The rapidly evolving regulatory pharmaceutical landscape of today has made effective and efficient laboratory controls more critical than ever. To be competitive, businesses need to make sure their systems are safe, current, and in compliance with 21 CFR Part 11. This short checklist is meant to provide a starting point for a robust audit trail review process and ensure that your organization’s audit trail review systems remain at the forefront of regulatory compliance.
1. How do you justify the reintegration of chromatograms versus the method specification in the audit trail?
Answer: A reintegration should only be necessary if the analysis wasn’t carried out for one reason or another. The reason has to be specified and must be signed by the management. The laboratory employee is not allowed to take the decision himself.
2. Audit trail review only for critical data: Does this mean that it has to be carried out only for systems with data that influence the product directly? And not for systems that only have an indirect influence?
Answer: You decide this by yourself by means of the risk analysis. No audit trail review is required for a training system, for example.
3. How or where (guidance document) is it advisable to define raw data?
Answer: Unfortunately, there is no uniform definition. This means you are flexible to define this for your company.
4. When parts of data are printed, it becomes static data. But the audit trail review has to be carried out for all critical and electronically produced data in the system. It is not possible to refer to the printed version?
Answer: Static data is data the user cannot change. It is only important if the user had the possibility to change the data prior to the data being printed. I do not think that a reference to the paper record will be accepted.
5. Can the review of a printout of the drying temperature profile be considered to be part of the audit trail review of the batch?
Answer: In my opinion, this is a good example of static data for which no audit trail review has to be carried out. The reason is that the user cannot change or access this data.
6. Is analytical data (raw data, metadata) from the validation of analytical procedures classified as being non-critical? In this case, the audit trail review would not be required.
Answer: The validation of analytical procedures precedes the daily analyses for the batch release and constitutes the basis for them. The validation data is released with a report. The audit trail review is not required.
Now that you know this, hopefully you are in position to answer the Assignment(s)
- Does your company have a standard operating procedure for audit trial review?
- If yes, then it should clearly define what are “raw data,” “Dynamic Data” & “Static Data”?
- If yes, what is the scope and limitations of the audit trial data review?
- Is the Audit trial review system based on risk analysis?
- Do your organization implement a 4-eyes review process for all the critical steps (review by a second individual)?
- Do your audit trial Review SOP can segregate metadata such as time-stamps, Critical data such as “deleted,” “modified,” “changed,” and non-critical data such as login/logout features?
- Audit trial review is under the full control of the Quality Assurance department? Do any other departments have access to audit trial data?
- Note: The Four Eyes Principle, also known as the two-person rule, is a popular internal control mechanism that mandates that any employee action involving a material risk profile must be monitored (reviewed, double checked) by a second, competent, and independent person.