compliance training

Warning Letter: Failure to maintain complete data (ucm465626)

Tags: | |

“2. Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

Your laboratory systems lacked access controls to prevent raw data from being deleted or altered. For example:

a. During the inspection, we noted that you had no unique usernames, passwords, or user access levelsfor analysts on multiple laboratory systems. All laboratory employees were granted full privileges to the computer systems. They could delete or alter chromatograms, methods, integration parameters, and data acquisition date and time stamps. You used data generated by these unprotected and uncontrolled systems to evaluate API quality.

b. Multiple instruments had no audit trail functions to record data changes.

3. Failure to maintain complete data derived from all testing, and to ensure compliance with established specifications and standards.

Because you discarded necessary chromatographic information such as integration parameters and injection sequences from test records, you relied on incomplete records to evaluate the quality of your APIs and to determine whether your APIs conformed with established specifications and standards. For example:

a. During the inspection, the investigator found no procedures for manual integration or review of electronic and printed analytical data for [redacted] stability samples. Electronic integration parameters were not saved or recorded manually. When the next samples were analyzed, the previous parameters were overwritten during the subsequent analyses.

i. Your HPLC 14 computer files included raw data for undocumented [redacted] stability samples analyzed on December 30, 2013, but no indication of where these samples came from and why they were tested.

ii. In a data file folder created on May 22, 2013, 23 chromatograms were identified as stability samples for [redacted] lots [redacted], and [redacted]. Results were not documented. More importantly, the acquisition date was July 7, 2013, more than six weeks after the samples were run.

iii. (b)(4) lots (b)(4) and (b)(4) were not in your stability study records at the time of inspection. Additionally, there were no log notes of any samples from the three lots removed from the stability chamber.

In response to this letter, provide your revised procedures and describe steps you have taken to retrain employees to ensure retention of complete electronic raw data for all laboratory instrumentation and equipment. Also, provide a detailed description of the responsibilities of your quality control laboratory management, and quality assurance unit for performing analytical data review and assuring integrity (including reconcilability) of all data generated by your laboratory.”

View the original warning letter.

Part 11 Isn’t Enough Anymore: Software Compliance for International Markets

Tags: | | |

It’s essential to ensure your computer systems are in compliance across your global markets…but where do you start?

As the trend of companies moving to international markets continues, the quality systems used to support GxP operations must move to comply with a wider array of international requirements…and relying on 21 CFR Part 11 to ensure compliance may no longer be enough to meet a country’s validation provisions. When EU Annex 11 was updated last year, it added several new requirements for computer system compliance – and some of these requirements are not addressed in Part 11.

Are you confident you can evaluate your own compliance with international requirements for using electronic records and electronic signatures?

On Monday, March 4 at 1:00pm EST, join FOI Services and Ofni Systems for a 90-minute teleconference for a practical introduction to computer system compliance in international environments. You’ll hear about validation requirements which vary from country to country for manufacturing, clinical and laboratory systems and how they affect password controls, user level security, data security and audit trails, and more…and you’ll increase your understanding of what to look for that isn’t covered by 21 CFR Part 11.

What You’ll Learn

  • How the changes to Annex 11 affect your own GxP compliance
  • Which international regulations apply to your computer systems (and which don’t)
  • The regulations you absolutely can’t overlook
  • Procedures to help you document your compliance
  • The essentials of compliance for electronic records and signatures
  • Requirements to consider before buying computer systems for international GxP use

What You’ll Receive

  • Copies of, or links to, essential documents, including “Annex 11: Computerized Systems” and “EMEA ICH Guideline for Good Clinical Practice”
  • A checklist to determine if your systems are in compliance with international requirements for computer systems
  • A checklist to help identify the gaps in your systems’ international compliance
  • An experienced and approachable instructor
  • Time for questions and answers

Who Should Attend

  • Everyone involved in system validation
  • Anyone selecting computer systems intended for GxP environments
  • Information technology professionals responsible for files or network locations storing GxP data
  • Quality professionals who organize, document and verify system compliance
  • Executives evaluating requirements of prospective markets

To Register for this Conference

Click here to register. For more information, or to register over the phone, call FOI Services at 800-654-1147 (+1-301-975-9400 outside the U.S. and Canada).

About Ofni Systems

Ofni Systems is an industry leader for 21 CFR Part 11 compliance. Their products for Part 11 compliant databases and spreadsheets are used by pharmaceutical, biotech, and medical device companies across the globe, while it’s products for computer validation, auditing, and FDA submissions ensure that their clients meet every requirement for electronic records and electronic signatures. The company provides live desktop support for superior customer support and training and has been providing solutions to their clients since 1999. For more information, call (919) 844-2494 or visit

Warning Letter: Failure to establish procedures (ucm268059)

Tags: | | | | |

Failure to establish and maintain procedures to control the design of the device in order to ensure that specified design requirements are met, as required by 21 CFR 820.30(a)(1). For example: You do not have design control procedures. You also have no documentation of design validation or design change controls for the Antalgic-Trak, including no documentation of risk analysis or structural [redacted] testing of the embedded software.

View the original warning letter.