In your ISO-5 and ISO-7 environments, the building management system (BMS) monitoring differential pressure and the non-viable particle monitoring system (NVPMS) for non-viable particles appear to be out of control. For example:
We found 456,201 alarmed events registered in the computer system monitoring differential air pressures between your ISO-5, ISO-7, and ISO-8 manufacturing environments from February 14, 2013, through September 26, 2014.
We also found 16,415 alarmed events registered in NVPMS for Suite [redacted] ISO-5 areas, and 17,809 for Suite [redacted], from October 2012 to September 2014.
You did not conduct a comprehensive evaluation and risk assessment to determine how these frequent events affecting the aseptic processing areas may have compromised product quality.
Please perform a comprehensive assessment and summarize your findings in response to this letter.
Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel can change master production and control records, or other records (21 CFR 211.68(b)).
Your Siemens computer-based BMS and NVPMS do not require passwords to access the network and servers. Your contractors’ access is uncontrolled. Responsibilities for system administrators are undefined.
This violation is recurrent. On September 9, 2013, we cited your firm in Warning Letter 320-13-26 for failure to exercise appropriate controls over computer or related systems.
View the original warning letter.