Data Integrity


Page 4 of 71234567

Notice of Concern from World Health Organization: Company Failed to Ensure Integrity of Data

Tags:

” Quotes from the Notice:

The company failed to ensure the integrity of data:…
Batch numbers were not electronically recorded…
Hundreds of trial injections… in sequence… were seen in folder c:…
Data was found to be deleted for several runs…
The backups could not be restored during the inspection.
Instrument audit trails were not available…
An analyst was seen in process of taking tablet weight data from a calculation spreadsheet in Excel and writing the values down in his analytical test sheet as if these were the raw weighing values.”

View the original Notice of Concern.



FDA Warning Letter: There is no assurance that you maintain complete electronic raw data for laboratory instruments and data acquisition software (ucm455345)

Tags:

“Failure to record activities at the time they are performed and destruction of original records.

Specifically, your employees completed batch production records entries days after operations had ended, released lots before the proper approvals, and failed to maintain original manufacturing data for critical steps in the batch production records.  For example,

a) Our investigators found that some of your operators used “rough notes” (unbound, uncontrolled loose paper) to capture critical manufacturing data and then destroyed these original records after transcription into the batch production records. For example, the [redacted] chemist recorded original manufacturing data as rough notes and left these rough notes for the [redacted] chemist to transcribe into the batch production records.  The next morning, the [redacted] chemist signed the batch production records and destroyed the original rough notes.  We interviewed employees during the inspection who confirmed your firm’s practice of transcribing data to batch records and destroying original records

b) Additionally, our investigators found backdated batch production records dated February 10 to February 25, 2014, signed by your Production Manager and Technical Director in the “Batch Manufacturing Record Reviwed [sic] by” section. The Technical Director stated that he was not in the facility on these dates and was “countersigning” for another person who allegedly performed these review activities.  However, these records did not contain signatures (contemporaneous or otherwise) of the alternate reviewer who purportedly conducted the review. Furthermore, the Technical Director backdated his own signature to the date the quality unit (QU) reviewed and released your drug product.  His backdated signatures are on [redacted] batch records for lots [redacted]; and [redacted] batch records for lots [redacted].  You released these batches before the Technical Director returned to the facility and backdated his signatures.  The batch records, therefore, do not demonstrate that you completed your required review before releasing your products…

Failure to prevent unauthorized access or changes to data, and to provide adequate controls to prevent omission of data.

Your laboratory systems lacked access controls to prevent raw data from being deleted or altered. For example,

a) There is no assurance that you maintain complete electronic raw data for your Gas Chromatography (GC) instrument. FDA investigators observed multiple copies of raw data files in the recycle bin connected to the GC instrument QC-04 even in the presence of “Do Not Delete Any Data” notes posted on two laboratory workstation computer monitors.

b) Employees were allowed uncontrolled access to operating systems and data acquisition software tracking residual solvent, and test and moisture content. Our investigators noted that there was no password functionality to log into the operating system or the data acquisition software for the GC, the High Performance Liquid Chromatography (HPLC) instrument QC-17, or the Karl Fischer (KF) Titrator QC-13.

c) HPLC SpinChrome and GC Lab Station data acquisition software lacked active audit trail functions to record changes in data, including original results, who made changes, and when.

In your response, you state that your laboratory GC, HPLC and KF systems are now password-protected and that you have begun drafting analytical software password procedures for the GC, HPLC and KF laboratory instruments.  However, your response does not state whether every analyst will have their own user identification and password.  You also mention plans to install a validated computer system.  However, you did not provide a detailed corrective action and preventive action (CAPA) plan or conduct a review of the reliability of your historical data to ensure the quality of your products distributed to the U.S. market.

Inadequate controls of your computerized analytical systems raise questions about the authenticity and reliability of your data and the quality of your APIs.  It is essential that your firm implements controls to prevent data omissions or alterations.  It is critical that these controls record changes to existing data, such as the individuals making changes, the dates, and the reason for changes.

In response to this letter, provide your comprehensive CAPA plan for ensuring that electronic data generated in your manufacturing operations, including laboratory testing, cannot be deleted or altered.  Also identify your quality control laboratory equipment and any other manufacturing-related equipment that may be affected by inadequate controls to prevent data manipulation.

View the original warning letter.



Warning Letter: Failure to provide adequate controls for audit trail, backup, common log-in and password, validation, procedures, and training (ucm448433)

Tags: |

“Failure to prevent unauthorized access or changes to data and to provide adequate controls preventing data omissions.

Our inspection noted that your firm did not retain complete raw data from testing performed to assure the quality of
[redacted], API. Specifically, our inspection revealed your firm did not properly maintain a back-up of HPLC chromatograms that form the basis of your product release decisions. Our inspection revealed discrepancies between the printed chromatograms and the operational qualification protocol for the High Performance Liquid Chromatography (HPLC) system, which is intended to demonstrate correct operation of the HPLC. These discrepancies included injection sequences and values to calculate relative standard deviation (RSD).

