Guest accounts editing test results. Shared admin passwords on SCADA. Audit trails that QA couldn't even access. The Immacule Lifesciences 483 is a case study in what happens when computerized system controls exist on paper but not in practice.
On September 18, 2025, the FDA issued a 483 observation to Immacule Lifesciences Private Limited in Nalagarh, Himachal Pradesh. The finding was unambiguous: “Appropriate controls were not exercised over computerized systems to ensure that changes in records are made only by authorized personnel.”
What followed was one of the most detailed computerized system 483s issued in 2025 — spanning LIMS, SCADA, and LabSolutions across the facility’s sterile manufacturing and quality control operations. The inspector didn’t find a single system failure. They found a facility where every major computerized system had the same structural problem: users with access they shouldn’t have, audit trails that nobody reviewed, and a quality unit that approved batch results without verifying the electronic records underneath.
The specifics were damning. A LIMS user with “Document Manager/Executive” responsibilities — not an analyst, not a reviewer — was able to modify pH results for a drug product currently in production. SCADA administrators could rewrite filling recipes. External customers and service providers had been given analyst-level access to LabSolutions, with permissions to modify finished product testing results. And QA personnel responsible for approving filter integrity tests couldn’t even view the audit trail for one of the two integrity testers in the facility.
Every major computerized system in the facility had the same structural problem: users with access they shouldn’t have, audit trails that nobody reviewed, and a quality unit that approved results without verifying the electronic records underneath.
21 CFR 211.68 requires that controls be exercised over computerized systems to ensure that changes to master production and control records are made only by authorised personnel. The Immacule 483 reads like a catalogue of every way this requirement can be violated.
LIMS: The system used to input and record raw data for batch disposition had four access levels — Analyst, Supervisor, Manager, and QA. A Document Manager/Executive was assigned Level 1 (Analyst) access, which the Associate Vice President described as “general access.” That “general access” permitted modifying pH results on in-process drug products. Two users with this access were neither reviewers nor analysts.
SCADA: The system controlling aseptic filling operations — inputting parameters, executing recipes, monitoring equipment — gave IT and engineering personnel administrative access with the ability to modify existing recipes and equipment parameters without adequate oversight.
LabSolutions: External customers for method transfer and service providers were given the “Analyst” role, granting permissions to modify sequence data from finished product, in-process, stability, and raw material testing. A “Guest” role was only added recently to identify these external users — prior to that, they were indistinguishable from internal analysts in the system.
Most critically, QA personnel could view audit trails for one filter integrity tester but not the other. Their approval process was based solely on result reports — without evaluating whether changes, failed tests, or repeated runs had occurred before the reported result was generated.
3 systems
LIMS, SCADA, and LabSolutions — every major computerized system in the facility had user access control deficiencies identified by the FDA inspector.
0 reviews
QA approved batch results based solely on printed reports. Electronic audit trails — including failed tests, repeated runs, and parameter changes — were not reviewed before batch release.
42%
FDA Tracker analysis shows computerized system control observations have become one of the most frequently cited findings in drug manufacturing inspections.
The root cause isn’t IT negligence or quality oversight. It’s an architectural pattern where access controls are bolted onto systems after deployment, rather than designed into the platform from the start. When you have four access levels for a system that serves six distinct roles with different risk profiles, gaps are inevitable.
Immacule's LIMS had four access levels mapped to organisational roles (Analyst, Supervisor, Manager, QA). When a Document Manager needed system access, the lowest level — 'Analyst' — was deemed appropriate as 'general access.' But that level included permissions to modify test results, because the system wasn't designed to separate read access from write access at a granular level. This pattern — overprovisioning access because the system doesn't support fine-grained permissions — is endemic across pharmaceutical LIMS and ERP systems.
Before the 'Guest' role was created, external customers and service providers were assigned the same 'Analyst' role as internal lab personnel. They could modify finished product testing sequences, in-process results, and stability data. The system had no mechanism to distinguish between an internal chemist running a routine assay and an external service provider performing equipment maintenance. This isn't a training gap — it's a platform limitation.
The most dangerous state for data integrity isn't the absence of an audit trail — it's an audit trail that nobody looks at. At Immacule, QA approved filter integrity test results from printed reports alone. The electronic audit trail, which would have shown failed tests, repeated runs, and parameter modifications, was not part of the approval workflow. For one of the two integrity testers, QA couldn't even access the audit trail.
SCADA administrative access was shared among IT and engineering personnel. LabSolutions used shared accounts before the Guest role was introduced. When credentials are shared, attributability — the 'A' in ALCOA — is structurally impossible. You can't determine who made a change if multiple people use the same account. This isn't a procedural failure that training can fix. It's a system design that makes compliance impossible.
The question isn’t whether your facility has access controls. It’s whether your access controls are granular enough to distinguish between a QC analyst running a test, a service engineer calibrating an instrument, and a document manager who needs to view — but never modify — production data.
In each comparison below, the legacy approach reflects what the FDA found at Immacule — and what exists at the majority of pharmaceutical facilities running enterprise LIMS, ERP, and SCADA systems that weren’t designed for 21 CFR Part 11 compliance from the ground up.
Four or five broad access levels mapped to organisational roles. A 'Document Manager' gets 'Analyst' access because there's no role that provides read-only access with document management permissions. External service providers get the same role as internal staff because the system doesn't support temporary, scoped access.
