Bob McDowall, R.D. McDowall Ltd.
Yves Samson, Kereon AG
- You will learn the current regulatory requirements and regulatory expectations for an audit trail (review)
- All GMP-relevant data (changes and deletions) should be audit trailed – you will learn how to identify GMP-relevant data
- Event and audit logs: you will understand the differences between and what the regulators expect
- How should an audit trail review be performed? You will get familiar with the content and the frequency of an audit trail review
Audit Trail Reviews are required by international regulations like US 21 CFR Part 11 and EU GMP Guide Annex 11: Clause 9 requests:
“Consideration should be given, based on a risk assessment, to building into the system the creation of a record of all GMP-relevant changes and deletions (a system generated “audit trail”). For change or deletion of GMP-relevant data the reason should be documented. Audit trails need to be available and convertible to a generally intelligible form and regularly reviewed”
Regulators focus on the (creation), modification and deletion of (GMP-relevant) data while many IT systems are not able to generate audit trails at all or they are not able to generate audit trails for GMP-relevant data.
Therefore, this course is designed to support you to identify GMP-relevant data and how to perform and document an Audit Trail review as part of a second person review.
This course is designed for managers and staff from health care industries as well for auditors who are responsible for the organisation and execution of audit trail (reviews) in their companies.
Why Is An Audit Trail and Its Review Important?
Audit trail vs. system log
- Part 11 and Annex 11 / Chapter 4 requirements for audit trail
- Regulatory requirements for audit trail review
- Guidance documents for audit trail review
- Do I really need an audit trail?
What are GMP-relevant Data?
- Audit trail content
- Log files
- What and when should I review?
- Meaningful audit trails for a meaningful review
Review of Audit Trail Entries
- Annex 11 requires that audit trails monitor
- GMP-relevant data – what are GMP-relevant data?
Technical Controls to Aid Second Person Review of Audit Trails
- Guidance for frequent is “frequent review” of audit trails
- Process versus system: avoiding missing data integrity issues when only focussing on a per system review
- What are we looking for in an audit review?
- Suspected data integrity violation - What do we need to do?
Workshop 1: Which Audit Trail to Review?
- Technical considerations for audit trail review e.g.
- Identifying data that has been changed or modified – how the system can help
- Documenting the audit trail review has occurred
- Review by exception – how technical controls can help
- Have you specified and validated these functions?
Attendees will be presented with an overview of the audit trails within an application and the content of each one. Which audit trails should be reviewed and when?
Workshop 2: Identifying GMP Relevant Data
Attendees will be presented with a list of records to identify if they are GMP records and how critical they are to help focus the second person review of audit trail data.
Examples from production, laboratory and QA examples of GMP-relevant data will be provided.
Workshop 3: Reviewing Audit Trail Entries
Attendees will be provided with the output of an audit trail to review and see if any potential issues are identified for further investigation.