jeudi 29 août 2013

Meilleure gestion des risques de sécurité de l'information avec la nouvelle version d'ISO/CEI 27001

ISO/CEI 27001, norme bien connue relative aux systèmes de gestion de la sécurité de l'information, est en cours de révision. La nouvelle version devrait paraître en octobre prochain.

Plus d'informations sur iso.org.

lundi 26 août 2013

La qualité des enregistrements...

est à nouveau au cœur des remarques de cette nouvelle mise en demeure de l'agence américaine ; les deux citations pointent des défaillances au niveau de la sécurité et de l'authenticité des enregistrements :



  1. Failure to protect computerized data from unauthorized access or changes.
Our inspection found that there were no restrictions to access the laboratory data residing on the workstations attached to your standalone instrumentation: (b)(4) High Pressure Liquid Chromatographs (HPLCs), the Fourier Transform Infrared Spectrophotometer (FTIR), the gas chromatograph (GC) and the drives and portable media used as back-ups.  There was no protection of the data from alteration and deletion and no audit trails to detect if such alteration or deletion had occurred.  You have stated that you are in the process of purchasing and updating software to handle these problems. You have also stated that there had been no misconduct by laboratory personnel.  However, our investigator uncovered misconduct by laboratory personnel (see issue 3 below). Please provide a detailed summary of your investigations that led to the conclusion that no misconduct occurred. Also, please provide a description of your corrections, including system upgrades. This description should be detailed enough to determine if this deficiency has been addressed...
  1. Failure to follow and document quality-related activities at the time they are performed.
During this inspection, your QC Chemist admitted that, under the direction of a senior colleague, he had recorded false visual examination data in the logbooks for reserve samples.  This QC Chemist was responsible for multiple entries in the (b)(4) API logbooks. Your firm’s failure to prevent, detect, and rectify the falsification of your GMP documentation is concerning. In response to this letter, describe your investigation into this misconduct and clearly explain how you determined the extent of the data falsification. Describe the role of the senior colleague who advised the QC Chemist during this incident. Also describe your plans for and outcome of a thorough investigation into data integrity at your facility, both in documents produced by the QC Chemist involved in this incident and by all other personnel at your site.