FDA responses to questions regarding the practice of completing audit trails in clinical trials.
From Florence’s Complete Library of FDA eRegulatory and eSource Guidance
How do we comply with the audit trail requirement when keeping our TMF in an electronic folder, with limited access and back-up by manual creation of documents and scanned documents?
The audit trail only applies to the records, not the software. The audit trail captures additions, deletions, or alterations of information in an electronic record without obscuring the original record. If you want to destroy the paper source copy and only use the electronic copy, you should have a process to certify the copies and the copy should retain the audit trail of the data recorded on the paper copy (from 2016). Documentation in the Florence Library of FDA eRegulatory and eSource Guidance
For software that doesn’t track changes to individual values on a form, can you consider the entire form to be one “electronic record” and let the signature serve as the audit trail for all of the form entries?
It depends. You can make the decision to apply audit trails based on requirements and justifications. If you decide that it is important to have audit trails, this would not be an appropriate choice. If the electronic data elements can be easily modified at any time to misrepresent information, without evidence that a change was made, audit trails are necessary for the individual values (from 2016). Documentation in the Florence Library of FDA eRegulatory and eSource Guidance
If changes are made to a previously-signed form, the specific changes could only be detectable by visually comparing the original and new copies of the completed form. Is this an acceptable means for maintaining the audit trail associated with the form entries?
No. There needs to be an authorized data originator and particular data element identifiers associated with each data element for the audit trail (from 2016). Documentation in the Florence Library of FDA eRegulatory and eSource Guidance
If we had policies requiring that each form be completed in one session so that the signature timestamp is contemporaneous with the actual entries, but had no means for detecting non-compliance with the policy, would this be a concern for the audit trail?
Yes (from 2016). Documentation in the Florence Library of FDA eRegulatory and eSource Guidance
Because of a bug in our EDC system, our audit trail was not recorded correctly. Can the automated correction of the audit trail from the vendor, along with sufficient validation documentation and evidence of the program operating correctly be approved?
This is a decision for the company to make. You should completely analyze the root of the issue and have a plan to solve similar ones in the future. If an inspection occurs on an affected study, you should have a copy indicating which studies were affected and your solution documented (from 2013). Documentation in the Florence Library of FDA eRegulatory and eSource Guidance
Is a system, which is used to record patient responses, that requires electronic sign-off by study staff and record locking which automatically starts the audit trail enough for the system to be part 11 compliant?
No, not necessarily. While these are two important parts, there are other procedures and controls detailed in 21 CFR 11.10 and 11.30 that need to be followed, and the eSignatures must comply with 21 CFR Part 11 requirements (from 2016). Documentation in the Florence Library of FDA eRegulatory and eSource Guidance
For patient-facing questionnaires, that don’t require the patient to log in, is activating the audit trail upon completion enough for these questionnaires to be compliant with Part 11 to be used for source documentation?
No. There needs to be access controls to ensure that entries come from the study participants. The system also needs to capture/transmit who is the data originator and the date/time data was transferred to the sponsor’s database and date/time data was entered by the participant. Additionally, the system should restrict who can access or modify the patient’s data. (from 2016 . Documentation in the Florence Library of FDA eRegulatory and eSource Guidance
Download the Complete Florence Library of FDA eRegulatory and eSource Guidance
The summaries presented in our library are for informational purposes only, they are not for implementation in operations. Please consult official FDA guidance documents for operational use.