Important Questions and Answers concerning the Audit Trail Review

Actually, the topic "data integrity" has moved into the focus of many national and international inspections. The American FDA has sent many Warning Letters concerning comprehensive deviations observed. Therefore the regulatory authorities request not only an assurance of the product quality but they also demand that each company has a clear strategy how the integrity of critical data can be assured over its complete life cycle. Here, the review of the audit trail plays a decisive role. Despite the numerous guidelines published on this topic since 2015 it often remains unclear which requirements exist concerning the audit trail review and how they can be implemented in practice.

For this reason the Webinar "Audit Trail Review" was carried out in February 2017. Its aim was to address the main elements of data integrity and audit trail reviews:

  • Regulatory overview with emphasis on the requirements of MHRA and Annex 11 
  • Classification of data - which are critical data? 
  • Classification of systems - which systems are relevant? 
  • What Audit Trails are important? 
  • What shall I do with legacy systems without audit trail? 
  • Who shall review Audit Trails?  
  • How is the review documented?   
  • Process and documentation in case of deviations?

Dr. Wolfgang Schumacher has been the speaker. He looks back on more than 30 years experience in the pharmaceutical industry.

He has received more than 50 questions concerning the webinar. Naturally, he could not reply to all them immediately after the webinar. Thankfully, Dr. Schuhmacher has answered all questions in writing. Hereinafter you find the first part of the questions and answers. A further selection is planned for a later time.

1. Are the analytical data arising in the course of the validation of analytical procedures critical data?
Answer: No, since these data are released with the completion of the validation process and it only presents the basis for future analyses.
Therefore there is only an indirect criticality; no audit trail review is required.

2. The calibration of equipment influences the correctness of data. Does this mean that the calibration is critical?
Answer: Since the calibration influences the patient safety only indirectly no audit trail review is required.

3a.: Practical example: What about a reactor control from production that has neither user management nor a password or an audit trail etc.? Is it allowed to continue using this control?
Answer: It is definitively recommended to plan a replacement. The time of replacement depends on the product manufactured with the reactor. This defines the criticality.

3b. Practical example: What about a reactor control from production that has neither user management nor a password or an audit trail etc.? (The control concerned is the control of a reactor which is used for the manufacture of intermediates and APIs but not of final products). Is it allowed to continue using this control or does it have to be withdrawn from use?
Answer: Thank you for clarifying the question. I do not think it is necessary to replace the reactor control immediately if it is used for the production of an intermediate. Recommendation: Assess all systems and equipment and arrange them according to priority classes (for instance by using a rather simple FMEA). This is used to define when to deal with the priority classes, for example  Prio 1= until the end of 2017, Prio 2= until the end of 2018 etc… 

4. Is the audit trail review prior to the release of each batch a regulatory requirement or is it only recommended so far?
Answer: Annex 11 requires the audit trail review. Inspectors consider the release of batches to be the most critical process of all.

5. Hybrid systems: No audit trail retrofitting possible. What can be done?
Answer: First of all I would clarify all other criteria (access, user/admin profile, safety). How critical is this data? Plan a replacement according to the classification of the criticality (= priority) if the data is critical.

6. Role concept: Is a user allowed to carry out a reintegration? (GC-system)
Answer: As far as I can see, the answer to this is 'no'. This should first be authorised by the Head of Laboratory stating the reason.

7. It is difficult to carry out the separation between the persons of administrator and user in the CDS. Is it possible that the admin and the user being the same person?
Answer: This is possible but it needs to be described in a SOP.

8. Process validation data are category 3 data - therefore no audit trail review is required. But isn't it required to carry out a review for the generation of validation measuring data?
Answer: As you have stated correctly, validation data have the criticality of category 3.
It is very unlikely that the user will carry out changes since there is no reason for falsification - in contrast to the batch release.

9. Hello, is is useful to review the "windows eventviewer" for GxP devices?
Answer: This is a good idea but it will probably not be realistic as too many events would be reported. Its use would anyway only be worth considering for systems which save data locally, and thank God this isn't done by many modern systems anymore.

10a.: Must the report for a riew of the audit trail be generated by the system itself? Or is it possible to use another system which is better suited for carrying out analyses?
Answer: Strictly speaking, the audit trail must be generated by the system itself ("system generated audit trail"). Which other system do you have in mind?

