Audit trails are secure, computer-generated records that document the creation, modification, and deletion of electronic GxP data. Regulatory authorities require audit trails to provide a complete chronological record of all changes to data, including who made the change, when it was made, what the previous value was, and why the change was made. Audit trails are essential for demonstrating data integrity in computerized systems.

What Are Audit Trails?

An audit trail is a time-stamped, tamper-evident log of all actions that create, edit, or delete electronic records. Audit trails must be generated automatically by the system and must not be capable of being modified or deleted by users. They form the electronic equivalent of the correction and revision practices required for paper records.

Principles

Audit trails must be secure, time-stamped, and linked to the records they document. The ALCOA+ principles require that audit trails be attributable, legible, contemporaneous, original, accurate, complete, consistent, enduring, and available. Audit trails must capture both the original and the changed values, the identity of the user, the date and time of the change, and the reason for the change.

Best Practices

Configure computerized systems to generate audit trails automatically for all GxP-relevant data, and ensure that audit trail entries cannot be edited, deleted, or overwritten. Establish procedures for periodic review of audit trails by trained personnel to detect anomalies or unauthorized activities. Integrate audit trail review into the routine quality oversight process as recommended by 21 CFR Part 11 and EU Annex 11.

Regulatory Requirements

21 CFR Part 11 requires that electronic systems include audit trails for all GxP records and that these trails be reviewed periodically. EU Annex 11 mandates that audit trails be available and convertible to a generally readable format. The FDA’s Data Integrity guidance emphasizes that audit trails must be reviewed as part of routine data governance activities.

Conclusion

Audit trails are a critical control for maintaining data integrity in electronic systems and are a primary focus of regulatory inspections. Organizations must ensure that their systems generate complete and secure audit trails and that personnel are trained to review them effectively. A robust audit trail program provides confidence in the reliability of electronic GxP records.