A company recently received the following observation regarding lab data:
….. Established laboratory control mechanisms are not followed and documented at the time of performance.
Specifically, data captured from the following laboratory testing systems is not adequately protected from deletion or alteration. For example:
a. There are approximately …. users in Quality Assurance with Administrator access privileges in chromatographic testing software, which is used for HPLC assay and impurity analyses of finished drug products and stability samples, and GC testing of raw materials. Additionally, the system audit trail captures user log-in and log-off, but not any details of data capture, processing, or storage/saving.
b. Data from the Fourier Transform Infrared Spectrophotometer, which utilizes … software, is stored on the …computer, and files allow “Full control”, “Modify”, and “Write” when accessed through the computer’s operating system. The system is used to test raw materials.
According to the Code of Federal Regulations (21 CFR 11.10 Electronic Records), persons who use systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include:
- Validation of system
- Accurate and complete records
- Protection of record
- Limiting system access
- Audit trails to record actions that create, modify or delete records, etc.
For more information on implementing controls for electronic systems, protecting lab data, and how to ensure data integrity, refer to the FDA Guidance Document, Guidance for Industry: Part 11, Electronic Records; Electronic Signatures – Scope and Application August 2003.
Stay in Compliance! Subscribe today!