Une mise en demeure de la FDA pointe des défaillances sérieuses dans l'intégrité des données...
Un laboratoire indien a fait l'objet d'une importante mise en demeure dans laquelle sont mentionnés des manquements importants dans le respect des règles d'enregistrement des données :
Ainsi que dans la sécurisation des données :
La FDA a pris en compte que cette société allait recourir aux services d'un "data integrity" consultant pour:
1. Your firm failed to follow and document at the time of performance required laboratory control mechanisms (21 C.F.R. §211.160(a)).
Our investigators found that laboratory analysts did not document the balance weights at the time of sample weighing. Specifically, sample weights used in calculations were created after the chromatographic runs. The analyst admitted that the sample weights that were represented as raw data from the analysis actually were backdated balance weight printouts produced after the analysis and generated for the notebooks. These sample weights were used to calculate related compounds and impurities used in support of method validations submitted in FDA drug applications.
You submitted the data generated with the discrepancies above to the Agency in support of drug product application for (b)(4) Capsules USP (b)(4) mg and (b)(4) mg ((b)(4)). These data manipulation practices were also observed in data submitted for (b)(4) Tablets USP (b)(4) mg, (b)(4) mg and (b)(4) mg ((b)(4)) as well as(b)(4) Tablets USP (b)(4) mg, (b)(4) mg and (b)(4) mg ((b)(4)).
The lack of reliability and accuracy of data generated by your firm is a serious CGMP deficiency that raises concern for all data generated by your firm. While we acknowledge the commitment in your response that your staff is being interviewed to determine the extent of the problematic laboratory activities, we remain concerned about the capability and credibility of your quality unit. Specifically, in your response to your previous 2009 inspectional findings you stated that you audited all analytical method validation studies for all the (b)(4)submitted to the Agency since 2006. However, you failed to detect and investigate the inaccurate data found by our investigators during the recent inspection.
Ainsi que dans la sécurisation des données :
2. Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 C.F.R. §211.68(b)).
Your firm failed to have adequate procedures for the use of computerized systems in the quality control (QC) laboratory. Our inspection team found that current computer users in the laboratory were able to delete data from analyses. Notably, we also found that the audit trail function for the gas chromatograph (GC) and the X-Ray Diffraction (XRD) systems was disabled at the time of the inspection. Therefore, your firm lacks records for the acquisition, or modification, of laboratory data.
Moreover, greater than (b)(4) QC laboratory personnel shared (b)(4) login IDs for (b)(4) high performance liquid chromatographs (HPLC) units. In addition, your laboratory staff shared one login ID for the XRD unit. Analysts also shared the username and password for the Windows operating system for the (b)(4) GC workstations and no computer lock mechanism had been configured to prevent unauthorized access to the operating systems. Additionally, there was no procedure for the backup and protection of data on the GC standalone workstations.
In your response, you indicate that your firm performs periodic back-ups of data, however your firm lacks assurance that the periodic backed up data includes all of the original data generated. Your response to this deficiency does not discuss how you will ensure that data audit trails will not be disrupted in the future and lacked a computer life cycle approach to, for example, assure routine verification of access controls in computer systems.
In your response to this letter provide a comprehensive computer life cycle program to assure that appropriate controls are always exercised over computer or related systems to comply with 21 CFR 211.68.
La FDA a pris en compte que cette société allait recourir aux services d'un "data integrity" consultant pour:
Your data integrity consultant should:
1. Identify any historical period(s) during which inaccurate data reporting occurred at your facilities.
2. Identify and interview your current employees who were employed prior to, during, or immediately after the relevant period(s) to identify activities, systems, procedures, and management behaviors that may have resulted in or contributed to inaccurate data reporting.
3. Identify former employees who departed prior to, during, or after the relevant periods and make diligent efforts to interview them to determine whether they possess any relevant information regarding any inaccurate data reporting.
4. Determine whether other evidence supports the information gathered during the interviews, and determine whether additional facilities were involved in or affected by inaccurate data reporting.
5. Use organizational charts and SOPs to identify the specific managers in place when the inaccurate data reporting was occurring and determine the extent of top and middle management involvement in, or awareness of, data manipulation.
6. Determine whether any individual managers identified in item (5) above are still in a position to influence data integrity with respect to CGMP requirements or the submission of applications; and establish procedures to expand your internal review to any other facilities determined to be involved in, or affected by, the inaccurate data reporting.
7. As part of this comprehensive data integrity audit of your laboratory, your audit report also should include any discrepancies between data or information identified in approved applications, and the actual results, methods, or testing conditions submitted to the Agency. Include an explanation of the impact of all discrepancies. Provide a corrective action operating plan describing the specific procedures, actions and controls that your firm will implement to ensure integrity of the data in each application currently submitted to the Agency and all future applications. This should not only cover methods validation, but any other testing (e.g., stability tests, release tests) you have performed for customers that may have been used to support a drug application-related submission to the agency.