Regulatory Update Jul 12, 2026 · 20:41 8 min read By Daniel Herrmann

Validating Electronic Batch Records: Control Vendor Changes

Electronic batch record validation: connect vendor access, audit trails, change control and batch decisions into inspection-ready evidence.

Validating Electronic Batch Records: Control Vendor Changes

Electronic batch record validation covers more than screens, calculations and signatures. The evidence must also show that retrospective changes are authorised, captured in the native audit trail, assessed through the quality system and independently reviewed before a batch decision. This is especially important for interventions by software suppliers and support teams.

Why a support ticket is not a controlled change record

An electronic batch record brings together the data, decisions and accountability of a manufacturing process. A change made after record completion is therefore particularly sensitive. It may affect user attribution, process parameters, timestamps, material quantities, calculations or release information.

An FDA warning letter to Intas Pharmaceuticals dated 30 March 2026 illustrates the risk. According to the letter, a QA employee instructed a software vendor to change data in a completed electronic batch record. One change replaced an employee identifier. The change appeared neither in the audit trail nor in the electronic batch record and was not managed through the quality system.

The related overview of recent FDA warning letters on data integrity shows which access-control, audit-trail, raw-data and vendor-change gaps recur across inspections.

The warning letter addresses that specific recipient and set of facts. It is not a new general rule. The case does show how existing CGMP requirements can be applied to vendor interventions: a support activity that changes a regulated record remains a regulated data change.

For system owners, the distinction is clear. A ticket can document the request, communication and technical work. It does not automatically replace a deviation, change control, audit trail, impact assessment or quality oversight.

What the regulatory framework expects from electronic batch records

21 CFR 211.188 requires complete information on the production and control of each batch. It also requires identification of people performing, supervising or checking significant steps. 21 CFR 211.68 requires appropriate controls over automated and electronic systems and controls over authorised changes.

EU GMP Annex 11 adds several relevant control layers for European GMP organisations:

  • Responsibilities of external suppliers must be clearly defined in formal agreements.
  • GMP-relevant changes and deletions should be captured in a system-generated audit trail based on risk.
  • System and configuration changes must be controlled under a defined procedure.
  • The validated state should be evaluated periodically.
  • Access must be restricted to authorised persons and changes to access authorisations recorded.
  • Where electronic batch release is used, the system must clearly identify and record the releasing person.

These expectations do not form one standard “EBR protocol”. They create a control system across technology, procedures, roles and review. GxP system validation should demonstrate that these elements work together for the intended process.

Support ticket or quality change: the critical distinction

QuestionSupport ticketControlled GxP change
Primary purposeResolve a technical requestProtect record and product integrity
ApprovalService or IT ownerDefined business and quality roles
Change scopeTechnical descriptionOld and new value, reason, affected records and batches
System evidenceTicket activity logNative audit trail plus linked quality record
Impact assessmentOptional or technicalData, process, product and disposition impact
ClosureTicket closedChange verified, review completed, effectiveness assessed

A ticket remains a useful part of the evidence chain. The weakness arises when it is the only evidence chain. Business rationale, independent approval and evidence in the affected system are then often missing.

Six controls for inspection-ready vendor changes

1. Define modifiable EBR objects and lifecycle states

The team should establish which data a supplier can technically change and at which lifecycle stage. A draft, an active batch record and a completed record need different controls.

The inventory should cover user attribution, timestamps, process parameters, material values, calculations, comments, signatures and status transitions. For every object, define whether correction is permitted, who approves it and how the original value is preserved.

2. Make vendor access individual and time-bound

Shared support accounts prevent reliable attribution. Remote access should be assigned to a named person, an approved purpose and a limited time window.

Privileged rights are enabled only for the required duration. Start, end, actions and the responsible internal escort are logged. The supplier should not perform the change, verification and quality decision as one combined role.

3. Enforce changes in the native audit trail

Even a detailed ticket does not compensate for a missing EBR audit trail. For GMP-relevant changes, the system should capture the identity, time, affected value, old and new value, and reason for change.

Validation should challenge the negative path as well. Can an administrator, supplier or database script alter the record without creating a visible audit-trail entry? If this is technically possible, the organisation needs a documented risk assessment, effective prevention and, where necessary, an architectural change.

4. Open the quality record before the production change

A change to a completed batch record is more than maintenance. Before execution, the organisation should determine whether a deviation, change control or defined correction procedure applies.

The quality record describes the reason, scope, approval, affected data and planned verification. Urgent corrections need a predefined emergency path. Urgency should not mean reconstructing the documentation after the event.

5. Assess record, batch and product impact independently

A small data correction may affect downstream decisions. The assessment should therefore extend beyond the changed field. It should establish at least:

  • which records and batches are affected;
  • whether calculations, signatures or status decisions depend on the value;
  • whether release or distribution has already occurred;
  • whether comparable changes occurred in other records;
  • whether a deviation, investigation or CAPA requires a wider scope.

The person requesting or technically implementing the change should not be the sole decision-maker on its impact.

6. Correlate communications, audit trails and quality records periodically

A periodic review should not examine audit-trail events in isolation. It should also correlate support communications, remote-access logs and quality records.

This reveals three common gaps: a ticket without a system event, a system event without an approved quality record, or vendor communication outside the defined channel. Review can focus by risk on critical systems, privileged activity and completed batch records.

Validation tests for vendor changes in an EBR

Standard tests of data entry and workflow are not enough. Vendor interventions require targeted challenge scenarios:

  1. Change after record completion: The system blocks the action or routes it through an approved correction workflow.
  2. Privileged support access: A named supplier identity is activated, monitored and removed again.
  3. Audit-trail completeness: Old and new values, person, time and reason are available in an intelligible form.
  4. Direct database action: An unintended change path is prevented or detected by independent controls.
  5. Impact verification: Dependent calculations, signatures, reports and disposition status are correctly reassessed.
  6. Review and export: QA can assemble the record, audit trail and linked quality record for an inspection.

Acceptance criteria should be set before execution. A retrospective screenshot proves only the final state. It does not prove how the change occurred or who approved it.

A focused 30-day review

The first review does not need to become a large programme. A risk-based assessment can begin in four steps:

Week 1: Select one critical EBR application. Inventory roles, supplier access and technically modifiable data objects.

Week 2: Compile recent changes to completed records from tickets, emails and remote-access logs.

Week 3: Reconcile these events against audit trails, deviations, change controls and disposition decisions.

Week 4: Prioritise gaps by record, batch and product impact. Define CAPA, technical hardening and regression tests.

For GxP inspection readiness, this review provides a defensible scope. It demonstrates whether the change chain is reconstructable, not merely whether documents exist.

Frequently asked questions

May a software supplier correct a completed electronic batch record?

Not through an informal database or support intervention. A permissible correction needs a defined process, authorised roles, preservation of the original information, a traceable audit trail, quality oversight and assessment of potential batch or product impact.

Is an audit-trail entry sufficient approval for a change?

No. The audit trail records the system event. It does not replace the business rationale, quality approval, impact assessment or verification. Both evidence sets must be linked and reviewable together.

Which supplier activities should QA review regularly?

Priority should go to privileged access, changes to completed records, direct database activity, changes to audit-trail or time settings, and support cases that may affect disposition decisions.

Primary sources


Author

Daniel Herrmann Consulting supports pharmaceutical, biotech and medical-device organisations with CSV, GxP system validation, data integrity and inspection readiness.

Can your team fully reconstruct supplier access, EBR changes and batch decisions?

In a focused review, we connect technical change paths, the audit trail and the quality process into inspection-ready evidence.

Discuss your EBR validation setup