FDA Warning Letters

Computer-related and Computer-use - 2021

Updated 28 Dec 2021

Trends for Computer-related Warning Letters for 2021

Computer Area 2021 % 2021

Validation 2 20
Data-related 3 30

Procedures - -
System 1 10
Documentation
Testing - -
Change Control 1 10

Access 2 20
Supplier 1 10
Qualification

Total 10 100

Regulated Area 2021 % 2021

cGMP 6 60
Devices 2 20
GLP - -
Drugs 1 10
Labeling 1 10

Total 10 100

Quick Reference

• Allay - 27 Jan 2021 - Supplier has not been qualified for control of computer systems
and electronic data, per the quality agreement
• Hanover - 26 Mar 2021 - The root cause of the problem was a duplicate database in
your labeling software that was subsequently deleted
• BBC - 4 Aug 2021 - Testing data in laboratory computer systems from 2018 to 2020 was
lost; spreadsheets are not controlled and there is no protection to prevent data
manipulation, overwriting, or erasure.
 • Utah - 10 Aug 2021 - Failed to validate the software used to maintain your sterility
testing results according to a written program designed to assure the software’s proper
performance
• Adamson - 17 Aug 2021 - Laboratory personnel performing drug analyses had
administrative privileges to the operating software for the GC equipment
• Lewiston - 15 Sep 2021 – Firm is implementing a new software program to send an out-
of-specification alert to the operator
• Missouri - 30 Sep 2021 - The analysts had access to delete and overwrite data for the
electronic laboratory data system
• Smiths - 1 Oct 2021 - Firm has not validated the Medfusion® software version 1.6.1 for
use.
• Sanitor - 29 Nov 2021 - Fourier Transform Infrared (FTIR) Spectroscopy computerized
system did not have appropriate controls in place to prevent deletion of raw laboratory
data.
• Medtronic - 9 Dec 2021 - The Insulin infusion pump software lacked cybersecurity
requirements in the software design
•

Computer-related

Allay - 27 Jan 2021 - Supplier has not been qualified for control of computer systems and
electronic data, per the quality agreement

Supplier qualification, quality agreement, inadequate controls, risk, audit trail, unique user
passwords, data retention, data deletion, data modification, data review, access, procedures,
privileges, training, user roles

cGMP

Laboratory computer systems

Per the quality agreement with (b)(4), your firm is responsible for the qualification of approved
manufacturers. However, during the inspection you had not qualified the new API supplier and
you relied on (b)(4) to perform qualification of the supplier, which is contrary to the agreement.

• Computerized systems in the laboratory had inadequate controls…

Additionally, you have contacted the manufacturer of your HPLC systems to purchase and
validate the necessary equipment…

Your response is inadequate. You did not describe when and how you will requalify your API
supplier…
Also, you did not perform an assessment to determine the risk from failing to have audit trail
enabled controls and unique user passwords…

• A detailed description of how your firm will implement an effective system to ensure retention
and review of written and electronic laboratory data. Include the following:
o Summarize your interim controls to prevent deletion and modification of data.
o Define the roles and responsibilities of personnel who have access to analytical instruments
and data.
o Establish a procedure to ensure that all analytical data including but not limited to sample and
standard preparation are documented in accordance with CGMP requirements.
o Detail the user privileges for all staff for each of your analytical systems.
o Provide a detailed summary of your procedural updates and associated training for user role
assignments and controls.

Hanover - 26 Mar 2021 - The root cause of the problem was a duplicate database in your
labeling software that was subsequently deleted

Data related, duplicate database, label, unknown malfunction, QA verification, procedure

Labeling

Label printing software

In email documentation provided to the Office of Human and Animal Food Operations Division 2
East Recall Coordinator, including product information, product labeling, recall details, and
attachment B information, you indicated that an unknown malfunction in the label printing
software caused three consecutive production runs of Rice Pudding to be mislabeled.

