Review of Electronic Audit Trail

advertisement
Standard Operating Procedure
Review of Electronic Audit Trail
This is an example of a Standard Operating Procedure. It is a proposal and starting
point only. The type and extent of documentation depends on the process environment.
The proposed documentation should be adapted accordingly and should be based on
individual risk assessments. There is no guarantee that this document will pass a
regulatory inspection.
Publication from
www.labcompliance.com
Global on-line resource for validation and compliance
Copyright by Labcompliance. This document may only be saved and viewed or printed
for personal use. Users may not transmit or duplicate this document in whole or in part,
in any medium. Additional copies and licenses for department, site or corporate use can
be ordered from www.labcompliance.com/solutions.
While every effort has been made to ensure the accuracy of information contained in
this document, Labcompliance accepts no responsibility for errors or omissions. No
liability can be accepted in any way.
Labcompliance offers books, master plans, complete Quality Packages with validation
procedures, scripts and examples, SOPs, publications, training and presentation
material, user club membership with more than 500 downloads and audio/web
seminars. For more information and ordering, visit www.labcompliance.com/solutions
STANDARD OPERATING PROCEDURE
Document Number: S-323 Version 1.xx
Page 2 of 6
Review of Electronic Audit Trail
Company Name:
Controls:
Superseded Document
N/A, new
Reason for Revision
N/A
Effective Date
May 1, 2012
Signatures:
Author
Approver
Reviewer
I indicate that I have authored or updated this SOP according to
applicable business requirements and our company procedure:
Preparing and Updating Standard Operating Procedures.
Name:
________________________________
Signature:
________________________________
Date:
________________________________
I indicate that I have reviewed this SOP, and find it meets all
applicable business requirements and that it reflects the
procedure described. I approve it for use.
Name:
________________________________
Signature:
________________________________
Date:
________________________________
I indicate that I have reviewed this SOP and find that it meets all
applicable quality requirements and company standards. I
approve it for use.
Name:
________________________________
Signature:
________________________________
Date:
________________________________
www.labcompliance.com (Replace with your company’s name)
FOR INTERNAL USE
STANDARD OPERATING PROCEDURE
Document Number: S-323 Version 1.xx
Page 3 of 6
Review of Electronic Audit Trail
1. PURPOSE
Audit trails are required by various regulations. For example, FDA's and
international GLP, cGMP and GCP regulations require documenting changes to
critical data with the date, time and with the individual who made the change. FDA's
21 CFR Part 11 and EU Annex 11 require computers to record the changes to
automated systems. Both Annex 11 and FDA expect audit trail tables to be
reviewed. This SOP describes steps for reviewing electronic audit trail tables..
2. SCOPE
The SOP applies to critical electronic records GxP environments.
3. GLOSSARY/DEFINITIONS
Item
Explanation
Electronic
Record
Any combination of text, graphics, data, audio, pictorial, or other
information representation in digital form that is created,
modified, maintained, archived, retrieved or distributed by a
computer system.
Predicate Rule Requirements set forth in the Public Health and Safety (PHS)
Act, or any FDA regulation, with the exception of Part 11.
Examples are Good Laboratory Practice, Good Manufacturing
Practice and Good Clinical Practice Regulations.
GxP Record
Record required to be maintained by predicate rules or submitted
to the FDA under the predicate rules.
Note: For other definitions, see www.labcompliance.com/glossary.
www.labcompliance.com (Replace with your company’s name)
FOR INTERNAL USE
STANDARD OPERATING PROCEDURE
Document Number: S-323 Version 1.xx
Page 4 of 6
Review of Electronic Audit Trail
4. REFERENCE DOCUMENTS
4.1. Code of Federal Regulations, Title 21, Food and Drugs, Part 11 Electronic
Records; Electronic Signatures; Final Rule; Federal Register 62 (54), 1342913466.
4.2. FDA Guidance for Industry Part 11, Electronic Records; Electronic Signatures
Scope and Applications, 2003
4.3. EU GMP Annex 11: Computerized Systems, update 2011
5. RESPONSIBILITIES
5.1. Users
5.1.1. Check if audit trail function is implemented
5.1.2. Check if audit trail function is validated and activated.
5.2. System Owner
5.2.1. Manages the process of designing and implementing electronic audit trail
reviews
5.2.2. Together with the support of QA and the users department defines which
audit trails should be reviewed and when, based on risk.
5.2.3. .With the support of the user department ensures that an audit trail review
checklist item is included in relevant data review checklists.
5.3. Quality Assurance Department
5.3.1. Advises on regulations and guidelines related to electronic audit trail and
its review
5.3.2. Check in regular and random internal audits if audit trail reviews are
performed according to this SOP.
5.4. Supervisors of User Departments
www.labcompliance.com (Replace with your company’s name)
FOR INTERNAL USE
STANDARD OPERATING PROCEDURE
Document Number: S-323 Version 1.xx
Page 5 of 6
Review of Electronic Audit Trail
5.4.1. Make sure that everybody in the department is aware about the
importance of electronic data integrity and the role of electronic audit trail
5.4.2. Inform department staff that audit trails are reviewed by persons
independent from the operator.
6. PROCEDURE
6.1. The system owner explains in a meeting with QA and representatives of
affected user departments the importance of electronic audit trail and the
scope of the project
6.2. With the help of QA and user departments the system owner develops
guidelines with generic criteria and examples when audit trails should be
reviewed . For example, all systems that generate records used as a criteria for
batch release require review of electronic audit trail.
6.3. The guidelines are distributed to the affected user departments.
6.4. Based on the guidelines user departments are asked to submit a list of
applications that require audit trail review.
6.5. Together with the support of QA and user departments the system owner
selects frequency of audit trail review, based on risk.
6.6. With the help of QA and user departments the system owner develops
guidelines with generic criteria and examples what sections of audit trail tables
should be reviewed, for example, sections on data or method changes.
6.7. With the help of QA and user departments the system owner develops a list of
audit trail items that must be reviewed for each application.
6.8. Together with user departments the system owner adds an audit trail checklist
item to the checklists used for related data review.
6.9. Together with user departments the system owner assigns independent
reviewers
6.10. QA trains the group of independent reviewers on how to conduct and
document review of audit trail
www.labcompliance.com (Replace with your company’s name)
FOR INTERNAL USE
STANDARD OPERATING PROCEDURE
Document Number: S-323 Version 1.xx
Page 6 of 6
Review of Electronic Audit Trail
6.11. QA informs all users of regulated systems that electronic audit trails will be
reviewed
6.12. Before using the computer system users of the system check if the audit trail
function is implemented and activated.
6.13. After the GxP records have been generated, the independent reviewer reviews
the audit trail tables.
6.14. In case of any unusual entry the reviewer reports the entry to the responsible
QA manager for suitable corrective action.
6.15. Results of audit trail reviews are stored and archived together with the
corresponding electronic records
6.16. Electronic audit trail review documentation is subject of internal audits.
www.labcompliance.com (Replace with your company’s name)
FOR INTERNAL USE
Download