Legacy Instruments, Zero Data Backup: Lessons from Catalent's FDA 483
A UV-vis spectrophotometer that has never been backed up. Equipment that powers on straight to collection mode with no user login. A data integrity assessment that listed two gaps while the FDA found four. The Catalent 483 shows what happens when legacy instruments fall outside the data integrity programme.
On July 14, 2025, the FDA issued a 483 observation to Catalent Indiana LLC at their Bloomington, Indiana facility. The finding stated: “The responsibilities and procedures applicable to the quality control unit are not in writing and fully followed.”
What followed was a seven-part observation that exposed systemic failures in how the facility managed QC laboratory instruments — specifically, a UV-vis spectrophotometer used for protein assay testing and release testing of finished drug products. The instrument had never been backed up. Its user login feature was disabled, meaning it powered on directly into collection mode with no authentication. No audit trail was captured. And the quality unit never reviewed electronic raw data from the instrument to ensure data integrity. This was not a documentation oversight. It was a QC instrument operating entirely outside the facility’s data governance framework while generating release-critical data.
The observation also revealed that Catalent’s own Data Integrity Assessment and Remediation Plan, dated December 2, 2024, had identified only two systems with recorded data integrity gaps. During the July 2025 inspection, the FDA found at least two additional instruments in the QC laboratory with critical gaps that the assessment had missed entirely. The facility’s self-assessment was incomplete — and the instruments it missed were the ones performing finished product release testing.
A UV-vis spectrophotometer used for finished product release testing — with no user login, no audit trail, no data backup, and no electronic data review. The instrument was invisible to the facility’s own data integrity assessment. The FDA found it in a week.
What the FDA Found
Seven findings that collectively document a QC laboratory where legacy instruments operate outside the data integrity programme — generating release-critical data with no controls, no traceability, and no backup.
No documentation of sterility sample counts during interventions. The facility did not document sterility sample counts when taken during interventions via their intervention forms. Intervention sampling is a critical aseptic process control — the number of samples taken, when they were taken, and under what conditions directly affects the validity of the sterility assurance assessment. Without documented counts, there is no way to verify that the intervention sampling protocol was followed as written.
A legacy UV-vis spectrophotometer that has never been backed up. The firm’s UV-vis spectrophotometer is a legacy device that cannot save and retain electronic data in a controlled manner. No written procedures existed for electronic data review or data backup of this instrument. More critically, the facility had never backed up data from this stand-alone equipment — not once, in the entire time it had been in operation. Under 21 CFR 211.68(b), backup of data must be exact and complete, and be secure from alteration, inadvertent erasures, or loss. This instrument met none of those requirements.
No audit trail review on test results. The quality unit did not review audit trails on UV-vis test results to ensure data integrity. This instrument was used to perform protein assay testing and release testing of finished products — testing that directly determines whether a drug product is fit for distribution. Under 21 CFR Part 11 and FDA’s Data Integrity and Compliance With Drug CGMP guidance, the quality unit is expected to review audit trails as part of routine data review procedures. At Catalent, that review did not occur.
User login disabled — equipment powers on directly to collection mode. The equipment’s user login feature within the software was disabled or inaccessible. When powered on, the device went straight to collection mode — no authentication, no user identification, no access control. Anyone with physical access to the instrument could generate, modify, or delete data with no attribution. No audit trail was captured. The quality unit did not review electronic raw data. The “A” in ALCOA — Attributable — was structurally impossible.
Data integrity assessment that missed critical gaps. Catalent’s Data Integrity Assessment and Remediation Plan Summary, dated December 2, 2024, listed only two systems with recorded data integrity gaps. During the inspection, the FDA identified at least two additional instruments in the QC laboratory — including the UV-vis — with critical data integrity failures. The assessment was not comprehensive. It had not identified the instruments with the most severe gaps, and those instruments were generating data used for finished product release.
Lack of control over media fill visual inspection qualification. The firm lacked control over its media fill unit visual inspection qualification and process. Media fills are the definitive test of aseptic process control — the simulation that demonstrates whether a facility can produce sterile products without contamination. Inadequate control over the visual inspection qualification undermines the validity of the entire media fill programme.
0 backups
Of UV-Vis Data — Ever
The UV-vis spectrophotometer used for protein assay and finished product release testing had never been backed up. No written procedure for data backup or electronic data review existed for this instrument.
