You must exercise appropriate controls to assure that changes to computerized MPCRs or other records, or input of laboratory data into computerized records, can be made only by authorized personnel (§ 211.68(b)). FDA recommends that you restrict the ability to alter specifications, process parameters, or manufacturing or testing methods by technical means where possible (for example, by limiting permissions to change settings or data). FDA suggests that the system administrator role, including any rights to alter files and settings, be assigned to personnel independent from those responsible for the record content. To assist in controlling access, FDA recommends maintaining a list of authorized individuals and their access privileges for each CGMP computer system in use.If these independent security role assignments are not practical for small operations or facilities with few employees, such as PET or medical gas facilities, FDA recommends alternate control strategies be implemented. For example, in the rare instance that the same person is required to hold the system administrator role and to be responsible for the content of the records, FDA suggests having a second person review settings and content. If second-person review is not possible, the Agency recommends that the person recheck settings and his or her own work.