On December 21, 2020, you provided a description of your corrective actions to the Division
Recall Coordinator. You stated that the root cause of the problem was a duplicate database in
your labeling software that was subsequently deleted. After the deletion, you stated that you
audited every label for compliance. In addition, you now require label room personnel to provide
labels from each day’s production to the Quality Assurance department, where they will be
verified against your written allergen labeling procedure. You stated that your written allergen
labeling procedures have been updated, and you provided an example of an allergen labeling
monitoring record for FDA review.

BBC - 4 Aug 2021 - Testing data in laboratory computer systems from 2018 to 2020 was lost;
spreadsheets are not controlled and there is no protection to prevent data manipulation,
overwriting, or erasure.

Data-related, lost data, dynamic record format, access, system administrator, passwords, audit
trails not enabled, data not available for review, review of audit trail, procedures, training

cGMP
Laboratory computer system

1. Your firm failed to exercise appropriate controls over computer or related systems to
assure that only authorized personnel institute changes in master production and control
records, or other records (21 CFR 211.68(b)).

Your firm manufactures over-the-counter (OTC) drug products, including alcohol-based hand
sanitizers[1]. During the inspection of your facility, our investigator attempted to review analytical
data from your gas chromatograph (GC) supporting the release of drug products distributed to
the United States. However, your firm stated that all testing data from 2018 to 2020 was lost
approximately one month prior to the initiation of our inspection. The GC is used to analyze the
identity and strength of active ingredients and impurities contained in your OTC drug products,
as well as other critical parameters. According to firm management, the data is unrecoverable.
While your firm retained a static copy of laboratory records for review (i.e., paper record), they
were inadequate as they did not preserve the dynamic record format of the full chromatographs
to support test results and they did not include system suitability documentation that are part of
the complete, original record.

Additionally, our investigator observed that the computerized system and software associated
with your GC lacked restricted access. For example, your laboratory employees who used the
GC to perform analyses of drug products all logged in as “System Administrator,” which does
not require a password, and had full system administration rights. In addition, audit trails on your
GC were not enabled.

Furthermore, you did not retain all original, dynamic records, obtained during the course of
testing on other laboratory equipment. Your viscometer and UV-Vis spectrophotometer had the
capability to save data from product/material testing. Despite having this capability, your
analysts failed to save the complete, dynamic testing data, and therefore the data was not
available for review by the FDA investigator. The viscometer is used to measure the viscosity of
finished drug products during release testing and the UV-Vis spectrophotometer is used to
measure ethanol content during raw material testing.

Your firm also utilizes electronic spreadsheets to input data for your stability program.
However, these spreadsheets are not controlled and there is no protection to prevent data
manipulation, overwriting, or erasure.

In your response, you indicated that you purchased and/or installed additional equipment to
address this violation, including, but not limited to, an uninterrupted power source, remote hard
drive, electrical equipment, and new software. Your response also states that you have updated
and developed associated procedures, created individual accounts for all personnel that utilize
laboratory equipment, and conducted accompanying trainings. However, your response is
inadequate because it lacked supporting documentation, including evidence to support that the
computer security controls were effective at preventing data and document manipulation.
Additionally, you did not perform a retrospective risk assessment into how system vulnerabilities
may have impacted data integrity…

