What is Audit Trail :
An audit trail or audit log is a security-relevant chronological record, set of records, or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.
Audit trail means a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the history of events relating to the creation, modification, or deletion of an electronic record.
For example, the audit trail for a high performance liquid chromatography (HPLC) run should include the user name, date/time of the run, the integration parameters used, and details of a reprocessing, if any.
Audit trail should be available in analytical instruments like High performance liquid chromatography (HPLC) , Gas chromatography (GC), Infrared Spectrophotometer, Ultra Violet Spectrophotometer, Water By KF etc.
Each industry, whether tracking records or transactions, will benefit from maintaining accurate audit logs and Audit trial is being used in other sectors like Financial, accounting, and billing records, Manufacturing design controls, Nursing medical records, Health information.
Contains of Audit Trail :
From Audit trial we can check the name of the person who has assessed the system along with date and time.
Audit trail records or log contain details that include:
- Date, time
- User ID associated with the transaction or activities
- Name of person
- access to data
- Original result or value and changed or modified result or data
- Justification or reason for change
- Number of Invalid attempt to log the system or instrument
Audit Trail Log shall be maintained for the life of the records which can be extremely useful in historical reporting and solving problems in the future.
When Audit trails data to be Reviewed and what to be Reviewed :
Audit trail data shall be reviewed after analysis of each steps of processing or analysis or before release of the batch and audit trial report shall be attached to the respective Analytical reports.
During review the reviewer shall review the Audit trail of testing, Instrument, Operating software and all the steps followed during the testing.
Based on risk assessment the reviewer has to identify the critical checks before batch release and any observation identified during review shall be investigated and appropriate CAPA shall be taken to know the impact on the product.
For the systems where Audit trail is not available in that case alternative procedural control like Standard operating procedure and logbook shall be checked.
Who Uses an Audit Trail :
As previously mentioned, audit trails are commonly managed by staff within the IT department, such as a security manager or network administrator. A key point to keep in mind is that any user, whether a manager, employee, end-user, legal staff, an accountant, or others who touch an electronic record, will be included in the audit trail of the record. This user may be a human who makes an update to a record or accesses a system, or it may be a system that automatically makes updates/changes, such as restarting a computer.
Advantages of an Audit Trail :
The advantages of Audit Trial can lead to the transparency of the records for compliance, record integrity and accuracy, system protection from misuse or harm.
The Advantages are as follows :
- User Accountability: A user is anyone who has access to the system. Implementing audit trails promotes appropriate user behavior, which can prevent the introduction of improper use of information, and unauthorized use or modifications. In addition, the user knows that their actions are automatically recorded and tied to their unique identity.
- Reconstruction of Events: When an investigation is or triggered, the first step to remediate a problem is knowing the “when,” the “how,” and the “what” of the event. Visibility into this information can aid in problem detection and prevent future occurrences of things such as hacking, system failures, outages, or corruption of information.
- Violation Detection : Audit trails aid in identifying suspicious behavior or actions. Unauthorized access is a serious problem for most systems. Many regulations now have mandates for the security of information and maintaining confidentiality.
- Other Problem Identification: Through real-time monitoring, you can use automated audit logs to identify problems that indicate system implementation issues, operational issues, unusual or suspicious activities, or system and operator errors.
FDA has issued many warning letters to the organization relating to audit trails which are reviewed during inspection so before release of any product or batch audit trails log shall be reviewed .
Limited access shall be provided to the system to avoid any problem.
Regular back up shall be taken for the system and can be saved in secured folder by the Information Technology person.