Pharmaceutical Manufacturer


Page 3 of 41234

Warning Letter: Failed to validate input/output (ucm214564)

Tags: | |

Your firm failed to check the accuracy of the input to and output from the computer or related systems of formulas or other records or data and establish the degree and frequency of input/output verifications. For example, the performance qualification of your [redacted] system software (Validation No. 4000-03-PQ-0002) failed to include verification of the expiration date calculations in the [redacted] system. In addition, there is no established degree and frequency of performing the verification. Discrepancy reports have documented that product labeling with incorrect expiration dates have been created and issued for use.

View the original warning letter.



Warning Letter: Uncontrolled spreadsheets (ucm227896)

Tags: | |

Your firm has failed to exercise appropriate controls over computer or related systems to assure that changes in master production and control records, or other records, are instituted only by authorized personnel [21 C.F.R § 211.68(b)].

  • Your firm’s laboratory analysts have the ability to access and delete raw chromatographic data located on the [redacted] of [redacted] used to conduct HPLC testing. Due to this unrestrictive access, there is no assurance that laboratory records and raw data are accurate and valid.
  • Your firm’s laboratory analysts have the ability to access and modify the  formulas in the Excel spreadsheets  used to calculate assay results for Guaifenesin and [redacted] drug products. Due to this unrestricted access, there is  no assurance that the formulas in the Excel spreadsheets are accurate and valid.

View the original warning letter.



Warning Letter: Lack of security for electronic data (ucm197966)

Tags: | |

Your firm has not exercised appropriate controls over computer or related systems to assure that changes in master production and control records or other records are instituted only by authorized personnel [21 CFR 211.68(b)].

For example, your firm lacks systems to ensure that all electronic data generated in your Quality Control laboratory is secure and remains unaltered. All analysts have system administrator privileges that allow them to modify, overwrite, and delete original raw data files on the [redacted] used [redacted] in the High Performance Liquid Chromatography (HPLC) units. There are no procedures that address the security measures in place for generation and modification of electronic data files for these instruments used for raw material, in-process, finished product and stability testing. In addition, your firm’s review of laboratory data does not include a review of an audit trail or revision history to determine if unapproved changes have been made.
View the original warning letter.



Warning Letter: Database validation (ucm162745)

Tags: | | |

Failure to routinely calibrate, inspect, or check according to a written program designed to assure proper performance of automatic, mechanical, or electronic equipment, including computers, used in the manufacture, processing, packing and holding of a drug product. [21 CFR 211.68]

The Enterprise Resource Planning System known as the firm’s Systems Applications and Products (SAP) computer database allows rejected batches of drug product to be in Unrestricted Status (to be released for distribution).

During the inspection, you provided our FDA investigators a spreadsheet that you stated contained data for calibration of [(b)(4)], however, you were not able to provide the raw calibration data. In addition, the calibration data for the [(b)(4)] that you provided in your December response in Attachment #9 do not correspond to the [(b)(4)] observed by our FDA investigators.

View the original warning letter.



Warning Letter: Spreadsheet Calculations not Verified or Documented (ucm174100)

Tags: | | |

Your laboratory records did not include a record of all calculations performed in connection with laboratory tests as required by 21 CFR § 211.194(a)(5). For example, laboratory notebook #7, page 49, documents the assay results, but not the calculations performed in Test number DSFS D-13 and Test number TG 521 for the analysis of [redacted], lot #HI7908. The notebook does not document reference to the spreadsheet calculation used to generate the results. In addition, the assay results generated by the spreadsheet were not verified for accuracy. Your response dated February 16, 2009, states that you have established procedures to ensure that calculations of method validation studies are recorded. The Records Management SOP, Section 5.7.4.7, states that the procedures shall define what and how data is to be recorded in respective logbooks. However, this SOP omits instructions to include in the notebook the reference to the spreadsheet calculation used to generate the results, as well as the raw data and calculations. In addition, you continued to release products based on assay results generated by the spreadsheet that have not been verified for accuracy.

View the original warning letter.



Warning Letter: Failure to validate computer system (s7045c)

Tags: | |

Failure to establish written procedures for production and process control designed to assure that the drug products have the identity, strength, quality, and purity they purport or are represented to possess [21 CFR § 211.100(a)]. For example, your firm’s automated packaging line processes and their respective software systems have not been validated .

View the original warning letter.



Warning Letter: Lack of controls and audit trails (ucm1048180)

Tags: | | |

The [redacted] data acquisition system for the [redacted] UV/Visible spectrophotometers allows your analysts to modify, overwrite, and delete original raw data files. The spectrophotometers are used for dissolution testing of finished product, stability samples, and process and method validation studies. All laboratory personnel were given roles as [redacted] Managers, which allowed them to modify, delete, and overwrite results files. This system also does not include an audit trail or any history of revisions that would record any modification or deletion of raw data or files. Your laboratory computer system lacks necessary controls to ensure that data is protected from tampering, and it also lacks audit trail capabilities to detect data that could be potentially compromised.”

View the original warning letter.



Warning Letter: Failure to validate/Insufficient Controls (s6630c)

Tags: | |

Failure to have a validated and secure computerized system. Additionally, there were no written protocols to assign levels of responsibilities for the system. It was noted that the [redacted] instrument model [redacted] used for the analysis of [redacted] failed to have password control for the analysts and the supervisor. It was observed that the data stored on the computer can be deleted, removed, transferred, renamed or altered. While your firm’s management stated that they would like to implement certain improvements in order to establish a security system, no documentation or commitment has been provided. Please note that computerized systems should have sufficient controls to prevent unauthorized access or changes to data. There should be controls to prevent data omissions and assure back-up. There should be a record of any data change made, the previous entry, who made the change, and when the change was made.

View the original warning letter.



Warning Letter: Failure to validate software (s6357c)

Tags: | |

Appropriate controls are not exercised over computers or related systems to assure that changes in analytical methods or other control records are instituted only by authorized personnel [21 CFR 211.68(b)]. Specifically,

  • There was a failure to validate the [redacted] software to assure that all data generated by the system was secure. This software runs the laboratory HPLC equipment, generates and stores data, and performs calculations during testing of raw materials, in-process materials, finished products, and stability samples.
  • User access levels for the [redacted] software were not established and documented. Currently, laboratory personnel use a common password to gain access to the system and there are no user access level restrictions for deleting or modifying data. Furthermore, your system does not have an audit trail to document changes.

View the original warning letter.



Warning Letter: Failure to record in audit trail (ucm076260)

Tags: | |

On January 11, 2006, during content uniformity testing of[redacted], the analyst noticed that the first two capsules were out-of-specification

and the run was aborted. The audit trail for the laboratory data acquisition system does not indicate that the run was aborted and the analyst did not print the sample results or record the failing results in the laboratory notebook.

View the original warning letter.





Page 3 of 41234