Standard Operating Procedure Review of Electronic Audit Trail This is an example of a Standard Operating Procedure. It is a proposal and starting point only. The type and extent of documentation depends on the process environment. The proposed documentation should be adapted accordingly and should be based on individual risk assessments. There is no guarantee that this document will pass a regulatory inspection. Publication from www.labcompliance.com Global on-line resource for validation and compliance Copyright by Labcompliance. This document may only be saved and viewed or printed for personal use. Users may not transmit or duplicate this document in whole or in part, in any medium. Additional copies and licenses for department, site or corporate use can be ordered from www.labcompliance.com/solutions. While every effort has been made to ensure the accuracy of information contained in this document, Labcompliance accepts no responsibility for errors or omissions. No liability can be accepted in any way. Labcompliance offers books, master plans, complete Quality Packages with validation procedures, scripts and examples, SOPs, publications, training and presentation material, user club membership with more than 500 downloads and audio/web seminars. For more information and ordering, visit www.labcompliance.com/solutions STANDARD OPERATING PROCEDURE Document Number: S-323 Version 1.xx Page 2 of 6 Review of Electronic Audit Trail Company Name: Controls: Superseded Document N/A, new Reason for Revision N/A Effective Date May 1, 2012 Signatures: Author Approver Reviewer I indicate that I have authored or updated this SOP according to applicable business requirements and our company procedure: Preparing and Updating Standard Operating Procedures. Name: ________________________________ Signature: ________________________________ Date: ________________________________ I indicate that I have reviewed this SOP, and find it meets all applicable business requirements and that it reflects the procedure described. I approve it for use. Name: ________________________________ Signature: ________________________________ Date: ________________________________ I indicate that I have reviewed this SOP and find that it meets all applicable quality requirements and company standards. I approve it for use. Name: ________________________________ Signature: ________________________________ Date: ________________________________ www.labcompliance.com (Replace with your company’s name) FOR INTERNAL USE STANDARD OPERATING PROCEDURE Document Number: S-323 Version 1.xx Page 3 of 6 Review of Electronic Audit Trail 1. PURPOSE Audit trails are required by various regulations. For example, FDA's and international GLP, cGMP and GCP regulations require documenting changes to critical data with the date, time and with the individual who made the change. FDA's 21 CFR Part 11 and EU Annex 11 require computers to record the changes to automated systems. Both Annex 11 and FDA expect audit trail tables to be reviewed. This SOP describes steps for reviewing electronic audit trail tables.. 2. SCOPE The SOP applies to critical electronic records GxP environments. 3. GLOSSARY/DEFINITIONS Item Explanation Electronic Record Any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved or distributed by a computer system. Predicate Rule Requirements set forth in the Public Health and Safety (PHS) Act, or any FDA regulation, with the exception of Part 11. Examples are Good Laboratory Practice, Good Manufacturing Practice and Good Clinical Practice Regulations. GxP Record Record required to be maintained by predicate rules or submitted to the FDA under the predicate rules. Note: For other definitions, see www.labcompliance.com/glossary. www.labcompliance.com (Replace with your company’s name) FOR INTERNAL USE STANDARD OPERATING PROCEDURE Document Number: S-323 Version 1.xx Page 4 of 6 Review of Electronic Audit Trail 4. REFERENCE DOCUMENTS 4.1. Code of Federal Regulations, Title 21, Food and Drugs, Part 11 Electronic Records; Electronic Signatures; Final Rule; Federal Register 62 (54), 1342913466. 4.2. FDA Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Applications, 2003 4.3. EU GMP Annex 11: Computerized Systems, update 2011 5. RESPONSIBILITIES 5.1. Users 5.1.1. Check if audit trail function is implemented 5.1.2. Check if audit trail function is validated and activated. 5.2. System Owner 5.2.1. Manages the process of designing and implementing electronic audit trail reviews 5.2.2. Together with the support of QA and the users department defines which audit trails should be reviewed and when, based on risk. 5.2.3. .With the support of the user department ensures that an audit trail review checklist item is included in relevant data review checklists. 5.3. Quality Assurance Department 5.3.1. Advises on regulations and guidelines related to electronic audit trail and its review 5.3.2. Check in regular and random internal audits if audit trail reviews are performed according to this SOP. 5.4. Supervisors of User Departments www.labcompliance.com (Replace with your company’s name) FOR INTERNAL USE STANDARD OPERATING PROCEDURE Document Number: S-323 Version 1.xx Page 5 of 6 Review of Electronic Audit Trail 5.4.1. Make sure that everybody in the department is aware about the importance of electronic data integrity and the role of electronic audit trail 5.4.2. Inform department staff that audit trails are reviewed by persons independent from the operator. 6. PROCEDURE 6.1. The system owner explains in a meeting with QA and representatives of affected user departments the importance of electronic audit trail and the scope of the project 6.2. With the help of QA and user departments the system owner develops guidelines with generic criteria and examples when audit trails should be reviewed . For example, all systems that generate records used as a criteria for batch release require review of electronic audit trail. 6.3. The guidelines are distributed to the affected user departments. 6.4. Based on the guidelines user departments are asked to submit a list of applications that require audit trail review. 6.5. Together with the support of QA and user departments the system owner selects frequency of audit trail review, based on risk. 6.6. With the help of QA and user departments the system owner develops guidelines with generic criteria and examples what sections of audit trail tables should be reviewed, for example, sections on data or method changes. 6.7. With the help of QA and user departments the system owner develops a list of audit trail items that must be reviewed for each application. 6.8. Together with user departments the system owner adds an audit trail checklist item to the checklists used for related data review. 6.9. Together with user departments the system owner assigns independent reviewers 6.10. QA trains the group of independent reviewers on how to conduct and document review of audit trail www.labcompliance.com (Replace with your company’s name) FOR INTERNAL USE STANDARD OPERATING PROCEDURE Document Number: S-323 Version 1.xx Page 6 of 6 Review of Electronic Audit Trail 6.11. QA informs all users of regulated systems that electronic audit trails will be reviewed 6.12. Before using the computer system users of the system check if the audit trail function is implemented and activated. 6.13. After the GxP records have been generated, the independent reviewer reviews the audit trail tables. 6.14. In case of any unusual entry the reviewer reports the entry to the responsible QA manager for suitable corrective action. 6.15. Results of audit trail reviews are stored and archived together with the corresponding electronic records 6.16. Electronic audit trail review documentation is subject of internal audits. www.labcompliance.com (Replace with your company’s name) FOR INTERNAL USE