"Laboratory records failed to include the initials or signature of a second person showing that the original records have been reviewed for accuracy, completeness, and compliance with established standards [21 CFR 211.194(a)(8)].

The above discussed manipulations were performed by analysts using the … Chromatographic Data System (CDS)… . Although the audit function is used in your procedures, there is no specific requirement regarding any review of the audit trails, and your records failed to include documentation that a second person had conducted such a review. In fact, our investigator was told that no such audit had ever been performed. However, a second person must review these audit trails, particularly given the lack of controls for preventing data manipulation. Such an audit may well have detected the data manipulation which was occurring at your facility."

"Failure to employ appropriate controls over computer or related systems to assure that changes in master production and control records or other records are instituted only by authorized personnel
[21 CFR § 211.68(b)].

For example, your firm has inadequate security measures in place to assure the integrity and reliability of data generated by your laboratory. During the … inspection, our investigators observed your laboratory analysts operating computers under different analysts' names. Your analysts told our investigators that using other laboratory personnel's names and passwords was a common occurrence in your firm's laboratory while using your … laboratory software."

"Appropriate controls are not exercised over computers or related systems to assure that changes in analytical methods or other control records are instituted only by authorized personnel [21 CFR § 211.68(b)].