2 vs 4
DI Gaps: Self-Assessment vs FDA
Catalent's December 2024 Data Integrity Assessment identified 2 systems with gaps. The FDA found at least 4 instruments with critical data integrity failures during the July 2025 inspection.
0 logins
User Authentication Required
The UV-vis software's user login feature was disabled or inaccessible. The device powered on directly to collection mode — no authentication, no attribution, no audit trail.
Why This Keeps Happening
The Catalent finding is not an isolated incident. It is the predictable outcome of a pattern where legacy QC instruments are excluded from the data integrity programme because they lack the technical capability to participate in it.
The root cause is not a negligent quality unit. It is the gap between what data integrity regulations require and what legacy standalone instruments are capable of. When an instrument cannot enforce user authentication, cannot generate an audit trail, and cannot retain electronic data reliably, the default response is to work around it — and eventually, to forget it exists in the assessment.
Legacy instruments excluded from data integrity scope.
When facilities build data integrity programmes, they typically focus on systems that have data integrity capabilities — LIMS, chromatography data systems, ERP platforms. Standalone instruments like UV-vis spectrophotometers, dissolution testers, and pH meters are often excluded because they lack the technical architecture to meet Part 11 requirements. But exclusion from the programme does not exclude them from the regulation. The UV-vis at Catalent was performing finished product release testing. It was as GMP-critical as any LIMS — it just lacked the controls to prove it.
Self-assessments that inventory capability, not risk.
Catalent's Data Integrity Assessment and Remediation Plan listed two systems with gaps. The FDA found four. This pattern suggests the assessment inventoried systems that already had some data integrity infrastructure and identified where that infrastructure fell short. It did not ask the harder question: which instruments in the QC laboratory generate GMP-critical data but have no data integrity infrastructure at all? The instruments with the most severe gaps were the ones the assessment missed entirely — because they had no capabilities to assess.
No backup means no recovery and no verification.
21 CFR 211.68(b) requires that backup data be exact and complete, and be secure from alteration, inadvertent erasures, or loss. The Catalent UV-vis had never been backed up. If the instrument failed, was replaced, or suffered data loss, every protein assay result and release test result it had ever generated would be unrecoverable. This is not a theoretical risk. It is the current state of the data — one hardware failure away from permanent loss of release-critical records.
Disabled authentication treated as an acceptable configuration.
The UV-vis equipment's user login feature was disabled or inaccessible. This was not a system limitation — the software had the capability. It was a configuration choice that went unchallenged. In a production environment where instruments are shared across shifts and operators, disabling authentication is the path of least resistance. It eliminates login delays, avoids password management overhead, and makes the instrument accessible to anyone. It also makes every action unattributable and every result unverifiable — which is what the FDA documented.
The question is not whether your QC laboratory has standalone instruments with data integrity gaps. It almost certainly does. The question is whether your data integrity assessment found them — or whether, like Catalent’s, it listed the systems with some controls and missed the ones with none.
Standalone Instruments vs Platform-Managed QC
The difference between the Catalent state and regulatory readiness is not adding controls to legacy instruments — it is connecting instruments to a platform that enforces data integrity requirements regardless of the instrument's native capabilities.
Each comparison below addresses a specific gap documented in the Catalent 483. The platform approach does not depend on the instrument having built-in audit trail or authentication capabilities — it provides those controls at the platform level.
Data Backup and Retention
The UV-vis spectrophotometer is a legacy device that cannot save and retain electronic data in a controlled manner. No backup procedure exists. No backup has ever been performed. Data resides only on the instrument's local storage — vulnerable to hardware failure, inadvertent deletion, and permanent loss. 21 CFR 211.68(b) requires exact and complete backup, secured from alteration or loss. This instrument met none of those requirements.
Result: Zero backups, complete data loss risk
Instrument data is captured and stored on the platform at the time of acquisition — not retroactively backed up from local storage. The platform maintains exact, complete, timestamped copies of all raw data with automated backup schedules, redundant storage, and tamper-evident retention. Data exists independently of the instrument. Hardware failure results in equipment downtime, not data loss.
Result: Automated backup, zero data loss risk
User Authentication and Attribution
The user login feature was disabled. The instrument powered on directly to collection mode. Any operator with physical access could generate test results with no record of who performed the analysis. The quality unit had no electronic raw data to review. Attributability — the foundational requirement of ALCOA — was impossible to establish for any result generated on this instrument.