While investigating these discrepancies, our investigator requested the original electronic raw data. Your quality unit, after consulting with the Information Technology (IT) department, stated they were unable to retrieve the original electronic raw data because back-up discs were unreadable. Your quality unit then stated that back-up disks have been unreadable since at least 2013. Your HPLC system is used to test
[redacted], API for batch release. However, without complete, accurate, reliable, or retrievable raw data about the HPLC system’s qualification, you lacked complete assurance that the system was operating as intended.

You also failed to have proper controls in place to prevent unauthorized manipulation of your laboratory’s raw electronic data. Our inspection revealed your HPLC system did not have access controls to prevent alteration or deletion of data. Your HPLC software lacked an audit trail recording any changes to the data, including: previous entries, who made changes, and when changes were made. During the inspection, we also noted that all laboratory employees shared a common log-in and password to access the system.

This lack of control over the integrity of your data raises questions about your analytical data’s authenticity and reliability, and about the quality of your APIs. We note that the September 2008 FDA inspection uncovered concerns over your handling of raw analytical data, including discrepancies between laboratory notebooks and printed chromatograms.”

View the original warning letter.



Warning Letter: No active audit trail (ucm443247)

Tags: | | |

“Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

You lacked controls to prevent the unauthorized manipulation of your laboratory’s electronic raw data. Specifically, your infrared (IR) spectrometer did not have access controls to prevent deletion or alteration of raw data. Furthermore, the computer software for this equipment lacked active audit trail functions to record changes to data, including information on original results, the identity of the person making the change, and the date of the change. Audit trails that capture such critical data about the quality of your batch production should be reviewed as part of the batch review and release process.”

View the original warning letter.



Warning Letter: No audit trail function was enabled (ucm440966)

Tags: | |

“Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

Specifically, your high performance liquid chromatography (HPLC) and gas chromatography (GC) data acquisition software, TotalChrom®, did not have sufficient controls to prevent the deletion or alteration of raw data files. During the inspection, the investigator observed that the server that maintains electronic raw data for HPLC and GC analyses (the J drive) contains a folder named “Test,” and that chromatographic methods, sequences, and injection data saved into this folder can be deleted by analysts. The investigator also found that data files initially created and stored in the “Test” folder had been deleted, and that back-up files are overwritten [redacted].

In addition, because no audit trail function was enabled for the “Test” folder, your firm was unable to verify what types of injections were made, who made them, or the date or time of deletion. The use of audit trails for computerized analytical instrumentation is essential to ensure the integrity and reliability of the electronic data generated.”

View the original warning letter.



Warning Letter: Inadequate audit trails and password protection (ucm436268)

Tags: | |

“a. You did not retain complete raw data from testing performed to ensure the quality of your APIs. For example, your firm could not provide electronic raw data supporting your High Pressure Liquid Chromatography (HPLC) testing in your Validation Report BP-VR-0701/2010.

b. You failed to retain complete raw data documenting the weights and calculations used in method validation as specified in your standard operating procedure (SOP) “Recording of Raw Data.”

c. Your analyst selectively invalidated data during related substance testing. For example, for [redacted], batch [redacted] on May 15, 2013; you did not retain data from all six injections used for the initial system suitability. Your analyst discarded one of the six injections performed with no justification.

3. Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

The inadequate controls over access to your data raise questions about the authenticity and reliability of your data and the quality of the APIs you produce. Specifically,

a. Your firm did not have proper controls in place to prevent the unauthorized manipulation of your laboratory’s raw electronic data. Your HPLC computer software lacked active audit trail functions to record changes to analytical methods, including information on original methodology, the identity of the person making the change, and the date of the change. In addition, your laboratory systems did not have access controls to prevent deletion or alteration of raw data. During the inspection, your analysts demonstrated that they were given inappropriate user permissions to delete HPLC data files.

b. Moreover, the gas chromatograph (GC) computer software lacked password protection allowing uncontrolled full access to all employees.”

View the original warning letter.



Warning Letter: Failure to prevent unauthorized access or changes (ucm421544_Amended)

Tags: | |

Your firm released [redacted] API batch [redacted] with an unknown peak present in the residual solvents chromatogram. Although this unknown peak was not a part of your historical impurity data, neither the analyst nor the supervisor apparently noticed or evaluated this unknown peak during their reviews.

Subsequently, a customer complaint was received for this batch, and your investigation identified the unknown peak as [redacted]. Your firm found that this peak was a result of a contamination that occurred during your manufacturing process.

In response to this letter, provide the corrective actions implemented to ensure that all laboratory data is appropriately analyzed, accurately reported and approved by your quality unit.
Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

Your firm did not have proper controls in place to prevent the unauthorized manipulation of your electronic raw data. For example,

a. The inspection found that the audit trail feature for your gas chromatography (GC) instruments was not used until October 2013, even though your 2009 GC software validation included a satisfactory evaluation of the audit trail capability.

b. There is no assurance that you maintain complete electronic raw data for the [redacted] GC instruments, the Malvern particle size analyzer, and the ultraviolet (UV) spectrophotometer. Our inspection found that these instruments were connected to stand-alone computers that stored the data and that the data could be deleted.

c. Prior to our inspection, your firm failed to have a back-up system for the data generated by one of the [redacted] Fourier transform infrared spectrometers, the polarimeter, the UV spectrophotometer and the Malvern particle size analyzer.

