audit trail


Page 1 of 212

Warning Letter: Firm lacked controls for access, data deletion, administrator rights, shared accounts, audit trail reviews. (ucm622087)

Tags: |

  Your firm failed to implement adequate controls to support the integrity of your electronic data and to ensure that only appropriate individuals had administrative rights. For example, your [redact] microbiological testing instrument used for drug product release testing is controlled by a stand-alone computer which does not have appropriate controls in place to prevent deletion of raw laboratory data. All QU users utilized a shared generic account to access the computer which had administrative privileges capable of changing and deleting files. During the inspection, one of your employees opened the computer’s recycle bin and noted that approximately [redact] files and folders were deleted. Further, these deleted items included at least [redact] files of the “[redact]” format which your personnel stated were most likely [redact] data files. The names of [redact] of those deleted files were similar to drug product formulas produced since 2017.

View the original warning letter.



Warning Letter: Audit trail feature disabled for HPLC systems (ucm563067)

Tags: | |

1. Failure to prevent unauthorized access or changes to data, and failure to provide adequate controls to prevent omission of data.
Our inspection found your laboratory systems lacked controls to prevent deletion of and alterations to electronic raw data.

a. Our review of audit trail data revealed that your analysts manipulated the date/time settings on your high performance liquid chromatography (HPLC) systems. During the inspection your analysts admitted to setting the clock back and repeating analyses for undocumented reasons. Initial sample results were overwritten or deleted, and unavailable for our investigators’ review. Your firm reported only the passing results from repeat analyses. When test results are overwritten, the quality unit is presented with incomplete and inaccurate information about the quality of the drugs produced by your firm.

b. Your quality control analysts used a shared login account to access HPLC systems. This shared account allowed analysts, without traceability, to change the date/time settings of the computer, to modify file names, and to delete original HPLC data.

c. Seven out of [redacted] of your firm’s HPLC systems used for API testing had the audit trail feature disabled, although all [redacted] had audit trail functionality.

In your response, you acknowledged that you lacked effective measures to control data within your computerized systems. You committed to revising procedures for computerized systems, locking date/time settings, and enabling audit trail functions. However, you noted that you do not expect audit trail functions for all quality control instruments to be completely activated until September 30, 2017. In the interim, you committed to control measures, including updated software and logbooks.

Your response is insufficient because it did not specify who holds administrative privileges on your computers, or address the significant pattern of data manipulation (e.g., deletions, date/time alterations) we observed at your facility.

In response to this letter:
Clarify the specific user roles and detail the associated privileges for each laboratory system.
Provide an assessment of the effectiveness of your interim system controls.
Provide a commitment to conduct a similar future assessment of the effectiveness of all system controls expected to be in place by September 2017.
Explain the oversight role of the quality unit in implementing these improvements and ensuring they remain effective.

2. Failure to maintain complete data derived from all laboratory tests conducted to ensure compliance with established specifications and standards.

Our investigators found that you failed to maintain complete data for all laboratory analyses, and you relied on incomplete information to determine whether your drugs met established specifications.

a. HPLC chromatograms were deleted and not available for our investigators’ review. In your response, you acknowledged that in January 2016, “some data was deleted” while the network edition of the chromatographic operating system software was installed.

b. Our investigators found a recurring practice of re-testing samples until acceptable results were obtained. For example, our investigators found repeat HPLC testing for related substances of crude [redacted], batch [redacted]. The initial test displayed an unknown peak in the chromatogram. A different analyst retested the batch five days later: this analysis did not display the unknown peak. Only the results of the second analysis were used for batch disposition, without documented justification or investigation.

Your response is inadequate because you did not include an assessment of the deleted data. Your response also lacked commitments to investigate the unknown peak in the chromatogram for crude [redacted] batch [redacted], and to discontinue repeating tests without justification and investigation.

3. Failure of your quality unit to exercise its responsibility to ensure the API manufactured at your facility are in compliance with CGMP, and meet established specifications for quality and purity.

Our investigators found batch production records that contained blank or partially completed manufacturing data and lacked dates and signatures for verification. For example, in your [redacted] plant, our investigators found a batch record for [redacted] starting material, batch [redacted], with sticky notes from the quality assurance department directing operators to enter manufacturing data, such as missing weight and volume entries. Also, your quality unit did not approve this batch record before the material was used in further manufacturing.

