CSV FDA Warning Letters : ERP and Calibration

Date: 07 May 2009
Link: FDA Warning Letter (New Window)

Observation

4. Failure to routinely calibrate, inspect, or check according to a written program designed to assure proper performance of automatic, mechanical, or electronic equipment, including computers, used in the manufacture, processing, packing and holding of a drug product. [21 CFR 211.68]

Part A
A. The Enterprise Resource Planning System known as the firm's Systems Applications and Products (SAP) computer database allows rejected batches of drug product to be in Unrestricted Status (to be released for distribution). Refer to Form FDA 483, Observation #3.

Part B
B. Failure to retain original calibration data for [(b)(4)] used in the re-qualification of the [(b)(4)]. Refer to Form FDA 483, Observation #4b.

Comment

Both parts of this observation could have been allocated to the ruling for Electronic Records, Electronic Signatures 21 CFR Part 11, however the agency chose not to cite against this rule, favouring 21 CFR 211.

This is a trend that has been observed when reviewing warning letters.

Part A for the SAP Enterprise Resource Planning (ERP) System relates to the security of the data and the ability for transactions to be made by unauthorised personnel on rejected batches. This is a serious product quality issue as it is possible for a Rejected Batch to be released for use.

The key to avoiding this pit fall is to ensure that documented risk assessments are performed. For an ERP system a number of assessments may need to be performed against various functional aspects. Also the security privileges should have been assessed and the access list should have also covered what roles have access to each function.

Verification through testing should be performed to ensure that the configured user settings provide the required controls and that a Standard Operating Procedure (SOP) is developed for the control and maintenance of user access.

Part B relates to calibration records, and the retaining of raw data. This is an interesting observation as many companies transcribe the raw data (calibration results) to a calibration management system and then discard the paper copies. When taking this approach it is important to have a Standard Operating Procedure (SOP) in place which will document what is the primary calibration record, how the record will be verified (within a calibration database) and the role of the quality organisation.