Pharmaceutical Manufacturer


Page 1 of 41234

Warning Letter: Failure to Validate Manufacturing Process (ucm538424)

Tags: | |
1.    Failure to ensure that when the results of a process cannot be fully verified by subsequent inspection and test, the process shall be validated with a high degree of assurance and approved according to established procedures, as required by 21 CFR 820.75(a). For example:
a.  Your firm did not validate the NeutraSal manufacturing process to ensure [redacted], as required per section 8.3.2 of your Equipment and Utility Validation Master Plan. For example:
i.  No Operational Qualification (OQ) or Performance Qualification (PQ) has been conducted to ensure [redacted].
ii.  The [redacted] processes were not validated.
iii.  Operating parameters have not been established for the [redacted].
b.    A validation summary report was not prepared as required by section 7.1.13 of your firm’s Equipment and Utility Validation Master Plan, after performing [redacted] and [redacted] different production room.
View the original warning letter.


Warning Letter: Unauthorized Access (ucm496623)

Tags: |

Failure of computerized systems to have sufficient controls to prevent unauthorized access or changes to data.

Your firm’s computer system for entering test results and storing certificates of analysis (CoA), which document whether a drug meets specifications, does not have sufficient controls to prevent unauthorized changes to a CoA after quality unit approval.

During the inspection, our investigator reviewed [redacted] CoA stored on computer #16, all of which were approved by the quality unit. A manager demonstrated for our investigator how results on an already finalized CoA could be manipulated after the formal quality unit approval. Also, the quality unit’s electronic signatures on these CoA were uncontrolled images of signatures rather than certificate-based electronic signatures.

View the original warning letter.



Warning Letter: Failure to maintain complete data (ucm465626)

Tags: | |

“2. Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

Your laboratory systems lacked access controls to prevent raw data from being deleted or altered. For example:

a. During the inspection, we noted that you had no unique usernames, passwords, or user access levelsfor analysts on multiple laboratory systems. All laboratory employees were granted full privileges to the computer systems. They could delete or alter chromatograms, methods, integration parameters, and data acquisition date and time stamps. You used data generated by these unprotected and uncontrolled systems to evaluate API quality.

b. Multiple instruments had no audit trail functions to record data changes.

3. Failure to maintain complete data derived from all testing, and to ensure compliance with established specifications and standards.

Because you discarded necessary chromatographic information such as integration parameters and injection sequences from test records, you relied on incomplete records to evaluate the quality of your APIs and to determine whether your APIs conformed with established specifications and standards. For example:

a. During the inspection, the investigator found no procedures for manual integration or review of electronic and printed analytical data for [redacted] stability samples. Electronic integration parameters were not saved or recorded manually. When the next samples were analyzed, the previous parameters were overwritten during the subsequent analyses.

i. Your HPLC 14 computer files included raw data for undocumented [redacted] stability samples analyzed on December 30, 2013, but no indication of where these samples came from and why they were tested.

ii. In a data file folder created on May 22, 2013, 23 chromatograms were identified as stability samples for [redacted] lots [redacted], and [redacted]. Results were not documented. More importantly, the acquisition date was July 7, 2013, more than six weeks after the samples were run.

iii. (b)(4) lots (b)(4) and (b)(4) were not in your stability study records at the time of inspection. Additionally, there were no log notes of any samples from the three lots removed from the stability chamber.

In response to this letter, provide your revised procedures and describe steps you have taken to retrain employees to ensure retention of complete electronic raw data for all laboratory instrumentation and equipment. Also, provide a detailed description of the responsibilities of your quality control laboratory management, and quality assurance unit for performing analytical data review and assuring integrity (including reconcilability) of all data generated by your laboratory.”

View the original warning letter.



Warning Letter: – Failure to perform a comprehensive assessment of alarmed events in computer monitoring system (ucm458363)

Tags:

In your ISO-5 and ISO-7 environments, the building management system (BMS) monitoring differential pressure and the non-viable particle monitoring system (NVPMS) for non-viable particles appear to be out of control. For example:

We found 456,201 alarmed events registered in the computer system monitoring differential air pressures between your ISO-5, ISO-7, and ISO-8 manufacturing environments from February 14, 2013, through September 26, 2014.

We also found 16,415 alarmed events registered in NVPMS for Suite [redacted] ISO-5 areas, and 17,809 for Suite [redacted], from October 2012 to September 2014.

You did not conduct a comprehensive evaluation and risk assessment to determine how these frequent events affecting the aseptic processing areas may have compromised product quality.

Please perform a comprehensive assessment and summarize your findings in response to this letter.

Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel can change master production and control records, or other records (21 CFR 211.68(b)).

Your Siemens computer-based BMS and NVPMS do not require passwords to access the network and servers. Your contractors’ access is uncontrolled. Responsibilities for system administrators are undefined.

This violation is recurrent. On September 9, 2013, we cited your firm in Warning Letter 320-13-26 for failure to exercise appropriate controls over computer or related systems.

View the original warning letter.



Warning Letter: Failure to provide adequate controls for audit trail, backup, common log-in and password, validation, procedures, and training (ucm448433)

Tags: |

“Failure to prevent unauthorized access or changes to data and to provide adequate controls preventing data omissions.

Our inspection noted that your firm did not retain complete raw data from testing performed to assure the quality of
[redacted], API. Specifically, our inspection revealed your firm did not properly maintain a back-up of HPLC chromatograms that form the basis of your product release decisions. Our inspection revealed discrepancies between the printed chromatograms and the operational qualification protocol for the High Performance Liquid Chromatography (HPLC) system, which is intended to demonstrate correct operation of the HPLC. These discrepancies included injection sequences and values to calculate relative standard deviation (RSD).

