Research & Development World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • Educational Assets
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE

Four CDS Compliance Lessons

By R&D Editors | September 30, 2007

What you should know about recent non-compliances, current trends and changes in the FDA’s approach to pre-approval inspections

Unfortunately, there are always some organizations that end up serving as an example for others not to follow. Some typical examples of these practices can be seen by trawling through the warning letters on the U.S. Food and Drug Administration (FDA) Web site or reading some of the 483 observations given to worthy organizations. In this article, I would like to present and discuss two examples involving chromatography data systems (CDS). Then, based on four lessons that I believe that industry should learn from these two cases, I will look at how these have influenced the current trends in FDA thinking with respect to pre-approval inspections (PAI).
 

Read More: Is It Time to Replace Your Chromatography Data System?

The two companies on which I would like to focus are the Able Laboratories Form 483 observations dealing with the fraud uncovered there in 20051 and the Concord Laboratories warning letter issued in July 2006.2

Able Laboratories
The Able Laboratories is a major fraud case that is still having major ramifications throughout the FDA, and the effects of this will soon be felt by the pharmaceutical industry — as we shall see at the end of this article. In essence, the FDA had inspected Able Laboratories, a New Jersey generic drug manufacturer, previously. However, during an inspection that began in May 2005, major fraud was discovered. This triggered the withdrawal of at least seven abbreviated new drug applications (ANDA) and a batch recall of 3184 batches (their entire product line). The main points of the 483 from a CDS perspective are noted here, but for more information please read the more detailed paper that ran in Quality Assurance Journal.3
 

  • Observation 2: Products failing specifications were not rejected or investigated
    The problems centered on the fraudulent use of a chromatography data system where data were used to reanalyze samples, or even to cut and paste results from other assays into reports. Two of the gems noted in the 483 were:
     
  • Atenolol tablets — The dissolution test had a specification of not less that 85 percent, one original result was 30.9 percent, but on the Certificate of Analysis a value of 102.8 percent was reported.
     
  • Propoxyphene napsylate — Tablets had a dissolution specification for the stability samples of not less than 80 percent. For one batch, the initial results were 72.8 and 73.2 percent; but were reported as 98.5 percent and 96.9 percent. This is not merely checking the positioning of baselines or the modification of integration parameters within the CDS, but something far more significant.

This last point is a hint of what is to come as you read further in the 483:
 

  • Observation 5: Laboratory records do not include complete data

    The U.S. good manufacturing practice (GMP) regulations §211.194 require that laboratory records contain ‘complete data‘ in contrast to production records (§211.188) that only require ‘complete information.’ The citation in the Form 483 states

“laboratory records do not include complete data derived from all tests, examinations and assay necessary to assure compliance with established specifications and standards.

“The QC laboratory notebooks and binders lacked data from all analytical testing conducted in the QC laboratory. Laboratory records did not include all data such as out-of-specification results (OOS), chromatograms, sample weights and processing methods.”

However, much more was uncovered by the Inspectors:

“OOS results were substituted with passing results by analysts and supervisors. The substitution of data was performed by cutting and pasting of chromatograms, substituting vials, changing sample weights and changing (CDS) processing methods.”

However, the CDS at the center of the fraud then helped the inspectors, as the information about the fraud was contained in the audit trail of the system:

  • “OOS results not documented in laboratory records. Unreported OOS results were found in electronic data files.
     
  • Changed chromatogram headers by cutting and pasting, so during review all sample injections would appear to be in sequence.
     
  • Original sample weights not recorded in notebook. Sample weights were changed by the analyst until a passing result was obtained. Processing methods changed by analyst until the processing method resulted in a passing result. Original processing method not recorded in laboratory notebook.”
  • Observation 6: Inputs and output from the computer are not checked for accuracy

    This is a GMP predicate rule citation from §211.68(b) which states

“Input to and output from the computer or related system of formulas or other records or data shall be checked for accuracy. The degree and frequency of input/output verification shall be based on the complexity and reliability of the computer or related system.”

However, the 483 observation notes that audits were not conducted of the CDS used to control the chromatographs and to acquire the data during the analysis of products.

“Sample injections, processing methods and sample weights were not reviewed or verified for accuracy of reported sample results during testing of samples from in-process, product and stability samples.”

