FDA Warning Letter - Microsoft Excel Spreadsheet

Date: 13 June 2012
Link FDA 483 (New Window)

Observation

5. Your firm has not established and documented the accuracy, reliability and performance of your computer systems employed in the release of drug products [21 C.F.R. 211.68 (a)]

For example, your firm did not verify the accuracy of Excel spreadsheets used to calculate product assay analytical results, for all products manufactured for the US market, in order to verify the accuracy of the results obtained.

This is very similar to a observation from 2010 in the use of Microsoft Excel Spreadsheets which stated

6. Your firm has failed to exercise appropriate controls over computer or related systems to assure that changes in master production and control records, or other records, are instituted only by authorized personnel [21 C.F.R § 211.68(b)].


a) Your firm's laboratory analysts have the ability to access and delete raw chromatographic data located on the (b)(4) of (b)(4) used to conduct HPLC testing. Due to this unrestrictive access, there is no assurance that laboratory records and raw data are accurate and valid.

b) Your firm's laboratory analysts have the ability to access and modify the formulas in the Excel spreadsheets used to calculate assay results for Guaifenesin and (b)(4) drug products. Due to this unrestricted access, there is no assurance that the formulas in the Excel spreadsheets are accurate and valid.

Comment

Microsoft Excel Spreadsheets are used throughout the pharmaceutical industry, generally installed on every desktop computer. However when using spreadsheets to make calculations that are used to support product release and quality based decisions then the spreadsheet must be controlled and verified to ensure that the spreadsheet is secure and that the calculations are accurate across the range.

The security of the spreadsheet should ensure that users of the spreadsheet can only enter data in to specific cells and that the calculations cannot be modified. Basic Excel security can be used to ensure this.

Calculations should be verified across the data range against manually calculated results. Care should be taken relating to rounding errors and resolution..

The spreadsheets should be maintained within a document management system or other secure location to ensure that the files can be access but cannot be modified or overwritten. Changes to the spreadsheets should be managed by Change Control.

CSV FDA Warning Letters : Laboratory Systems Security

Date: 20 April 2010
Link: FDA Warning Letter (New Window)

Observation

This is a follow up letter from an inspection in 2009 where the security of laboratory systems had been raised within the FDA 483.

6. Your firm has failed to exercise appropriate controls over computer or related systems to assure that changes in master production and control records, or other records, are instituted only by authorized personnel [21 C.F.R § 211.68(b)].

a) Your firm's laboratory analysts have the ability to access and delete raw chromatographic data located on the (b)(4) of (b)(4) used to conduct HPLC testing. Due to this unrestrictive access, there is no assurance that laboratory records and raw data are accurate and valid.

b) Your firm's laboratory analysts have the ability to access and modify the formulas in the Excel spreadsheets used to calculate assay results for Guaifenesin and (b)(4) drug products. Due to this unrestricted access, there is no assurance that the formulas in the Excel spreadsheets are accurate and valid.

Your response appears to be adequate, but the effectiveness of the security features on your laboratory equipment will be verified at the next inspection.

Comment

This is a regular theme that pharmaceutical companies fail to have appropriate security controls over laboratory equipment. This again links with the approach in 2009 not to cite against 21 CFR Part 11 but against 21 CFR 211. As discussed in a previous post  the FDA are planning to perform investigations against 21 CFR Part 11.

In part (a) of the observation the requirement is to ensure that users of laboratory systems do not have access to the operating system, to ensure that the raw data is secure.

In part (b) is is interesting that spreadsheets get a direct mention in the observation. Security controls over the spreadsheets should be employed to ensure that the formulas within them cannot be modified (either accidently or maliciously). A general rule should be to avoid using spreadsheets as much as possible, but where they are used they must be controlled and validated (see Spreadsheet Validation post).

As part of an inspection readiness program or periodic review a review of security controls within the laboratory areas should be performed. Ensure that controls are in place and that they are followed. Technical controls must be in place to ensure that users of the system do not have access to the operating system which would give them in turn access to the electronic records.

Comments are always welcome.

Spreadsheet Validation

Spreadsheets have become commonly used within a wide range of applications within the pharmaceutical and biotechnology industries. These range from the management of documentation lists through to complex algorithms used to support batch release.

This post provides a description of a risk based approach to the validation of spreadsheets. As with all posts comments are welcome.
The approach to validating spreadsheets should be the same as all other software processes, requirements and planning, specification and design, verification and release. (see article software validation)

TO keep spreadsheet validation processes lean I recommend that templates are developed for each of the deliverables alongside a Procedure / Validation Plan and a well defined Standard.

Requirements and Planning

The level of requirements required for a spreadsheet will be different to that of an automation control system. However the user should define the basic requirements.
Company standards should be developed for formatting, storage and security, and therefore only the specifics requirements of the spreadsheet need to be documented. This includes:

• All calculations and level of accuracy
• Any logic based decisions (if statements)
• Trending functions (charts to be used)
• Special functions

Generally a spreadsheet will be used to replace a manual process. The user requirements should reflect this process.

An individual validation plan should not be required for a spreadsheet (unless extremely complex). An SOP or VP for spreadsheet should describe the process fully.

Risk Assessment

The planning phase should also include a risk assessment of the spreadsheet, considering impact of use and complexity. The following provides guidance


GMP Impact

High Impact –used to generate GMP release or study data or make GMP processing decisions

Medium Impact –used to generate data supporting GMP release data (eg assay trending)

Low Impact – used to generate other GMP data (e.g. Schedules and lists).

Complexity

High Complexity – uses calculation macros, look-up functions, pivot tables, conditional formatting.

Medium Complexity –uses nested formulae, logic, sumif functions

Low Complexity –uses standard simple functions, basic mathematical functions simple workbook navigation macros.

The risk matrix provides a priority to support the approach to validation.

High Priority Records (Red) full lifecycle validation should be performed (treat as software in accordance with site CSV procedures.

Medium Priority (Yellow) Apply specification and design and verification phases detailed below..

Low Priority (Green) Limited validation required simple user requirements and functional testing (Operational Qualification).

Specification and Design

The specification can consist of the site standard for spreadsheet design with a marked up copy of the completed spreadsheet.

The design should be in accordance with the standards. This reduces the amount of effort during the verification phase.

The spreadsheet design standard is a subject that I will cover in more detail in a future post. It should however consider the approach for

• formatting
• calculations
• spreadsheet storage and distribution
• application of electronic records; electronic signatures
• version control

A design review should not be required.

Spreadsheet Verification

Formal verification should be performed. This can either be in a combined document or separate Installation Qualification (IQ) and Operational Qualification (OQ).

Spreadsheet Installation Qualification (IQ)
Installation Qualification is generally limited to recording the version of the spreadsheet package (e.g. MS Excel version), the version of the spreadsheet and the location of the spreadsheet.
Spreadsheet Operational Qualification (OQ)
The OQ should be a number of functional tests against a standard input range of data to verify that the results are accurate and the required precision is met.

“IF” logic statements used to make Pass / Fail decisions then testing around the decision point should be made, to ensure and to document that the decision is made accurately.

Acceptance and Release

Following the successful completion of the testing the spreadsheet should be transferred to the user. Operational compliance should be maintained and consideration should be made to software patches and application upgrades.

Periodic Review

FDS 21 CFR § 211.68(b) states:
Input to and output from the computer or related system of formulas or other records or data shall be checked for accuracy. The degree and frequency of input/output verification shall be based on the complexity and reliability of the computer or related system.

A method of periodic evaluation is required. This can be run concurrent with normal use of the spreadsheet that at predefined intervals the calculations are independently verified.