Auditing Software Suppliers (Part 1)

Introduction to Software Supplier AuditsThis blog is the first of a series of planned articles on the process for quality system auditing suppliers of software and computerised systems. This blog concentrates on the GMP and Regulatory requirements for performing supplier audits, future posts are planned for discussing the auditing process.

A supplier quality audit can be a critical phase of any

Read More

CSV FDA Warning Letters : Security / Audit Trail

Date: 12 August 2008
Link: FDA Warning Letter (New Window)

Observation6. Failure to establish appropriate controls over computer or related systems to assure that changes in master production and control records or other records are instituted only by authorized personnel as required by 21 CFR 211.68 (b).
For example, the [redacted] data acquisition system for the [redacted] UV/Visible

Read More

CSV FDA Warning Letter : Periodic Review

Date: 21 May 2010
Link: FDA Warning Letter (New Window)

Observation6. Your firm failed to check the accuracy of the input to and output from the computer or related systems of formulas or other records or data and establish the degree and frequency of input/output verifications [21 CFR § 211.68(b)].

For example, the performance qualification of your (b)(4) system software (Validation No.

Read More

21 CFR Part 11 Warning Letters

From the review of the FDA Warning Letters I could not find any observations for pharmaceutical or biotechnology companies directly citing non compliance against 21 CFR Part 11.

21 CFR Part 11 - The next stepFrom the review of the published FDA Warning letters the observations relating to the security and electronic records have not been cited against 21 CFR part 11 however the agency selected

Read More

CSV FDA Warning Letter : Security Controls

Date: 14 Jan 2008
Link: FDA Warning Letter (New Window)

Observation3. Failure to have a validated and secure computerized system. Additionally, there were no written protocols to assign levels of responsibilities for the system.

It was noted that the [redacted] instrument model [redacted] used for the analysis of [redacted] failed to have password control for the analysts and the supervisor.

Read More

FMEA for Computer Systems

I have published an article on the Computer Systems Validation web site (www.csv-qa.com) for performing Failure Mode Effect Analysis (FMEA) for automation and process control equipment.

This article provides an introduction to performing a FMEA risk assessment for computer system validation as part of a quality risk management process.

The process details application of the approach included

Read More

CSV FDA Warning Letters : Security

Date: 16 April 2007
Link: FDA Warning Letter (New Window)

Observation
6. Appropriate controls are not exercised over computers or related systems to assure that changes in analytical methods or other control records are instituted only by authorized personnel [21 CFR 211.68(b)]. Specifically,
a) There was a failure to validate the [redacted] software to assure that all data generated by the

Read More