You will learn the current regulatory requirements and regulatory expectations for an audit trail (review)
All GMP-relevant data (changes and deletions) should be audit trailed – you will learn how to identify GMP-relevant data
Event and audit logs: you will understand the differences between and what the regulators expect
How should an audit trail review be performed? You will get familiar with the content and the frequency of an audit trail review
Background
Audit Trail Reviews are required by international regulations like US 21 CFR Part 11 and EU GMP Guide Annex 11. Clause 9 requests:
“Consideration should be given, based on a risk assessment, to building into the system the creation of a record of all GMP-relevant changes and deletions (a system generated “audit trail”). For change or deletion of GMP-relevant data the reason should be documented. Audit trails need to be available and convertible to a generally intelligible form and regularly reviewed”.
Regulators focus on the (creation), modification and deletion of (GMP-relevant) data while many IT systems are not able to generate audit trails at all or they are not able to generate audit trails for GMP-relevant data.
Therefore, this course is designed to support you to identify GMP-relevant data and how to perform and document an Audit Trail review as part of a second person Review.
Target Group
This course is designed for managers and staff from health care industries as well for auditors who are responsible for the organisation and execution of audit trail (reviews) in their companies.
Part 11 and Annex 11 / Chapter 4 requirements for audit trail
Regulatory requirements for audit trail review
Guidance documents for audit trail review
Do I really need an audit trail?
Audit Trail vs. System Log
Audit trail content
Log files
What and when should I review?
Meaningful audit trails for a meaningful review
Workshop 1: Which Audit Trail to Review? Attendees will be presented with an overview of the audit trails within an application and the content of each one. Which audit trails should be reviewed and when?
What are GMP-relevant Data? Annex 11 requires that audit trails monitor GMP-relevant data – what are GMP-relevant data?
Workshop 2: Identifying GMP Relevant Data Attendees will be presented with a list of records to identify if they are GMP records and how critical they are to help focus the second person review of audit trail data.Examples from production, laboratory and QA examples of GMP relevant data will be provided.
Review of Audit Trail Entries
Guidance for frequent is “frequent review” of audit trails
Process versus system: avoiding missing data integrity issues when only focussing on a per system review
What are we looking for in an audit review?
Suspected data integrity violation - What do we need to do?
Workshop 3: Reviewing Audit Trail Entries Attendees will be provided with the output of an audit trail to review and see if any potential issues are identified for further investigation.
Technical Controls to Aid Second Person Review of Audit Trails
Technical considerations for audit trail review e.g.
Identifying data that has been changed or modified – how the system can help
Documenting the audit trail review has occurred
Review by exception – how technical controls can help