Result: No authentication, no attribution
User authentication is enforced at the platform level, not at the instrument level. Operators authenticate through the platform before the instrument can begin data collection. Every acquisition, every test result, and every interaction is attributed to a verified user identity with role-based access controls. The instrument's native login capability becomes irrelevant — the platform provides it.
Result: Every action authenticated and attributed
Audit Trail and Data Review
No audit trail was captured on the UV-vis. The quality unit did not review electronic raw data from the instrument. Test results used for protein assay and finished product release were approved without any verification of the electronic data underneath — no change history, no deletion log, no record of repeated analyses or modified parameters.
Result: Release decisions based on unaudited data
The platform generates a complete audit trail for every instrument interaction — data acquisition, parameter changes, repeated analyses, and result modifications — regardless of the instrument's native audit trail capability. Audit trail review is embedded in the QC approval workflow. The quality unit cannot approve release test results without reviewing the full electronic data trail.
Result: No release without verified audit trail
What a Modern System Must Do
Preventing the failures documented at Catalent requires a platform that extends data integrity controls to every instrument in the QC laboratory — including the legacy ones that were never designed for Part 11 compliance.
The three capabilities below directly address the root causes behind the Catalent 483. They work because they do not depend on the instrument’s native capabilities — they provide authentication, audit trails, and data management at the platform level, making legacy instrument limitations irrelevant to data integrity compliance.
Platform-Level Audit Trails for Every Instrument
Every instrument interaction — data acquisition, parameter modification, result processing — generates a tamper-evident audit trail entry at the platform level. The UV-vis does not need its own audit trail capability. The platform captures who initiated the analysis, what parameters were used, when data was collected, and whether any modifications occurred after acquisition. The quality unit reviews this trail as part of the standard approval workflow, not as an optional supplementary check.
Automated Data Capture, Backup, and Retention
Instrument data flows to the platform at the time of acquisition — automatically, without manual export or operator-initiated backup. Data is stored with full versioning, redundant backup, and retention policies that meet 21 CFR 211.68(b) requirements. A standalone UV-vis that has never been backed up becomes an instrument whose data has been captured, backed up, and secured from its first measurement. Hardware failure or instrument replacement does not affect data availability.
Enforced Authentication Regardless of Instrument Capability
User authentication is enforced at the platform level before any instrument can begin data collection. Operators log in to the platform — not to individual instruments. The UV-vis login feature being disabled becomes irrelevant because the platform controls access. Role-based permissions determine who can operate which instruments, who can modify parameters, and who can approve results. ALCOA attributability is an architectural guarantee, not a configuration option on each instrument.
10+ facilities
Piramal: Global Deployment
Piramal deployed LeucineOS across 10+ facilities with 100% 21 CFR Part 11 compliance — extending platform-level data integrity controls to every connected instrument, including legacy standalone equipment.
30 facilities
Cipla: Enterprise Scale
Cipla runs 2,500+ concurrent users across 30 facilities on a single platform — with consistent audit trail enforcement, authenticated access, and automated data capture across QC, production, and QA operations.
100%
Part 11 Compliance
Every facility deployed on LeucineOS operates in full 21 CFR Part 11 compliance. Audit trails, electronic signatures, unique user authentication, and automated data backup are enforced by platform architecture — not by individual instrument capability.
From Gap to Prevention
Three phases to move from the Catalent state — legacy instruments generating release-critical data outside the data integrity programme — to a platform where every QC instrument is covered, regardless of its native capabilities.
The objective is not to replace every legacy instrument in the QC laboratory. It is to connect them to a platform that provides the data integrity controls they lack — authentication, audit trails, backup, and review — so that a UV-vis spectrophotometer performing release testing receives the same level of data governance as the LIMS.
Phase 1: Inventory every instrument against data integrity requirements.
Map every instrument in the QC laboratory — not just the systems with existing data integrity capabilities, but every standalone device that generates GMP-critical data. For each instrument, document: Can it enforce user authentication? Does it generate an audit trail? Is data backed up? Is electronic raw data reviewed by the quality unit? Catalent's self-assessment found two gaps. The FDA found four. The instruments your assessment is most likely to miss are the standalone legacy devices performing routine testing — the ones that have been operating the same way for years, generating data that nobody questions because nobody audits it.
Phase 2: Deploy platform-level controls across all QC instruments.
