Trifarma S.p.A.

Trifarma S.p.A.
Product: active pharmaceutical ingredients (APIs)
Date: 7/7/2014

1. Failure to maintain complete data derived from all testing and to ensure compliance with established specifications and standards pertaining to data retention and management.

Your firm did not retain complete raw data from testing performed to ensure the quality of your APIs. Specifically, your firm deleted all electronic raw data supporting your high performance liquid chromatography (HPLC) testing of all API products released to the U.S. market. In addition, your firm failed to retain basic chromatographic information such as injection sequence, instrument method or integration method for the tests. Your firm?s lack of data control causes us to question the reliability of your data.

In addition, your laboratory management was unaware of, and therefore did not follow, the written procedure detailing the review of analytical data. Furthermore, your management confirmed that the review of analytical data did not include evaluating the system suitability parameters to ensure proper column performance.

Your response states that your firm has been researching backup systems since July 2013 and will have a backup system online by the third quarter of 2014. Your response also states you have begun provisionally storing backup data on each computer, including the integration method as part of that data. However, you do not address the backup of the injection sequence, the instrument method or audit trails. In addition, your response does not address how your firm will ensure that electronic files are not deleted prematurely from local computers.

In response to this letter, provide a comprehensive corrective action plan addressing the foregoing concerns. Include information regarding system-wide changes, revised procedures, and appropriate retraining of employees that will be implemented immediately to ensure retention of complete electronic raw data for all laboratory instrumentation and equipment.

2. Failure to prevent unauthorized access or changes to data and to provide adequate controls to prevent omission of data.
Your firm did not have proper controls in place to prevent the unauthorized manipulation of your laboratory’s raw electronic data. Specifically, your laboratory systems did not have access controls to prevent deletion or alteration of raw data. The inspection noted that all laboratory employees were granted full privileges to the computer systems.

In addition, prior to January 7, 2014, HPLC and gas chromatograph (GC) computer software lacked active audit trail functions to record changes to data, including information on original results, the identity of the person making the change, and the date of the change.

Your response statesyour Agilent GC system and HPLC systems now have audit trails, with (b)(4) more GC systems to be upgraded by the second quarter of 2014. However, your response did not describe the audit trails for the processing of the data on your Agilent systems. Your response also states your firm has begun to retain electronic raw data on the local hard drive, but without proper safeguards to ensure they cannot be deleted prematurely. Such safeguards will not be implemented until the third quarter of 2014.

In response to this letter, provide your corrective action plan to prevent deletion and alteration of electronic data. In addition, describe with more detail your firm?s new archival process and provide assurance that it will consistently function to prevent the types of failures described above from recurring in the future.

We also note that your firm lacked electronic raw data supporting cleaning, method and process validations. In response to this letter, provide a corrective action plan to review all related test methods associated with products distributed to the U.S. in light of the lack of supporting raw data.

FDA District Office: CDRH

About the author

Amy enjoys researching and writing about developments in medical technology and how that intersects with US law. She received her J.D. from the University of Florida Levin College of Law in 2020 and now works as a Regulatory Associate for SoftwareCPR®, a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software.

Remote Webmeeting Assessments

SoftwareCPR can provide remote offsite assessments to support virtual offices.  Our consultants can utilize webmeeting tools to walk your teams through assessments such as:

  • 62304 compliance
  • Regulatory submission pre-review
  • Software risk analysis
  • Cybersecurity process and validation
  • Overall ISO 14971 risk management
  • Overview of software regulation with John Murray

Email office@softwarecpr.com
for more info!

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.