One often hears of metadata or audit trail when discussing electronic records but rarely gets to see these. Until the time of an audit, that is. Why? Because these invisible parts of digital records hold key information that will guide the inspectors’ work. Clinical leaders should therefore make sure they are correctly in place. Although invisible until needed, audit trails are the assurance for compliance needed in every process of a clinical trial, including independent expert committees management.
An audit trail is the part of metadata allowing to track the key parameters of a digital record: when the record was created, in which environment or system, by whom, who reviewed it and when, who approved it, and so on.
If metadata such as dates of issuance, dates of validity or all other important information allowing to identify digital records must be kept safe for archiving purposes, the audit trail has additional requirements in the regulated world of drug development: it must be automatically generated, non-editable (so it cannot be changed once created), not accessible by regular users but easily accessible and readable (we say “human-readable” as opposed to “machine-readable”) when requested by an auditor.
Why is Audit Trail so important?
At the time of massive transition from paper to digital records in the latter part of the 20th century, there was extensive debate on whether digital records were trustworthy and electronic signatures as valid as “wet ink” ones. In 1992 the EMA issued “Annex 11” and in 1997, the FDA issued 21CFRpart11, the US legislation that sets the rules for acceptance of electronic records and electronic signatures. Secure, inalterable, and inspectable Audit Trail was a centerpiece in the acceptance of digital records.
How is Audit Trail set and used today?
According to the above regulations, validated systems generating official digital records such as reports, PDF documents and other files are required to automatically generate an audit trail that can be inspected if needed. Computer systems validation systematically checks these features. In case of inspection, the audit trail not only confirms the authenticity of the record but can allow to verify whether all standard operating procedures (SOP) have been followed as required.
Inspection of the audit trail can for example show whether the persons required by an SOP have reviewed and approved a record, and whether they have done this in due time. If all is correct and the audit trail is secure and inalterable, then the inspector will be satisfied and move to the next item.
A useful component of clinical committee software
This obligation soon became a useful component of computer systems used in clinical trials, especially when managing independent committees such as clinical endpoint committees, DSMBs, DMCs or Steering Committees. Such systems typically involve several user-roles (e.g., sponsor, sites, committee members) and are used for recording assessments and recommendations.
The safest and easiest way for a clinical team to document the assessments and decisions of their independent committees as required by regulation is through audit trail: every time an operation is performed in the system, a new audit trail record is generated. For irrefutable evidence that any data point entered by an adjudicator or other contributor has never been modified without a GxP audit trail stating reasons, time and originator of the change, clinical committee software could also be integrated with Blockchain technology. Since all can be automated, there is no need to check along the way if using a validated computer system.
In summary, Audit Trail is metadata hidden deep inside computerized databases that ensure the validity and authenticity of digital records. Operational teams don’t usually check the Audit Trail unless they are the system coordinator, but they must always be sure to have it; because when they do need it, it is their assurance for peace of mind. With its high-level security capability, blockchain technology provides the strongest data integrity assurance.
Data integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA).
Metadata is the contextual information required to understand data. A data value is by itself meaningless without additional information about the data. Metadata is often described as data about data. Metadata is structured information that describes, explains, or otherwise makes it easier to retrieve, use, or manage data.
Audit trail means a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record.
Source: Data Integrity and Compliance with Drug CGMP - Questions and Answers, Guidance for Industry (https://www.fda.gov/media/119267/download)
REQUEST A FREE DEMO OF THE eDSMB® SOFTWARE
A cost-effective, compliant software with customized support for your DSMBs and DMCs management.
