How to handle Legacy Systems if no Audit Trail is available or a "User Login" is not possible?
Recommendation
22/23 January 2025
Ensuring Control of Chromatographs, Integration and Results
Register now for ECA's GMP Newsletter
Problem statement: How to handle Legacy Systems if no audit trail is available or a "user login" is not possible?
First of all, it can be deduced from the contents of the EU GMP Guidelines Annex 11 that an audit trail in connection with GMP-relevant data and their modification should be available in a computerised system. If this functionality was not yet available at the time the system was purchased, it should first be checked whether an update with the audit trail functionality is now available for this system. If this is not the case, an appropriate alternative should be introduced. EU GMP Annex 11 does not describe what this alternative should look like.
Possible solution:
One possibility would be to use handwritten audit trail logbooks. This alternative is also proposed by the PIC/S document PI 041 GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP ENVIRONMENTS:
9.4 Audit trails for computerised systems:
If no electronic audit trail system exists a paper based record to demonstrate changes to data may be acceptable until a fully audit trailed (integrated system or independent audit software using a validated interface) system becomes available. These hybrid systems are permitted, where they achieve equivalence to integrated audit trail, such as described in Annex 11 of the PIC/S GMP Guide.
Source: PIC/S PI 041
Related GMP News
13.01.2025Cloud Computing: Open or Closed System according to 21 CFR Part 11?
11.12.2024Cloud Computing: Validation documents for a SaaS application
04.12.2024Cloud Computing: What happens if the CSP does not allow audits?
27.11.2024Cloud Computing: Are (GMP) Supervisory Authorities allowed to inspect CSP?
20.11.2024Cloud Computing - Content of a SLA/Contract with a XaaS Provider