Date: 07 May 2009
Link: FDA Warning Letter (New Window)
Observation
5. Your firm has not exercised appropriate controls over computer or related systems to assure that changes in control records or other records are instituted only by authorized personnel [21 CFR 211.68(b)J. For example, one user account is established for two analysts to access the laboratory instrument's software on the computer system attached to HPLC systems (b)(4) and . The user account provides full system administrative rights, including editing of the methods and projects. In addition, data security protocols are not established that describe the user's roles and responsibilities in terms of privileges to access, change, modify, create, and delete projects and data.
Comment
This is one of many inspection findings relating to the security of computerised systems. In this instance it relates to laboratory instruments within a pharmaceutical manufacturer of over-the-counter (OTC) drug products.Regulated companies must put in place sufficient controls to ensure that users have access to only the functions that they require and that the electronic records, either for developing methods and management of electronic records.
A Good Electronic Records Management (GERM) procedure with a risk based approach to ensure the integrity of records within the system should be deployed by the regulated company.
This policy should then be deployed throughout the validation lifecycle (to risk assess and assure the integrity of the data) with controls in place for the operational compliance including the review of audit trails.
Thanks !
ReplyDelete