Warning Letter: Failure to validate/Insufficient Controls (s6630c)

Failure to have a validated and secure computerized system. Additionally, there were no written protocols to assign levels of responsibilities for the system. It was noted that the [redacted] instrument model [redacted] used for the analysis of [redacted] failed to have password control for the analysts and the supervisor. It was observed that the data stored on the computer can be deleted, removed, transferred, renamed or altered. While your firm’s management stated that they would like to implement certain improvements in order to establish a security system, no documentation or commitment has been provided. Please note that computerized systems should have sufficient controls to prevent unauthorized access or changes to data. There should be controls to prevent data omissions and assure back-up. There should be a record of any data change made, the previous entry, who made the change, and when the change was made.

View the original warning letter.