Data integrity PIC S
good practices for data management and integrity in regulatory GMP/GDP environments
good practices for data management and integrity in regulatory GMP/GDP environments
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
9.6 Audit trails for computerised systems
Item: Audit Trails
1. Expectation
Consideration should be given to data management and integrity
requirements when purchasing and implementing computerised systems.
Companies should select software that includes appropriate electronic
audit trail functionality.
Companies should endeavour to purchase and upgrade older systems to
implement software that includes electronic audit trail functionality.
It is acknowledged that some very simple systems lack appropriate audit
trails; however, alternative arrangements to verify the veracity of data
should be implemented, e.g. administrative procedures, secondary checks
and controls. Additional guidance may be found under section 9.10
regarding hybrid systems.
Audit trail functionality should be verified during validation of the system to
ensure that all changes and deletions of critical data associated with each
manual activity are recorded and meet ALCOA+ principles.
Regulated users should understand the nature and function of audit trails
within systems, and should perform an assessment of the different audit
trails during qualification to determine the GMP/GDP relevance of each
audit trail, and to ensure the correct management and configuration of audit
trails for critical and GMP/GDP relevant data. This exercise is important in
determining which specific trails and which entries within trails are of
significance for review with a defined frequency established. For example,
following such an assessment audit trail reviews may focus on:
- Identifying and reviewing entries/data that relate to changes or
modification of data.
- Review by exception – focusing on anomalous or unauthoried
activities.
- Systems with limitations that allow change of parameters/data or
where activities are left open to modification
- Note: Well-designed systems with permission settings that prevent
change of parameters/data or have access restrictions that prevent
changes to configuration settings may negate the need to examine
related audit trails in detail
Audit trail functionalities should be enabled and locked at all times and it
should not be possible to deactivate, delete or modify the functionality. If it
is possible for administrative users to deactivate, delete or modify the audit
trail functionality, an automatic entry should be made in the audit trail
indicating that this has occurred.
Companies should implement procedures that outline their policy and
processes to determine the data that is required in audit trails, and the
review of audit trails in accordance with risk management principles. Critical
PI 041-1 45 of 63 1 July 2021