We strongly recommend that you retain a qualified consultant to assist in your remediation. In
response to this letter, provide the following:…
• A comprehensive, independent assessment and CAPA plan for computer system security and
integrity. Include a report that identifies design and control vulnerabilities, and appropriate
remediations for each of your laboratory computer systems. This should include, but not be
limited to:
• A list of all hardware that includes all equipment, both standalone and network, in your
laboratory.
• Identification of vulnerabilities in hardware and software, encompassing both networked and
non-networked systems.
• A list of all software configurations and versions, details of all user privileges, and oversight
responsibilities for each of your laboratory systems. Regarding user privileges, specify user
roles and associated user privileges (including the specific permissions allowed for anyone who
has administrative rights) for all staff who have access to the laboratory computer systems, and
their organizational affiliations and titles. Also describe how you will ensure laboratory staff are
not given administrative rights, or other permissions that compromise data retention or reliability.
• System security provisions, including, but not limited to, whether unique user
names/passwords are always used, and their confidentiality safeguarded.
• Detailed procedures for robust use and review of audit trail data, and current status of audit
trail implementation for each of your systems.
• Interim control measures and procedural changes for the control, review, and full retention of
laboratory data.
• A detailed summary of your procedural updates and associated training, including but not
limited to system security control to prevent unauthorized access, appropriate user role
assignments, secondary review of all analyses, and other system controls.
• Provisions for oversight by QA managers, executives, and internal auditors with appropriate
information technology (IT) expertise (e.g., to evaluate infrastructure, configuration, network
requirements, data management practices, and segregation of duties including administrator
rights).
• A remediated program for ensuring strict ongoing control over electronic and paper-based data
to ensure that all additions, deletions, or modifications of information in your records are
authorized, and all data is retained. Include a full CAPA plan and any improvements made to
date.
• An independent, thorough retrospective assessment into the impact of laboratory system
design, control, and staff practices on your data accuracy, completeness, and retention since
January 1, 2018.
• A comprehensive, independent assessment of your change management system. This
assessment should include, but not be limited to, your procedure(s) to ensure changes are
justified, reviewed, and approved by your quality unit. Your change management program
should also include provisions for determining change effectiveness.

Utah - 10 Aug 2021 - Failed to validate the software used to maintain your sterility testing
results according to a written program designed to assure the software’s proper performance

Validation, written program [specifications], design

Drugs, biological products, CGMP, and current good tissue practice (CGTP)

Sterility testing software

13. Failure to routinely calibrate, inspect or check automatic, mechanical or electronic

equipment or other types of equipment, including computers, or related systems that will
perform a function satisfactorily, that are used in the manufacture, processing, packing
and holding of a drug product, according to a written program designed to assure proper
performance [21 CFR 211.68(a)]. Specifically, you failed to validate the software used to
maintain your sterility testing results according to a written program designed to assure the
software’s proper performance.

Adamson - 17 Aug 2021 - Laboratory personnel performing drug analyses had administrative
privileges to the operating software for the GC equipment

Access, administrative privileges, delete data, change data, disable audit trails, validation, cell
formulas, spreadsheets, audit trail review, oversight, changes, procedures

cGMP

Gas chromatography (GC) data acquisition systems, LIMS, spreadsheets

1. Your firm failed to exercise appropriate controls over computer or related systems to
assure that only authorized personnel institute changes in master production and control
records, or other records (21 CFR 211.68(b)).

Your firm lacked sufficient controls over your gas chromatography (GC) data acquisition
systems used to test drug product before release of analytical data. Specifically, your GC
(GC (b)(4) and GC (b)(4)) data acquisition systems did not have sufficient controls to prevent
deletion or alteration of raw data files. During the inspection, our investigators observed that
laboratory personnel performing drug analyses had administrative privileges to
the (b)(4) operating software for the GC equipment. These privileges included, but were not
limited to, the ability to delete data sequences, change and/or delete methods, as well as enable
and disable audit trails.

In addition, from at least April 2018, until February 2021, the high performance liquid
chromatography (HPLC) and GC instruments were found to be operating in the absence of an
activated audit trail to record information about each analytical test, such as:

• Type of injection
• Date and time
• Identity of analyst
• Reason for action taken (e.g., modifying a record)

You have also failed to validate electronic worksheets used by laboratory personnel for
microbial challenge efficacy testing. Microbial worksheets reviewed were found to use
unvalidated cell formulas resulting in erroneous data generation such as negative log reductions
and percent reductions including (b)(4) percent and (b)(4) percent for Staphylococcus
aureus and Pseudomonas aeruginosa species, respectively. These unvalidated calculations call
into question the validity of the data generated from these spreadsheets.

We acknowledge that your firm changed ownership and had implemented a new organizational
structure, as well as assigned new responsible individuals in April 2018. However, this is a
repeat violation observed at your facility in a previous warning letter (WL # 38-16, dated August
2, 2016), in which FDA cited a similar CGMP violation. The previous management proposed
specific remediation for the violation in their August 22, 2016, response to the warning letter.
However, repeated failures and delays in the implementation of appropriate controls
demonstrate that executive management oversight and control over laboratory operations
remain inadequate. We also note that you use the same processes to test both human drug
products and API.

In your response, you committed to changing analyst privileges to prevent (b)(4) Administrator
rights for employees who perform analyses. However, the supporting documentation provided in
additional correspondence demonstrates that you did not implement the appropriate controls to
which you had committed. Specifically, the users continue to have improper administrative
privileges.

Your customers rely on the integrity of the laboratory data that you generate to make decisions
regarding drug quality. It is important to maintain strict control over CGMP electronic data to
ensure that all laboratory data is retained and that all additions, deletions, or modifications of
information in your electronic records are authorized and appropriately documented.

In addition, you committed to performing (b)(4) reviews of only a subset of audit trails for future
laboratory analyses. Your response is inadequate because 21 CFR 211.22 requires data review
prior to batch release including audit trail data. In response to this letter provide:

• A list of all laboratory instruments and software identifying which have activated audit trails.

• Documentation verifying configuration changes for GC-(b)(4) and GC-(b)(4) employee-specific

data privileges which you state have been corrected for all analysts and applicable operating
software for electronic laboratory equipment.

• A list of all software configurations (both equipment software and laboratory information
system (LIMS)), details of all user privileges up to and including administrator rights, and
oversight roles for each of your laboratory systems. Regarding user privileges, specify user
roles and associated user privileges for all staff levels who have access to the laboratory
computer systems and their organizational affiliation and title. Describe in detail how you will
ensure that administrative privileges are fully segregated and completely independent of QU
laboratory personnel.

• Your action plan, with timelines, describing your interim controls and when audit trails will be
enabled for all applicable laboratory instruments and electronic data systems, as well as when
procedures will be implemented for the review of audit trails before release of analytical results
subject to CGMP.

• Your investigation into the failure to enable the audit trail functionality in your laboratory
instruments and electronic data systems and the impact this recurring failure could have on
generated data.

2. Your firm failed to establish and follow required laboratory control mechanisms (21
CFR 211.160(a)).
You failed to adequately control critical changes to electronic laboratory monitoring operations
using documentation, assessment, and approval of the QU. Specifically, critical changes to
laboratory operations without QU oversight included, but are not limited to, the following:

• Implementation of electronic worksheets for tracking and monitoring standards and reagents

• Changes to microbial testing worksheets pre-populated with analyst identification

• Activation of instrument software audit trails on February 16, 2021, without any governing
procedures or change control.

In your response, you committed to updating your change control form (PAR A-0037) as well as
your written procedure governing change control over laboratory operations.

Lewiston - 15 Sep 2021 – Firm is implementing a new software program to send an out-of-
specification alert to the operator

Change control, new software, alert, out-of-specification

Change control

cGMP

Formulation and labeling software

During the close-out meeting your firm verbally discussed with the investigators that you would
be implementing a new software program called “(b)(4),” which would send an alert to the
operator if you were trying to make a medicated feed that was out-of-specification of the
regulatory requirements.

Missouri - 30 Sep 2021 - The analysts had access to delete and overwrite data for the electronic
laboratory data system

Access, privilege accounts, delete, overwrite, recycle bin, unvalidated spreadsheets

cGMP, API

Electronic laboratory data systems, spreadsheets

Your firm failed to exercise appropriate controls over computer or related systems to
assure that only authorized personnel institute changes in master production and control
records, or other records (21 CFR 211.68(b)).

Your firm did not have adequate system security and access control for the (b)(4) system. For
example, unique user accounts and privilege levels were not assigned to individual users
for (b)(4) software, and the Windows operating system. The analysts had access to delete and
overwrite data. Our investigators found approximately 36 deleted data files or folders in the
recycle bin.

In addition, your analysts used individualized non-validated (b)(4) spreadsheets to calculate

assay, impurity, content uniformity, and dissolution test results for a variety of drug products.

