Paul Yeatman is a microbiologist with over 15 years’ experience in documentation, validation and running investigations in TGA and FDA regulated environments. He has a strong interest in process improvement, documentation, training and developing others. From 9-5 Paul investigates and solves software problems. By night he works on his science chops. He has an arty streak, runs several blogs and enjoys communicating his experiences and knowledge in arenas such as this. Continue reading →
“Hello Dear LinkedIn friends. I have few questions related to computerized system.
1. In a country where there is a change in time due to day light saving. How does audit trails and reports are managed in software? ( Here software is operated in multiple time zones) Example: if someone logs in at 9:55 AM and start activity which lasts for 15 mins (means completion at 10:10). What if, in between there is day light saving happened at 10 AM and time goes 1 hr back. It will show that personnel logged in at 9:55 and activity was completed at 9:10. How shall we handle impact of day light savings in such case for reports and audit trails?
2. Do we require Audit trails for each activity. ? E.g. If software is prepared to manage documents. And we have some activities like News and Events on dash board for employees which is not critical step or basic requirement of application.
So do we require audit trail for such activities which are not critical for intended use of software. And if yes, do we require reason for each step?“
Evernote seems to be a powerful, extensible cloud based application. I am curious if anyone in the group uses it in their lab and how do they use it, for what purpose and how well does it work for your needs?/”
My reply to this was:
I’d not advise it. Besides a vendor audit to ensure availability of the system and backups you’d need to ensure Evernote data cannot be obscured or changed, make sure time, date and user stamps are in place and the data integrity is maintained for the duration of the retention period.
While larger companies nowadays use validated systems such as Trackwise, SAP modules and the like for following-up on their CCPs, deviations, CAPAs etc., in GMP inspections of smaller companies I usually encounter some sort of electronic Access- or Excel-based lists that are used (typically by QA) for this purpose, i.e. entering cases, assigning event ID’s, and supervising the progress of investigations / implementation measures until approval / close-out.
These lists a quite critical, especially when many events have to be dealt with, a.o. because of the risk that certain events might get ‘forgotten’.
Nevertheless, I see quite often that little is done to ensure that entries in these lists are correct and uptodate. Another issue is controlled handling of hardcopies of these lists which often, not astonishingly, are outdated as soon as they come out of the printer.
Any ideas what it makes challenging to deal with these lists? What are proven good practices worthwhile to share?”
My reply to this was:
Just like for word, Excel has a revision tracking feature.
There are ways to log changes to tables data in Access, but none are particularly robust.
It all boils down to using the right tool for the job. Is Excel or Access a suitably regulatory compliant solution or do you need to use something else?
The last line of the my comment sums things up nicely.
Having worked in the pharmaceutical industry where I’ve dealt with electronic systems, paper based systems, programmed my own access databases and Excel spreadsheet and been on projects such as LIMS system validation, I figured I’d make notes on the FDA’s 2016 guidance for industry document regarding Data Integrity and Compliance With CGMP. This draft is for currently open for comment and the guidance addresses data integrity in:
“Companies are expected to perform trending of their monitoring data. Detecting adverse trends should help to prevent exceedings of regulatory limits, as defined e.g. in Annex 1 to the EU or PIC/S GMP Guide for aseptic operations.
As you all know, microbial counts do not follow a normal Gaussian but a logarithmic distribution, such that the classical way of calculating and defining thresholds for alert (often +/- 2s) and action (+/- 3s) cannot be applied.
Hence, what alternative approaches to setting alert and action limits for microbio monitoring data (environment, staff, water, …) do you apply?”
You need to have defined what your alert and action levels are and how many times in a row a site can be in alert before this constitutes an action. You also need to define how many below alert results may indicate an adverse trend.
Basically you want to get what is heading out of control under control.
You need to have a defined trending and reporting period and reports need to be signed off both by the microbiologist and QA manager.
Your internal process and documents will be dependant on which regulatory bodies have oversight at your facility.
The FDA, PDA, PIC(S), ICH and good resources like the PMF are valuable when developing your internal processes.