One SOP for Every System: Lessons from Lupin's FDA 483
One SOP for filling lines, manufacturing vessels, and every other computerized system. No system-specific instructions. No critical event definitions. QA couldn't even log in to the equipment. The Lupin 483 exposes what happens when audit trail oversight is designed for compliance on paper, not in practice.
On July 17, 2025, the FDA issued a 483 observation to Lupin Limited at their Pithampur facility (Unit 3 and Unit 2) in Madhya Pradesh, India. The finding stated: “Written procedures are not established that describe the in-process controls and examinations to be conducted on appropriate samples of in-process materials of each batch.”
The specifics went far beyond a missing SOP. The FDA found that Lupin used a single, general SOP for reviewing electronic data including audit trails across multiple computerized systems used in GMP operations — filling systems, manufacturing vessels, and other production equipment. That one procedure contained no system-specific instructions. It did not identify which audit trail events were critical for each system. It did not explain how to locate or interpret audit trail entries across different software architectures. And it did not require documentation of what was actually reviewed or why. Staff relied on experience rather than documented procedures, producing inconsistent audit trail review practices across the facility.
But the procedural gap was only part of the problem. The FDA also found that QA employees lacked independent login access to manufacturing equipment software and relied on IT staff to access these systems during audit trail reviews. Worse, during batch release, QA did not review audit trails directly on the equipment at all — they reviewed only printed copies provided by the operations department. The independence of quality oversight was compromised at every level: QA could not access the systems, could not navigate the data, and could not verify that what operations printed was complete or unaltered.
One SOP for every computerized system. No system-specific review instructions. QA locked out of direct equipment access and reviewing only printed copies handed over by the department being overseen. This is not an audit trail review process — it is the appearance of one.
What the FDA Found
Four findings that expose a facility where audit trail review existed as a documented activity but not as an effective control — violating the principles of 21 CFR 211.68 and 21 CFR Part 11.
A single generic SOP governing all computerized systems. Lupin’s facility used one procedure to cover audit trail reviews across filling systems, manufacturing vessels, and other GMP-critical equipment. The SOP did not reference system-specific instructions. It did not identify critical audit trail events relevant to each system — parameter changes, alarm acknowledgments, aborted runs, manual interventions. It did not explain how to locate audit trail entries within each system’s software architecture. And it did not specify how to document or justify what was reviewed. Under 21 CFR 211.68, appropriate controls must be exercised over computers and related systems. A procedure that treats a filling line and a manufacturing vessel identically, with no differentiation by system functionality or risk level, does not meet that standard.
Inconsistent practices driven by individual experience. During interviews, the FDA observed that audit trail review practices varied by person. Staff relied on their own experience and judgment rather than on documented procedures. This is the predictable outcome of a generic SOP: when the procedure does not tell reviewers what to look for in a specific system, each reviewer invents their own approach. Some may check parameter changes. Others may not. Some may look at alarm acknowledgments. Others may skip them. The review becomes a function of who performs it, not what the procedure requires.
QA locked out of manufacturing equipment software. Quality Assurance employees did not have independent login access to the software running on manufacturing equipment. When QA needed to review audit trails, they required IT employees to log them in and navigate the system. Under 21 CFR Part 11 and the broader framework of CGMP, QA’s oversight function depends on the ability to independently access, review, and evaluate electronic records. When that access is mediated by another department, the independence that makes QA oversight meaningful is structurally compromised.
Batch release based on printed copies, not source data. During batch release, QA employees did not review audit trails directly on the manufacturing equipment. Instead, they reviewed only printed copies provided by the operations department. This means the department whose activities QA was supposed to oversee controlled which data QA could see. There was no mechanism to confirm that the printed copies were complete, that no entries had been omitted, or that the printouts reflected the full audit trail as it existed in the electronic system. Under 21 CFR 211.68, computerized records must be subject to appropriate controls — and a review process where the reviewed party selects the evidence is not appropriate.
1 SOP
For All Computerized Systems
A single generic procedure governed audit trail reviews across filling systems, manufacturing vessels, and all other GMP equipment — with no system-specific instructions, critical event definitions, or documentation requirements.
0
Independent QA Access
QA employees had no independent login credentials for manufacturing equipment software. Audit trail reviews required IT to provide access — compromising the independence of quality oversight.
