Audit Trail — §11.10(e)

Audit Trail Requirements. The system shall employ secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records, in accordance with §11.10(e). The audit trail shall meet the following requirements: (a) audit trail entries shall be automatically generated by the system and shall not be modifiable by any user, including system administrators; (b) each audit trail entry shall record, at a minimum: the identity of the person who performed the action (linked to their unique user identification), the date and time of the action (synchronized to a trusted and traceable time source), the type of action performed (create, modify, delete, approve, reject, etc.), the field or data element affected, the previous value (before change), and the new value (after change); (c) audit trail data shall be retained for a period at least as long as the electronic records to which it pertains, as required by the applicable predicate rule; (d) audit trail data shall be available for review and copying by the FDA upon request; (e) the audit trail shall be included as part of the record review process, and designated personnel shall periodically review audit trails for unauthorized changes, anomalies, or potential data integrity issues; (f) any attempts to alter, disable, or delete audit trail functionality shall be recorded and shall trigger an alert to the system administrator and the Quality Unit; and (g) the integrity and completeness of the audit trail shall be verified during system validation and periodically thereafter.