April 3, 2017

First-quarter 2017 Food and Drug Administration (FDA) warning letters emphasize a lack of effective document control system compliance. Two recent warning letters are patent examples.  Both highlight the vital importance of documenting evidence and risk management activities to maintain compliance with FDA guidelines.

Example 1: Drug Manufacturer Document Control System and Data Integrity

An FDA February 24, 2017 warning letter issued to Megafine Pharma, a pharmaceutical manufacturer in India, indicated significant deviations in drug manufacturing quality.

Among nearly a dozen areas of concern, the Megafine warning letter cited lack of document control as required in good manufacturing practices (cGMPs), including:

  • Failure to control the issuance, revision, superseding, and withdrawal of all documents by maintaining revision histories
  • Failure to establish and follow adequate written procedures for cleaning equipment and its release for use in API manufacture, and to maintain adequate records of major equipment usage

The FDA alleges Megafine’s quality assurance unit provides analysts with blank controlled document forms that are already approved and signed. In addition, investigators observed torn, partially complete quality assurance staff signed calibration records in the trash. Finally, inspectors observed quality assurance staff shredding documents without recording the identity or the reason for doing it. The FDA questions Megafine’s overall data integrity and a failure to provide a risk assessment for impact on the US market.

Example 2: Inadequate Medical Device DHRs, DMRs, and DHFs

On February 23, the FDA issued a warning letter to Denttio, a California-based medical device manufacturer for the dental industry. Regulatory concerns centered on 21 CFR 820 compliance in several areas. Again, the FDA noted several document control system compliance issues including, but not limited to:

  • Failure to establish a design history file (DHF) as required by 21 CFR 820.30(j) for a digital x-ray sensor system
  • Failure to provide records to demonstrate that it had conducted a risk analysis to identify potential hazards and control measures for the same digital x-ray sensor system
  • Failure to implement and maintain device master records (DMRs) as required by 21 CFR 820.181 for the same digital x-ray sensor system
  • Failure to establish procedures for finished device and incoming product acceptance as required by 21 CFR 820.80.  All design history records (DHRs) reviewed failed to include documentation of final acceptance activities; review of the data and documentation; release authorization signature; and dated authorization.

Repercussions of Inadequate Document Control

As these examples show, if you don’t have a satisfactory document control system in place, you are skating on thin ice. As far as the FDA is concerned, if it’s not documented, it didn’t happen.

Poor data and lack of quality data are not acceptable to the FDA.  Likewise, poor data and lack of quality data should not be acceptable as a standard for any quality driven organization. Ignoring the potential repercussions of manual document handling is risking application denials, recalls, lawsuits, fines – and bankruptcy.

Automation for Document Control System Compliance

A clear document control system compliance strategy demonstrates a secure, controlled progression of tasks on rules-based workflows –  an integral part of any compliance framework.  In the big compliance picture, automated document control is an interconnected part of any quality and compliance management program.  Systems like AssurX  Document Management automate the entire document lifecycle from creation to obsolescence and connect to all quality processes associated with CAPA, complaint handling, supplier management, change management, and training.


AssurX Document Management for Life Sciences Best Practices Webcast

Learn how an intuitive and easily configurable document management system automates the entire document lifecycle  – from creation to obsolescence.


Warning letters indicate that document control and data integrity (as well as complaint handling and CAPA), remain at the top of any FDA inspector’s checklist. There’s no reason to believe the FDA’s enforcement focus is going to shift in a significant way.

Today, FDA cGMPs and ISO standards require a document control system that demonstrates product safety and reliability.  Automated systems drive processes that integrate workflow and data capture with applications, databases, notifications and tracking.  Getting rid of paper and investing in the right electronic solution can eliminate untold outlays for compliance violations.