Another Data Integrity checklist - Laboratory computer focus

Some labs need more staff - this one "needs help"

This facility has a large number of issues with how it gathers its data, Their warning letter has a large list of suggestions. Well, they are more than suggestions. This is a comprehensive work list. Would your lab be able to respond to this easily? Do keep in mind, this is only the work list from the first violation. (Again, underlines, bold and or italics are from the author,)

In response to this letter, provide the following:

• A comprehensive, independent assessment and corrective action and preventive action (CAPA) plan for computer system security and integrity. Include a report that identifies vulnerabilities in the design and controls. Also include appropriate remediations for each of your laboratory computer systems. This should include, but not be limited to:

  o A list of all hardware including stand-alone and network equipment in your laboratory.

  o Identification of vulnerabilities in hardware, software, and non-networked systems (e.g., programmable logic controller).

  o A list of all software configurations (both equipment software and laboratory information system (LIMS)), details of all user privileges up to and including administrator rights, and oversight roles for each of your laboratory systems. Regarding user privileges, specify user roles and associated user privileges for all staff levels who have access to the laboratory computer systems and their organizational affiliation and title. Describe in detail how you will ensure that administrative privileges are fully segregated and completely independent of laboratory personnel.

  o System security provisions including, but not limited to, whether unique user names and passwords are always used, and their confidentiality safeguarded.

  o Detailed procedures for your review of audit trail data.

  o Interim control measures and procedural changes for the control, review, and full retention of laboratory data.

  o Technological improvements to increase the integration of data generated through electronic systems from stand-alone equipment (e.g., balances, pH meters, water content testing) into the LIMS network.

  o A detailed summary of your procedural updates and associated training for user role assignment and controls.

  o Your remediated program for ensuring strict ongoing control over data to ensure that all additions, deletions, or modifications of information in your electronic records are authorized, and all data is retained.

  o Provisions for oversight from Quality Assurance (QA) managers, executives, and internal auditors with appropriate information technology (IT) expertise (e.g., understanding of infrastructure, configuration, network requirements, strict segregation of administrative rights).

  o An enhanced standard operating procedure (SOP) that ensures that all quality control tests, regardless of whether captured in paper-based or electronic systems, are performed appropriately by an analyst and receive second-tier review from a separate responsible (e.g., manager) individual.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

This list is another detailed set of FDA suggestions. For fuller context of this list, refer to this post.

Comments and updates may be added alter, Your comments are welcome. Here is the link to the full letter: MARCS-CMS 599789