Important Questions and Answers concerning the Audit Trail Review – Part 4

Important Questions and Answers concerning the Audit Trail Review – Part 4

1. May we define entries in our CDS such as standard concentrations, densities, dilution factors, hence parameters used for the quantification of content and purity as static data? Or are these entries also part of the dynamic data such as the (re)integration of peaks? 
Answer: In my opinion this is also dynamic data the user can influence or change.

2. Is it possible to shorten the audit trail review by taking the status of the analytical sequence and controlling the recorded parameters (such as concentration of the standards, at the end of the analysis and by stating that all changes and corrections carried out in the meantime are part of the analysis and evaluation and must consequently not be commented? 
Answer: In my view this is acceptable as long as a control is carried out and confirmed by a second person.

3. It was mentioned in the seminar that the audit trail review is part of the Periodic Review. What other points are included in the Periodic Review? 
Answer:

  • Roles and Responsibilities
  • Service Agreements
  • Validation/Qualification and Project Deliverables:
  • System Control Procedures
  • Audit Trail management
  • Incidents, Problems
  • Changes, Upgrades
  • Security, User Access, User Administration
  • User Guides
  • Backup, BCP, Performance, Reliability Monitoring
  • System Access Training
  • Archived Data

4. If I have implemented a role concept for example and trained all staff members thoroughly as concerns the topic DI won’t it then be sufficient to carry out a review of the audit trail on a random basis and to carry out the review prior to the batch release only in the case of irregularities such as OOS results?  
Answer: It is acceptable to carry out a review on the basis of the system’s “exception” reports. These exception reports always must be checked anyway. It is not acceptable to carry out a review only on a random basis (but ultimately, this is defined by the risk analysis).

5. Which measures may be taken if the audit trail (as well as the actual data) can be deleted or changed at the level of Windows?
Answer: In the case of systems that can store locally on the HD of the user it is possible to set up two local user profiles. Then, for instance, the system stores data only on the profile the user cannot access. (Updated 20/12/2020)

Author: blog@qualitytribe.net

QualityTribe is destination where you will get information related Pharma Audits, delivering self-contained instant information regularly in form of key-points.

error: Content is protected !!
[email-subscribers-form id="2"]