All data in CGMP records must be complete and reliable so it can be evaluated by the quality unit during its batch review, as well as maintained for additional CGMP purposes.

Other documents—including cleaning records and equipment use logs—were also found to be partially completed, without dates and signatures for verification, or with pages or spaces intentionally left blank for documentation at a later time.

Your quality unit was aware of these unacceptable production department practices but did not ensure they were corrected.

View the original warning letter.



Warning Letter: Audit trail data for system is inconsistent with printed records (ucm560653)

Tags: | | |

Your firm does not exercise appropriate controls over computer related systems to assure that changes in master production and control records or other records are instituted only by authorized personnel [21 C.F.R. 211.68(b)]. For example:

A. Your “Processed By” dates and times listed on printed chromatograms do not always show the same “Processed By” dates and times listed on the system chromatograms.

B. Your data in the audit trails does not always show the same data listed on your printed chromatograms.

Your response states you have not observed any test result data discrepancies between your printed versions of the test results. However, this does not address adequate electronic data controls to prevent inconsistencies between the printed and electronic data. Your responses for 2A and 2B above are not adequate in that your firm did not provide any corrective action addressing the assessment of all relevant data in the audit trails.

C. Your firm enters data into [redacted] files to complete plate assay calculations but they are not locked from editing once the file has been reviewed.

Your response fails to include any corrective action to ensure that there is no further access or ability to save over test results in [redacted] spreadsheets once reviewed and approved.

D. Your firm did not give unique sample set names to different sequences of samples run on different instruments on the same day.

Your response is not adequate. Your firm did not address the concern of the possibility of sample sets with the same name overwriting each other during the data backup process…

Your procedure is to then enter the raw data into document number MIC-0066-13-01 titled “[redacted]”, Attachment 1. On the completed form, the [redacted] test results for the [redacted] zones were not the same as observed by our Investigator; the range was 11.4 to 15.1. Your firm used an Excel spreadsheet to calculate the potencies of Tri-Otic Ointment lots H610 and H6514 as [redacted] and [redacted], respectively.

Your response does not provide documentation of the January 26, 2017 handwritten zone diameter results for Tri-Otic Ointment (Lots H6510 and H6514), which you allege differ from our investigators’ direct observation. We note your response acknowledges that you should have provided our Investigator a copy of the handwritten zone diameter results. You have not subsequently verified complete raw data was maintained.

View the original warning letter.



Warning Letter: Audit trail functionality enabled the day before inspection (ucm554576)

Tags: | |

Our investigators observed that the software you use to conduct high performance liquid chromatography (HPLC) analyses of API for unknown impurities is configured to permit extensive use of the “inhibit integration” function without scientific justification.  For example, our investigator reviewed the integration parameters you used for HPLC identification of impurities in release testing for [redacted].  These parameters demonstrated that your software was set to inhibit peak integration at four different time periods throughout the analysis.  Similarly, in the impurities release testing you performed for [redacted], your HPLC parameters were set to inhibit integration at four different time periods throughout the analysis.

Inhibiting integration at various points during release testing for commercial batches is not scientifically justified.  It can mask identification and quantitation of impurities in your API, which may result in releasing API that do not conform to specifications.

2. Failure to prevent unauthorized access or changes to data and failure to provide adequate controls to prevent manipulation and omission of data.

During the inspection, our investigators discovered a lack of basic laboratory controls to prevent changes to and deletions from your firm’s electronically-stored data in laboratories where you conduct CGMP activities.  Specifically, audit trail functionality for some systems you used to conduct CGMP operations was enabled only the day before the inspection, and there were no quality unit procedures in place to review and evaluate the audit trail data.  For example, you used standalone HPLC (2-RD HP/SM/32) to conduct analyses for Drug Master File (DMF) submissions and investigations, such as characterization of a starting material for your [redacted] DMF.  You also used uncontrolled systems to conduct out-of-specification (OOS) investigations for in-process materials used to manufacture [redacted] API.

3. Limiting access to or copying of records

Your firm limited access to or copying of records that our investigators were entitled to inspect.  For example, our investigators requested records of your audit trail data from all chromatographic systems used to test drugs for the U.S. market at your facility.  The files you ultimately provided (in the form of Excel spreadsheets rather than direct exports from your chromatographic software) were not the original records or true copies, and showed signs of manipulation.  The records you did provide contained highlighting, used inconsistent date formats, and lacked timestamp data; these features are inconsistent with original data directly exported from chromatographic testing software.

