What is an Audit Trail?
An audit trail is a chronological record of:- Who did what
- When they did it
- What changed
- The before and after values
What Gets Audited
Data Changes
| Event | Information Captured |
|---|---|
| Create | New data, who created it |
| Update | Old value, new value, who changed it |
| Delete | What was deleted, who deleted it |
User Actions
| Event | Information Captured |
|---|---|
| Login | User, time, method |
| Role Change | Who changed what role |
| Export | What was exported, by whom |
Status Changes
| Event | Information Captured |
|---|---|
| Record Status | Status transitions |
| Participant Status | State changes |
| Study Status | Lifecycle events |
Accessing Audit Trails
Record-Level Audit
View changes to a specific record:Study-Level Audit
View all study activities:Organization Audit
View organization-wide activities:- Settings changes
- Member management
- Study creation
Audit Event Details
Each audit event includes:| Field | Description |
|---|---|
| Timestamp | Exact time (UTC) |
| User | Who performed the action |
| Action | What was done |
| Resource | What was affected |
| Old Value | Previous value (for changes) |
| New Value | New value (for changes) |
| IP Address | Where the action originated |
Filtering Audit Logs
Filter to find specific events:| Filter | Use Case |
|---|---|
| Date Range | Events within a period |
| User | Actions by a specific user |
| Event Type | Specific types of actions |
| Resource | Changes to specific items |
Exporting Audit Logs
Export for compliance or review:
Export formats:
- CSV for spreadsheet analysis
- JSON for system integration
Regulatory Requirements
Audit trails support:21 CFR Part 11
| Requirement | How Met |
|---|---|
| Audit trail of changes | All data changes logged |
| User attribution | User identity captured |
| Timestamp | Date/time of all events |
| Cannot be modified | Immutable audit log |
ICH GCP
| Requirement | How Met |
|---|---|
| Documentation | Complete records |
| Traceability | Change history |
| Corrections visible | Old values preserved |
Using Audit Trails
Compliance Audits
During regulatory audits:- Export relevant audit logs
- Demonstrate change control
- Show user accountability
Investigations
When investigating issues:- Identify when something changed
- Determine who made changes
- Understand the sequence of events
Quality Reviews
For quality purposes:- Review patterns of changes
- Identify potential issues
- Monitor data quality
Best Practices
Regular Review
Regular Review
Periodically review audit logs for anomalies.
Export for Retention
Export for Retention
Export logs to meet retention requirements.
Understand Coverage
Understand Coverage
Know what is and isn’t captured in the audit trail.
Use for Training
Use for Training
Identify issues to address in training.
Related
Regulatory
Compliance requirements.
Organization Audit
Organization-level audit.