Portable particle counters used for environmental monitoring in Grade B and C cleanrooms had no time-stamped audit trail, no data management, no alarm management, and no archival capability. Shared login credentials were used across manufacturing shifts. HPLC data sat on local workstations without backup or access controls. The firm's own data integrity assessment had not evaluated all GMP-critical systems. The Hengrui 483 documents what Part 11 non-compliance looks like when it is not a single system failure, but a facility-wide architectural gap.
On January 16, 2024, FDA investigators issued a Form 483 to Jiangsu Hengrui Pharmaceuticals Co., Ltd at their facility in Lianyungang, China. The observation cited a failure under 21 CFR 211.68: “Appropriate controls are not exercised over computers or related systems to assure that changes in master production and control records or other records are instituted only by authorized personnel.” What the investigators documented was not a single control gap. It was a facility-wide absence of the architectural controls that 21 CFR Part 11 has required for more than two decades.
The specifics were systematic. Portable non-viable particle monitoring equipment used for environmental monitoring in Grade B and Grade C cleanrooms — equipment generating data that directly supports batch release decisions — had no time-stamped audit trail, no data management capability, no alarm management, and no archival or retrieval function. Across manufacturing workshops, computerized systems operated with shared login credentials used by multiple operators across shifts. HPLC and other analytical instruments stored electronic records on local workstations without backup, without audit trail review, and without controls to prevent unauthorized modification.
Perhaps most telling: the firm had conducted a data integrity assessment, but that assessment had not evaluated all GMP-critical computerized systems. The gaps were not unknown — they were unexamined. This is the pattern that FDA investigators increasingly cite as evidence not of isolated oversight, but of inadequate system governance.
When shared logins, missing audit trails, and unprotected local storage appear together across an entire facility, the FDA does not see individual findings — it sees a platform that was never designed for compliance.
Environmental Monitoring Equipment Without Audit Trails. The portable non-viable particle (NVP) counters used in Grade B and Grade C cleanrooms generated test data for environmental monitoring and cleanroom qualification. Under 21 CFR 211.68, equipment used in GMP operations must maintain controls that assure data integrity. Under 21 CFR Part 11.10(e), systems that generate electronic records must include audit trails with time-stamped entries that capture who made a change, when it was made, and what was changed. These NVP monitors had none of these capabilities — no audit trail, no data management, no alarm management, and no archival or retrieval mechanism. Data generated by this equipment supported parenteral manufacturing operations, where particle count excursions can have direct patient safety implications.
Shared Login Credentials Across Manufacturing. Multiple computerized systems across manufacturing workshops operated with shared login credentials. Operators on different shifts used the same username and password to access systems that generated and modified GMP-critical records. 21 CFR Part 11.10(d) requires that electronic record systems limit access to authorized individuals. 21 CFR Part 11.10(g) requires the use of authority checks to ensure that only authorized individuals can perform specific actions. When a shared credential is used, the system cannot attribute any action — data entry, modification, deletion — to a specific individual. The fundamental ALCOA+ requirement of attributability is structurally impossible.
Unprotected Local Storage of Analytical Data. Electronic records from HPLC and other analytical instruments were stored on local workstations. These workstations had no backup procedures, no audit trail review processes, and no controls to prevent unauthorized modification or deletion of data. 21 CFR 211.188 requires that batch production and control records be maintained in a manner that ensures their accuracy and integrity. 21 CFR Part 11.10(c) requires protection of records to enable accurate and ready retrieval throughout the retention period. Analytical data stored on an unprotected local workstation can be modified, overwritten, or lost — with no mechanism to detect that it happened.
Incomplete Data Integrity Assessment. The firm had performed a data integrity assessment, but that assessment did not evaluate all GMP-critical computerized systems. This left gaps in identifying which systems required Part 11 compliance controls. Under FDA guidance on data integrity (2018), firms are expected to conduct risk-based assessments that cover all systems generating, processing, or storing GMP data. An incomplete inventory means controls cannot be applied where they are needed, because the firm does not know where all the risks are.
4
Distinct Part 11 failures cited across manufacturing and quality systems
0
Systems with compliant audit trails among NVP monitors used in Grade B/C areas
Incomplete
Data integrity assessment — not all GMP-critical systems were evaluated
The root causes are architectural, not procedural. Each finding traces to the same pattern: instruments and systems deployed for measurement capability without the compliance infrastructure that 21 CFR Part 11 requires.
Portable NVP monitors, HPLC instruments, and other analytical equipment are purchased for their measurement capability, not their compliance architecture. When equipment is selected without evaluating audit trail, access control, and data management requirements, Part 11 gaps are built into the facility from day one. Each instrument becomes a standalone data island with no governance.
Shared credentials persist because they are treated as an IT convenience issue rather than a regulatory compliance failure. When access control is managed through informal conventions — 'everyone knows the password' — rather than through system-enforced unique user authentication, attributability is impossible. The system literally cannot answer the question 'who did this?' during an investigation or audit.
When analytical data lives on individual workstations, there is no centralized backup, no version control, no access logging, and no mechanism to detect deletion or modification. This is not a backup policy failure — it is an architecture that makes data integrity controls structurally impossible to implement. Every workstation is an uncontrolled record repository.
Many firms conduct data integrity assessments after a regulatory signal, but scope them narrowly — evaluating major systems like ERP or LIMS while skipping portable instruments, standalone analytical equipment, and workshop-level computerized systems. The FDA's expectation is comprehensive: every system that generates, processes, or stores GMP data must be assessed. An incomplete inventory guarantees uncontrolled gaps.
Part 11 non-compliance is not a documentation gap. It is an architecture gap. When audit trails, access controls, and data management are absent from the system layer, no amount of procedural documentation can create attributability, traceability, or protection after the fact.