In summary, as the fraud unraveled, Able Laboratories went from a $100 million quoted company at the beginning of May 2005 to a bankrupt shell at the end of October 2005.

Concord Laboratories
Let us now move on a year to look at the next company deserving of FDA attention — Concord Laboratories. The warning letter was issued in July 2006 and has three citations on which I would like to focus:
 

  • Citation 2: Failure to identify the individual responsible for testing
“Laboratory records fail to include the initials or signature of the person who performs each test §211.194(a)(7). Specifically, laboratory analysis records for analyzes performed on HPLCs XX and YY do not indicate which analyst performed the injections.”
  • Citation 3: Unattributed changes to chromatographic methods
“Failure to maintain complete records of any modification of an established method employed in testing [21 CFR §211 .194(b)]. Specifically, the records of laboratory methods stored in the computer system do not include the identity of the person initiating method changes.”
  • Citation 4: Unauthorized changes and failure to review the audit trail
“Appropriate controls are not exercised over computers or related systems to assure that changes in analytical methods or other control records are instituted only by authorized personnel [21 CFR §211 .68(b)]. Specifically:

a) Laboratory managers (QC and R&D) gained access to the computer system through a common password. Analysts were not required to use individual passwords; they operated the system following the login by the laboratory managers.

b) Due to the common password and lack of varying security levels, any analyst or manager has access to, and can modify any HPLC analytical method or record. Furthermore, review of audit trails is not required.”

In essence, sharing user identities has caused all of these citations for the company. Bearing in mind that Able and Concord are inspected from the same field office of the FDA, it is not surprising that the inspectors focused on the CDS.

CDS compliance lessons 
As a result of these two examples of non-compliances involving chromatography data systems, I want to draw out and discuss the four main lessons for us all going forward. Many of these are merely good computing practice and common sense.
 

  • Lesson 1: Failure to uniquely identify individual users

    A root cause of the Concord Laboratory warning letter is that the company appears to have saved money on software licenses and users’ shared accounts. Managers logged onto the system, stayed logged in and an analyst continued to work on the same session. How can you identify who has done what in a situation like this? Quite simply — you cannot. This is a basic tenet of any quality system, either inside the pharmaceutical industry or outside of it, to be able to attribute any action to a specific individual.

    Furthermore, good practice suggests that CDS users who also are system administrators should be able to log on as either a system administrator with no user privileges and vice versa. This avoids a conflict of interest and the role in which a user is logged on is clearly stated in the audit trails within the system.

    In addition, a new FDA guidance document on computerized systems in clinical investigations released in May 2007 recommends that users of computerized systems keep a list of current and historic users of any computerized system.4 Ideally, the CDS should be able to do this for the users but few, if any, do.
     

  • Lesson 2: Failure to understand the predicate rule in relation to computer systems

    All the 483 observations and warning letter citations for the CDS systems were under the GMP predicate rule — not Part 11. As such, there was a failure by the laboratory and QA staff in both organizations to understand the regulations to which they were working. Although there are few direct references to computerized systems in the regulations, there are enough compliance policy guides and industry guidance documents to realize that the term “equipment” applies to computerized systems.
     

  • Lesson 3: Failure to define electronic records and electronic working practices

    My assumption is that the laboratories were working with paper as the primary records — this is wrong and is an antiquated approach with the current generation of CDS systems. The reason is that, with a CDS, the primary records are electronic and both the predicate rule and Part 11 regulations apply — no discussion or debate.

    The world is changing, and we need to get wise quickly or there will be some very unpleasant shocks ahead for many CDS users. The FDA Guidance on Part 11 Scope and Application recommendation was to establish whether Part 11 applied and what electronic records are created by a system.5 Concord Laboratories did not do this or consider anything more than paper. Able Laboratories based their fraud on paper and it was the electronic system that was one of the reasons for their downfall.

    Working practices when using a CDS designed for the pharmaceutical industry should be electronic, not paper, as this will provide the laboratory staff with business benefits and the compliance should be reinforced automatically by the system. From a personal perspective, how many of those who are reading this article enjoy checking records for transcription errors? Has your laboratory ever lost or misplaced any paper records?
     

