New Warning Letter includes Deviations to Computerized Systems

A new Warning Letter has been issued by the U.S. Food and Drug Administration (FDA) and published on their website on August 1, 2023. The document, dated July 28, 2023, pertains to an inspection from November 22 to December 2, 2022, at a drug manufacturing facility in Sanand (Gujarat, India). The company under scrutiny is a drug manufacturer.

The letter addresses various concerns regarding data, quality and the absence of crucial laboratory control procedures.

The Warning Letter specifically notes a computer-related breach that concerns QC oversight:

"Your firm's quality control unit failed to exercise its responsibility to ensure drug products comply with CGMP and meet established specifications for identity, strength, quality, and purity (21 CFR 211.22). You should have ensured data reliability regarding the quality of medicines produced at your facility. Our inspection revealed serious deviations, including but not limited to inadequate oversight of original CGMP documents, deficient controls over computerized systems, insufficient laboratory investigations, and aborted chromatographic sequences."

Observation 10 in the associated US FDA Form 483, dated December 2022, highlights computer-related violations above.

Observation 10

Appropriate controls are not exercised over computers or related systems to ensure that changes in master production and control records or other records are instituted only by authorized personnel.

  • Assessments to evaluate data integrity controls were conducted for 183 manufacturing equipment and systems as part of PQ160193. The assessment report approved on March 5, 2018, found that 149 pieces of equipment required upgraded individual access controls and privileges, 76 required restrictions for changing the clocks, 113 needed upgrading for saving electronic data, and 119 needed upgrading for audit trails. There needed to be documented in the quality system to ensure proper controls were implemented through upgrading the software or implementing interim controls as a result of this assessment.
  • No similar assessment for data integrity controls has yet to be conducted for laboratory equipment. The titrator instruments are standalone systems used for xx and assay testing. The instruments can electronically store results data, but this function is not utilized. Instead, the process relies on paper printouts without having any second check, which can ensure all printouts are maintained and reported. On November 22, 2022, original xx printouts were founded discarded in a scrap area.
  • Electronic batch records are not configured to ensure contemporaneous data recording.

In addition to the typical data integrity-related remediation and information to the FDA, it was asked to provide the following information:

A comprehensive assessment and remediation plan ensures that your QA department has the authority and resources to function effectively. The assessment should also include, but not be limited to:

  • Determining whether procedures used by your firm are robust and appropriate.
  • Provisions for QA oversight throughout your operations to evaluate adherence to appropriate practices.
  • A complete and final review of each batch and its related information before the QA disposition decision.
  • Oversight and approval of investigations and discharging of all other QA duties to ensure all products' identity, strength, quality, and purity.
  • Also describe how top management supports quality assurance and reliable operations, including but not limited to the timely provision of resources to proactively address emerging manufacturing/quality issues and assure a continuing state of control.

The FDA concludes that the "quality system does not adequately ensure the accuracy and integrity of data to support the safety, effectiveness, and quality of the drugs you manufacture." The FDA recommends engaging a consultant based on the nature of the GMP violations.

It's crucial to comprehend that to establish and sustain GMP adherence systems, validation experts must acknowledge the regulatory authorities' expectations regarding the system's lifecycle, maintenance, and operations. These expectations are outlined in software development standards, as well as regulatory requirements and guidelines.

Author: Orlando Lopez

Go back

x