Do Not Share User Credentials for GMP Electronic Systems
Remember: GMP-compliant systems require individual login credentials—shared access destroys audit trail integrity and violates data accountability rules.
Why This Matters in GMP
Electronic systems used in pharmaceutical manufacturing—such as LIMS, HPLC software, MES, and SCADA—are required to maintain secure, traceable records. Sharing user IDs or passwords invalidates the audit trail, making it impossible to determine who performed an action, when, or why. This erodes data reliability, facilitates unauthorized changes, and hinders investigations. Data integrity breaches caused by shared credentials are considered serious regulatory violations under ALCOA+ principles. Maintaining individual access accountability is essential for preserving trust in GMP systems and electronic recordkeeping.
Regulatory and Compliance Implications
FDA 21 CFR Part 11.10(d) mandates unique identification codes for system access. EU GMP Annex 11 specifies that user access be individualized, traceable, and role-based. WHO GMP and Schedule M reinforce that each action must be attributable to a specific individual to ensure audit trail completeness. Regulators review user access logs, system configuration reports, and SOPs during inspections. Shared logins or generic accounts (e.g., “Operator1”) are immediate red flags and often result in data integrity-related warning letters or observations.
Implementation Best Practices
- Assign
Regulatory References
- FDA 21 CFR Part 11.10(d) – Secure User Access and Audit Trails
- EU GMP Annex 11 – Computerized System Access Controls
- WHO GMP – Electronic Record Traceability Guidelines
- Schedule M – Data Integrity and Login Accountability