View the original warning letter.



Warning Letter: QC personnel created unauthorized data folders on laboratory computerized systems without appropriate oversight (ucm432709)

Tags: | |

“Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

QC personnel created unauthorized folders on laboratory computerized systems without appropriate oversight. Our review of the HPLC Empower III data collected in 2013-2014 in the commercial QC laboratory found a data folder entitled “WASH.” According to your management, the folder was intended for column wash injections using blank solvent prior to and following sample runs, although you have no standard operating procedure (SOP) detailing this process. One of your laboratory analysts stated that this folder does not contain any standard or sample injection results. However, our investigator found that this folder contained a total of 3,353 injection results, some of which appeared to be samples.

As part of your comprehensive evaluation and risk assessment, include a detailed description of all computerized systems in your facility used for testing drugs. This description should include information on each electronic folder that was not created pursuant to a valid SOP and an assessment of every file in each such folder, including information about the sample (product), date of test, lot number and original test result over the last five (5) years, except for data relating to exhibit batches, in which case there is no time limitation. Also provide specific information about all retests during these time frames, where an initial out-of-specification or out-of-trend result was disregarded without an investigation and the date on which you became aware such information had been disregarded. In addition, for each batch, provide the number of injections performed and chromatograms reviewed, and of those, the number that were used to generate a reported result. Furthermore, provide an updated assessment on the possible effects of your firm’s practices on the quality, safety, and efficacy of the drugs you manufacture or plan to manufacture, including drugs covered by approved or pending applications.

Also describe the procedures established to manage and retain all computerized data.

View the original warning letter.



Warning Letter: Lack of controls, such as audit trails, to prevent substitution, overwriting, or changes of electronically stored data (ucm431456)

Tags: | |

“The trial injection data was stored in the “Trial” folder located on a PC with no audit trail linked to the HPLC instrument…

The audit trail for the dissolution analysis of the 9-month long-term stability sample of [redacted] USP [redacted] mg Tablets batch [redacted] conducted on March 22, 2014, showed a single manual injection that was not included in the official test results package. A manual “trial” sample injection from vial position [redacted] at 12:29 pm was injected between the Set [redacted] and Set [redacted] analytical sequences. No deviation was documented regarding the extra sample injection. In addition, the original injection data obtained for vial position [redacted] was overwritten and not saved. Because the original data was overwritten, you did not review and evaluate it as part of your batch release decision…

Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

FDA investigators discovered a lack of basic laboratory controls to prevent changes to electronically stored data. The following examples show that you lack effective control of the integrity of instrument output data:
The ten Shimadzu HPLC instruments in the QC “commercial” laboratory were configured to send acquired injection data to PCs without audit trails.

There was a lack of controls to prevent substitution or overwriting of data. The [redacted] audit trail dated January 6, 2014, for HPLC MLG/QC/12/026 and the [redacted] audit trail dated January 15, 2014, for HPLCs MLG/QC/12/031 and MLG/QC/12/027 each showed sample injections marked with the same small graphic symbol. For each of these entries, you replaced the original injection sequence data with data from a single manual injection and failed to save the original sequence data.

A “File Note” dated February 10, 2014, signed by the QC Head, established that the printed data used for batch disposition decisions from the Metrohm Titrando Instrument MLG/QC/12/048 hard drive was not necessarily the complete data for a batch. Our inspection found that data on the instrument was selected for use and was not protected from change and deletion. Notably, the audit trail capability of this QC “commercial” laboratory instrument was not enabled, even after creation of the “File Note.”

View the original warning letter.



Warning Letter: Failure to have proper controls (ucm421988)

Tags:

Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

Your firm did not have proper controls in place to prevent manipulation of your laboratory’s electronic raw data. Specifically, your NuCon 5700 gas chromatographs (GCs) did not have access controls that would prevent the deletion or altering of raw data files. In addition, the GC software lacked active audit trail functions to record any changes to the data, including the previous entries, who made the changes, and when the changes were made. The use of audit trails for computerized analytical instrumentation is essential to ensure the integrity and reliability of the electronic data generated.

During the inspection, your management explained that the laboratory practice was to delete the raw data files once the chromatograms were printed. As such, your firm did not retain complete raw data from testing to ensure the quality of your APIs. Specifically, electronic raw data files, supporting your GC testing for release (assay) were deleted.

Failure to have appropriate controls for issuance of batch records.

Our inspection found that batch records were uncontrolled in that operators had the ability to print batch records from their personal computers. In addition, various uncontrolled blank manufacturing batch records were found in a binder located in the production office.

View the original warning letter.





Page 4 of 71234567