Warning Letter: Operators were able to delete tests in the audit tail for two instruments (ucm546483)

Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

For example, during inspection of the sterile manufacturing and QC microbiology areas, our investigators observed:

1. Deletion of at least six [redacted] and [redacted] tests in the audit trails for two instruments used to test sterile [redacted].  Your systems allowed operators to delete files.  You had no procedure to control this practice or to ensure a backup file was maintained.  When you reviewed the audit trail data further, you identified a total of 25 deleted [redacted] test results.  In your response, you state that the production staff now only have “view and print” privileges.  However, your response is inadequate because it lacks details of how appropriate oversight will be exercised over data backup to ensure it is appropriately retained.  
2. No restricted access to the microbial identification instrument.  Further, you lacked restricted access to the external hard drive used for backup of this instrument.  All users could delete or modify files.  In your response, you commit to limit access to the system and external hard drive.  However, your response is inadequate because you did not provide a retrospective risk assessment of the impact and scope of inadequate system controls at your firm.

View the original warning letter.