Mahendra Chemicals

Mahendra Chemicals..
Product: pharmaceutical manufacturing facility
Date: 7/13/2015

Failure to prevent unauthorized access or changes to data, and to provide adequate controls to prevent omission of data.

Your laboratory systems lacked access controls to prevent raw data from being deleted or altered. For example,

a) There is no assurance that you maintain complete electronic raw data for your Gas Chromatography (GC) instrument. FDA investigators observed multiple copies of raw data files in the recycle bin connected to the GC instrument QC-04 even in the presence of ?Do Not Delete Any Data? notes posted on two laboratory workstation computer monitors.

b) Employees were allowed uncontrolled access to operating systems and data acquisition software tracking residual solvent, and test and moisture content. Our investigators noted that there was no password functionality to log into the operating system or the data acquisition software for the GC, the High Performance Liquid Chromatography (HPLC) instrument QC-17, or the Karl Fischer (KF) Titrator QC-13.

c) HPLC SpinChrome and GC Lab Station data acquisition software lacked active audit trail functions to record changes in data, including original results, who made changes, and when.

In your response, you state that your laboratory GC, HPLC and KF systems are now password-protected and that you have begun drafting analytical software password procedures for the GC, HPLC and KF laboratory instruments. However, your response does not state whether every analyst will have their own user identification and password. You also mention plans to install a validated computer system. However, you did not provide a detailed corrective action and preventive action (CAPA) plan or conduct a review of the reliability of your historical data to ensure the quality of your products distributed to the U.S. market.

Inadequate controls of your computerized analytical systems raise questions about the authenticity and reliability of your data and the quality of your APIs. It is essential that your firm implements controls to prevent data omissions or alterations. It is critical that these controls record changes to existing data, such as the individuals making changes, the dates, and the reason for changes.

FDA District Office: CDRH

About the author

Amy enjoys researching and writing about developments in medical technology and how that intersects with US law. She received her J.D. from the University of Florida Levin College of Law in 2020 and now works as a Regulatory Associate for SoftwareCPR®, a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software.

62304 Software Training Course – February 23-25, 2021

IEC 62304 and Emerging Standards and FDA Expectations for Medical Device and Health IT Software – Virtual

This very popular 3-day course provides a clear understanding of applying IEC 62304 standard for medical device software and much more. The course compares and contrasts 62304 with FDA expectations and discusses approaches for alignment. In addition, participants will learn of other relevant standards and technical reports pertinent to medical device software, HealthIT, medical mobile apps, and Software as a Medical Device (SaMD) products (e.g., 82304, 80002-1, 14971, 80001-2-x, 62366).

Participants will gain practical advice and pragmatic experience with all types of medical software. Participants will leave with a clear understanding of how to effectively and efficiently integrate 62304 compliance into their software development lifecycle (SDLC).

Register (click):  EventZilla Registration Site

Need info?  Email us at training@softwarecpr.com

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.