Result: Overprivileged users across every system
Granular, attribute-based access control where permissions are defined by function, not title. A document manager can view records without modifying test data. Service providers get time-limited, scope-restricted access that automatically expires. Every permission maps to a specific data integrity risk.
Result: Least-privilege access by default
Audit trails exist in individual systems (LIMS, SCADA, LabSolutions) but review is manual and optional. QA approves batch results from printed reports. Electronic audit trails require separate login, different interface, and aren't integrated into the approval workflow. Some systems don't even grant QA the permissions to view audit trails.
Result: Audit trails exist but are never reviewed
Audit trail review is embedded in the approval workflow — QA cannot approve a result without the system presenting the complete audit trail alongside it. Failed tests, repeated runs, parameter changes, and user modifications are surfaced automatically. Review is mandatory, not optional.
Result: No approval without audit trail verification
LIMS, SCADA, and LabSolutions operate as independent systems with separate user directories, separate audit trails, and separate review processes. A user's activity in SCADA is invisible to the LIMS reviewer. Access anomalies across systems can only be detected by manually correlating logs from three different platforms.
Result: Blind spots between every system boundary
Unified identity management across all manufacturing and quality systems. A single user identity with consistent permissions, a single audit trail that captures cross-system activity, and automated anomaly detection that flags unusual access patterns — like a user modifying both a SCADA recipe and the corresponding LIMS test result.
Result: Complete visibility, cross-system correlation
The capabilities below directly address every gap identified in the September 2025 observation. They aren’t configuration options within existing systems. They’re architectural requirements for any platform managing GMP-critical data.
Attribute-based permissions that separate read, write, review, and admin capabilities at the field level — not the role level. A user can be granted permission to view test results without the ability to modify them. External users get scoped, time-limited access that restricts them to specific instruments and specific data sets. No more 'general access' roles that inadvertently grant write permissions to production data.
Audit trail review built into every approval workflow, not available as a separate interface that reviewers can skip. The system presents the complete change history — including failed tests, deleted runs, and parameter modifications — alongside the result being approved. QA cannot sign off without acknowledging the audit trail. No exceptions, no workarounds, no printed-report-only approvals.
Single identity management across all manufacturing and quality systems eliminates shared credentials and enables attributability for every action. Automated monitoring detects anomalous patterns — like the same user modifying a SCADA recipe and editing the corresponding LIMS result within the same shift. Every action, across every system, is attributable to a single, verified identity.
100%
Piramal Pharma achieved full 21 CFR Part 11 compliance across 10+ facilities and 3 regulatory jurisdictions (FDA, MHRA, EMA) after deploying a unified platform with embedded access controls and audit trail enforcement.
2,500+
Cipla's deployment across 30 facilities manages 2,500+ concurrent users with role-based access controls that prevent the overprivileging pattern identified in the Immacule 483.
60%
Valent BioSciences eliminated 60% of manual data entries — removing the human touchpoints where unauthorised modifications are most likely to occur.
The goal isn’t to add more SOPs about access control. It’s to deploy a platform where unauthorised access is architecturally impossible — where the system enforces data integrity constraints that procedures alone cannot guarantee.
Map user access across LIMS, SCADA, ERP, and every computerized system that touches GMP data. For each system, answer: How many access levels exist? Do permissions match actual job functions, or are users overprivileged because the system lacks granularity? Can external users modify production data? Are audit trails reviewed as part of the approval workflow, or do they exist in a separate interface that nobody checks? The Immacule 483 answers these questions for one facility — your audit should answer them for yours.
Replace the patchwork of independent systems with a unified platform where access control, audit trail review, and identity management are architectural features — not configuration options. The platform should enforce least-privilege access by default, embed audit trail review in every approval workflow, and provide cross-system visibility through a single identity framework. Deploy with proper IQ/OQ/PQ validation protocols.
Establish metrics: access provisioning audit frequency, audit trail review compliance rate, time-to-detect for access anomalies, and zero-tolerance for shared credentials. Run periodic access reviews to verify that permissions match current job functions. Within 90 days, the data will show whether your computerized system controls are real or ceremonial.
Immacule Lifesciences’ 483 wasn’t caused by a single system failure. It was caused by an architecture where every computerised system had independently inadequate access controls — and no mechanism to detect the pattern across systems. The fix isn’t better SOPs for each system. It’s a platform that makes unauthorised access architecturally impossible.
The pharmaceutical industry’s computerised system problem is architectural, not procedural. When LIMS, SCADA, and LabSolutions are deployed as independent systems with separate user directories, separate audit trails, and separate review processes, the access control gaps found at Immacule are structurally inevitable. You can write SOPs requiring least-privilege access. You can train QA to review audit trails. But if the LIMS only offers four access levels and the SCADA shares admin credentials across IT and engineering, the SOP is describing a state that the system cannot enforce.
The Immacule observation is significant not because it’s unusual, but because it’s comprehensive. Most facilities have the same gaps in isolation — an overprivileged LIMS user here, a shared SCADA password there, an unreviewed audit trail somewhere else. What the FDA inspector did was document the pattern across every system in a single observation, making the architectural problem visible.
Modern pharmaceutical platforms eliminate this risk not by adding access control layers on top of legacy systems, but by building data integrity into the foundation. A single identity framework means every action is attributable. Granular permissions mean access matches function, not organisational hierarchy. Embedded audit trail review means QA cannot approve what they haven’t verified. And cross-system correlation means the pattern that took an FDA inspector two weeks to document is visible to the platform in real time — automatically flagged, automatically escalated, and impossible to ignore.