Effective and efficient laboratory controls are now more important than ever in the quickly changing regulatory pharmaceutical landscape of today.
Organizations must make sure that their systems are secure, up to date,and compliant with 21 CFR Part 11 in order to keep a competitive edge. The purpose of this brief checklist is to offer a set of stimulating questions that will assist in initiating a strong Audit Trial Review and guarantee that your company’s quality systems continue to be at the forefront of regulatory compliance.
1. Are the analytical data emerging in the course of the validation of analytical tests critical data?
Solution: NO, since these data are released with the completion of the validation process and it only presents the basis for future analyses. Therefore there is only an indirect criticality; no audit trail review is required.
2. The calibration of equipment influences the correctness of data. Does this mean that the calibration is critical?
Answer: NO, since the calibration does not influence patient safety directly; hence, audit trail review is not mandatory; however, it is nice to be provided.
4. Is the audit trail review prior to the release of each batch a regulatory requirement, or is it only recommended so far?
Answer: YES, audit trial review is a must based on Annex 11. Audit inspectors consider the release of commercial batches to be the most critical process of all.
5. Hybrid systems: No audit trail retrofitting possible. What can be done?
Answer: First of all, I would clarify all other criteria (access, user/admin profile, safety). How critical is this data? Plan a replacement according to the classification of the criticality if the data is critical.
6. Role concept: Is a user allowed to carry out a reintegration?
Answer: NO, To carry out any reintegration it should be authorized by Head of Department (QC/ARD) and later on approved by competent authorities like QA. The documentation should include relevant reason for reintegration, further approved by both QA and QC.
7. Is it possible that the admin and the user are the same person?
Answer: In short, no, but in certain conditions, this is possible, but it needs to be clearly defined in a SOP. Providing a guarantee by means of an SOP that the admin account will NOT be used for operational purposes.
8. Process validation data are category 3 data; therefore, no audit trail review is required. Answer: As you have stated correctly, validation data have the criticality of category 3.
It is very unlikely that the user will carry out changes since there is no reason for falsification—in contrast to the batch release.
9. Must the report for a review of the audit trail be generated by the system itself?
Answer: YES, Strictly speaking, the audit trail must be generated by the system itself.
After reading this blog, we hope you can understand the importance of Audit trial review in quality control systems and properly use the proposed checklist and improve on it further.
Now that you know this, hopefully you are in position to answer the Assignment(s)
- Does your organization have a SOP on Audit Trial Review?
- If yes, then it should clearly define what are “Raw data,” “Dynamic Data” & “Static data.”
- If yes, what is The Scope and limitations of Audit Trial Data Review?
- Is the Audit Trial review system is based on risk analysis?
- Do your organization implement a 4-eyes review process for all the critical steps (review by a second individual)?
- Do your audit trial Review SOP can segregate, metadata such as time-stamps, Critical data such as “deleted”, “modified”, “changed,” and Non Critical data such as Login/Logout features?
- Audit trial review is under the full control of Quality Assurance department? Do any other department have access to Audit trial data?
- Note: The Four Eyes Principle, also known as the two-person rule, is a popular internal control mechanism that mandates that any action taken by an individual within the company that involves a Material Risk profile must be directed (examined, verified twice) by a second, competent, and independent person.