No Audit Trail


Warning Letter: Data could be deleted, audit trails were not enabled, and audit trails were not reviewed for laboratory data computer systems. (ucm619450)

Tags: |

 Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

 The electronic data systems that you use to generate drug product results lack appropriate controls. There is no assurance that your systems have the appropriate controls to prevent deletion of data and record all modifications to data. For example, electronic data files generated from your [redact] system, used for identity testing of drug products, could be deleted. In addition, the [redact] that controls your high-performance liquid chromatography and gas chromatography systems for testing the actives in OTC drug products did not have all appropriate audit trails enabled to record significant changes.

View the original warning letter



Warning Letter: Failure to prevent unauthorized access or changes (ucm421544_Amended)

Tags: | |

Your firm released [redacted] API batch [redacted] with an unknown peak present in the residual solvents chromatogram. Although this unknown peak was not a part of your historical impurity data, neither the analyst nor the supervisor apparently noticed or evaluated this unknown peak during their reviews.

Subsequently, a customer complaint was received for this batch, and your investigation identified the unknown peak as [redacted]. Your firm found that this peak was a result of a contamination that occurred during your manufacturing process.

In response to this letter, provide the corrective actions implemented to ensure that all laboratory data is appropriately analyzed, accurately reported and approved by your quality unit.
Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

Your firm did not have proper controls in place to prevent the unauthorized manipulation of your electronic raw data. For example,

a. The inspection found that the audit trail feature for your gas chromatography (GC) instruments was not used until October 2013, even though your 2009 GC software validation included a satisfactory evaluation of the audit trail capability.

b. There is no assurance that you maintain complete electronic raw data for the [redacted] GC instruments, the Malvern particle size analyzer, and the ultraviolet (UV) spectrophotometer. Our inspection found that these instruments were connected to stand-alone computers that stored the data and that the data could be deleted.

c. Prior to our inspection, your firm failed to have a back-up system for the data generated by one of the [redacted] Fourier transform infrared spectrometers, the polarimeter, the UV spectrophotometer and the Malvern particle size analyzer.

View the original warning letter.



Warning Letter: QC personnel created unauthorized data folders on laboratory computerized systems without appropriate oversight (ucm432709)

Tags: | |

“Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

QC personnel created unauthorized folders on laboratory computerized systems without appropriate oversight. Our review of the HPLC Empower III data collected in 2013-2014 in the commercial QC laboratory found a data folder entitled “WASH.” According to your management, the folder was intended for column wash injections using blank solvent prior to and following sample runs, although you have no standard operating procedure (SOP) detailing this process. One of your laboratory analysts stated that this folder does not contain any standard or sample injection results. However, our investigator found that this folder contained a total of 3,353 injection results, some of which appeared to be samples.

As part of your comprehensive evaluation and risk assessment, include a detailed description of all computerized systems in your facility used for testing drugs. This description should include information on each electronic folder that was not created pursuant to a valid SOP and an assessment of every file in each such folder, including information about the sample (product), date of test, lot number and original test result over the last five (5) years, except for data relating to exhibit batches, in which case there is no time limitation. Also provide specific information about all retests during these time frames, where an initial out-of-specification or out-of-trend result was disregarded without an investigation and the date on which you became aware such information had been disregarded. In addition, for each batch, provide the number of injections performed and chromatograms reviewed, and of those, the number that were used to generate a reported result. Furthermore, provide an updated assessment on the possible effects of your firm’s practices on the quality, safety, and efficacy of the drugs you manufacture or plan to manufacture, including drugs covered by approved or pending applications.

Also describe the procedures established to manage and retain all computerized data.

View the original warning letter.



Warning Letter: No audit trail, data cannot be verified (s6736c)

Tags: | |

All study data are handled and controlled by your Study Coordinator, who enters the data into an electronic data base. There is no audit trail or log of data changes that are made to the information in the database. Data cannot be verified against source records, since such records are not maintained.”

View the original warning letter.



Warning Letter: Failure to maintain accurate records (ucm147820)

Tags: | |

Your firm failed to maintain complete and accurate records from which unsuitable donors could be identified so that products from such individuals would not be distributed [21 CFR 606.160(e)] and records to identify the person performing the work so to provide a complete history of the work performed [21 CFR 606.160(a)(1)]. Specifically, when the investigators requested a search of some of the various donor permanent deferral codes in your [redacted] database, 72 donors had various permanent deferral codes entered into the “Comment” field but these donors did not have a permanent deferral status entered into the “Deferral Code” field of the [redacted] database. The “Comment” field is not referenced for identification of deferred donors. Out of 72 donors, 10 were verified to meet the criteria for permanent deferral.

View the original warning letter.



Warning Letter: Uncontrolled database (m4116n)

Tags: | | |

 
"...It is also noted in the inspection report that you do not have adequate control over the receipt of study data and its subsequent input into the database. There are no records to show when study data is received and when it is entered into the database. There is also no
audit trail for changes made to the database
. No data queries or clarifications have ever been generated and sent to the sites to verify missing information or to clarify discrepancies...
Electronic records, the subject of SOP-100-720
, Electronic Database Maintenance, are subject to 21 CFR Part 11- Electronic Records; Electronic Signatures, as well as to the record keeping regulations found in 21 CFR 812.140. A guidance document regarding this regulation, Computerized Systems Used in Clinical Trials, dated April 1999. www.fda.gov/ora/compliance ref/bimo/ffinalcct.htm"

View the original warning letter.



Warning Letter: Deviations from Part 11 (m2811n)

Tags: | | |

 
"our inspection disclosed numerous and
significant deviations from part 11
. Examples include: The system does not generate an
audit trail
, and there is no way to determine if values have been changed on batch production records. This is important because an audit trail can be the only
evidence that an electronic record has been altered
. We note, for instance, that your system only records the last value entered by an operator and that values, such as Oxygen potency levels that my have been entered earlier and that may indicate potentially serious quality problems, are not recorded. The system prompts an operator when equipment detects that an Oxygen potency value is non-conforming, and permits the operator to record a value that is within specification, but does not record the original out of specification value."

View the original warning letter.