For authorities the integrity of data is an essential quality attribute in the manufacture of pharmaceutical products. After some serious deviations international authorities have moved the topic into the centre of their interest. In particular the US FDA issued serious violations in Warning Letters to the companies concerned.
In a current letter to the API manufacturer VUAB Pharma in the Czech Republic the inspector and the authority criticised multiple aspects with regard to "failure to prevent unauthorized access or change to data and to provide controls preventing data omissions":
'The firm did not retain complete raw data from testing performed to assure the quality of API. The inspector revealed the firm did not properly maintain a back-up of HPLC chromatograms that form the basis of the product release decisions. The inspector revealed as well discrepancies between the printed chromatograms and the OQ protocol for the HPLC system, which is intended to demonstrate correct operation of the system (e.g. injection sequences and values to calculate relative standard deviation'
'The quality unit was unable to retrieve the original electronic raw data because back-up discs were unreadable. The quality unit stated that back-up discs have been unreadable since at least 2013'
'The inspector criticised that the firm does not have proper controls in place to prevent unauthorized manipulation of labs raw electronic data. The HPLC systems did not have access controls to prevent alteration or deletion of data. The HPLC software lacked an audit trail recording any changes to the data, including: previous entries, who made changes, and when changes were made'
'The laboratory employees shared a common log-in and password to access the system'
'The firm response stated they are qualifying a new HPLC system which allows operator-specific passwords and has audit trail and back-up functions. The firm will implement as well a new electronic back-up system. FDA stated that the response lacks sufficient detail about systems and controls. Simply activating audit trail functions and instituting password controls is inadequate.'
'The firm failed to review historical data to ensure the quality of the products distributed to the US market'
In response to this list of deficiencies the FDA now expects the affected company to provide a comprehensive corrective action plan to the following points within 15 working days:
'Information regarding changes in the reliability of the IT infrastructure, including improved IT systems, systems validation, revised procedures and retraining of employees'
'Procedures regarding passwords used to access the analytical instruments. All access levels for computerised systems should be clearly defined and documented in a written procedure'
'A detailed summary of the steps taken to train the personnel on the proper use of computerised systems'