While investigating these discrepancies, our investigator requested the original electronic raw data. Your quality unit, after consulting with the Information Technology (IT) department, stated they were unable to retrieve the original electronic raw data because back-up discs were unreadable. Your quality unit then stated that back-up disks have been unreadable since at least 2013. Your HPLC system is used to test
[redacted], API for batch release. However, without complete, accurate, reliable, or retrievable raw data about the HPLC system’s qualification, you lacked complete assurance that the system was operating as intended.

You also failed to have proper controls in place to prevent unauthorized manipulation of your laboratory’s raw electronic data. Our inspection revealed your HPLC system did not have access controls to prevent alteration or deletion of data. Your HPLC software lacked an audit trail recording any changes to the data, including: previous entries, who made changes, and when changes were made. During the inspection, we also noted that all laboratory employees shared a common log-in and password to access the system.

This lack of control over the integrity of your data raises questions about your analytical data’s authenticity and reliability, and about the quality of your APIs. We note that the September 2008 FDA inspection uncovered concerns over your handling of raw analytical data, including discrepancies between laboratory notebooks and printed chromatograms.”

View the original warning letter.



Warning Letter: No active audit trail (ucm443247)

Tags: | | |

“Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

You lacked controls to prevent the unauthorized manipulation of your laboratory’s electronic raw data. Specifically, your infrared (IR) spectrometer did not have access controls to prevent deletion or alteration of raw data. Furthermore, the computer software for this equipment lacked active audit trail functions to record changes to data, including information on original results, the identity of the person making the change, and the date of the change. Audit trails that capture such critical data about the quality of your batch production should be reviewed as part of the batch review and release process.”

View the original warning letter.



Warning Letter: No audit trail function was enabled (ucm440966)

Tags: | |

“Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

Specifically, your high performance liquid chromatography (HPLC) and gas chromatography (GC) data acquisition software, TotalChrom®, did not have sufficient controls to prevent the deletion or alteration of raw data files. During the inspection, the investigator observed that the server that maintains electronic raw data for HPLC and GC analyses (the J drive) contains a folder named “Test,” and that chromatographic methods, sequences, and injection data saved into this folder can be deleted by analysts. The investigator also found that data files initially created and stored in the “Test” folder had been deleted, and that back-up files are overwritten [redacted].

In addition, because no audit trail function was enabled for the “Test” folder, your firm was unable to verify what types of injections were made, who made them, or the date or time of deletion. The use of audit trails for computerized analytical instrumentation is essential to ensure the integrity and reliability of the electronic data generated.”

View the original warning letter.



Warning Letter: Inadequate audit trails and password protection (ucm436268)

Tags: | |

“a. You did not retain complete raw data from testing performed to ensure the quality of your APIs. For example, your firm could not provide electronic raw data supporting your High Pressure Liquid Chromatography (HPLC) testing in your Validation Report BP-VR-0701/2010.

b. You failed to retain complete raw data documenting the weights and calculations used in method validation as specified in your standard operating procedure (SOP) “Recording of Raw Data.”

c. Your analyst selectively invalidated data during related substance testing. For example, for [redacted], batch [redacted] on May 15, 2013; you did not retain data from all six injections used for the initial system suitability. Your analyst discarded one of the six injections performed with no justification.

3. Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

The inadequate controls over access to your data raise questions about the authenticity and reliability of your data and the quality of the APIs you produce. Specifically,

a. Your firm did not have proper controls in place to prevent the unauthorized manipulation of your laboratory’s raw electronic data. Your HPLC computer software lacked active audit trail functions to record changes to analytical methods, including information on original methodology, the identity of the person making the change, and the date of the change. In addition, your laboratory systems did not have access controls to prevent deletion or alteration of raw data. During the inspection, your analysts demonstrated that they were given inappropriate user permissions to delete HPLC data files.

b. Moreover, the gas chromatograph (GC) computer software lacked password protection allowing uncontrolled full access to all employees.”

View the original warning letter.



Warning Letter: Failure to prevent unauthorized access or changes (ucm421544_Amended)

Tags: | |

Your firm released [redacted] API batch [redacted] with an unknown peak present in the residual solvents chromatogram. Although this unknown peak was not a part of your historical impurity data, neither the analyst nor the supervisor apparently noticed or evaluated this unknown peak during their reviews.

Subsequently, a customer complaint was received for this batch, and your investigation identified the unknown peak as [redacted]. Your firm found that this peak was a result of a contamination that occurred during your manufacturing process.

In response to this letter, provide the corrective actions implemented to ensure that all laboratory data is appropriately analyzed, accurately reported and approved by your quality unit.
Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.

Your firm did not have proper controls in place to prevent the unauthorized manipulation of your electronic raw data. For example,

a. The inspection found that the audit trail feature for your gas chromatography (GC) instruments was not used until October 2013, even though your 2009 GC software validation included a satisfactory evaluation of the audit trail capability.

b. There is no assurance that you maintain complete electronic raw data for the [redacted] GC instruments, the Malvern particle size analyzer, and the ultraviolet (UV) spectrophotometer. Our inspection found that these instruments were connected to stand-alone computers that stored the data and that the data could be deleted.

c. Prior to our inspection, your firm failed to have a back-up system for the data generated by one of the [redacted] Fourier transform infrared spectrometers, the polarimeter, the UV spectrophotometer and the Malvern particle size analyzer.

View the original warning letter.



Warning Letter: Failure to Establish Validation Program (ucm366715)

Tags: |

 
"your firm failed to establish a
validation program
for the computer software Microsoft Dynamics used for production, inventory, lot number generation, and laboratory test methods used for raw material, bulk, and finished product test release.  Your firm also uses the Microsoft Dynamics program to assist your quality unit for product, document and component control.

View the original warning letter.





Page 1 of 41234