Dr Markus Dathe, F. Hoffmann-La Roche AG, Basel, Switzerland
Dr Bob McDowall, Member of the ECA IT Compliance Interest Group
Post Conference Workshop Audit Trail Review for Laboratory Systems
Why Is An Audit Trail and Its Review Important?
When is an Audit Trail not an Audit Trail?
- Part 11 and Annex 11 / Chapter 4 requirements for audit trail
- Regulatory requirements for audit trail review
- Guidance documents for audit trail review
- Do I really need an audit trail?
- Static data and dynamic data impacts on audit trail functionality
Workshop 1: Which Audit Trail to Review?
- What do we look for in an application for auditing?
- Pros and cons for event logs and audit logs?
- Audit trail(s)?
- Part 11 compliant system – does this help data integrity?
Attendees will be presented with an overview of the audit trails within an application and the content of each one. Which audit trails should be reviewed and when in the
context of the work performed by the laboratory data system?
What are GMP-relevant Data?
Workshop 2: Identifying GMP-relevant Data
- Annex 11 requires that audit trails monitor GMP-relevant data – what are GMP relevant data?
- What are critical data?
Attendees will be presented with a list of records to identify if they are GMP records and how critical they are to help focus the second person review of audit trail data.
Review of Audit Trail Entries
Workshop 3: Reviewing Audit Trail Entries
- What are we looking for in an audit trail review?
- Process versus system: avoiding missing data integrity issues
- Regulatory requirement is “frequent review” of audit trails
- What do we need to validate and what to check?
- Suspected data integrity violation - What do we need to do?
Attendees will be provided with the output of an audit trail to review and see if any potential issues are identified for further investigation.
Controls to Aid Second Person Review of Audit Trails
- Procedural controls for data review
- Technical considerations for audit trail review e.g.
- Identifying data that has been changed or modified – how the system can help
- Documenting the audit trail review has occurred
- Review by exception – how technical controls can help
- Have you specified and validated these functions?