Our investigators and their supervisor explained at least twice that the data you provided was not representative of actual audit trail data from the chromatographic systems, and requested that you provide the original, unmodified records.  Your firm stated, without reasonable explanation, that you could not provide the requested audit trail records.  When our investigators explained that your failure to provide the requested records would be documented as a refusal, you acknowledged the refusal.

Our investigators documented other instances in which your firm limited the inspection by providing some, but not all, of the records requested by the FDA investigator that FDA had authority to inspect.  At multiple times during the inspection, FDA requested records of CGMP activities performed in your R&D laboratories at the behest of your quality unit.  However, you limited the inspection by providing only a subset of the requested records, and our investigators also found at least one of the requested records shredded in the trash.  Finally, our investigators requested chromatograms to substantiate your claim that you had identified and quantitated the impurities in [redacted], but you never provided the records that our investigators asked for to support your claim.

When an owner, operator, or agent delays, denies, limits, or refuses an inspection, the drugs may be deemed adulterated under section 501(j) of the FD&C Act.

View the original warning letter.



Warning Letter: Failure to monitor and investigate error signals (ucm550326)

Tags: |

Your quality unit failed to monitor and investigate error signals generated by the computerized systems that you use for high performance liquid chromatography and gas chromatography.  These signals indicated the loss or deletion of original CGMP analytical data.  However, your quality unit did not comprehensively address the error signals or determine the scope or impact of lost or deleted data until after these problems were reviewed during our inspection.

For example, our investigator reviewed audit trails from August 2016 assay testing on [redacted] batch [redacted] and dissolution testing for [redacted] tablets batch [redacted].  The audit trail for these tests included the message, “deleted result set,” but neither of these two incidents were recorded in the analytical packages for these batches of drug products, nor were they reviewed or investigated by the quality unit.

In addition, during the inspection, our investigator observed that your Empower 3 system audit trail displayed many instances of a “Project Integrity Failed” message, which indicates that injections were missing from the results of analytical testing.  For example, in [redacted] analysis for [redacted] tablets batch [redacted] conducted on June 20, 2016, no chromatogram was rendered for the initial run of testing.  The data package for this testing clearly shows that the initial run is missing, but your quality unit did not investigate the incident.

Although you showed our investigator isolated examples of interrupted, missing, deleted, and lost data for which you had opened investigations, you reached similar conclusions in many of these investigations regarding the root cause of your loss of data integrity but failed to take appropriate corrective action and preventive action in response.  Our investigator observed that you attributed numerous incidents to power interruptions, connectivity problems (disconnection of the Ethernet or power cord), and instrument malfunctions.  You could not explain why these events occurred with frequency in your laboratory, nor had you undertaken a comprehensive investigation into the problem or sought to correct it and prevent its recurrence.

In your written response dated February 17, 2017, you identified seven samples from a single week of testing for which original results were lost following data acquisition interruptions at the time of initial analysis.  Instead of uniformly initiating an investigation into the root cause of each interruption when it occurred or even documenting it for later review and investigation by the quality unit, you explained in your response that you retested the samples immediately after the interruptions.

Your response is inadequate because you have not identified and investigated each instance in which data acquisition was interrupted.  While you assessed a limited number of error codes from a seven day period, you did not evaluate the effects of other error codes identified in your simulation exercise report on the reliability, accuracy, or completeness of the data you use to evaluate the quality of your drugs.  Although you have submitted multiple responses, you have not yet:

  • shown exactly how widespread these problems are;
  • evaluated their full effects on the quality of your drugs;
  • explained why these events occurred with frequency in your laboratory;
  • or demonstrated how you will ensure that your quality unit reviews, investigates, and acts upon codes that affect the reliability of your CGMP data.

In response to this letter, provide your validation of laboratory instrument error codes.  Identify the specific codes that may impact product quality and the reliability of CGMP data, and provide your procedures to demonstrate how your quality unit will review, investigate, and respond to these specific codes.

View the original warning letter.



