USFDA 483 / IPCA Laboratories, Silvassa, India / FEI 3005977675/ USFDA Investigators: Rajiv Srivastava, Kellia Hicks  / Inspection dates April 18-26, 2023 / Observation 3 – Failure of Quality Unit to ensure accuracy & Integrity of data

Firm failed to establish adequate Quality unit. The Quality system does not adequately ensure accuracy and integrity of data.

Failure to Initiate or close CAPAs to data integrity issues; assess the risk and impact on drug products, due to lapses in Data integrity.

• An HMI (for an equipment) does not have audit trail and quality related data is lost and not retrievable. A change control initiated on the matter on 5th December 2022 is still open at the time of audit (April 23); the change control document “the risk identified is low”, the lapse in data integrity is not addressed in the Investigation.
• A logbook for daily calibration verification record of balance #SM1062, had consistently non readable printouts; but was signed by Microbiologist, Microbiology supervisor, and QA. No action is taken to rectify the problem. There is no preventive maintenance program established for this equipment, and procedures do not address requirement for maintaining Quality related data, beyond how to adhere (balance) printouts to a page.
• The start time of remediation is not documented in the deviation investigations. Therefore the length of investigation is unknown and unable to be controlled by the quality unit.

The citing under the above observation points to two issues – Data integrity & timely closure of Quality events.

One key point to note while reading the 483 is that Data integrity is not only about manipulation or falsification of data. Situations and system inadequacies which cause loss of data, absence of audit trail, inadequate data traceability and authenticity; Inadequate review of data and audit trails, signing off documents with illegible data (authenticity) – all can be cited under the broad heading of Data integrity. Remember the principle of ALCOA(+)!!!

• Companies should make an assessment of all cGMP Computer systems (Manufacturing, Quality control, Engineering…all cGMP functions) which has Electronic controls or generate electronic data  should be in compliance with requirements of Electronic data controls as per USFDA 21 CFR Part 11 & Eudralex (EUGMP) Annex 11.
• Where there are gaps (as in legacy systems or old systems) companies should make plans for Interim alternate controls and long term permanent corrections. Alternate controls could the Four Eye approach (for e.g. verification and authentication of data by a second person, print out verification, regular data transfer / archival from systems with limited data storage and earlier data gets over written with new data). This should also be supported with a Quality Risk Assessment and actions and controls should be commensurate with risk.
• Personnel should follow the discipline that documents will be signed only when documents are clear and readable. If you are signing a illegible document, it is clear you are not reviewing it!!!. Coach the people, follow up implementation strictly. Where printouts from Equipment and systems are taken and archived, ensure that the printouts are legible and permanent (not thermal prints, which fades with time).
• And to reiterate again, ensure that deviations are investigated and documented promptly, thoroughly and timely actions are taken. Investigations should evaluate the impact on other processes / products (manufactured and distributed by the company and within valid expiry), identify risks if any, take mitigation actions and documented the same. Also ensure immediate containment actions are taken to prevent impact on other ongoing products, processes, document the same. The investigation documentation should clearly identify the date when immediate containment action is taken, date when all remediation actions are implemented & impact on batches, processes, systems in the interim period (Period between logging of the deviation and concluding the investigation).