For example, during inspection of the sterile manufacturing and QC microbiology areas, our investigators observed:
Deletion of at least six [redacted] and [redacted]tests in the audit trails for two instruments used to test sterile [redacted]. Your systems allowed operators to delete files. You had no procedure to control this practice or to ensure a backup file was maintained. When you reviewed the audit trail data further, you identified a total of 25 deleted [redacted] test results. In your response, you state that the production staff now only have “view and print” privileges. However, your response is inadequate because it lacks details of how appropriate oversight will be exercised over data backup to ensure it is appropriately retained.
No restricted access to the microbial identification instrument. Further, you lacked restricted access to the external hard drive used for backup of this instrument. All users could delete or modify files. In your response, you commit to limit access to the system and external hard drive. However, your response is inadequate because you did not provide a retrospective risk assessment of the impact and scope of inadequate system controls at your firm.