Standard Operating Procedure for Audit Trail Review for GMP Systems in API Manufacturing
| Department | API Manufacturing |
|---|---|
| SOP No. | SOP/API/177/2025 |
| Supersedes | SOP/API/177/2022 |
| Page No. | Page 1 of 14 |
| Issue Date | 14/04/2025 |
| Effective Date | 16/04/2025 |
| Review Date | 14/04/2026 |
1. Purpose
To establish a standard procedure for the periodic review of audit trails from computerized systems used in Good Manufacturing Practice (GMP) regulated activities to ensure data integrity and compliance in API manufacturing.
2. Scope
This SOP is applicable to all GMP-relevant computerized systems (e.g., HPLC, GC, FTIR, balances, LIMS, EMS, BMS) that generate, record, or store GMP data
at the API manufacturing facility.
3. Responsibilities
- QA Officer/Executive: Conducts audit trail reviews as per defined schedule, identifies irregularities, and reports findings.
- QC/Production/System User: Ensures system audit trails are enabled and not deleted or overwritten.
- System Administrator/IT: Provides access to audit trail data, supports report generation, ensures system backup and security.
- QA Head: Reviews audit trail trend reports and ensures corrective action is taken in case of data integrity issues.
4. Accountability
The Head of Quality Assurance is accountable for ensuring implementation and effectiveness of the audit trail review process across all GMP computerized systems.
5. Procedure
5.1 Definition and Regulatory Requirement
- An audit trail is a secure, computer-generated, time-stamped electronic record that allows reconstruction of events relating to the creation, modification, or deletion of GMP data.
- As per 21 CFR Part 11, EU Annex 11, and MHRA GXP Data Integrity Guidelines, periodic audit trail review is mandatory for GMP systems.
5.2 Identification of GMP Systems Requiring Audit Trail Review
- QA shall maintain a Master List of GMP Systems (Annexure-1) that require audit trail review.
- This includes:
- Analytical instruments (e.g., HPLC, GC, UV, FTIR)
- Balance systems used for raw material weighing
- Environmental and utility monitoring systems (e.g., BMS, EMS)
- LIMS and electronic logbooks
5.3 Audit Trail Review Frequency
- Routine periodic review shall be conducted by QA:
- Critical systems: Monthly (e.g., LIMS, HPLC)
- Non-critical systems: Quarterly
- Review must also be conducted:
- Before batch release
- During deviation investigation
- After system malfunction or failure
5.4 Review Process
- Access the audit trail via the system interface or export report with IT support.
- Review the following parameters:
- User login/logout
- Data creation/modification/deletion
- Changes in method or results
- Instrument time/date settings
- Unauthorised access attempts
- Record review details in Audit Trail Review Log (Annexure-2).
5.5 Handling Observations
- If any data integrity concern is observed (e.g., unauthorized changes, deleted data, unexplained overrides), raise an internal Observation Report (Annexure-3) and initiate a deviation.
- QA to conduct impact assessment and initiate CAPA where applicable.
- Notify regulatory authority in case of critical breach (as per site escalation policy).
5.6 Report and Trend
- QA shall prepare a Monthly Audit Trail Trend Report (Annexure-4) summarizing:
- Total systems reviewed
- Number and type of observations
- Repeat violations
- Reports shall be reviewed by QA Head and discussed in the Quality Review Meeting.
5.7 Backup and Retention
- Audit trail data shall be backed up weekly and retained for a period of at least 5 years or as per regulatory requirement.
- Ensure data is stored in a secure location with limited access and audit capability.
6. Abbreviations
- QA: Quality Assurance
- IT: Information Technology
- HPLC: High Performance Liquid Chromatography
- GC: Gas Chromatography
- LIMS: Laboratory Information Management System
- CAPA: Corrective and Preventive Action
7. Documents
- Master List of GMP Systems (Annexure-1)
- Audit Trail Review Log (Annexure-2)
- Audit Trail Observation Form (Annexure-3)
- Monthly Audit Trail Trend Report (Annexure-4)
8. References
- 21 CFR Part 11 – Electronic Records and Signatures
- EU GMP Annex 11 – Computerized Systems
- MHRA GxP Data Integrity Guidelines
- ICH Q9 – Quality Risk Management
9. SOP Version
Version: 2.0
10. Approval Section
| Prepared By | Checked By | Approved By | |
|---|---|---|---|
| Signature | |||
| Date | |||
| Name | |||
| Designation | |||
| Department |
11. Annexures
Annexure-1: Master List of GMP Systems
| System Name | Location | Review Frequency | Criticality |
|---|---|---|---|
| HPLC-01 | QC Lab | Monthly | High |
| Balance-05 | Dispensing Room | Quarterly | Medium |
Annexure-2: Audit Trail Review Log
| Date | System Name | Reviewer | Observations | Remarks |
|---|---|---|---|---|
| 01/04/2025 | HPLC-01 | Sunita Reddy | None | Compliant |
Annexure-3: Audit Trail Observation Form
| Observation No. | Date | System | Description | CAPA Initiated |
|---|---|---|---|---|
| ATR/2025/02 | 03/04/2025 | GC-02 | Deleted run without comment | Yes |
Annexure-4: Monthly Audit Trail Trend Report
| Month | Systems Reviewed | Observations | CAPAs Raised |
|---|---|---|---|
| March 2025 | 12 | 2 | 2 |
Revision History:
| Revision Date | Revision No. | Details | Reason | Approved By |
|---|---|---|---|---|
| 01/01/2022 | 1.0 | Initial Release | New SOP | QA Head |
| 14/04/2025 | 2.0 | Included audit trail frequency and annexures | GxP Compliance Update | QA Head |