POSH CHEMICALS PRIVATE LTD RECEIVES FDA WARNING LETTER (8/2/13)
During the timeframe of March 3-8, 2013 the FDA inspected Posh Chemicals Private Ltd, Hyderabad, India. A total of three Observations were received. Of particular note is Observation 1 which is similar to Observations from several other Warning Letters to include Sandoz and Cephazone Pharma. The Observation stated:
- Failure to protect computerized data from unauthorized access or changes.
Our inspection found that there were no restrictions to access the laboratory data residing on the workstations attached to your standalone instrumentation: (b)(4) High Pressure Liquid Chromatographs (HPLCs), the Fourier Transform Infrared Spectrophotometer (FTIR), the gas chromatograph (GC) and the drives and portable media used as back-ups. There was no protection of the data from alteration and deletion and no audit trails to detect if such alteration or deletion had occurred. You have stated that you are in the process of purchasing and updating software to handle these problems. You have also stated that there had been no misconduct by laboratory personnel. However, our investigator uncovered misconduct by laboratory personnel (see issue 3 below). Please provide a detailed summary of your investigations that led to the conclusion that no misconduct occurred. Also, please provide a description of your corrections, including system upgrades. This description should be detailed enough to determine if this deficiency has been addressed.
The Sandoz Warning Letter (August 12, 2008) included the following Observation which had many similarities and which can be viewed within Observation 6 (see below).
6. Failure to establish appropriate controls over computer or related systems to assure that changes in master production and control records or other records are instituted only by authorized personnel as required by 21 CFR § 211.68 (b).
For example, the Agilent Chemstation data acquisition system for the HP 8453 UV/Visible spectrophotometers allows your analysts to modify, overwrite, and delete original raw data files. The spectrophotometers are used for dissolution testing of finished product, stability samples, and process and method validation studies. All laboratory personnel were given roles as Chemstation Managers, which allowed them to modify, delete, and overwrite results files.
This system also does not include an audit trail or any history of revisions that would record any modification or deletion of raw data or files. Your laboratory computer system lacks necessary controls to ensure that data is protected from tampering, and it also lacks audit trail capabilities to detect data that could be potentially compromised.
The Cephazone Pharma’s Warning Letter (April 25, 2011) included the following Observation which had many similarities and which can be viewed within Observation 4 (see below).
4. Your firm has failed to exercise appropriate controls over computer or related systems to assure that changes in master production and control records, or other records, are instituted only by authorized personnel [21 C.F.R § 211.68(b)].
For example, your firm lacks control of the (b)(4) computer system which monitors equipment, room differential pressure, room humidity, and stability chambers. Although the system is password protected for temperature and humidity set points, all employees have access to the room where the (b)(4) computer system is located and the external hard drive is not password protected. During the inspection we observed that an employee was able to alter or delete data without a password and save the changed file.
In your response, your firm states that additional controls were implemented including validating the remote access to the (b)(4) computer, password protecting the room where the computer is stored, and limiting the (b)(4) control room to authorized personnel only. Although your corrective actions may adequately address the protection of the (b)(4) computer from non-traceable changes, your firm has not taken a global approach to this deficiency. It is our expectation that your other manufacturing and laboratory computerized systems will be reviewed to ensure similar deficiencies do not exist.
These three Warning Letters over a five year period illustrate how history tends to repeat itself time and time again and how we can learn from our past mistakes. Using this Blog, one may find a variety of Warning Letters from the previous three years that reflect on the many Observations that the FDA has posted in Warning Letters. This Blog is an excellent source from which to begin when reviewing how to respond to a Warning Letter and some of the “pitfalls” one should avoid.
Barry A Friedman, PhD LLC 