Is My Audit Trail Regulatory Compliant?

July 20, 2017 / by Theresa Webster

Is my audit trail regulatory compliant.jpg

Operating a laboratory within regulatory requirements can be a challenge.  The wording of regulations is typically cryptic, and there’s always room for different interpretations.  Audit trails are an important factor for compliance because they document a comprehensive history of sample analysis. Whether you capture sample history using a paper-based method or use an electronic system (LIMS), data integrity requirements equally apply.  In this article, we have simplified the key features of audit trails for electronic systems based on the MHRA Orange Guide and FDA 21 CFR Part 11 requirements.

The Audit Record

The audit record should be human readable and contain the following information:

  • Type of Action: The record must inform the user if something has been created, modified or deleted.
  • Operator: This is the identity of the user who performed the action. In some cases, the system maybe recorded as an operator where actions are automated. For example, where your LIMS is integrated with equipment, you may see the ‘System’ entered results for a test.
  • Date and Time of Action: When the audit trail records the date and time of action, the system should use the date and time from a location that cannot be editable by the user.
  • Values: Where data has been modified, the audit record must include previous and new values.
  • Reason for change: For all action types that are not part of the routine sample analysis process, a reason for change must be recorded by the user. For example, if a duplicate test is added to sample, the user must record why a duplicate test was required and record additional identifiers where necessary (e.g. laboratory investigation – LIR 17-098).
  • Electronic Signature: Where the user has entered their electronic signature to complete an action, this must be included in the audit record.


Data Integrity

It is important that your system audit trail adheres to data integrity requirements.  This means that the system must prevent users from modifying or deleting the audit trail as well as obscuring original data entries. A well designed and compliant LIMS will provide read-only access to the audit trail through reporting or a user interface, and additional measures will be implemented to prevent unauthorised access at the database level (both physical and electronic access).

Data Reporting

The audit trail is one example of an electronic record, and it is a regulatory requirement that the system has the ability to generate accurate and complete copies of the audit trail in a printable and human readable format. This allows you to conduct periodic compliance reviews to maintain a validated system.  It also allows auditors, both internal and external, to review records as appropriate.


FDA 21 CFR Part 11 with LabHQ LIMS


Topics: LIMS, Data Integrity, audits, FDA, MHRA, GMP requirements

Theresa Webster

Written by Theresa Webster

Theresa Webster is the co-founder of Broughton Software and serves as their Director of Product Management. After studying at the University of North Carolina at Charlotte receiving a BSc in Biology and a BA in Chemistry, Theresa began her career at Broughton Laboratories, a leading UK MHRA and US FDA GMP licensed contract laboratory. In her role as a Commercial Projects Manager, she developed business start-ups from idea to fully operational divisions, in particular, the stability storage facility and software services. Theresa led the software services division to become a stand-alone business in 2012 as Broughton Software providing the industry's leading LIMS solution for Quality Control Laboratories. In her personal time, Theresa enjoys travel and fitness.