Warning Letter: Firm lacked controls for access, data deletion, administrator rights, shared accounts, audit trail reviews. (ucm622087)

  Your firm failed to implement adequate controls to support the integrity of your electronic data and to ensure that only appropriate individuals had administrative rights. For example, your [redact] microbiological testing instrument used for drug product release testing is controlled by a stand-alone computer which does not have appropriate controls in place to prevent deletion of raw laboratory data. All QU users utilized a shared generic account to access the computer which had administrative privileges capable of changing and deleting files. During the inspection, one of your employees opened the computer’s recycle bin and noted that approximately [redact] files and folders were deleted. Further, these deleted items included at least [redact] files of the “[redact]” format which your personnel stated were most likely [redact] data files. The names of [redact] of those deleted files were similar to drug product formulas produced since 2017.

View the original warning letter.