Lessons Learned from FDA Warning Letters


April 2018 (week of 4/23/18) three cGMP warning letters were posted by FDA.  The most interesting warning letter was to a Chinese API manufacturer for an inspection from October 2017 and provides some interesting lessons learned.  This API manufacturer promised FDA to improve controls over laboratory computerized systems to prevent unauthorized access or changes to data (data integrity) based on a 2015 inspection.  When this firm was re-inspected by FDA in 2017 the following changes had not been implemented:

  • enabling the audit trail function on laboratory electronic instruments;
  • assigning unique user names and passwords for each staff member; and
  • authorizing [redacted] levels of accessibility to prevent electronic data from being deleted, removed, transferred, renamed or altered.

Warning letter lessons learned – when you commit an action to FDA follow through and meet your commitments.

This same API manufacturer was not able to provide electronic data to support batch releases from 2011-2017.  The firm was not able to provide the data as it had been deleted by accident and was no longer available.    In the firm’s response – they did state that the data had been downloaded to a mobile hard disk for backup – and they would be able to retrieve the data once they upgraded the HPLC software.

Warning letter lessons learned – implement adequate controls that prevent deleting key data, when data is backed up verify the firm has the ability to locate and retrieve archived data.

On analysis of the HPLC injection history, several examples were identified where the initial injection was not included in the final data packet provided to the quality unit for batch review and approval.  Additionally, one instance was identified where the quality unit reviewed and approved the Certificate of Analysis on May 29; however a test was not performed until the day after.  This discrepancy (Data Integrity) was explained by the Quality Control Manager that the COA had been released early to the quality unit because it was urgent and needed to be provided to a customer.

Warning lessons learned – based on the repeat nature of the cGMP deficiencies, failure of management to complete corrections previously committed to the agency, and the identified Data Integrity issues the firm was placed on an Import Alert.

Have a question on data integrity?  Contact Kevin Marcial PV’s Computer Systems Service Lead, or use our “contact us” form.