RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
21 CFR Part 11
From:
Stephanie Eaton <[log in to unmask]>
Reply To:
Records Management Program <[log in to unmask]>
Date:
Wed, 15 Jun 2011 12:54:20 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (109 lines) 
Hi all,



I am wondering if someone can answer a question regarding 21 CFR Part 11
requirements.



The question is around the auditing of the information stored with the
document.  Is it required that any metadata changes must record who made the
change, the date of the change and what the value of a field was changed
to.  Are you also required to record what the field was prior to the change?




Thanks in advance for any guidance!



Here is the actual verbiage …



It is the agency’s intent that the audit trail provide a record of
essentially who did what, wrote what, and when. The

write-to-file operations referenced in the proposed rule were not intended
to cover the kind of ‘‘background’’

nonhuman recordings the comments identified. The agency considers such
operator actions as activating a manufacturing

sequence or turning off an alarm to warrant the same audit trail coverage as
operator data entries in order to

document a thorough history of events and those responsible for such events.
Although FDA acknowledges that not

every operator ‘‘action,’’ such as switching among screen displays, need be
covered by audit trails, the agency is

concerned that revising the rule to cover only ‘‘critical’’ operations would
result in excluding much information and

actions that are necessary to document events thoroughly. The agency
believes that, in general,

the kinds of operator actions that need to be covered by an audit trail are
those important enough to memorialize in the

electronic record itself. These are actions which, for the most part, would
be recorded in corresponding paper

records according to existing recordkeeping requirements. The agency intends
that the audit trail

capture operator actions (e.g., a command to open a valve) at the time they
occur, and operator information

(e.g., data entry) at the time the information is saved to the recording
media (such as disk or tape), in much

the same manner as such actions and information are memorialized on paper.
The audit trail need not capture every

keystroke and mistake that is held in a temporary buffer before those
commitments. For example, where an

operator records the lot number of an ingredient by typing the lot number,
followed by the ‘‘return key’’ (where

pressing the return key would cause the information to be saved to a disk
file), the audit trail need not record every

‘‘backspace delete’’ key the operator may have previously pressed to correct
a typing error. Subsequent ‘‘saved’’

corrections made after such a commitment, however, must be part of the audit
trail.

At this time, the agency’s primary concern relates to the integrity of human
actions. Should the agency’s experience

with part 11 demonstrate a need to require audit trails of device operations
and entries, the agency will propose

appropriate revisions to these regulations. Accordingly, the agency has
revised proposed § 11.10(e) by removing

reference to all write-to-file operations and clarifying that the audit
trail is to cover operator entries and actions that

create, modify, or delete electronic records.







Stephanie Eaton

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2