Context: In regulated environments (GxP, data integrity), the audit trail is a key control mechanism. In Electronic Batch Record (EBR) contexts it captures not only what happened, but also who did what, when, and (where applicable) why.
Why it matters: Audit trails support data integrity, enable investigations for deviations, and provide evidence for periodic reviews and inspections.
What an audit trail typically contains:
- Event type (e.g., create, change, approve, access)
- Timestamp (date/time)
- User/identity
- Object/record/step affected
- Before/after values (where meaningful)
- Justification (e.g., for corrections)
Audit trail review (practice): A risk-based approach (as recommended by GAMP 5) focuses reviewer effort on critical events—e.g., changes to critical process parameters, recipe steps or approvals. In practice, reviews often fail due to unreadable raw logs, missing filters and lack of context.
Typical regulated-industry requirements:
- Immutability of audit trail data
- Filterability (e.g., by date, user, area)
- Justification requirement for changes
- Export capability for inspections
- Access control for reviewers
Further reading: