Two recent warning letters, Company A and Company B, were cited for “failing to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records”. Although records were kept electronically, they could be altered or deleted without due control.
It is standard practice within a laboratory to allow only appropriate users the ability to access and alter records, and to maintain a complete audit trail of those changes. Ensuring the integrity of electronic test data is a key point during FDA audits, and to maintain compliance laboratories should ensure that:
- Data is captured electronically into the LIMS from laboratory instruments, with no manual intervention,
- All relevant raw data and metadata is recorded, in addition to any data derived from it.
- Each LIMS user has their own username and password, and there are no shared accounts.
- Users only have access to the data they need to perform their role.
- Key checkpoints, such as data validation and approval, enforce the use of passwords, and where appropriate electronic signatures.
- If a data record is over-written a record of who made the changes and why must be kept for audit purposes.
These rules apply not only to the LIMS in your lab but also to other laboratory informatics systems such as chromatography data systems (CDS) which may be integrated with the LIMS. The aim is a defendable audit trail demonstrating clear control of the chain of data throughout its life, from data capture to reporting, ensuring data integrity.