Failure of computerized systems to have sufficient controls to prevent unauthorized access or changes to data.
Your firm’s computer system for entering test results and storing certificates of analysis (CoA), which document whether a drug meets specifications, does not have sufficient controls to prevent unauthorized changes to a CoA after quality unit approval.
During the inspection, our investigator reviewed [redacted] CoA stored on computer #16, all of which were approved by the quality unit. A manager demonstrated for our investigator how results on an already finalized CoA could be manipulated after the formal quality unit approval. Also, the quality unit’s electronic signatures on these CoA were uncontrolled images of signatures rather than certificate-based electronic signatures.
View the original warning letter.