In the pharmaceutical industry, risk management is undergoing a radical transformation.
The days when a simple, homemade desiccator was sufficient are long gone.
Today, the transition from a purely ‘mechanical’ machine to a fully secure data ecosystem is an absolute necessity.
For laboratories that export, particularly to the United States or Europe, the traditional bubble test—which relies on manual data entry or “simple” CSV files—has become a major risk of non-compliance.
In the event of a batch contamination, the authorities require flawless traceability. And this is where strict regulations such as the US FDA’s CFR 21 Part 11 and Annex 11 of the EMEA/EU GMP in Europe come into play.
While both rigorously regulate the identity of the signatory, the FDA requires extremely secure audit trails, whereas Europe places greater emphasis on validation throughout the data lifecycle.
Using the example of our support at Delpharm, which combines DVACI hardware with Control Sensei’s expertise, I will show you how these regulations are driving the industry forward and can be turned into an operational asset.
The FDA’s requirement: traceability at the heart of the test
Why do health authorities impose such a high level of monitoring?
The answer lies in the speed of production: pharmaceutical factories manufacture hundreds of thousands of products every day. When a health issue arises in a patient (or several!), several months may pass between the product leaving the factory and the onset of symptoms.
An astronomical amount of data must therefore be stored to quickly identify the source and the batch in question.
For an operations manager, CFR 21 Part 11 primarily serves to reduce the risk associated with human error: it is now the machine that saves the data, rather than the operator recording a result in a notebook or on Excel.
But the FDA goes much further by mandating the Audit Trail.
So what is it?
Well, here’s the thing: an operator could carry out ten compliant tests, but with incorrect vacuum settings (and therefore skewed results).
The Audit Trail allows every change to be traced: we know the exact value before and after a parameter change, and the precise moment the new protocol was applied. It is a genuine, tamper-proof logbook that records every event (start and end of test, login, emergency stop, power cut), ensuring that no anomaly has been concealed during the test.
From CSV file to tamper-proof PDF
For a long time, test machines exported results in CSV format to an SD card.
For a discerning manufacturer, this is a major security flaw: a CSV file is a simple text file, extremely easy to tamper with to conceal human error (vacuum level, batch number). Furthermore, SD cards are prone to failure, threatening access to this critical data itself.
But every problem has a solution!
The solution we are rolling out today is based on a robust architecture: an advanced programmable logic controller (PLC) integrated into the control module, linked to a PC via a permanent network connection. This system operates through the synergy of two software packages: ORION OS V7.5 (developed by DVACI) on the PLC, and DATABRIDGE on the client PC.
In practical terms, it is the software that automatically generates the test reports and the Audit Trail in electronically signed PDF format. To ensure complete security, an encrypted ‘HASH’ is generated within the file data. Any attempt to modify the file alters this HASH and invalidates the electronic signature (similar to ‘DocuSign’), instantly proving that the file has been tampered with.
Performance and peace of mind: the operational benefits
No more filing cabinets full of stapled sheets and no more data loss. This digitisation saves your quality teams a considerable amount of time and eliminates the possibility of error, as the machine even handles the sending process.
Integrating this system into the IT infrastructure of a large group (as we did at Delpharm in May 2026) offers great flexibility.
The operator can choose to export a report individually on the fly, or let the PLC generate batch exports (every 50 tests for reports, and every 400 lines for the Audit Trail), these limits being set by the PLC’s secure memory. The backup is then reliably managed by specialised controllers on the company’s PC network.
So, integrating this type of system, which will soon become the norm, is fairly straightforward… I wouldn’t say it’s child’s play either, as the success of this integration relies on a dual skill set: I have a firm grasp of both the physical constraints of vacuum technologies and the specific requirements of your IT environments (having spent the early part of my career as a project manager and IT developer). Add to that innovative machines and devices designed specifically for industry… and let’s set our sights on traceability!