An audit trail is a secure, computer-generated, time-stamped electronic record that allows the reconstruction of events around the creation, modification, or deletion of an electronic record.
It should be in a clear and specific format and capture key data, including when (date and time), by whom (identity), where (location, terminal or device identification), and what (detail about the change).
However, many end-users have significant issues integrating the audit trails from different package equipment vendors as there is a lack of standardization. The random structure of audit trail messages means integrating audit trail information is complex and inconsistent. This places automation on the critical path for facility design, build and reconfiguration.
A standard is needed to define the interface for audit logs that fulfill all the objectives of EU GMP Annex 11 and FDA 21 CFR Part 11.
A standard audit trial model
This situation has driven BioPhorum to publish its Plug-and-play audit trail requirements paper, which proposes a harmonized audit trial model that fulfills regulatory requirements, and the data context needs of analytics applications.
BioPhorum is working towards guidelines that enable plug-and-play for bioprocessing equipment. This paper is one of a series that addresses the problems associated with automating equipment that lacks interoperability in the biopharmaceutical industry.
“The paper defines a universal framework for data-centric audit messages,” said Derrick Tapscott, Industry Consultant Lead at Rockwell Automation. “A specific life science vocabulary then enables FDA/EU audit data integrity requirements to be added to a standard plug-and-play skid. This saves those end-users wanting to integrate skids a lot of time and effort. It also enables them to feed their data applications and analytical processes.”
The requirements paper is linked to the BioPhorum Stirred Tank Unit Interface Specification , which describes the principles relating to the established standards of S88, S95 and OPC-UA. It also links to the developing ‘plug-and-play’ approach of the NAMUR automation association and its module type package (MTP) equipment definition.
The paper is a stimulus piece to start the journey via a national standards body to becoming a formal international standard. The aim is to support NAMUR and add biopharmaceutical-related data integrity and audit capability to its MTP standard.
“The audit trail paper is a major step forward in building audit trail requirements into the plug-and-play methodology for connecting intelligent pieces of equipment on the manufacturing shopfloor,” said Gene Tung, Executive Director of Manufacturing IT at Merck. “The concepts and requirements laid out in the paper ensure that regulatory concerns around data integrity and personnel accountability are addressed appropriately.”
Combining the audit trail specification with NAMUR’s MTP means equipment and control systems providers can harmonize interoperability and drastically reduce equipment installation times. Also, by providing good documentation for their customers’ quality systems, they can help customers to reduce their internal validation efforts.
The specification in the paper will help overcome the issue that audit trails are often just a string of text. Each vendor will use a different string and so when biopharmaceutical companies try to use the audit trail they must translate it using a separate module. The standardization in the BioPhorum specification will remove variability and misunderstanding about what the audit trail contains, making the data more machine-readable.
The audit trails paper is linked to BioPhorum’s upcoming Alarm and events requirements definitions paper that contains a strategy and guidelines for managing alarms and events to support plug-and-play projects in biopharmaceutical systems. Having a correct audit trail will help companies reconstitute what happened when an alarm and event is triggered. “Each time we run a process, we have to prove we are staying in a validated state,” said Jean-Luc Gerling, Solution Manager – Compliance & Security Architect at Merck (Life Science Business Sector). “Using the paper will help us reconstitute and verify what has happened on a process – how it was plugged in and plugged out, and the differences in-between those operations when it’s done the first, second, third or fourth time.”