Des manipulations sur des enregistrements électroniques et papiers révélés dans cette mise en demeure :
4. Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).
For example, you analyzed (b)(4) API lot (b)(4) on February 14, 2011, at 2:55 a.m., and then retested it at 2:05 p.m. using a new sample solution. You did not maintain any raw data associated with the initial test.
In your response, you stated that the retest was performed due to data deletion of the original analysis. You concluded that the analyst misused the administrator password to delete and overwrite the actual data logged in the audit trail. The ability of your analysts to alter and delete electronic analytical data raises serious concerns regarding laboratory controls in place at your facility.
During the inspection, our investigator also identified a backdated QC worksheet in the analytical report of (b)(4)API raw material batch (b)(4). When your analyst affixed the related substance and IR weight printouts to theFormat for Blank Sheet for Printout (Format No. F2/QCD/F/026-00), he signed and dated this worksheet as July 29, 2011. A second analyst, who reviewed this worksheet, also signed and dated it as July 29, 2011. However, your QA department did not issue this worksheet until July 31, 2011. Your analyst acknowledged during the inspection that he backdated this worksheet on July 31, 2011.
Your response stated that the analyst incorrectly dated the worksheet as July 29, 2011, instead of July 31, 2011, and that there was no intention to deliberately backdate the document. However, your response contradicted your analyst’s backdating admittance during the inspection. In addition, your response did not explain the reviewer’s signature which was also dated July 29, 2011. Backdating documents is an unacceptable practice and raises doubt about the validity of your firm's records.
3. Your firm failed to establish and exercise adequate controls over computers to prevent unauthorized access or changes to electronic data.
For example, the computers that control your analytical laboratory instruments, including an HPLC, (b)(4) GCs, and an FTIR, lacked control mechanisms to prevent unauthorized access to, changes to, or omission of data files.
a. Your analysis of (b)(4) USP batch (b)(4) exceeded the (b)(4) residual solvent limit on February 29, 2012. Your firm did not report or investigate this OOS result, and deleted the related electronic records. During our inspection, your analyst admitted that he also deleted other uninvestigated failing and/or OOS electronic data from the laboratory database in January 2013 prior to our inspection. Your QC Senior Manager also acknowledged this laboratory-wide electronic data deletion practice.
b. During our inspection, your analysts demonstrated to our investigators that they could delete any electronic analytical data files from the laboratory computers and external backup hard drives.
Adequate controls prevent improper deletion of essential data. You stated in your response that you are procuring a centralized server and software, which will prevent electronic data deletion. Each analyst will have an individual user ID and password. You also trained your analysts not to delete electronic analytical data and report all laboratory incidences to managers. We will verify the effectiveness of these corrective actions during our next inspection.
You are responsible for the accuracy and integrity of the data generated by your firm. A firm must maintain all raw data generated during each test, including graphs, charts, and spectra from laboratory instrumentation. These records should be properly identified to demonstrate that each released batch was tested and met release specifications.
Our inspection revealed that your firm discarded OOS laboratory records and deleted OOS electronic analytical data. Your firm also disregarded OOS data without investigations, and selectively reported only passing results. The lack of reliability and integrity of data generated is a serious CGMP deficiency that raises concerns with all data generated by your firm.