Aligning with the requirementto regularly perform audit trails reviews can be very challenging for somecompanies. This requirement is based on the assumption that all system provideaudit trails that are “user friendly”, adequate and easy to review for dataintegrity. One of the biggest challenges is that some systems specifically inthe Quality Control laboratories don’t generate audit trails that facilitate areview regularly. Another challenge is whether to perform periodic review or toassess the audit trails prior to signing or approving the data. Can weimplement the same approach for all areas with GMP impact or can we take a riskbased approach. Which approaches are more value added and not just a paper workexercise?
根据要求定期进行审计跟踪评审可能对一些公司很有挑战性。这一要求是基于假设所有的系统提供审计追踪是“用户友好”的、适当的以及容易审核数据完整性的。最大的挑战之一是,特别是在质量控制实验室,一些系统不生成审计追踪来进行定期审核。另一个挑战是,在签署或批准数据之前是否需要进行定期审核或评估审计追踪。我们可以所有GMP的影响的区域采取相同的方法吗,或者我们可以采取基于风险的方法。哪种方法更有价值,并且不仅仅是书面的的文件化活动?
Unfortunately Annex 11 andother data integrity philosophies fail to provide adequate guidance anddirection about how to regularly review audit trails. There is always thechallenge on how to deal with all the assumptions related to this requirementand this also includes resources to regularly review audit trails. In order toreview audit trails regularly qualified resources are needed to perform thiswork. The resource impact needs to be clearly understood based on the populationof impacted systems, the volume of the reviews and the defined frequency. Allthe potential challenges need to be well understood and addressed prior tocommitting to perform audit trails reviews, otherwise the effort will bemeaningless and simply a paper exercise.
不幸的是,附件11和其他数据的完整性指南无法对如何定期审查审计跟踪提供充分的指导。如何应对这一要求相关的所有设想也是一个挑战,这也包括满足定期审查审计跟踪的资源。为了审查审计追踪,需要定期确认硬件资源。资源的影响需要基于影响系统的种类、审核的范围、和定义的频率清楚地理解。所有潜在的挑战,需要在执行审计审查之前很好地理解和解决,否则将是毫无意义的和仅仅是纸上功夫。
AUDIT TRAIL ASSESSMENTS
审计跟踪评估
In order to align with therequirement to regularly review audit trails an assessment needs to beperformed for all impacted systems. The audit trail assessment is the first andthe most critical steps to implement audit trail reviews. An inventory of allimpacted systems need to be created. This inventory will identify all impactedsystems that need to be included in the audit trail assessment. The intent ofthe assessment is to identify whether each individual system provide audittrails that are adequate and that can be used for performing these reviews.
为了完成定期审查审计追踪的需求,需要对所有有影响的系统进行评估。审计追踪评估是实施审计追踪审核首要的也是最关键的步骤。需要创建一份所有有影响的系统的清单。这份清单将确定所有需要包括在审计评估的有影响的系统。评估的目的是确定是否每个系统提供审计追踪是充分的并可用于执行这些审核。
System level risk assessmentsneed to be performed to identify whether the system is high, medium or lowrisk. The system risk needs to be used to prioritize the audit trail assessmentand implementation of periodic reviews. For example a quality control system tomeasure critical quality attributes is probably high risk and should be a priority.A risk based approach will be discussed in more detail later in this article.
需要执行系统层面的风险评估确定系统是否是高风险、中等风险还是低风险。系统风险需要决定审计追踪评估和实施定期审核的优先级。例如,一个用来测量关键质量属性的质量控制系统可能是高风险的,应优先考虑。基于风险的方法将在