  • Lesson 4: Failure to review the CDS audit trails

    An observation and a citation from both Able and Concord were failures to review the audit trails in the CDS. There is a specific requirement in the laboratory records §211.194(a)(8):

“The initials or signature of a second person showing that the original records have been reviewed for accuracy, completeness and compliance with established standards.”

The issue is that, if you have a system that generates electronic records with an audit trail, then the audit trail should be reviewed to check the integrity of the records and the final reported results to see if there are any changes to records that merit further review. This is no different from the paper environment: if a reviewer sees entries that have been changed or altered they need to ask the question why these have occurred and to satisfy themselves that the appropriate procedures have been followed. Typically, the second-person check required by the regulation is performed by the quality control (QC) laboratory staff and there is no stated requirement for quality assurance to do anything.

In many organizations, the quality assurance (QA) staff does not wish to review electronic records. Rather, they are quite content to review the signed paper output from a computerized system. However, as we become more and more electronic, there will be an increasing requirement to review electronic records and documentation electronically. Perhaps this is a wake-up call for QA to gear-up and acquire the skills for this new direction, as they are responsible for compliance oversight in a regulated organization.

FDA is changing tack 
The ramifications of the Able Laboratories case continue to play out with the FDA, who will focus on data integrity and fraud during PAI. The August issue of the Gold Sheet contained the report of a conference held in June 2007 where Rick Friedman asserted that FDA’s new approach was prompted by recent criminal investigations, including the Department of Justice’s prosecution in March 2007 of four employees of Able Laboratories involved with falsification of records.6

“We have found other deficiencies, including acceptance of failed runs. This has shown that many of these investigations are undermining the safety and efficacy of these products.”

Other examples of fraud include biased manipulation of study data, alternating weights of samples and changing weights of standardized samples. To combat this problem, FDA is “reinvigorating” specialized training of investigational staff to address data integrity, manipulation and fraud issues. Friedman recommended that manufacturers

“train employees in proper data handling and reporting. Employees need to know how to identify suspect data in clinical trials and how to identity suspect GMP data. Everyone in the organization needs to be responsible for data integrity.…”

Conclusions
In my view, reliance on paper records when using a CDS is no longer tenable or workable either from business or regulatory perspectives. Despite there being enforcement discretion for some sections of 21 CFR 11, if you are using a CDS system you should work electronically and check your electronic records including the audit trail. Ensure that users are uniquely identified and that records of their access privileges are maintained. Vendors of CDS systems must ensure that audit trails are easy-to-use and actually contain information that is useful to the users to determine the quality and integrity of data.

References
1. Able Laboratories 483 Observations, July 2005
2. Concord Laboratories Warning Letter 11 July 2006 (g5973d)
3. R.D.McDowall, Quality Assurance Journal 10 (1) pp15-20, 2006
4. FDA Guidance for Industry, Computerized Systems in Clinical Investigations, May 2007
5. FDA Guidance for Industry, Part 11 Scope and Application, September 2003
6. Gold Sheet, August 2007

R.D.McDowall is Principal, McDowall Consulting. He may be contacted at [email protected].

Acronyms
ANDA Abbreviated New Drug Application | CDS Chromatography Data System | FDA U.S. Food and Drug Administration | GMP Good Manufacturing Practice | PAI Pre-Approval Inspections | QA Quality Assurance | QC Quality Control
 

Related Articles Read More >

Why IBM predicts quantum advantage within two years
Aardvark AI forecasts rival supercomputer simulations while using over 99.9% less compute
This week in AI research: Latest Insilico Medicine drug enters the clinic, a $0.55/M token model R1 rivals OpenAI’s $60 flagship, and more
How the startup ALAFIA Supercomputers is deploying on-prem AI for medical research and clinical care
rd newsletter
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, trends, and strategies in Research & Development.
RD 25 Power Index

R&D World Digital Issues

Fall 2024 issue

Browse the most current issue of R&D World and back issues in an easy to use high quality format. Clip, share and download with the leading R&D magazine today.

Research & Development World
  • Subscribe to R&D World Magazine
  • Enews Sign Up
  • Contact Us
  • About Us
  • Drug Discovery & Development
  • Pharmaceutical Processing
  • Global Funding Forecast

Copyright © 2025 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search R&D World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • Educational Assets
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE