Computerised Systems: A Summary of 2016 MHRA Inspections

July 27, 2017 / by Theresa Webster

Computerised Systems - A Summary of 2016 MHRA Inspections-100244-edited.jpg

The Medicines and Healthcare products Regulatory Agency (MHRA) has a responsibility to protect public health by ensuring that medicines and medical devices meet applicable standards of safety, quality and efficacy. Each year, they conduct GMP inspections of facilities in the UK and overseas.  In 2016, they completed a total of 324 inspections which is an increase of 21 from the previous year. During an inspection, the MHRA may find one or more deficiencies where the facility has failed to adequately meet a regulation. These deficiencies are grouped into categories, and the Computerised Systems category ranked number 7 in the most cited deficiency groups (9 Critical, 44 Major, and 120 Other).  This is a slight improvement on the previous year, ranking in at number 5.

Within the MHRA regulatory guidance document (Orange Guide), there are several sections of Annex 11, Computerised Systems. The greatest number of deficiencies were found in relation to Security, Audit Trails, and Validation. Some examples of these findings are:

  • Access control systems were not classified as GMP despite their intended purpose to control access to GMP areas.
  • Users having more access than permitted in accordance with procedures.
  • Users were permitted to change the default audit trail.
  • Data from the integrity test was not backed up, and the system was observed to overwrite previous data.

As technology advances, computerised systems will provide further support for GMP activities. The regulations are set to ensure medicinal products meet safety, quality and efficacy standards, but they are also established to guide and encourage innovation.  Facilities that successfully benefit from updated technology implement validation, operational and support processes that welcome continuous technology improvements whilst remaining compliant with regulations.

In March 2015, the MHRA released data integrity guidelines which also provided full definition and expectations for the management of GMP data. Deadlines were set to the end of 2017 to implement compliant practices (and in some cases, implement software where a paper-based process is insufficient) for areas such as audit trails and user access. The above data from the 2016 inspections show that regulators are acting on the issued data integrity guidelines, and we will be keeping up to date with the industry's efforts to implement this guidance globally.


data integrity - 2017 deadline


Topics: Data Integrity, audits, MHRA, GMP requirements

Theresa Webster

Written by Theresa Webster

Theresa Webster is the co-founder of Broughton Software and serves as their Director of Product Management. After studying at the University of North Carolina at Charlotte receiving a BSc in Biology and a BA in Chemistry, Theresa began her career at Broughton Laboratories, a leading UK MHRA and US FDA GMP licensed contract laboratory. In her role as a Commercial Projects Manager, she developed business start-ups from idea to fully operational divisions, in particular, the stability storage facility and software services. Theresa led the software services division to become a stand-alone business in 2012 as Broughton Software providing the industry's leading LIMS solution for Quality Control Laboratories. In her personal time, Theresa enjoys travel and fitness.