SOP for Review of Electronic Audit Trail

Audit trails are required by various regulations. For example, FDA's and international GLP, cGMP and GCP regulations require documenting changes to critical data with the date, time and with the individual who made the change. FDA's 21 CFR Part 11 and EU Annex 11 require computers to record the changes to automated systems. Both Annex 11 and FDA expect audit trail tables to be reviewed. This SOP describes steps for reviewing electronic audit trail tables.

The SOP applies to critical electronic records GxP environments.

Electronic Record
Any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.

Predicate Rule
Requirements set forth in the Public Health and Safety (PHS) Act, or any FDA regulation, with the exception of Part 11. Examples are Good Laboratory Practice, Good Manufacturing Practice and Good Clinical Practice Regulations.

GxP Record
The record must be maintained by predicate rules or submitted to the FDA under the predicate rules.
  • Check if the audit trail function is implemented
  • Check if the audit trail function is validated and activated.

System Owner
  • Manages the process of designing and implementing electronic audit trail reviews
  • Together with the support of QA and the user's department defines which audit trails should be reviewed and when based on risk.
  • The support of the user department ensures that an audit trail review checklist item is included in relevant data review checklists.

Quality Assurance Department
  • Advises on regulations and guidelines related to an electronic audit trail and its review.
  • Check-in regular and random internal audits if audit trail reviews are performed according to this SOP.

Supervisors of User Departments
  • Make sure that everybody in the department is aware of the importance of electronic data integrity and the role of an electronic audit trail
  • Inform department staff that audit trails are reviewed by persons independent from the operator.

PEOPLE ALSO READ: SOP for Data Integrity

  • The system owner explains in a meeting with QA and representatives of affected user departments the importance of an electronic audit trail and the scope of the project.
  • With the help of QA and user departments, the system owner develops guidelines with generic criteria and examples of when audit trials should be reviewed. For example, all systems that generate records used as criteria for batch release require a review of the electronic audit trail.
  • The guidelines are distributed to the affected user departments.
  • Based on the guidelines user departments are asked to submit a list of applications that require audit trail review.
  • Together with the support of QA and user departments the system owner selects the frequency of audit trail review, based on risk.
  • With the help of QA and user departments, the system owner develops guidelines with generic criteria and examples of what sections of audit trail tables should be reviewed, for example, sections on data or method change.
  • With the help of QA and user departments, the system owner develops a list of audit trail items that must be reviewed for each application.
  • Together with user departments, the system owner adds an audit trail checklist item to the checklists used for related data review.
  • Together with user departments, the system owner assigns independent reviewers
  • QA trains the group of independent reviewers on how to conduct and document review of the audit trail.
  • QA informs all users of regulated systems that electronic audit trails will be reviewed.
  • Before using the computer system users of the system check if the audit trail function is implemented and activated.
  • After the GxP records have been generated, the independent reviewer reviews the audit trail tables.
  • In case of any unusual entry, the reviewer reports the entry to the responsible QA manager for suitable corrective action.
  • Results of audit trail reviews are stored and archived together with the corresponding electronic records.
  • Electronic audit trail review documentation is the subject of internal audits.

QA: Quality Assurance


Revision History

Reference Documents
  1. Code of Federal Regulations, Title 21, Food and Drugs, Part 11 Electronic Records; Electronic Signatures; Final Rule; Federal Register 62 (54), 13429-13466.
  2. FDA Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Applications, 2003
  3. EU GMP Annex 11: Computerized Systems, update 2011

Post a Comment