German Company receives FDA Warning Letter for Data Integrity Issues

The US American FDA reacts to major deviations / violations from the GMP principles with the issuance of a Warning Letter. Within 15 working days of receipt of such a letter, the FDA expects an answer from the company concerned with the measures taken to remedy the deviations / violations.

In the Warning Letter addressed to BBT Biotech in Germany, the FDA focussed on 4 major deviations. One of the deficiencies - with regard to computerised systems and data integrity - is covered below. The other 3 areas: stability testing, change management and OOS system will be addressed in upcoming articles.

With regard to computerised systems, the following violation was noted: "Failure to exercise sufficient controls over computerized systems to prevent unauthorized access or changes to data, and to provide controls to prevent omission to data". In detail, the following findings were observed:

• A system not further specified lacked access controls and audit trail capabilities
• All employees had administrator rights and shared one user name. Thus, actions couldn't be attributed to a specific user. Electronic data could have been manipulated or deleted without traceability
• Raw data were copied to a CD and then deleted from the hard drive. Data copied were selected manually without supervision of the selection process. Without audit trail and supervision, there was no assurance that all raw data were copied before they were permanently deleted.

The company committed to hire an external expert to install audit trails and take further measures to ensure that data cannot be deleted. According to the FDA, this commitment was inadequate. The FDA expected the company to demonstrate that through the measures taken all data collected as part of a cGMP report before releasing APIs can be retained and evaluated. The FDA now further expects the company to investigate the retention and review of the cGMP data focussing on laboratory raw data and provides the results. Furthermore, the FDA expects a plan from the company on the control of retaining and reviewing data and the implementation of adequate access controls and audit trail capabilities.

Source: Warning Letter for the company BBT Biotech dated 16 May 2016