0
Direct Audit Trail Reviews at Batch Release
During batch release, QA did not review audit trails on the equipment. They reviewed only printed copies provided by the operations department — the same department whose activities were being reviewed.
Why This Keeps Happening
The Lupin finding is not an isolated procedural gap. It is the result of how most pharmaceutical facilities evolve their audit trail review practices — reactively, generically, and without addressing the architectural dependencies that make effective review possible.
The root cause is not that Lupin failed to write an SOP. They had one. The problem is that the SOP was designed to demonstrate that audit trail review happens, not to ensure it works. That distinction — between compliance documentation and operational control — is what the FDA cited.
Generic SOPs that cover everything and control nothing.
Writing one audit trail review SOP for all systems is efficient on paper. It requires a single document, a single training record, a single periodic review. But a filling system and a manufacturing vessel have fundamentally different risk profiles, different software architectures, different critical events, and different data structures. A procedure that does not account for these differences cannot instruct a reviewer on what to look for, where to find it, or how to interpret it. What remains is a checklist that says 'review the audit trail' without defining what that means for any specific system. The FDA found exactly this at Lupin: no system-specific instructions, no critical event definitions, no documentation requirements per system.
QA access treated as an IT function, not a quality requirement.
When computerized systems are deployed, user provisioning is typically managed by IT. QA's need for independent access to manufacturing equipment software is treated as a request to be fulfilled when needed, not as a standing requirement of the quality system. Over time, the access simply never gets provisioned — or gets provisioned with insufficient permissions. At Lupin, QA could not log in to manufacturing systems without IT assistance. This is not an IT failure. It is a quality system failure: the facility's computerized system lifecycle never included QA's independent access as a requirement.
Printed copies accepted as equivalent to electronic records.
When QA cannot access the electronic system directly, the path of least resistance is to print the audit trail and hand it to QA for review. This creates three problems simultaneously. First, operations controls what gets printed — introducing selection bias into the review. Second, a printout cannot reproduce the full functionality of an electronic audit trail, including filtering, sorting, and cross-referencing entries. Third, QA has no way to confirm that the printout is complete or unaltered. At Lupin, this was the standard practice during batch release: QA reviewed only what operations chose to print.
No differentiation by system risk or functionality.
The Lupin SOP did not differentiate between systems by functionality or risk level. It did not specify review triggers or expectations per equipment type. A filling system — where parameter changes directly affect product quality — received the same review guidance as every other system. When review procedures ignore risk stratification, reviewers have no basis for prioritising what matters. The result is what the FDA observed: inconsistent practices, with staff making individual judgments about what to review because the procedure gave them no guidance.
The question is not whether your facility has an audit trail review SOP. It is whether that SOP tells a reviewer exactly what to look for on each system, whether QA can access those systems independently, and whether the review is performed on source data — not on printouts selected by the department being reviewed.
Generic SOP vs Platform-Enforced Review
The difference between Lupin's state and a compliant audit trail architecture is not a better-written SOP. It is a fundamentally different approach to how audit trail data is captured, accessed, and reviewed.
Each comparison below addresses a specific gap documented in the Lupin 483. The platform approach does not add more manual steps to an already ineffective process. It removes the conditions that made these failures possible.
Audit Trail Review Process
One procedure for all systems. No system-specific instructions for identifying critical events, locating entries, or interpreting data. Reviewers rely on experience and individual judgment. The SOP does not differentiate by system risk, functionality, or software architecture. The FDA found inconsistent practices across Lupin's facility — each reviewer doing something different because the procedure gave no specifics.
Result: Review exists on paper, not in practice
Audit trail review is configured per system type with predefined critical events, risk-based review triggers, and system-specific flagging rules. Parameter changes on a filling line are flagged differently than manual interventions on a manufacturing vessel. Reviewers see relevant events surfaced automatically, with context — not raw log files they must interpret from scratch. The review is consistent because the platform enforces it, not because the reviewer memorised the right approach.
Result: Consistent, risk-based review across every system
QA Access to Audit Trail Data
QA cannot log in to manufacturing equipment software independently. Audit trail review requires IT to provide access, navigate the system, and display relevant data. QA's ability to perform oversight depends on another department's availability and cooperation. During batch release, QA reviews only printed copies provided by operations — the department whose work is being reviewed controls the evidence QA can see.
