Introduction to the Course
Regulations and Guidance for Audit Trails and their Review
- An overview of the regulatory framework: EU, FDA, MHRA, WHO and PIC/S regulations
- Data life cycle in Analytical Laboratories
- Audit Trails in GMP-Inspections: What are the expectations of the inspector?
Audit Trail Review as part of a Data Integrity Strategy
- Define ATR as element of the DI Strategy
- Risk Based Approach – how to apply
- Apply a systematic approach to define ATR
- Audit Trail Review concepts
Validation of Audit Trail Functionality
- Specification of audit trail requirements in the URS: do’s and don’ts
- Documentation of the application configuration for audit trail functionality
- Leveraging the supplier’s development and testing into your validation effort
- User acceptance testing of audit trail functionality
Audit Trail Review in Context of Second Person Review
- Overview of the analytical process from sample to reportable result
- Highlight the use of computerised systems and audit trails
- Use technical controls to focus review effort
- Audit trail review issues for manually entered data into a laboratory system and electronic transfer between systems
When is An Audit Trail not an Audit Trail?
- What do we look for in an application for auditing?
- Which audit trail(s) should I review?
- Event logs vs. audit logs
Where Do Suppliers Help Us and Where Do They Let Us Down?
- What do we expect from the suppliers to support data and audit trail review?
- Identify and avoid typical pitfalls
- Data ownership
- Data packaging and storage – supplier vs. business
What are GMP-Relevant Data?
- Annex 11 requires that audit trails monitor GMP-relevant data – what are GMP relevant data?
- What are critical data and how can they be determined?
- Direct/indirect, static/dynamic data
- Data, Audit Trail and criticality?
Review of Audit Trail Entries
- Guidance for “regular review” of audit trails
- Process versus system: avoiding missing data integrity issues when only focussing on a per system review
- What are we looking for in an audit review?
- Suspected data integrity violation - What do we need to do
Controls to Aid Second Person Review of Audit Trails
- Technical considerations for audit trail review e.g. identifying data that has been changed or modified – how the system can help Documenting the audit trail review has occurred
- Review by exception – how technical controls can help
- Have you specified and validated these functions?
Open Discussion: Bring Us Your Audit Trail Problems
Key Learning Points and Final Discussion
Workshop 1: Validation of Audit Trail Functionality
- The attendees will review user requirements for audit trail functions to highlight good and bad practices and from good requirements design tests to verify correct functionality
- Documenting the assumptions, exclusions and limitations of your chosen test approach
Workshop 2: Which Audit Trail to Review?
Attendees will be presented with an overview of the audit trails within a chromatography data system and the content of each one. Which audit trails should be reviewed and when?
Workshop 3: Identifying GMP Relevant Data
Using facilitated discussion, attendees will develop a matrix for risk based audit trail review. Then they will apply the principles to a list of laboratory records to identify if they are GMP records to help focus the second person review of audit trail data.
Workshop 4: Reviewing Audit Trail Entries Part 1
Attendees will be provided with a series of audit trail entries at the system level to review. Are there any potential data integrity issues to be followed-up?
Workshop 5: Reviewing Audit Trail Entries Part 2
Attendees will be provided with a series of audit trail entries at the data capture and interpretation level to review. Are there any potential data integrity issues to be followed-up?