1. Your firm has not established and documented the accuracy, reliability and performance of your computer systems employed in the release of drug products [21 C.F.R. 211.68 (a)]
For example, your firm did not verify the accuracy of Excel spreadsheets used to calculate product assay analytical results, for all products manufactured for the US market, in order to verify the accuracy of the results obtained.
2. Your firm has failed to exercise appropriate controls over computer or related systems to assure that changes in master production and control records, or other records, are instituted only by authorized personnel [21 C.F.R § 211.68(b)]. such as
a) Your firm's laboratory analysts have the ability to access and delete raw chromatographic data located on the (b)(4) of (b)(4) used to conduct HPLC testing. Due to this unrestrictive access, there is no assurance that laboratory records and raw data are accurate and valid.
b) Your firm's laboratory analysts have the ability to access and modify the formulas in the Excel spreadsheets used to calculate assay results for Guaifenesin and (b)(4) drug products. Due to this unrestricted access, there is no assurance that the formulas in the Excel spreadsheets are accurate and valid.
Microsoft Excel Spreadsheets are used throughout the pharmaceutical industry, generally installed on every desktop computer. However when using spreadsheets to make calculations that are used to support product release and quality based decisions then the spreadsheet must be controlled and verified to ensure that the spreadsheet is secure and that the calculations are accurate across the range.
The security of the spreadsheet should ensure that users of the spreadsheet can only enter data in to specific cells and that the calculations cannot be modified. Basic Excel security can be used to ensure this.
Calculations should be verified across the data range against manually calculated results. Care should be taken relating to rounding errors and resolution..
The spreadsheets should be maintained within a document management system or other secure location to ensure that the files can be access but cannot be modified or overwritten. Changes to the spreadsheets should be managed by Change Control.