Warning Letter: Excel spreadsheets used to record complaint records and Corrective and Preventive Action (CAPA) activities have not been validated.
Failure to validate software used as part of the quality system for its intended use according to an established protocol, as required by 21 CFR 820.70(i).
For example: the Excel spreadsheets used to record complaint records and Corrective and Preventive Action (CAPA) activities have not been validated to ensure the records are adequately and accurately recorded. Changes made to the complaint and CAPA records are not retained with identification of the change, the date of the change or the identification of the individual making the change. Additionally, the spreadsheets allow records to be deleted without any records of the deletion, the rationale for the deletion, or the identification of the individual deleting such records.
View the full warning letter here.
Warning Letter: You have failed to validate electronic worksheets used by laboratory personnel.
Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).
Your firm lacked sufficient controls over your gas chromatography (GC) data acquisition systems used to test drug product before release of analytical data. Specifically, your GC (GC (b)(4) and GC (b)(4)) data acquisition systems did not have sufficient controls to prevent deletion or alteration of raw data files. During the inspection, our investigators observed that laboratory personnel performing drug analyses had administrative privileges to the (b)(4) operating software for the GC equipment.
You have also failed to validate electronic worksheets used by laboratory personnel for microbial challenge efficacy testing. Microbial worksheets reviewed were found to use unvalidated cell formulas resulting in erroneous data generation such as negative log reductions and percent reductions including (b)(4) percent and (b)(4) percent for Staphylococcus aureus and Pseudomonas aeruginosa species, respectively. These unvalidated calculations call into question the validity of the data generated from these spreadsheets.
View the full warning letter here
Warning Letter: Computer system lacked appropriate controls to assure the integrity of electronic test data, such as an audit trail and defined user access levels.
Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).
Your ultraviolet-visible (UV-Vis) spectrophotometer computer system lacked appropriate controls to assure the integrity of electronic test data, such as an audit trail and defined user access levels. This UV-Vis system was used for release testing of drug product batches.
It is essential that your firm keeps track of all changes made to your electronic data. The use of audit trails for computerized analytical instrumentation helps to ensure all additions, deletions, or modifications of information in your electronic records are authorized. It also allows you to verify the quality and integrity of the electronic data your laboratory generates.
View the full warning letter here
Warning Letter: Computer system lacked appropriate controls, such as an audit trail and individual log-in access
Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).
Your stand-alone gas chromatogram (GC) computer system lacked appropriate controls, such as an audit trail and individual log-in access. For example, investigators found numerous analysis reports, test methods, raw data calibration, and system directories in the GC computer’s recycling bin. Additionally, your laboratory personnel used a shared password, located in an unsecured drawer, to access the GC software.
View the full warning letter here
Warning Letter: You lacked procedures governing the review of audit trails
Failure to exercise sufficient controls over computerized systems to prevent unauthorized access or changes to data, and failure to establish and follow written procedures for the operation and maintenance of your computerized systems. You have insufficient controls over CGMP data.
For example:
- You lacked unique passwords for laboratory instruments used to generate analytical data for finished API products.
- Your analytical systems lacked controls to prevent users from deleting electronic data.
- You lacked procedures governing the review of audit trails of both production and laboratory equipment by your QU.
View the full warning letter here
Warning Letter: Your firm did not have adequate system security and access control.
Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).
Your firm did not have adequate system security and access control for the (b)(4) system. For example, unique user accounts and privilege levels were not assigned to individual users for (b)(4) software, and the Windows operating system.
View the full warning letter here
Overcoming 4 Challenges to the Use of GxP Compliant Spreadsheets
Today, spreadsheets are commonly used throughout the biopharmaceutical, pharmaceutical and other FDA-regulated industries. Spreadsheets are considered systems and when they impact data that affects product identity, strength, purity and safety, they must be validated and controlled. The purpose of this White Paper is to review the solution to four (4) common challenges when using spreadsheets to meet GxP quality requirements.