In your response, you stated that you planned to upgrade the (b)(4) system. However, you did
not provide a CAPA plan for interim controls to prevent the occurrence or recurrence of data
and file deletion or modification. Also, you stated that “The deleted files on the desktop were
working copies of the original data files. The original data files were still in the database.” Your
response is inadequate. You did not perform a retrospective review to assess potential impact
and ensure data integrity.

In response to this letter, provide:

• A comprehensive, independent assessment of your laboratory practices, procedures,

methods, equipment, documentation, and analyst competencies. Based on this review, provide
a detailed plan to remediate and evaluate the effectiveness of your laboratory system.

• Your action plan with timelines describing your interim controls to prevent the occurrence or
recurrence of data and file deletion or modification for all applicable electronic laboratory data
systems.

Smiths - 1 Oct 2021 - Firm has not validated the Medfusion® software version 1.6.1 for use.

Validation, procedures, testing, risk analysis, design, software revision, released a “pre-release”,
software error, version control, CAPA

Device

Medfusion® software

1. Failure to establish and maintain design validation procedures to ensure that devices conform
to defined user needs and intended uses and shall include testing of production units under
actual or simulated use conditions, including software validation and risk analysis and the
results shall be documented in the DHF as required by 21 CFR 820.30(g). Specifically,

A. You have not validated the Medfusion® software version 1.6.1 for use with the firmware
bootloader version 1.2; your firm estimated that (b)(4) units potentially exist in the field with an
unvalidated software combination. Your software and firmware are routinely changed in
production, yet your firm did not define a design input for downgrading the revision of firmware
to match the revision of software on the pump.

B. Your design change CO-10073172 released a “pre-release” of software version 1.7.0 and
base bootloader 1.2 for the Medfusion® 4000 that was not validated. You did not have
documentation showing these base boards (also known as interconnect boards) were
appropriately updated to a final validated version of software prior to release and shipment to
customers…

CAPA 19MBIS069 was opened on April 11, 2019 to address complaint CC-0031585 for an
over-infusion event on the Medfusion® 3500 with software version 4.1.5. The CAPA
investigation found the software error was also present in software version 5.0.0 and 6.0.0.
While Software version 6.0.0 was fixed, it appears no action was taken for Software version
5.0.0.

Sanitor - 29 Nov 2021 - Fourier Transform Infrared (FTIR) Spectroscopy computerized system
did not have appropriate controls in place to prevent deletion of raw laboratory data.

Data-related, deletion, password, access, backups, audit trails, change control

cGMP

Fourier Transform Infrared (FTIR) Spectroscopy computerized system

Your firm failed to exercise appropriate controls over computer or related systems
to assure that only authorized personnel institute changes in master production and
control records, or other records (21 CFR 211.68(b)).

Your (b)(4) Fourier Transform Infrared (FTIR) Spectroscopy computerized system did not have
appropriate controls in place to prevent deletion of raw laboratory data. Specifically, this data is
used to create an internal certificate of analysis to release drug components for drug product
manufacturing. Further, you did not have appropriate password protection of your software to
prevent unauthorized access to data.

In your response, you stated that you have password-protected the software for the FTIR
system and only the chemist has access to the data. You also stated that the FTIR data is
backed up (b)(4) to an external hard drive and a copy is printed and included as part of the raw
material test data package.

Your response is inadequate as it did not provide a retrospective review of the integrity of your
FTIR, details regarding instrument audit trails and an evaluation of the effectiveness of the
computerized system change. It is important to maintain strict controls over CGMP electronic
data to ensure all additions, deletions, or modifications of information in your electronic records
are authorized and properly documented. Without complete and accurate records, you cannot
make appropriate decisions about batch release, stability, and other fundamental factors for
ongoing quality assurance.