Each comparison below addresses a specific control domain cited in the Hengrui 483. The platform approach does not add layers of oversight — it eliminates the conditions that make non-compliance structurally possible.
Portable NVP monitors generate measurement data with no time-stamped audit trail. HPLC data on local workstations can be modified without any record of the change. No mechanism exists to attribute any data action to a specific individual.
Every data point — from particle counts to chromatographic results — is captured with a time-stamped, immutable audit trail. Each action is tied to a unique, authenticated user identity. Audit trail review is built into the workflow, not performed as a separate retrospective exercise.
Shared login credentials across shifts mean the system cannot distinguish between operators. Any user with the shared password can access, modify, or delete records. Authority checks are impossible because the system does not know who is logged in.
Role-based access control enforced at the platform level. Each user authenticates with unique credentials. Electronic signatures meet Part 11.50 and 11.70 requirements. The system enforces what each user can see, create, modify, and approve — and logs every action against their identity.
Analytical records stored on local workstations with no centralized backup, no archival process, and no controls against unauthorized modification. A single hard drive failure or accidental deletion can destroy GMP records permanently.
All electronic records stored in a centralized, validated repository with automated backup, version control, and retention policies. Records are retrievable throughout the required retention period. Access to stored records is controlled and logged. Data cannot be modified without generating an audit trail entry.
Addressing the Hengrui findings requires a platform architecture where compliance controls — audit trails, access management, data governance — are native to the system layer, not retrofitted onto individual instruments.
A compliant platform must authenticate every user with unique credentials, enforce role-based access at the system level, and tie every electronic record action — creation, modification, review, approval — to a verified individual. This must apply uniformly across manufacturing execution, analytical data capture, and environmental monitoring. Shared credentials must be architecturally impossible, not just prohibited by SOP.
Audit trails must be generated automatically at the point of data creation, not reconstructed from logs after the fact. Every record must carry a time-stamped history of who created it, who modified it, what was changed, and why. This applies equally to batch records, analytical results, and environmental monitoring data. The audit trail must be tamper-evident and available for review without requiring access to the originating instrument.
GMP-critical electronic records must be stored in a centralized, validated repository — not on local workstations scattered across a facility. The storage architecture must include automated backup, disaster recovery, retention management, and access controls. Data integrity must be verifiable at any point in the record lifecycle. The system must support a complete data integrity assessment by providing a single inventory of all controlled records and their compliance status.
10+
Facilities digitised with 100% Part 11 compliance at Piramal across 3 regulatory jurisdictions
2,500+
Concurrent users on a single platform at Cipla across 30 manufacturing facilities
2,700 hrs
Annual hours saved at Valent BioSciences with batch review reduced from 20 days to 1 day
Remediating facility-wide Part 11 non-compliance requires a phased approach — starting with a complete system inventory, then deploying platform-level controls, then establishing continuous compliance monitoring that makes audit readiness the default state.
The first corrective action is completing what Hengrui's own assessment left unfinished: a full inventory of every GMP-critical computerized system, from enterprise-level applications to portable instruments on the shop floor. Each system is evaluated against Part 11 requirements — audit trail capability, access control architecture, data storage and backup, electronic signature support. The output is a risk-ranked remediation map that identifies which systems can be brought into compliance through configuration, which require replacement, and which must be connected to a centralized platform.
Rather than remediating each standalone system individually — an approach that creates ongoing maintenance burden and integration complexity — the remediation architecture connects all GMP data flows through a unified platform. Electronic batch records, environmental monitoring data, analytical results, and logbook entries are captured in a single system with enforced user authentication, role-based access, immutable audit trails, and centralized validated storage. This is not a wrapper around existing systems. It is a replacement of the fragmented architecture that created the compliance gaps.
Once the platform is operational, ongoing compliance is maintained through automated monitoring — not periodic manual assessments. The system continuously verifies that audit trails are active, that no shared credentials exist, that data backup processes are functioning, and that all electronic records meet retention requirements. When an FDA investigator asks to review environmental monitoring data from a specific cleanroom on a specific date, the answer is a query — not a search through local workstations.
The Hengrui 483 is a case study in what happens when computerized systems are deployed as measurement tools rather than as regulated data systems. The FDA expects Part 11 compliance at every point where electronic records are generated. A platform architecture that enforces this by design eliminates the category of finding — not just the individual instance.
The observation at Jiangsu Hengrui Pharmaceuticals is a reference case for a specific class of FDA finding: facility-wide Part 11 non-compliance that spans environmental monitoring, analytical data management, user access controls, and data integrity assessment. Each of the four specific findings — NVP monitors without audit trails, shared login credentials, unprotected local storage, and an incomplete data integrity assessment — is a symptom of the same root cause. The facility’s computerized systems were deployed without a platform-level compliance architecture.
This pattern carries compounding risk. Shared credentials mean that any deviation investigation is undermined from the start — the system cannot establish who performed the action in question. Missing audit trails mean that data integrity cannot be verified retrospectively. Local storage without backup means that records required for batch release, stability studies, and regulatory submissions are vulnerable to loss. And an incomplete data integrity assessment means the firm cannot demonstrate to the FDA that it even knows where all its compliance gaps are.
For quality leaders at pharmaceutical manufacturers operating across multiple sites and regulatory jurisdictions, the Hengrui 483 is a clear signal. The FDA is not looking for individual instrument-level compliance. It is evaluating whether the facility’s data architecture — from portable particle counters to analytical instruments to batch record systems — is designed to produce trustworthy electronic records. The firms that answer this question at the platform level, rather than the instrument level, are the ones that pass inspection without findings.