Connect every QC instrument — legacy and modern — to a platform that provides authentication, audit trail capture, automated data backup, and review workflows at the platform level. The goal is not to upgrade every instrument's firmware or replace every legacy device. It is to extend the data integrity programme to instruments that were previously excluded because of their technical limitations. When the platform manages identity, audit trails, and data retention, the instrument's native capabilities become irrelevant to compliance.
Phase 3: Validate, close assessment gaps, and monitor continuously.
Validate the platform deployment with protocols that specifically test the failure modes documented in the Catalent 483: Can an operator use an instrument without authenticating? Can data be generated without an audit trail? Can instrument data be lost due to lack of backup? Re-run the data integrity assessment with the comprehensive scope the FDA expects — every instrument, every system, every data flow. Then establish continuous monitoring: backup verification, authentication compliance, audit trail completeness, and periodic re-assessment to catch new instruments before the FDA does.
Catalent’s Data Integrity Assessment listed two systems with gaps. The FDA found four — including a UV-vis spectrophotometer that had never been backed up, had no user login, and generated data used for finished product release. The 483 is not about one instrument. It is about a data integrity programme that defined its scope by what systems could comply, not by what systems needed to.
The Catalent 483 documents a pattern that exists in QC laboratories across the pharmaceutical industry: legacy standalone instruments that generate GMP-critical data while operating entirely outside the facility’s data integrity programme. A UV-vis spectrophotometer with disabled login features and zero backups. An instrument that powers on straight to collection mode, capturing release-critical test results with no record of who performed the analysis. A quality unit that approves those results without reviewing electronic raw data or audit trails — because neither exists.
Each of these findings traces to the same architectural gap. The facility’s data integrity assessment focused on systems that had some data integrity infrastructure and looked for shortcomings. It did not perform the comprehensive review that FDA’s Data Integrity and Compliance With Drug CGMP guidance expects — one that identifies every system generating GMP-critical data and evaluates whether adequate controls exist. The instruments with the most severe gaps were invisible to the assessment because they had no controls to evaluate.
Modern platform architecture closes this gap not by demanding that every legacy instrument meet Part 11 requirements natively, but by providing those requirements at the platform level. When authentication is enforced by the platform, a disabled instrument login is irrelevant. When data is captured and backed up automatically at the time of acquisition, a legacy instrument’s inability to retain electronic data does not matter. When the platform generates audit trails for every instrument interaction, the quality unit has the electronic raw data it needs to make informed release decisions. The Catalent 483 documents instruments that needed this architecture and did not have it. The question for every QC laboratory is how many of their own standalone instruments would produce the same finding — and whether their data integrity assessment has actually looked.
Related Articles
Three Facilities, Three FDA Actions, Five Architectural Gaps: How AI Agents Address Cipla's Regulatory Exposure
Between 2023 and 2026, three Cipla facilities — Pithampur, Raigad, and Pharmathen Greece — received FDA enforcement actions documenting the same five systemic failures: complaint investigation, CAPA effectiveness, electronic data review, contamination control, and QC oversight. LeucineOS AI agents map directly to each gap.
35% OOS Invalidations, Zero Scientific Justification: Lessons from Aurobindo Pharma's FDA 483
A February 2026 FDA 483 at Aurobindo Pharma's Unit-III found 35% of OOS invalidations in the QC Chemistry lab — with 57% blamed on analyst error and 18% on equipment, none supported by adequate scientific justification. Batches shipped to the US after unresolved Grade A maintenance interventions.
Equipment Swapped, Cleaning Not Revalidated, OOS Dissolved Away: Lessons from Dr. Reddy's FDA 483
A December 2025 FDA 483 at Dr. Reddy's FTO-SEZ facility in Srikakulam found cleaning validation not performed after equipment replacement, OOS dissolution results invalidated despite contradictory evidence, and process qualification gaps — all traceable to a single uncontrolled equipment change eighteen months earlier.
Newsletter
Stay ahead in the Industry
Regulatory updates, pharma quality insights, and AI in manufacturing — written for quality leaders, not marketers.
Please use your official work email. Personal email addresses (Gmail, Yahoo, etc.) will not receive the newsletter. No spam. Unsubscribe anytime.
Ready to see what an AI-native quality platform looks like? Leucine unifies quality management, regulatory compliance, and production operations into one intelligent system.
