One of the most important requirements for regulatory compliance within the life science industry is the creation and maintenance of an audit trail. An audit trail is required for regulated computerized or automated data processing systems; “hybrid” systems, or paper-based systems.
For this blog, we will limit our focus to an audit trail that is “a secure, computer-generated, time-stamped, electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record” (FDA Data Integrity Guidance, 2018).
For software that digitizes product design and development for a medical device, for example, Polarion ALM, events such as creation of design inputs or design changes and verification and validation test execution are documented within the system’s Audit Trail log. An Audit Trail can also serve as a chronological marker for ensuring data integrity. Being able to pinpoint exactly what the data integrity issue/action was, is a primary step in being able to identify the root cause and remediate it. So, with all this said, what's the recipe for a perfect audit trail?
An audit trail can be analogically compared to the record of steps, ingredients, measurements and quantities that go into creating a gourmet meal by a five-star chef. By doing this, anyone who wants to know which ingredients went into the dish can now have an exact breakdown of it and the chef himself can go back and see what he did to figure out if there is room for improvement as well as to replicate the dish in its precise manner, if need be.
Just as a Chef ensures that no unauthorized personnel enter the kitchen, personnel responsible for record review under current regulations must ensure no unauthorized personnel access regulated data and records, a breach in security.
Life science manufacturers must capture all the materials, equipment, methods, specifications and parameters that are used in their production process. The audit trail captures the chronological order of events to pinpoint when an issue might have occurred while also giving transparency to the order of processes. Audit trails should be routinely reviewed at a frequency specified for data review in the cGMP regulations; if the data review frequency is not specified in the CGMP regulations, audit trail review should be based on system complexity and intended use. Specific metadata categories, e.g., the change history of finished product test results or changes to critical process parameters, should be included in the review.
Since audit trails are considered part of the associated records, personnel responsible for record review under cGMP should review the audit trails that capture changes to critical data associated with the record as they review the rest of the record.
When the Chef is finally ready to serve the dish to the honored guest, he ensures that details regarding the dish and its ingredients are provided in a menu for transparency. Similarly, when a medical device or drug product is brought to the market, it comes with a host of validation, detailed documentation and certifications to prove safety , efficacy and quality. Creating the perfect audit trail requires diligent attention to detail, tracking and organization. It's easy to overlook small details throughout a long and complex manufacturing process. It's always a good idea to use an industry expert to help you mix all the ingredients together for success. Here at Compliance Group, we’re dedicated to helping you achieve that level of quality in a frictionless way. Find out more at info@complianceg.com
FAQ's
Why are Audit Trails so important?
To comply with regulations such as FDA 21 CFR Part 820 , 21 CFR Part 210 and 21 CFR Part 11, companies must have detailed audit trails. According to these regulations, audit trails should be secure, computer-generated, and time stamped with date and time of operations. Any changes to records must not obscure any previous documented information in any way. Besides this, audit trails can provide information on system performance optimization and assist in the investigation to remediate issues.
Where should I store my Audit Trails?
Audit trails should be stored with the original record. GxP systems should have an automatic function where they record and save all audit trails. The audit trail must be maintained in a secure location, with durable media, and readily accessible for review, upon request. Audit trails should not be able to be deactivated, deleted or modified in any way and the feature should be permanently enabled. If it’s possible for administrative users to modify the audit trail, automatic entries recording the actions should be created within the system.
How can my team be better prepared in creating and maintaining Audit Trails?
Conducting regular data reviews and periodic reviews of the audit trail will better train teams to understand what an inspector is looking to find during their investigation. Periodic reviews can show what’s missing or what can be improved. This also helps to ensure that current audit trials are compliant. One way to prepare Quality Assurance teams is by providing training on how to document according to procedures, what potential gap to look out for, and what regulations are required to be met by their manufacturing process. The team should also be well trained on the ins-and-outs of data integrity related to GxP systems as well as being well acquainted with whichever repository system is being used to host and manage the audit trails.
AUTHOR:
Manhal Chehayber
Validation Systems Analyst