Computer System

Page 1 of 1412345678910...Last »

Warning Letter: Audit trail feature disabled for HPLC systems (ucm563067)

Tags: | |

1. Failure to prevent unauthorized access or changes to data, and failure to provide adequate controls to prevent omission of data.
Our inspection found your laboratory systems lacked controls to prevent deletion of and alterations to electronic raw data.

a. Our review of audit trail data revealed that your analysts manipulated the date/time settings on your high performance liquid chromatography (HPLC) systems. During the inspection your analysts admitted to setting the clock back and repeating analyses for undocumented reasons. Initial sample results were overwritten or deleted, and unavailable for our investigators’ review. Your firm reported only the passing results from repeat analyses. When test results are overwritten, the quality unit is presented with incomplete and inaccurate information about the quality of the drugs produced by your firm.

b. Your quality control analysts used a shared login account to access HPLC systems. This shared account allowed analysts, without traceability, to change the date/time settings of the computer, to modify file names, and to delete original HPLC data.

c. Seven out of [redacted] of your firm’s HPLC systems used for API testing had the audit trail feature disabled, although all [redacted] had audit trail functionality.

In your response, you acknowledged that you lacked effective measures to control data within your computerized systems. You committed to revising procedures for computerized systems, locking date/time settings, and enabling audit trail functions. However, you noted that you do not expect audit trail functions for all quality control instruments to be completely activated until September 30, 2017. In the interim, you committed to control measures, including updated software and logbooks.

Your response is insufficient because it did not specify who holds administrative privileges on your computers, or address the significant pattern of data manipulation (e.g., deletions, date/time alterations) we observed at your facility.

In response to this letter:
Clarify the specific user roles and detail the associated privileges for each laboratory system.
Provide an assessment of the effectiveness of your interim system controls.
Provide a commitment to conduct a similar future assessment of the effectiveness of all system controls expected to be in place by September 2017.
Explain the oversight role of the quality unit in implementing these improvements and ensuring they remain effective.

2. Failure to maintain complete data derived from all laboratory tests conducted to ensure compliance with established specifications and standards.

Our investigators found that you failed to maintain complete data for all laboratory analyses, and you relied on incomplete information to determine whether your drugs met established specifications.

a. HPLC chromatograms were deleted and not available for our investigators’ review. In your response, you acknowledged that in January 2016, “some data was deleted” while the network edition of the chromatographic operating system software was installed.

b. Our investigators found a recurring practice of re-testing samples until acceptable results were obtained. For example, our investigators found repeat HPLC testing for related substances of crude [redacted], batch [redacted]. The initial test displayed an unknown peak in the chromatogram. A different analyst retested the batch five days later: this analysis did not display the unknown peak. Only the results of the second analysis were used for batch disposition, without documented justification or investigation.

Your response is inadequate because you did not include an assessment of the deleted data. Your response also lacked commitments to investigate the unknown peak in the chromatogram for crude [redacted] batch [redacted], and to discontinue repeating tests without justification and investigation.

3. Failure of your quality unit to exercise its responsibility to ensure the API manufactured at your facility are in compliance with CGMP, and meet established specifications for quality and purity.

Our investigators found batch production records that contained blank or partially completed manufacturing data and lacked dates and signatures for verification. For example, in your [redacted] plant, our investigators found a batch record for [redacted] starting material, batch [redacted], with sticky notes from the quality assurance department directing operators to enter manufacturing data, such as missing weight and volume entries. Also, your quality unit did not approve this batch record before the material was used in further manufacturing.

All data in CGMP records must be complete and reliable so it can be evaluated by the quality unit during its batch review, as well as maintained for additional CGMP purposes.

Other documents—including cleaning records and equipment use logs—were also found to be partially completed, without dates and signatures for verification, or with pages or spaces intentionally left blank for documentation at a later time.

Your quality unit was aware of these unacceptable production department practices but did not ensure they were corrected.

View the original warning letter.

Warning Letter: Failure to exercise appropriate controls over computer systems (ucm545133)

Tags: |

Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

Our investigators observed that information technology (IT) staff at your facility share usernames and passwords to access your electronic storage system for [redacted] data. Your IT staff can delete or change directories and files without identifying individuals making changes.  After a previous inspection in which FDA observed similar deficiencies, you committed to eliminate these and other data integrity vulnerabilities.

