The new E6 R3 section on Data Governance largely covers measures that are already part of standard practice for using electronic data acquisition systems, such as validation and control of systems, corrections, transfers, and archival. However, there is one requirement that we suspect will be new to most clinical trial sponsors:
Procedures for review of trial-specific data, audit trails and other relevant metadata should be in place. It should be a planned activity, and the extent and nature should be risk-based, adapted to the individual trial and adjusted based on experience during the trial (III.4.2.3)Let's gloss over the TWO missing Oxford commas in these sentences and consider the history of audit trail review.
If you google "audit trail review GMP," you will find most sources of information conflate "audit trail review" performed during validation of a computer system (for example, verifying that the audit trail includes all required components, has an unambiguous time stamp, permits traceability of all data changes) with the audit trail review performed on actual production, such as is clearly intended by E6 R3. Thus, we prefer to go directly to the source.
Neither 21 CFR Part 11 nor US GMPs (21 CFR Part 210 and 211) explicitly references audit trail review of production data. 21 CFR Part 211, however, addresses review of laboratory records in a manufacturing setting. 21 CFR 211.194, Laboratory Records, states "Laboratory records shall include complete data derived from all tests necessary to assure compliance with established specifications and standards, including examinations and assays, [including] the initials or signature of the person who performs each test....[and] the initials or signature of a second person showing that the original records have been reviewed for accuracy, completeness, and compliance with established standards." This, apparently, is the origin of audit trail review - the laboratory principle that holds that a second person reviews results that are generated by a tester.
A guideline from the Pharmaceutical Inspection Convention/Pharmaceutical Inspection Co-operation Scheme (PIC/S) concurs with this principle as it applies to batch record review. It tells us that "critical audit trails related to each operation should be independently reviewed with all other records related to the operation and prior to the review of the completion of the operation (e.g. prior to batch release) so as to ensure that critical data and changes to it are acceptable." The idea here is that audit trail review is part of batch record review, to verify that the audit trail corroborates other information in the batch record.
This brings us to the question: How do we apply the concept of audit trail review in a manufacturing or laboratory environment to a GCP environment? In a lab, a machine analyzes a substance and then generates the result; it makes sense that a review of all the records associated with that result would include review of the audit trail. In a clinical trial, though, most machines are used for data entry. What exactly are we looking for when we do audit trail review? Stay tuned for Part 2 of this post.