Result: QA oversight is dependent, not independent
QA has role-based access to audit trail data across all connected systems through a single platform interface. No IT assistance required. No dependency on operations to print or select data. QA can filter, cross-reference, and drill into audit trail entries directly — on any system, at any time. The platform enforces access controls so QA sees what they need to see, and the access itself is logged.
Result: Independent QA oversight by architecture
Audit Trail Completeness
QA reviews printouts of audit trail data. There is no mechanism to confirm completeness — whether all entries were printed, whether any were omitted, whether the printout reflects the current state of the electronic record. The review is limited to what operations chose to provide. Filtering, sorting, and cross-system analysis are impossible on paper.
Result: Unverifiable subset of the actual audit trail
QA reviews audit trail data electronically, directly from the system of record. The platform ensures completeness — every entry is captured, timestamped, and retained. Nothing can be selectively omitted from the review. Cross-system analysis, trend identification, and drill-down to individual entries are built into the review interface. The audit trail the reviewer sees is the audit trail that exists.
Result: Complete, verifiable, electronic review
What a Modern System Must Do
Preventing the Lupin pattern requires platform-level enforcement — not a revised SOP, not additional training, not periodic reminders to review audit trails more carefully.
The three capabilities below directly address the root causes behind all four findings. They work because they make non-compliance structurally impossible rather than procedurally discouraged.
System-Specific Audit Trail Intelligence
Configurable review rules per system type that define which events are critical, what triggers a review, and how findings must be documented. A filling system flags parameter changes and aborted runs. A manufacturing vessel flags manual interventions and alarm acknowledgments. The platform surfaces the right events for each system — eliminating the need for reviewers to know every software architecture or rely on experience to decide what matters.
Independent QA Access by Design
Role-based access control that provides QA with independent, direct access to audit trail data across all connected systems. No IT gatekeeping. No dependency on operations to print or select data. QA logs in with their own credentials, navigates to any system's audit trail, and reviews source data — not printouts. Access permissions are enforced by the platform and logged in their own audit trail.
Electronic Review with Completeness Assurance
All audit trail data is captured electronically, stored immutably, and presented to reviewers in a unified interface. No printouts as the basis for review. No possibility of selective omission. Cross-system analysis, filtering by event type, and drill-down to individual entries are native capabilities. The platform guarantees that what the reviewer sees is what the system recorded — complete, unaltered, and traceable.
10+ facilities
Piramal: Global Deployment
Piramal deployed LeucineOS across 10+ facilities with 100% 21 CFR Part 11 compliance — system-specific audit trail controls, independent QA access, and electronic review enforced across FDA, MHRA, and EMA jurisdictions.
30 facilities
Cipla: Enterprise Scale
Cipla runs 2,500+ concurrent users across 30 facilities on a single platform — with consistent audit trail architecture, role-based access, and electronic review workflows across every connected system and department.
100%
Part 11 Compliance
Every facility deployed on LeucineOS operates in full 21 CFR Part 11 compliance — audit trails, electronic signatures, unique user authentication, and independent QA access enforced by architecture, not by generic SOPs.
From Gap to Prevention
Three phases to move from Lupin's state — generic procedures, dependent access, printout-based review — to a platform where audit trail oversight is independent, system-aware, and performed on source data.
The objective is not to write a better SOP. It is to build an architecture that makes the four failures documented at Lupin structurally impossible — starting with QA’s ability to independently access and review audit trail data across every computerized system in the facility.
Phase 1: Assess every system's audit trail readiness and QA access.
Inventory every computerized system used in GMP operations. For each one, answer four questions: Does QA have independent login credentials? Can QA access audit trail data without IT or operations assistance? Are there system-specific instructions for what to review? Is the review performed on electronic data or printed copies? The Lupin 483 found failures on all four counts. Most facilities will find partial compliance at best — some systems with QA access, others without; some with system-specific guidance, most with a generic SOP. Map the gaps before attempting to close them.
Phase 2: Deploy platform-level audit trail management with independent QA access.
