GMP News) \, v. p" F$ M" `) J( l W8 f
14/08/2014
Current FDA's Warning Letters on IT Topics - Part 2: Finished Medicinal Products and APIs
FDA警告信中的IT问题—第2部分:制剂成品和原料药
In a first stage of escalation - when serious GMP deviations are identified during inspections, or in case of insufficient corrective measures - the FDA issues a Warning Letter to the companies concerned. Within 15 working days, the companies in question have to undertake concrete action plans to redress those deviations. If these action plans are evaluated as insufficient by the Agency, further escalation levels may follow.
在第一阶段----GMP检查过程中,如果发现严重的GMP偏差,或者纠正措施不充分---FDA会向相关的公司签发警告信。在15个工作日内,公司必须采取具体的纠正措施计划纠正问题。如果FDA经过评估认为纠正计划不充分,则其措施可能会升级。
Some Warning Letters from 2014 also list GMP deficiencies with regard to IT topics. Not a single Warning Letter has been exclusively issued just because of IT issues, though. But taken together, all the GMP deviations in a company were so serious that the Agency issued a Warning Letter which also included deviations related to IT.
在2014年的一些警告信中,也列出了与IT相关的GMP缺陷,尽管并没有哪封警告信只单独针对IT问题发出,但汇总来看,公司里所有的GMP偏差太过严重,因此FDA签发的警告信中也包括了与IT相关的偏差。
All in all, 7 Warning Letters from 2014 contain topics with regard to IT. 4 Warning Letters have been issued for manufacturers of medical devices, 2 Warning Letters for manufacturers of medicinal products and 1 Warning Letter for an API manufacturer. In part I of our news on IT-related Warning Letters we covered those regarding medical devices. Following you will find letters with regard to finished medicinal products and APIs.
总而言之,2014年有7封警告信包括了与IT相关的问题,其中4封签发给医疗器械的生产商,2封签发给医疗产品,1封发给原料药生产商。在我们与IT警告信有关的第一部分的新闻中,我们讨论了医疗器械相关问题。以下,你能看到关于制剂和原料药的警告信内容。
IT-related Warning Letters on finished medicinal products and APIs 与IT相关的制剂和原料药警告信
IT-related Warning Letters for manufacturers of finished medicinal products always refer to 21 CFR 211.68 (b): "Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records "21 CFR 211.68 (b)" .
与制剂和原料药生产商相关的警告信都是引用21CFR 211.68 (b):“你们公司未能对计算机或相关系统进行适当控制,以保证只有经过授权的人员才能对母生产记录和母版检验记录及其它记录进行更改”。
With regard to that area, the Warning Letter issued for the company USV Limited criticises many items and has generally recorded the absence of appropriate provisions for the application of computerised systems. In detail, the following critical points are mentioned:
在这方面,FDA签发给USV Limited的警告信中批评了许多问题,指出应用计算机化系统时缺乏适当管理。具体提到的问题如下:
- Current computer users in der laboratory were able to delete data from analyses
- 目前化验室所用的计算机用户可以删除分析数据
- The audit trail function for a GC and a XRD system was disabled at the time of the inspection. Therefore the firm lacks records for the acquisition, or modification, of laboratory data
- 检查期间GC和XRD系统的审计追踪功能是关闭的。因此,公司缺乏对调用和修改化验室数据的记录。
- QC lab personnel shared login IDs for HPLC units. The lab staff shared one login ID for the XRD unit. Analysts also shared the username and password for the Windows operating system for the GC workstation and no computer lock mechanism had been configured to prevent unauthorized access to the operation system
- QC化验室的人员共用一个HPLC系统的登录名。化验室员工共用一个XRD系统的登录名。分析员也共用一个GC工作站所用WINDOWS操作系统的用户名和密码,计算机系统也并没有锁定设置防止未经授权进入操作系统
- There was no procedure for the backup and protection of data on the GC standalone workstations
- 没有对GC工作站数据进行备份和保护的程序
- In the response the firm lacks assurance that the periodic backed up data include all of the original data generated
- 在公司的回复中,缺乏对周期性备份数据的保证,包括对生成的所有原始数据的备份
- Also the questions regarding Audit Trails and access controls have been either unanswered or insufficiently answered.
- (在回复中)对审计追踪和授权控制问题也没有答复或答复不充分
( M2 q* o2 y F) W0 G: o
Also the Warning Letter for the company Sun Pharmaceutical Industries lists several critical comments:
对Sun Pharmaceutical Industries的警告信中也列出了几个关键的问题:
- Numerous deleted raw data files on computers used for the GC instruments in the QC lab. The software on the computers used to control the GC instruments allowed the analysts to delete files from the hard drive with no audit trail or adequate form of traceability in the operating system to document deletion activity
- QC化验室里的GC仪器所用的几台电脑中原始数据被大量删除。计算机中用于控制GC仪器的软件允许分析人员从硬盘中删除文件,且删除操作并不会被审计追踪,在操作系统中也没有追溯表格来记录删除操作
- The software as configured assigned sequential, numerical names to raw data files within the same folder. When a raw data file was deleted or moved out of the designated folder, the next file recorded into the folder would be saved with an identical name as the deleted file. As a result, data can be manipulated so that saved files appear to be in sequence even if they were not generated sequentially
- 软件中一个文件夹下的原始数据以数字命名文件,顺序排列。如果一份原始数据文件被从该文件夹中删除或移出,下一份放入文件夹的文件则会以被删除文件相同命名被存入。这样,数据可能被伪造,即使该文件并不是原来序列下生成的,但被存入的文件显示出来是顺序的。
- Due to the basic lack of audit trail and data security, an analyst could delete analytical files without traceability - an unacceptable practice from the FDAs point of view
- 由于根本没有审计追踪和数据安全措施,分析人员可以在没有追踪的前提下删除分析文件---从FDA的角度来看这是不可接受的操作方式。, B4 ]: } C3 h8 x' J% q! ^
The Warning Letter for the API manufacturer Trifarma doesn't refer to the respective sections from the CFR. Yet, here again it focused on possible unauthorised manipulation of raw data in the lab. Corresponding provisions were inexistent. Concretely, the following aspects have been addressed:
给原料药生产商Trifarma的警告信中倒没有引用相关的CFR部分,但是,这里又一次关注了化验室中对原始数据未经授权的篡改的可能性。这里并没有对应的条款,在警告信中指出了以下具体问题:
- The laboratory systems did not have access controls to prevent deletion or alteration of raw data
- 化验室系统没有权限控制,防止对原始数据的删除和篡改
- All laboratory employees were granted full privileges to the computer systems
- 所有化验室员工均被授权对计算机系统拥有全部的权限
- HPLC and GC computer software lacked active audit trail functions to record changes to data, including information on original results, the identity of the person making the change, and the date of the change
- HPLC和GC操作软件的审计追踪功能未激活,不能记录对数据的更改,包括原始信息、修改人的身份、更改日期
- The response did not describe the audit trails for the processing of the data on your system.
- 回复中未描述你们系统中处理数据的审计追踪
- The response also states the firm has begun to retain electronic raw data on the local hard drive, but without proper safeguards to ensure they cannot be deleted prematurely
- 回复中还声称公司已开始将原始电子数据保存在本地硬盘中,但并没有适当的安全措施来保证它们不会被永久性地删除' ?; J8 N* P- ?* H
From the authority's view, the current focus of IT-topics generally concerns the question of data and system security, particularly the traceability of changes by means of Audit Trails.
从官方的观点来看,目前重点集中在IT话题一般是关于数据和系统的安全性,特别是审计追踪功能下的更改追溯性。