In order to take a risk basedapproach to audit trail reviews the system risk level need to be identified.Prioritizing the audit trail assessment based on the level of risk is criticalto prioritize the assessments and implementation. Systems involved in thetesting of Critical Quality Attributes are high risk and should be the highestpriority during the assessments and implementation.
为了采取基于风险的审计跟踪审核,需要确定系统的风险水平。按照系统的风险水平关键程度的优先级别,来评估和实施。参与关键质量属性的测试系统是高风险的,应在评估和实施过程中最高优先考虑。
The system risk level shouldbe used to establish the frequency and scope of the audit trails periodicreviews. For high risk systems such as those used in Quality Control the audittrails should be reviewed with the test results to ensure the integrity of thetest data. The scope of this review should include assessing the accuracy andintegrity of the data using the audit trail. In this situation the audit trailwill be reviewed for the following:
系统风险水平应该被用来建立审计追踪定期审核的频率和范围。对于那些高风险的系统,如用于质量控制的,审计追踪应该与测试结果一起审核以确保试验数据的完整性。这种审核的范围应包括使用审计跟踪评估数据的准确性和完整性。在这种情况下,审计追踪将审核以下:
Changes to test parameters
测试参数的变化
Changes to data processing parameters
数据处理参数的变化
Data deletion
数据删除
Data modifications
Changes to test parameters
测试参数的变化
Changes to data processing parameters
数据处理参数的变化
Data deletion
数据删除
Data modifications
数据修改
Analyst actions
分析人员的行为
Data manipulation
数据篡改
Excessive integration of chromatography peaks
色谱峰不合理积分
Security breaches related to data
与数据相关的安全漏洞
Analyst actions
分析人员的行为
Data manipulation
数据篡改
Excessive integration of chromatography peaks
色谱峰不合理积分
Security breaches related to data
与数据相关的安全漏洞
QC procedures need to definethe controls related to data integrity; this will ensure consistency during theaudit trail review.
QC程序应该定义数据完整性相关的控制;这将确保审计跟踪审核过程中的一致性。
For medium and low risksystems the approach will be less intensive that for high risk. For thesesystems it can be possible to review periodically the audit trails. Theperiodic review period should be established based on the level of system risk.Medium risk systems should be reviewed more frequently than low risk systems.For example a document management system is probably medium risk that should beon a periodic review schedule of every six months or a yearly schedule. Lowrisk system can be reviewed on a yearly or bi-annual basis.
对于中、低风险的系统,审计追踪的方法将没有高风险系统那么密集。这些系统可能定期审核审计追踪。定期审核的周期应根据系统风险水平建立。中等风险的系统应该比低风险的系统更频繁。例如,文档管理系统可能是中等风险,应定期计划每六个月或每年进行。低风险的系统可以每年或每年2次进行。
The scope of the audit trailreviews for medium and low risk systems should include the following:
对中、低风险的系统审计追踪的范围,应包括以下内容:
Data changes
数据的变化
Data deletions
数据删除
Unauthorized access or transactions
未经授权的访问或操作
Data changes
数据的变化
Data deletions
数据删除
Unauthorized access or transactions
未经授权的访问或操作
To implement audit trailreviews is critical to take a risk based approach. A one size fits all approachcan have a significant impact on cost and resources.
实施审计追踪的审查是采取一种基于风险的方法的关键。它是一个放之四海而皆准的方法,可能对成本和资源有重大影响。
In summary a risk basedapproach is critical for the implementation of audit trail periodic reviews.
综上所述,基于风险的方法是实施审计追踪定期审核的关键。
IMPLEMENTATION
实施
Once the audit trailassessment are performed, system risk identified and all corrective actions areclosed the audit trail reviews can be implemented. Prior to implementation theimpact to resource need to be well understood based on the expected volume ofwork. Once this impact is understood hiring and reassigning of resource need tobe completed prior to formal implementation.
一旦进行审计追踪评估,识别出系统的风险并且所有纠正措施已关闭吗,就可以实施审计追踪的审核了。在实施之前,应该基于所期望的工作量好好理解对资源的影响。一旦理解这种影响,应该在正式实施之前完成资源的征用和重新分配。
Procedure may need to becreated or revised to include the approach of audit trails reviews for eachsystem based on the results of the assessment and system risk.
应该建立或修订规程,根据风险评估的结果将每个系统的审计追踪的审核写进去。
The last step is training allimpacted resources on the applicable procedures with an emphasis of dataintegrity.
最后一步是培训所有有关人员应用规程强调数据完整性。
公众号
查看