09
Jan
2015

Micro Labs Limited

0

Micro Labs Limited
Product: pharmaceutical manufacturing facility
Date: 1/9/2015

1. Your firm failed to ensure that laboratory records included complete data derived from all tests necessary to assure compliance with established specifications and standards (21 CFR 211.194(a)).
a) During the inspection, your management admitted that employees in both of your Quality Control (QC) laboratories had frequently conducted unauthorized ?trial? High Performance Liquid Chromatography (HPLC) injections prior to additional injections that were used in the reported test results. Although your management stated that this practice ended in February 2014, FDA investigators discovered evidence that this practice continues. The inspection found that the names assigned to each sequenced injection were often changed during testing, obscuring the traceability of repeated injections. The data from ?trial? injections was not reviewed or considered in determining batch quality. For example,

1) For the related substances analysis of (b)(4) USP (b)(4) mg Tablets batch (b)(4) conducted on February 25, 2013, there were three sample injections of vial 1_8, all named ?TEST,? which were run prior to the reported sample injections. The ?TEST? injection data was stored in the ?Trial? folder located on a personal computer (PC) with no audit trail linked to the HPLC instrument.

5) The audit trail for the dissolution analysis of the 9-month long-term stability sample of (b)(4) USP (b)(4) mg Tablets batch (b)(4) conducted on March 22, 2014, showed a single manual injection that was not included in the official test results package. A manual ?trial? sample injection from vial position (b)(4) at 12:29 pm was injected between the Set (b)(4) and Set (b)(4) analytical sequences. No deviation was documented regarding the extra sample injection. In addition, the original injection data obtained for vial position (b)(4) was overwritten and not saved. Because the original data was overwritten, you did not review and evaluate it as part of your batch release decision.

b) The inspection also found similar unreported and unexplained sample data acquired during your gas chromatography (GC), ultra violet (UV) spectroscopy and (b)(4) analyses. The extra GC data was stored in the ?Trial? folder located on a PC with no audit trail linked to the GC instrumentation. The extra UV and (b)(4) data was stored on the instrument hard drives. This unreported and unexplained data was not reviewed when assessing batch quality and making product disposition decisions. For example,

1) For the (b)(4) analysis of the 9-month long-term stability sample of (b)(4) USP (b)(4) mg Capsules ((b)(4) drug product) batch (b)(4) conducted on January 10, 2014, three extra analyses that were run prior to the reported sample were found on the instrument hard drive. During the inspection, the calculations that you performed showed that two of the extra analyses were OOS ((b)(4)% & (b)(4)%, as compared to the specification of NMT (b)(4)%).

Notably, there were no test sample weight records for the three extra (b)(4) tests. The extra sample data was not reviewed when assessing batch quality and product stability.

2. Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

FDA investigators discovered a lack of basic laboratory controls to prevent changes to electronically stored data. The following examples show that you lack effective control of the integrity of instrument output data:

a) The ten Shimadzu HPLC instruments in the QC ?commercial? laboratory were configured to send acquired injection data to PCs without audit trails.

b) There was a lack of controls to prevent substitution or overwriting of data. The (b)(4) audit trail dated January 6, 2014, for HPLC MLG/QC/12/026 and the (b)(4) audit trail dated January 15, 2014, for HPLCs MLG/QC/12/031 and MLG/QC/12/027 each showed sample injections marked with the same small graphic symbol. For each of these entries, you replaced the original injection sequence data with data from a single manual injection and failed to save the original sequence data.

In your response to this letter, include a chronology of Chromeleon audit trail information that shows all single manual sample injections that replaced data collected during HPLC testing.

c) A ?File Note? dated February 10, 2014, signed by the QC Head, established that the printed data used for batch disposition decisions from the Metrohm Titrando Instrument MLG/QC/12/048 hard drive was not necessarily the complete data for a batch. Our inspection found that data on the instrument was selected for use and was not protected from change and deletion. Notably, the audit trail capability of this QC ?commercial? laboratory instrument was not enabled, even aftercreation of the ?File Note.?

FDA District Office: CDRH

About the author

Amy enjoys researching and writing about developments in medical technology and how that intersects with US law. She received her J.D. from the University of Florida Levin College of Law in 2020 and now works as a Regulatory Associate for SoftwareCPR®, a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software.

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 

 

Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now

 

 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
office@softwarecpr.com
Partners located in the US (CA, FL, MA, MN, TX) and Canada.