Specific violations observed during the inspection include, but are not limited, to the following: Your firm has not established appropriate controls designed to assure that laboratory records include all data secured in the course of each test, including graphs, charts, and spectra from laboratory instrumentation, properly identified to show the specific component, drug product container, closure, in-process material, or drug product, and lot tested [21 CFR 211.194 (a)(4)]. Specifically, the inspection revealed that your firm has not established written procedures to control and account for electronically generated worksheets used by analysts to record analytical test results. Analysts in your QC laboratory print an uncontrolled number of worksheets from computers throughout the QC laboratory without supervision.
View the original warning letter.
Failure to establish and maintain procedures for the identification, documentation, validation or where appropriate verification, review, and approval of design changes before their implementation, as required by 21 CFR 820.30(i).
…
Failure to establish and maintain procedures to ensure that all purchased or otherwise received product and services conform to specified requirements, as required by 21 CFR 820.50. For example: Your firm does not have a purchasing control procedure and has not evaluated the contract manufacturer to ensure that manufacturing processes are appropriately validated. In addition, there are no maintenance procedures in place, nor has your firm established procedures to ensure that all purchased or otherwise received product and services conform to specified requirements.
View the original warning letter.
Your firm has failed to exercise appropriate controls over computer or related systems to assure that changes in master production and control records, or other records, are instituted only by authorized personnel [21 CFR 211.68(b)]. For example: a. Your firm did not put in place requirements for appropriate usernames and passwords to allow appropriate control over data collected by your firm’s computerized systems including UV, IR, HPLC, and GC instruments. All employees in your firm used the same usemame and password. In addition, you did not document the changes made to the software or data stored by the instrument systems. Without proper documentation, you have no assurance of the integrity of the data or the functionality of the software used to determine test results. b. Your firm had no system in place to ensure appropriate backup of electronic raw data and no standard procedure for naming and saving data for retrieval at a later date. In your response, you state that you will maintain backup of electronic raw data and all technicians will have their own user identification (ID) and password.
View the original warning letter.
Failure to maintain adequate drug disposition records raises concerns about subject safety and data integrity. We acknowledge that your written response states that upon your discovery of both the lack of drug accountability and the missing vials, pharmacy and research SOPs were evaluated and revised; and that future studies at your site will be conducted under the umbrella of US Oncology Research, which has an electronic drug accountability system. However, as the clinical investigator, it was your responsibility to ensure that adequate records of the disposition of the drug were maintained; and US Oncology Research’s policies, procedures, and activities do not negate your responsibility as the clinical investigator.
View the original warning letter.
Your firm has failed to exercise appropriate controls over computer or related systems to assure that changes in master production and control records, or other records, are instituted only by authorized personnel [21 C.F.R § 211.68(b)]. For example, your firm lacks control of the [redacted] computer system which monitors equipment, room differential pressure, room humidity, and stability chambers. Although the system is password protected for temperature and humidity set points, all employees have access to the room where the [redacted] computer system is located and the external hard drive is not password protected. During the inspection we observed that an employee was able to alter or delete data without a password and save the changed file.
View the original warning letter.
We observed 8 of 9 worksheets where one or more tabs with formula cells were not locked. These worksheets were used for analyzing raw data from drug component and product samples, including [redacted]. Your firm’s SOP 100-G-0110, “Creation and Use of Templates,” stated that cells, in which data is entered, must be locked within their electronic template.
View the original warning letter.
Your firm has failed to exercise appropriate controls over computer or related systems to assure that changes in master production and control records, or other records, are instituted only by authorized personnel [21 C.F.R § 211.68(b)].
View the original warning letter.
Failure to have adequate controls to prevent manipulation of raw data during routine analytical testing. “For example, your firm’s laboratory analyst had modified printed raw data related to the IR Spectra test of [redacted] and [redacted]. We are concerned that the lack of security or system controls allows for this practice.
View the original warning letter.
The [redacted] data acquisition system for the [redacted] UV/Visible spectrophotometers allows your analysts to modify, overwrite, and delete original raw data files. The spectrophotometers are used for dissolution testing of finished product, stability samples, and process and method validation studies. All laboratory personnel were given roles as [redacted] Managers, which allowed them to modify, delete, and overwrite results files. This system also does not include an audit trail or any history of revisions that would record any modification or deletion of raw data or files. Your laboratory computer system lacks necessary controls to ensure that data is protected from tampering, and it also lacks audit trail capabilities to detect data that could be potentially compromised.”
View the original warning letter.
Failure to adequately validate the intended use of this PC and its software, as required by 21 CFR 820.70(i). “For example: the dedicated PC [redacted] attached to the [redacted] was not secure in that access to the data on [redacted] was not granted by a unique username and password or equivalent method; there as no documentation associated with the electronic data for whom was responsible for collection of the analytical results as several quality control personnel have access to the [redacted] no software changes in the study data could be detected as there was no audit trail capability ; and finally, the electronic data did not correlate with the paper records.”
View the original warning letter.