FDA's warning letters for the year 2009 were already discussed in our news of 17 February 2010.
In these warning letters from 2009, there have also been some complaints about the non-GMP-compliant handling of HPLC systems from an FDA viewpoint in the analytical laboratories of pharmaceutical enterprises.
In the following you will find some excerpts from the corresponding warning letters:
One company was criticised for not qualifying the HPLC system with certified standards and with validated procedures when testing the starting materials. Obviously, the firm had simply used the active pharmaceutical ingredient (API) itself as the standard for qualifying the HPLC system before the samples of the finished product were analysed with it. The laboratory failed to certify this API used for qualification against a primary standard of an accredited institution or to fully characterise this material as an independent standard.
Another point of criticism was that the firm had not undertaken to requalify the HPLC system.
With regard to the calibration of equipment, the FDA faults the fact that there is no performance test for injectors and detectors with which linearity, accuracy and precision are checked, like e. g.
1. testing various injection volumes and standard concentrations,
2. evaluating measurement noise and drift of the detector,
3. carryover testing in order to find out if low concentrations might cause interference of signals.
In two further warning letters, the FDA wrote that the firms in question did not perform adequate controls of the computer systems and related systems.
Analytical data may e. g. only be modified if a competent person has approved the change. Besides, it is not permitted that two laboratory staff members share the same user account, namely in case this user account comprises the whole range of administrative rights in the system, including that of making changes to methods and projects. Furthermore, there were no written procedures as to which tasks and rights the users had with regard to access, changes, creation, modification as well as deletion of data and projects.
At another company, the FDA listed on the same topic in January 2010: The company does not have a system in place to ensure that all electronic data created in the quality control laboratories are safe and cannot be tampered with. Here, too, all analysts held system administrator privileges, which allowed folders with raw data to be modified, overwritten or deleted.
Moreover, when laboratory data were checked, no attention was paid to the fact that this review usually includes an audit trail or revision history so that it can be verified if illicit changes have been made.
Dr Günter Brendelberger
On behalf of the European Compliance Academy (ECA)