Equipment Qualification, Computer System Validation and Audit Trail in the Context of an FDA Warning Letter
Recommendation

25-28 August 2026
Copenhagen, Denmark
including 8 Interactive Workshops
On 22 May 2026, the FDA issued a Warning Letter to the Mexican company Laboratorios Jaloma S.A. de C.V. regarding CGMP violations. The Warning Letter is based on an FDA inspection carried out in December 2025. The company’s responses of 12 January 2026 to the findings listed in Form 483 were deemed insufficient by the FDA. FDA Warning Letters always refer to the GMP requirements set out in 21 CFR Part 211; in this case, for analytical instruments and their software, these are:
Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(a))
Observations
According to the FDA, Laboratorios Jaloma lacked adequate controls over the gas chromatograph used to test components in the finished products. The gas chromatograph was
- Not adequately qualified.
- The control system was not validated.
- The audit trail was not activated.
- The GC data file creation and modification data were inaccurate.
Furthermore, there were insufficient controls in place to prevent the deletion or manipulation of the electronic raw data. The inspector documented that several chromatograph data files could not be located in the storage folders on the GC computer.
Response of the company
The company admitted that it did not back up the electronic data located on the GC computer. However, it stated that it would purchase a GC software package and validate the GC system. Audit trails and regular backups are to be implemented.
The company’s responses to these observations were (as expected) inadequate. Why?
Generally speaking, the FDA expects more than a simple “we will do better in future”. What was expected in this case?
- A comprehensive assessment of the implications of the discarded or lost chromatography data from the GC computer.
- An explanation of how the traceability of CGMP-relevant electronic files with incorrect timestamps and without audit trail data is ensured, and
- A concrete timeline for the completion of the GC validation and qualification activities.
What does the FDA expect when responding to this Warning Letter?
A comprehensive, independent assessment and a CAPA plan regarding the security and integrity of computer systems. This should include a report identifying weaknesses in the design and control measures, proposing appropriate corrective actions for each laboratory and manufacturing computer system, and addressing the following points:
- A list of all hardware in the laboratory, including individual both stand-alone and network.
- A list of all software configurations and versions, as well as details of user privileges and oversight responsibilities for the IT systems.
- System security measures, including, but not limited to, whether unique usernames/passwords are always used and their confidentiality is ensured.
- Detailed procedures for the reliable use and review of audit trail data, as well as the current status of audit trail implementation for each of your systems.
- Technological improvements to better integrate data generated by stand-alone systems.
- A detailed summary of procedural updates and associated training, including, but not limited to, system security controls to prevent unauthorised access and ensure appropriate assignment of user roles, secondary verification of all analyses, and other system controls.
Source: Warning Letter an Laboratorios Jaloma S.A. de C.V. vom 22 May 2026
Related GMP News
30.07.2025Annex 11 Draft - First Analysis
16.07.2025Content of an Audit Trail / Must an Audit Trail be printable?
09.07.2025Drafts of EU GMP Guideline Annex 11, Annex 22 and Chapter 4 released for comment
20.03.2025New FDA-Guidance for Industry draft on AI
12.02.2025Cloud Computing: Documents for a smooth migration to the cloud