In response to this letter:

Provide your detailed plan to ensure that each current and future employee will have a unique username and password to allow tractability of changes to electronic data back to specific authorized personnel.

Describe the specific changes made to your software and electronic systems to ensure the effectiveness of your corrective actions.

View the original warning letter.

Warning Letter: Operators were able to delete tests in the audit tail for two instruments (ucm546483)

Tags: | |

Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

For example, during inspection of the sterile manufacturing and QC microbiology areas, our investigators observed:

  1. Deletion of at least six [redacted] and [redacted] tests in the audit trails for two instruments used to test sterile [redacted].  Your systems allowed operators to delete files.  You had no procedure to control this practice or to ensure a backup file was maintained.  When you reviewed the audit trail data further, you identified a total of 25 deleted [redacted] test results.  In your response, you state that the production staff now only have “view and print” privileges.  However, your response is inadequate because it lacks details of how appropriate oversight will be exercised over data backup to ensure it is appropriately retained.  
  2. No restricted access to the microbial identification instrument.  Further, you lacked restricted access to the external hard drive used for backup of this instrument.  All users could delete or modify files.  In your response, you commit to limit access to the system and external hard drive.  However, your response is inadequate because you did not provide a retrospective risk assessment of the impact and scope of inadequate system controls at your firm.

View the original warning letter.

Warning Letter: Clearance of a component does not permit marketing with a major change or modification in intended use (ucm540528)


The United States Food and Drug Administration (FDA) has learned that your firm, Thermogram Assessment Services (TAS), is marketing the TAS Image Analysis Software, including the Spatial Thermographic Imaging (STI),[1] the Integrated Thermography Systems, and Infrared (IR) Cameras (FLIR Systems, Inc. Model 325 and Model 655) (hereinafter referred to collectively as the “TAS Thermal Imaging System”), in the United States without marketing clearance or approval, in violation of the Federal Food, Drug, and Cosmetic Act (the Act)…

In communications with FDA you seem to argue that your marketing of the TAS Thermal Imaging System is permissible because the device has been cleared by FDA.  For example, you stated in your September 1, 2015 letter to FDA that the “equipment, systems, and software offered on [your] web site are brokered products available from FLIR Commercial Systems Inc., and which have been cleared for marketing by the FDA for sale.”

This software is also referred to by other names, including the “Breast Thermography Evaluation Program,” “Computerized Breast Thermography (CBT) software program,” “proprietary interpretation software”, “Spatial Thermographic Imaging”, and “artificial intelligence computer program”, on the TAS’s websites identified in this letter.

View original warning letter.

Warning Letter: No audit trail function was enabled (ucm440966)

Tags: | |

“Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

Specifically, your high performance liquid chromatography (HPLC) and gas chromatography (GC) data acquisition software, TotalChrom®, did not have sufficient controls to prevent the deletion or alteration of raw data files. During the inspection, the investigator observed that the server that maintains electronic raw data for HPLC and GC analyses (the J drive) contains a folder named “Test,” and that chromatographic methods, sequences, and injection data saved into this folder can be deleted by analysts. The investigator also found that data files initially created and stored in the “Test” folder had been deleted, and that back-up files are overwritten [redacted].

In addition, because no audit trail function was enabled for the “Test” folder, your firm was unable to verify what types of injections were made, who made them, or the date or time of deletion. The use of audit trails for computerized analytical instrumentation is essential to ensure the integrity and reliability of the electronic data generated.”

View the original warning letter.

Warning Letter: QC personnel created unauthorized data folders on laboratory computerized systems without appropriate oversight (ucm432709)

Tags: | |

“Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

QC personnel created unauthorized folders on laboratory computerized systems without appropriate oversight. Our review of the HPLC Empower III data collected in 2013-2014 in the commercial QC laboratory found a data folder entitled “WASH.” According to your management, the folder was intended for column wash injections using blank solvent prior to and following sample runs, although you have no standard operating procedure (SOP) detailing this process. One of your laboratory analysts stated that this folder does not contain any standard or sample injection results. However, our investigator found that this folder contained a total of 3,353 injection results, some of which appeared to be samples.