10b. I think, I did not express myself very clearly when asking the question: Is it only reviewed whether the process is still functioning in the course of the periodic reviews - hence, if the audit trail data is still recorded? Meaning: Functionality is documented by IT with a few samples.
Answer: Very correct!

11. May the Head of Laboratory have admin rights for example to carry out the audit trail review?
Answer: Yes, as long as she/he does not operationally process analyses herself/himself.

12. Is it possible for a user to have two system accounts? One as a user and one as administrator or reviewer?
Answer: Yes, in small organisational units. Guarantee by means of an SOP that the admin account will NOT be used operationally.

13. Do you know a system that fulfils all requirements for the audit trail function of a CDS?
Answer: So far there are hardly any systems on the market which allow to carry out the review with a minimum effort. Unfortunately, this is also true for modern systems as Empower 3.

14. File based data retention: Deletion is possible outside the software. How is it possible to "build in" safety?
Answer: Yes, in systems that can store locally on the HD of the user it is possible to set up two local user profiles. Then, for instance, the system stores data only on the profile the user cannot access.

15. What are metadata?
Answer: Data concerning data, such as the timestamp.

16. What are manufacturing execution systems?
Answer: Process control systems.

17. What do you do with legacy equipment? If no audit trail is available or if "user login" is not possible?
Answer: The systems have to be replaced in the short or in the long run - according to the risks.

18. Equipment often has a standard audit trail function. A lot of data is recorded (on/off), but only a small part of it is critical or relevant for a review. What is the best way to proceed when carrying out a review?
Answer: The best way is to configure a report that only shows the critical data but leaves out all the unnecessary elements (such as login/logout). But this has to be programmed and is expensive.

19. What is the way to proceed in the case of facilities in the production area such as AP production, mixers, filling lines with variable parameters as concerns classification of data/systems, extent and intervals of review?
Answer: It is best to classify systems and facilities according to ISA95. Then you will notice that at the bottom levels (field level, PLC, SCADA) no interactions of the user are permitted. Hence no audit trail review is required. Basis is the risk analysis of the systems and data.

20. Whose job is it to carry out the audit trial review in the laboratory?
Answer: This can be a colleague. The FDA requires "Quality Unit" (=QA) in the Draft Guideline. All other Draft Guidelines allow for a peer review.

21. Must all electronic data be stored and archived in the case of a process in the sterile area or is the batch record sufficient?
Answer: You must define what the raw data are. These have to be stored in addition to the batch record.

22. Would you consider changes of the parameters / formulations at production facilities as dynamic data? Do I have to consider them at every batch?
Answer: This data is governed by the change control and is not part of the data for a review.

23. Many of our production processes are documented by means of a batch record on paper. What should we do as concerns the review of the audit trail? Should we review the good documentation practice in the batch record by means of an audit trail review?
Answer: As long as you only document on paper the audit trail review is not relevant for you, but the 4-eyes-principle for all critical steps. The following is stated in the FDA Guidelines: "Critical process steps have to be verified by a second individual".

24 Dynamic data <-> static data. A small filtration facility (pressure measurement/flow measurement/temperature) with a locally installed SCADA system would then rather deliver static data?
Answer: That's correct. Static data as the user is not able to change the data.

25. Batch records are considered to be carriers of raw data for the documentation of processes. What about trend data that have been printed and enclosed to the batch record?
Answer: I do not consider it necessary to always review trend data.

26. Slide 9: What do you include in systems and equipment?
Answer: Everything that has to be validated and qualified?

27. Is it necessary to perform an audit trail review (ATR) after each measurement/analysis carried out at the equipment in the laboratory? Who carries out the ATR - laboratory personnel (operator) or the Head of the Laboratory?
Answer: A SOP is required for the ATR for each system that describes the details. The review after completion of the analysis is important.

We'd like to thank Dr. Schumacher for his comprehensive answers to all questions.

Of course, this webinar is also available as a recording.

Please also read part 2 of the Question and Answers concerning Audit Trail Review.

Go back


Stay informed with the GMP Newsletters from ECA

GMP Newsletter

The ECA offers various free of charge GMP newsletters for which you can subscribe to according to your needs.

To subscribe, please click here.