FDA Inspection Findings Related to Part 11 and Computer Systems: 483's, Warning Letters, EIR's, Presentations: 2004-2007 Part-01

FDA Inspection Findings Related to Part 11 and Computer Systems: 483's, Warning Letters, EIR's, Presentations: 2004-2007?Part-01

Insufficient Data Security with Ability to Overwrite Data

The 483 observation reads:

·?Analysts have the ability to overwrite original data, and are not required to utilize the protection of individual passwords

·?During discussions and lab demonstrations, it was determined that neither system prevents analysts from overwriting original raw data.

Computer Validation at the Vendor's Site is not Enough

The 483 deviation stated

·?The performance of the computer software has not been verified. I was told that the software was validated by the manufacturer. The managing director provided me a copy of the letter the received from (the vendor). The letter indicated that the software was validated. She also the gave me a copy of validation information that was obtained from (the vendor) during the inspection. I told the managing director I still need to see what they have done to validate the system since the computer was making a decision to accept or reject potential donors.

Legacy Computer Systems not Validated

Some of the 483 deviations include:

·?No IQ, OQ or PQ has been performed throughout the life of the system. No validation reports have been generated historically.

·?Current efforts to retrospectively validate the system have progressed through the approval of an IQ protocol, however, this protocol has not yet been executed. OQ and PQ efforts have not yet been developed as part of these current validation efforts.

·?The (system) has not been maintained under established procedures for change control. This is true throughout the life of this software application.

·?The firm has failed to generate or maintain design control documentation sufficient to define all customized elements making up the (system) configuration (i.e., functional or structural design documentation defining all program making up (the system)

·?Electronic records generated during manufacture of APIs were not reviewed prior to release of validation lots or for any lots manufactured thereafter to include the most recently released API lot.

?Off-the-shelf Software such as Microsoft Word and Microsoft Excel not Validated

Deviations are

·?Failure to assure that when computers or automated data processing are used as part of the production or quality system the manufacturer shall validate computer software for its intended use according to an established protocol, as required by 21 CFR 820.70(i).

·?For example, electronic records are used but there was no software validation.

·?No procedures are established to validate for its intended purpose the Microsoft Word or Microsoft Excel software used in creating and maintaining nonconformance records, product return records, internal audit corrective records, or corrective action records.

For more stories: https://blog.qualitytribe.net/