As part of your comprehensive evaluation and risk assessment, include a detailed description of all computerized systems in your facility used for testing drugs. This description should include information on each electronic folder that was not created pursuant to a valid SOP and an assessment of every file in each such folder, including information about the sample (product), date of test, lot number and original test result over the last five (5) years, except for data relating to exhibit batches, in which case there is no time limitation. Also provide specific information about all retests during these time frames, where an initial out-of-specification or out-of-trend result was disregarded without an investigation and the date on which you became aware such information had been disregarded. In addition, for each batch, provide the number of injections performed and chromatograms reviewed, and of those, the number that were used to generate a reported result. Furthermore, provide an updated assessment on the possible effects of your firm’s practices on the quality, safety, and efficacy of the drugs you manufacture or plan to manufacture, including drugs covered by approved or pending applications.

Also describe the procedures established to manage and retain all computerized data.

View the original warning letter.

Warning Letter: Failure to document digital changes and complaints (ucm421235)

Tags: | |

No records of identification, validation or verification, review, or approval were available for design changes to the SimulCare resulting in the SimulCare II. The changes included new digital controls… Failure to ensure that suppliers and contractors were evaluated and selected based upon their ability to meet specified requirements, as required by 21 CFR 820.50(a)(1). Specifically, your firm utilizes various suppliers for components of your devices, including PCBs [Printed Circuit Boards]…your firm failed to record and document investigation of oral complaints related to burnt-out microchips… Specifically, the SimulCare II was cleared under K083202; however, your firm’s promotion of the device provides evidence that the device was modified including a change from analog knobs utilized to control the strength and duration of therapy to digital button controls now utilized for the same function.

View the original warning letter.

Warning Letter: No CAPA Procedure (ucm 360143)

Tags: | |

These violations include, but are not limited to, the following:

Failure to establish and maintain adequate procedures for implementing corrective and preventive action and failure to document all activities under 21 CFR 820.100 and their results, as required by 21 CFR 820.100(a).

For example: Your Quality System Manual, dated 10/09/2012, Rev. A, Section 8.4 states that your firm has established procedures to document and analyze quality data from complaints, internal audits, supplier performance and non-conforming materials. Section 8.5 states that your firm has implemented a corrective and preventive action (CAPA) program to eliminate the cause of nonconformities in order to prevent recurrence. However, your firm does not have any written CAPA procedures. In addition, you have no records of analyzing quality system data obtained through sources such as complaints, internal audits, supplier performance and non-conforming materials, to determine if a CAPA action is required.

View the original warning letter.

Warning Letter: Medical device company failed to validate computer software (ucm 355751)

Tags: | |

Failure to ensure that all inspection, measuring, and test equipment, including mechanical, automated, or electronic inspection and test equipment, is suitable for its intended purposes and is capable of producing valid results, as required by 21 CFR 820.72(a). For example, your firm’s design verification procedure does not require that test equipment and software are fully validated, as needed, and prior to use in design verification activities.

View the original warning letter.

Warning Letter: Firm not reporting all electronic results obtained (ucm 361553)

Tags: | |

We observed and documented practices during the inspection that kept some samples, data and results outside of the local systems for assessing quality. This raises serious concerns regarding the integrity and reliability of the data generated at your Kalyani plant. For example,

a. Our review of the Chromeleon and Empower II software found that your firm was testing samples unofficially, and not reporting all results obtained. Specifically, “test,” “trial” and “demo” injections of intermediate and final API samples were performed, prior to performing the tests that would be reported as the final QC results.

b. Out-of-specification or undesirable results were ignored and not investigated.

c. Samples were retested without a record of the reason for the retest or an investigation. Only passing results were considered valid, and were used to release batches of APIs intended for US distribution.

d. Unacceptable practices in the management of electronic data were also noted. The management of electronic data permitted unauthorized changes, as digital computer folders and files could be easily altered or deleted.

View the original warning letter.

Page 1 of 1412345678910...Last »