Your quality system does not adequately ensure the accuracy and integrity of data to support
the safety, effectiveness, and quality of the drugs you manufacture.
Medtronic - 9 Dec 2021 - The Insulin infusion pump software lacked cybersecurity requirements
in the software design

System documentation, requirements, design, cybersecurity vulnerability, unauthorizied

individuals, encryption, versions, CAPA, root cause, inadequate investigations, data, pump
history review, notification of safety issues

Device

Insulin infusion pump software

During an inspection of your firm located in Northridge, California, on June 7, 2021 through
July 7, 2021, an investigator from the United States Food and Drug Administration (FDA)
determined that your firm manufactures the MiniMed 600 series insulin infusion pumps, and
software and remote controllers used in conjunction with the Paradigm and MiniMed series
insulin infusion pumps…

Specifically, your firm initiated CAPA (b)(4)#401464 on June 29, 2018, to address a
cybersecurity vulnerability with the remote controllers used with your Medtronic MiniMed 508
Insulin Infusion Pump and your MiniMed Paradigm Insulin Infusion Pumps. The identified
cybersecurity vulnerability revealed unauthorized individuals could (b)(4).” The root
cause investigation in CAPA (b)(4)#401464 indicated the “(b)(4).” In evaluating the risk of
patient harm, your firm determined the lack of (b)(4) that could lead to delivery of (b)(4) could
result in catastrophic harm to patients. Per your CAPA (b)(4)#401464, to address the root
cause of the lack of cyber security requirements in the design, all current and future Medtronic
Diabetes software products would be evaluated for encryption security requirements. Your firm
also discontinued the manufacture and distribution of the Paradigm Pump products and
scrapped remaining inventory of the remote controllers; however, these corrective actions did
not address the devices in the field. While your firm initiated a recall of 15,787 remote
controllers shipped to customers in the previous four years, you have
distributed over (b)(4) remote controllers since its release in 1999, and you did not notify all
customers of this safety issue…

Your firm failed to adequately investigate a complaint in which the customer reported (b)(4) of
insulin that were not programmed by the customer… The device was returned to your firm for
analysis and the complaint was escalated to your cybersecurity Incident Response
Management Team. Your investigation included a review of the downloaded CareLink data, in
which the (b)(4) reported by the customer were not reflected. However, your firm’s investigation
did not include reviewing the actual pump history to verify the presence of the additional (b)(4)…

Your firm failed to adequately investigate reported issues with your CareLink software that your
firm manufactures; this software uses information transmitted from insulin infusion pumps
and glucose meters to create reports intended to assist users with diabetes management. Of
the 25 complaints reviewed during our inspection, your firm documented “software error
unknown” in 20 of the complaints; however, there is no evidence in your complaint records that
technical support attempted to determine the version of software used by the device in order to
conduct an investigation. During the inspection, your VP of Quality Assurance explained to our
investigator that all versions of the software are maintained and could be analyzed to
investigate the reported software errors…
Untitled Letter

Sheth - 29 Mar 2021 - Incomplete eDiary entries conflicted with corresponding source
documents completed by site personnel that reflected that the eDiary entries were completed in
accordance with the protocol, and follow-up telemedicine calls were missed.

Data-related, incomplete data, eDiary, corresponding source documents, telemedicine, review,

study monitors

Clinical investigator of a clinical trial

eDiary, telemedicine

For at least 23 of 53 subjects whose records were reviewed during the inspection, the eDiary
entries were not completed following the Dose visit as set forth in the protocol and illustrated in
Table-1. These incomplete eDiary entries conflicted with corresponding source documents
completed by site personnel that reflected that the eDiary entries were completed in accordance
with the protocol. Specifically, the source document for Dose includes a question: “Was the e-
Diary completed and reviewed 30 minutes after observation period?” For these subjects, the
“yes” box next to that question was checked, indicating that the eDiary entries were completed
and reviewed, when they were not. In addition, during the inspection, one of your study
coordinators acknowledged completing the checkbox without reviewing the eDiary for subjects #
and # We note that issues regarding incomplete eDiary entries were previously identified by the
study monitor during their interim monitoring visits but continued to occur after being identified.
For example…

In addition, illness visits were missed for 2 subjects and telemedicine calls following illness visits
were missed for 3 subjects. We note that issues regarding missed safety calls, illness visits, and
telemedicine calls following illness visits were previously identified by the study monitor during
their interim monitoring visits but continued to occur after being identified. For example…