Data Analysis of Relevant Warning Letters of FDA on Computer System

As is known to all, FDA, one of the strictest drug administration agencies in the world, mainly take charge of safeguarding the health and safety of consumers based on federal food, drug, cosmetics laws and other laws. FDA inspection officials inspect the quality assurance systems of pharmaceutical product manufacturers on site, and list the defects and problems of enterprises found in the inspection on Form 483. If FDA is not satisfied with the explanations of an enterprise, it will send the warning letter. This means that FDA will refuse entry of products of the said enterprise into the U.S. market, and recommend not approving the applications of new drugs that are produced with products of the said enterprise. Furthermore, FDA will publish the warning letters online, resulting in consumers, competitors and business partners to have a bad impression on the companies not meeting standards, and even affecting the normal operation of the companies.

In general, main reasons for pharmaceutical product manufacturers to receive warning letters include: personnel training, recording, validation, laboratory management, and communication, etc., however, the "data integrity" and "computer system" frequently appear after analysis of the content of warning letters received by enterprises around the world from 2013 to first half of 2017, and show the trend of increase year by year. I would talk about details of warning letters on computer system issue below.

According to incomplete statistics, quantity of warning letters on computer system issue received by enterprises in the recent decade is as shown in the following figure and divided by country, specifically distributing as follows:

From the above figure, the U.S. local enterprises had many defects in computer system management, and the maximum quantity of warning letters: 26; Indian and Chinese enterprises were frequently inspected because India and China are the main supply bases of global generic drugs, separately ranking second and third with 11 warning letters and 6 warning letters.

Different characteristics show when conducting statistics and analysis of warning letters on computer system by year: FDA sent many warning letters on computer system in 2008, 2009 and 2010; however, warning letters on computer system significantly decreased from 2012 to 2014; we could notice that FDA showed a clear focus on computer system and significantly increased the inspection efforts, with the warning letter quantity hitting a historic high in 2015-2016.

Situation of the typical defects is as follows after analysis of problems associated with computer system in the warning letters:

Firstly, lack of management of computer system: for example, current computer users in the laboratory were able to delete data from analyses, and massive original data were deleted, with no audit trail, or adequate form of traceability in the operating system to document deletion activity; the laboratory instrument operating software lacked active audit trail functions to record changes to data, including information on original results, the identity of the person making the change, and the date of the change.

Secondly, no authorization of computer system and system: certain company failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

Thirdly, certain company failed to establish and document the accuracy, reliability and performance of its computer systems employed in the release of drug products [21 CFR.211.68 (a)].

From the above content, many pharmaceutical enterprises are in their very early stage of computer system management, and need to constantly strengthen and improve it. Likewise, similar problems could be found after organizing CFDA’s reports on problems of Chinese enterprises in the inspections.

For example, the inspection report issued by CFDA on Sichuan Plateau Pearl Pharmaceutical Co., Ltd. at the beginning of June 2017 mentions: (2) Modification of computer system time without authorization. The logs of the computer system used by the two HPLC workstations (No. 102001, 102002) show that the time and date of the computer system were modified for many times, for example, on November 25, 2016, the system time was adjusted to November 5, 2016, then October 6, 2016, and then December 9, 2016; the modification time of one sample probe on the HPLC electronic atlas of radix isatidis (material code: YL038, batch No.: 160301) in the computer system was "January 20, 2016" which was inconsistent with the creation time, modification time and access time (March 28, 2016) of other sample probes and reference substance probes of the same batch; the modification time of one reference substance probe on the HPLC electronic atlas of folium isatidis (material code: YL 039, batch No.: 160301) was "March 28, 2016" which was inconsistent with the creation time, modification time and access time (January 20, 2016) of other sample probes and reference substance probes of the same batch.

 (3) Deletion of atlas without recording the reason. It is found after recovering the emptied data of the recycle bin of the computer system that the creation time of three atlases separately named "reference 01 (20160930 17:16:22).hw; sample 01 (20160930 17:36:42).hw; sample 02 (20160930 17:56:00).hw" was separately 17:16:38, 17:55:57 and 18:13:54 of September 30, 2016; those time points were between the creation time and modification time of relevant inspection atlas of finished Sanqi Shangyao tablets (batch No.: 160912, 160913); the recycle bin of the computer system of infrared spectrophotometer (model FTIR-650, No.: 133001) had atlases of 7 batches including alcohol 160502 (edible) and alcohol 160702 (edible), etc., which were inconsistent with the atlases with the same names saved for material release.

For the reasons above, it is hoped that pharmaceutical enterprises should immediately try to build appropriate IT teams and compliance teams based on own realities, and establish the internal procedures and computer system control strategies according to regulations and industry guide, so as to guarantee smoothly passing Chinese and foreign inspections.