“2. Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.
Your laboratory systems lacked access controls to prevent raw data from being deleted or altered. For example:
a. During the inspection, we noted that you had no unique usernames, passwords, or user access levelsfor analysts on multiple laboratory systems. All laboratory employees were granted full privileges to the computer systems. They could delete or alter chromatograms, methods, integration parameters, and data acquisition date and time stamps. You used data generated by these unprotected and uncontrolled systems to evaluate API quality.
b. Multiple instruments had no audit trail functions to record data changes.
3. Failure to maintain complete data derived from all testing, and to ensure compliance with established specifications and standards.
Because you discarded necessary chromatographic information such as integration parameters and injection sequences from test records, you relied on incomplete records to evaluate the quality of your APIs and to determine whether your APIs conformed with established specifications and standards. For example:
a. During the inspection, the investigator found no procedures for manual integration or review of electronic and printed analytical data for [redacted] stability samples. Electronic integration parameters were not saved or recorded manually. When the next samples were analyzed, the previous parameters were overwritten during the subsequent analyses.
i. Your HPLC 14 computer files included raw data for undocumented [redacted] stability samples analyzed on December 30, 2013, but no indication of where these samples came from and why they were tested.
ii. In a data file folder created on May 22, 2013, 23 chromatograms were identified as stability samples for [redacted] lots [redacted], and [redacted]. Results were not documented. More importantly, the acquisition date was July 7, 2013, more than six weeks after the samples were run.
iii. (b)(4) lots (b)(4) and (b)(4) were not in your stability study records at the time of inspection. Additionally, there were no log notes of any samples from the three lots removed from the stability chamber.
In response to this letter, provide your revised procedures and describe steps you have taken to retrain employees to ensure retention of complete electronic raw data for all laboratory instrumentation and equipment. Also, provide a detailed description of the responsibilities of your quality control laboratory management, and quality assurance unit for performing analytical data review and assuring integrity (including reconcilability) of all data generated by your laboratory.”
View the original warning letter.
It’s essential to ensure your computer systems are in compliance across your global markets…but where do you start?
As the trend of companies moving to international markets continues, the quality systems used to support GxP operations must move to comply with a wider array of international requirements…and relying on 21 CFR Part 11 to ensure compliance may no longer be enough to meet a country’s validation provisions. When EU Annex 11 was updated last year, it added several new requirements for computer system compliance – and some of these requirements are not addressed in Part 11.
Are you confident you can evaluate your own compliance with international requirements for using electronic records and electronic signatures?
On Monday, March 4 at 1:00pm EST, join FOI Services and Ofni Systems for a 90-minute teleconference for a practical introduction to computer system compliance in international environments. You’ll hear about validation requirements which vary from country to country for manufacturing, clinical and laboratory systems and how they affect password controls, user level security, data security and audit trails, and more…and you’ll increase your understanding of what to look for that isn’t covered by 21 CFR Part 11.
Click here to register. For more information, or to register over the phone, call FOI Services at 800-654-1147 (+1-301-975-9400 outside the U.S. and Canada).
Ofni Systems is an industry leader for 21 CFR Part 11 compliance. Their products for Part 11 compliant databases and spreadsheets are used by pharmaceutical, biotech, and medical device companies across the globe, while it’s products for computer validation, auditing, and FDA submissions ensure that their clients meet every requirement for electronic records and electronic signatures. The company provides live desktop support for superior customer support and training and has been providing solutions to their clients since 1999. For more information, call (919) 844-2494 or visit www.OfniSystems.com.
Failure to establish and maintain procedures to control the design of the device in order to ensure that specified design requirements are met, as required by 21 CFR 820.30(a)(1). For example: You do not have design control procedures. You also have no documentation of design validation or design change controls for the Antalgic-Trak, including no documentation of risk analysis or structural [redacted] testing of the embedded software.
View the original warning letter.