Recipient: Polydrug Laboratories Pvt. Ltd. Corporate Office
Product: Pharmaceuticals
Date: 4/11/2016
Failure of computerized systems to have sufficient controls to prevent unauthorized access or changes to data. Your firm’s computer system for entering test results and storing certificates of analysis (CoA), which document whether a drug meets specifications, does not have sufficient controls to prevent unauthorized changes to a CoA after quality unit approval. Your firm’s computer system for entering test results and storing certificates of analysis (CoA), which document whether a drug meets specifications, does not have sufficient controls to prevent unauthorized changes to a CoA after quality unit approval. During the inspection, our investigator reviewed (b)(4) CoA stored on computer #16, all of which were approved by the quality unit. A manager demonstrated for our investigator how results on an already finalized CoA could be manipulated after the formal quality unit approval. Also, the quality unit’s electronic signatures on these CoA were uncontrolled images of signatures rather than certificate-based electronic signatures. Your response states that your firm plans to implement an enterprise resource planning system. Your response is inadequate because you did not provide sufficient detail about how this system will prevent unauthorized access or data manipulation, nor did you indicate your timeframe for installing and validating the system. In addition, you failed to review and confirm authenticity of CoA data for products you have already released under the deficient conditions described above.
FDA District: CDRH