Warning Letter: Analyst manipulated and deleted audit trails (ucm546319)

Tags: |

Your quality control laboratory disregarded multiple out-of-specification (OOS) impurity results without justification. For example, on September 22, 2015, you encountered an OOS unknown impurity peak during high performance liquid chromatography (HPLC) testing of [redacted] 36-month stability batch [redacted].  You terminated the analysis.  Testing of a new sample also showed the OOS impurity peak.  The chromatogram was then manually rescaled, which hid the presence of this peak.  Your laboratory set the integration parameters to omit this peak from integration. Because the peak was omitted, the quality unit was not provided with full information to evaluate whether the stability batch, and potentially other marketed batches, continued to meet quality standards.

In addition, your audit trail showed that from July 1 to 2, 2015, you performed seven sample injections of [redacted] 60-month stability batch [redacted] to test for impurities using HPLC.  You permanently deleted the first five sample injections. You then renamed the last two injections and reported that they met specifications.  Your quality unit failed to identify and address these serious data manipulations…

Failure to prevent unauthorized access or changes to data, and failure to provide adequate controls to prevent omission of data.

Our investigator observed that your laboratory systems lacked controls to prevent your staff from altering or deleting electronic data. Analysts manipulated and deleted audit trails.  You lacked adequate controls for all HPLC, gas chromatography, and ultra-violet systems.

For example, an analyst deleted audit trails in your gas chromatography equipment #YQ-07-10 from September 15, 2015, through April 24, 2016, and permanently deleted audit trails from November 6 to 13, 2015.  In addition, our investigator observed that your quality control manager and quality control deputy manager had full administrative rights on all of your computerized systems, which allows them to manipulate data and turn off audit trails.

View the original warning letter.



Warning Letter: Operators were able to delete tests in the audit tail for two instruments (ucm546483)

Tags: | |

Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

For example, during inspection of the sterile manufacturing and QC microbiology areas, our investigators observed:

  1. Deletion of at least six [redacted] and [redacted] tests in the audit trails for two instruments used to test sterile [redacted].  Your systems allowed operators to delete files.  You had no procedure to control this practice or to ensure a backup file was maintained.  When you reviewed the audit trail data further, you identified a total of 25 deleted [redacted] test results.  In your response, you state that the production staff now only have “view and print” privileges.  However, your response is inadequate because it lacks details of how appropriate oversight will be exercised over data backup to ensure it is appropriately retained.  
  2. No restricted access to the microbial identification instrument.  Further, you lacked restricted access to the external hard drive used for backup of this instrument.  All users could delete or modify files.  In your response, you commit to limit access to the system and external hard drive.  However, your response is inadequate because you did not provide a retrospective risk assessment of the impact and scope of inadequate system controls at your firm.

View the original warning letter.



Warning Letter: Failure to exercise sufficient controls (ucm502347)

Tags: | |

Failure to exercise sufficient controls over computerized systems to prevent unauthorized access or changes to data, and to provide adequate controls to prevent omission of data.

Our investigator found that your [redacted] system used for [redacted] and [redacted] testing lacked access controls and audit trail capabilities. For example, all employees had administrator privileges and shared one user name, so actions could not be attributed or traced to specific individuals. This exposed your electronic data to manipulation and/or deletion without traceability.

Our investigator also noted that your firm copied raw data to a CD [redacted], and then deleted the data from the [redacted] system to free space on the hard drive. Files copied to the CD were selected manually; the selection process was not supervised. Without audit trail capabilities or supervised file selection, there was no assurance that all raw data files were copied to the CD before they were permanently deleted from the system.

View the original warning letter.



Warning Letter: Failure to have computerized systems with sufficient controls (ucm484910)

Tags: |

” Failure to have computerized systems with sufficient controls to prevent unauthorized access or changes to data.

During the inspection, FDA investigators discovered a lack of basic laboratory controls to prevent changes to your firm’s electronically stored data. Your firm relied on incomplete records to evaluate the quality of your drugs and to determine whether your drugs conformed with established specifications and standards.

View the originalwarning letter.



Warning Letter: Failure to validate software (ucm465665)

Tags: | |

“Failure to validate computer software for its intended use according to an established protocol when computers or automated data processing systems are used as part of production or the quality system, as required by 21 CFR 820.70(i).

For example, your firm uses the software [redacted], developed by [redacted], to document, maintain, and track customer complaints electronically. However, as stated by your firm’s Director of Quality Assurance (QA) & Regulatory Affairs (RA) during the inspection, the software does not generate time-stamped audit trails to independently record the date and time of operator entries and actions that create, edit, or modify electronic records.”

View the original warning letter.





Page 1 of 212