Implement a platform that captures audit trail data from all connected systems into a unified, electronically reviewable format. Provision QA with role-based, independent access — no IT mediation, no operations gatekeeping. Configure system-specific review rules that define critical events, review triggers, and documentation requirements per equipment type. Eliminate printout-based review by providing QA with direct electronic access to source data. The platform should enforce these controls architecturally so that circumventing them requires changing the system, not just ignoring a procedure.
Phase 3: Validate independence, consistency, and completeness.
Validate the deployment against the specific failure modes in the Lupin 483: Can QA access every system independently? Do review procedures differentiate by system type? Is the review performed on electronic source data? Are critical events defined and flagged per system? Establish ongoing metrics — QA access utilisation, review completeness by system, flagged event resolution rates — and monitor them continuously. The objective is a facility where an FDA inspector can select any system and confirm that QA reviewed the audit trail independently, on source data, with system-specific guidance, and documented what was found.
Lupin had an audit trail review SOP. It covered every system and controlled none of them. QA could not access the equipment. The review was performed on printouts selected by operations. The 483 is not about a missing procedure — it is about a review architecture designed for documentation, not for oversight. The question for every pharmaceutical manufacturer is whether your audit trail review would survive the same scrutiny.
The Lupin 483 documents a pattern that is common across the pharmaceutical industry: audit trail review procedures that exist on paper but fail in practice. A single generic SOP. No system-specific instructions. QA dependent on IT for access and on operations for data. Reviews performed on printed copies rather than electronic source records. Each gap individually weakens the review process. Together, they render it ineffective — QA cannot independently verify what happened on any system because they cannot access the systems, do not know what to look for, and are reviewing only what another department chose to show them.
This pattern persists because it is easy to maintain. A generic SOP is simpler to write, train, and audit than system-specific procedures for every piece of equipment. Printout-based review avoids the complexity of provisioning QA with access to dozens of different software systems. And as long as the procedure exists and the printouts are signed, the documentation looks complete. The FDA’s observation at Lupin exposes the gap between documentation that looks complete and controls that actually work.
The architectural solution is a platform that makes independent, system-aware, electronic audit trail review the default state — not an aspiration documented in a SOP. When QA has direct access to audit trail data through a unified interface, they do not need IT to log them in. When the platform surfaces system-specific critical events automatically, reviewers do not need to rely on experience to decide what matters. When the review is electronic, operations cannot control what QA sees. The Lupin 483 identified four specific failures in audit trail oversight. A platform that addresses all four by design does not just prevent the next observation — it establishes the kind of quality oversight that 21 CFR 211.68 and Part 11 were written to require.
Related Articles
Three Facilities, Three FDA Actions, Five Architectural Gaps: How AI Agents Address Cipla's Regulatory Exposure
Between 2023 and 2026, three Cipla facilities — Pithampur, Raigad, and Pharmathen Greece — received FDA enforcement actions documenting the same five systemic failures: complaint investigation, CAPA effectiveness, electronic data review, contamination control, and QC oversight. LeucineOS AI agents map directly to each gap.
35% OOS Invalidations, Zero Scientific Justification: Lessons from Aurobindo Pharma's FDA 483
A February 2026 FDA 483 at Aurobindo Pharma's Unit-III found 35% of OOS invalidations in the QC Chemistry lab — with 57% blamed on analyst error and 18% on equipment, none supported by adequate scientific justification. Batches shipped to the US after unresolved Grade A maintenance interventions.
Equipment Swapped, Cleaning Not Revalidated, OOS Dissolved Away: Lessons from Dr. Reddy's FDA 483
A December 2025 FDA 483 at Dr. Reddy's FTO-SEZ facility in Srikakulam found cleaning validation not performed after equipment replacement, OOS dissolution results invalidated despite contradictory evidence, and process qualification gaps — all traceable to a single uncontrolled equipment change eighteen months earlier.
Newsletter
Stay ahead in the Industry
Regulatory updates, pharma quality insights, and AI in manufacturing — written for quality leaders, not marketers.
Please use your official work email. Personal email addresses (Gmail, Yahoo, etc.) will not receive the newsletter. No spam. Unsubscribe anytime.
Ready to see what an AI-native quality platform looks like? Leucine unifies quality management, regulatory compliance, and production operations into one intelligent system.
