term stability sample of [redacted] USP [redacted] mg Tablets batch [redacted] conducted on March 22, 2014, showed a single manual injection that was not included in the official test results package. A manual “trial” sample injection from vial position [redacted] at 12:29 pm was injected between the Set [redacted] and Set [redacted] analytical sequences. No deviation was documented regarding the extra sample injection. In addition, the original injection data obtained for vial position [redacted] was overwritten and not saved. Because the original data was overwritten, you did not review and evaluate it as part of your batch release decision…

Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

FDA investigators discovered a lack of basic laboratory controls to prevent changes to electronically stored data. The following examples show that you lack effective control of the integrity of instrument output data:
The ten Shimadzu HPLC instruments in the QC “commercial” laboratory were configured to send acquired injection data to PCs without audit trails.

There was a lack of controls to prevent substitution or overwriting of data. The [redacted] audit trail dated January 6, 2014, for HPLC MLG/QC/12/026 and the [redacted] audit trail dated January 15, 2014, for HPLCs MLG/QC/12/031 and MLG/QC/12/027 each showed sample injections marked with the same small graphic symbol. For each of these entries, you replaced the original injection sequence data with data from a single manual injection and failed to save the original sequence data.

A “File Note” dated February 10, 2014, signed by the QC Head, established that the printed data used for batch disposition decisions from the Metrohm Titrando Instrument MLG/QC/12/048 hard drive was not necessarily the complete data for a batch. Our inspection found that data on the instrument was selected for use and was not protected from change and deletion. Notably, the audit trail capability of this QC “commercial” laboratory instrument was not enabled, even after creation of the “File Note.”

View the original warning letter.




Page 2 of 212
Ofni Systems Logo
Products Services Information About Contact Privacy Terms Of Use |   (919) 844-2494 Google+