Audit Trail Review: meaning, GMP requirements and impact on data integrity

Introduction

In today’s pharmaceutical industry, Audit Trail Review (ATR) has become one of the pillars of data integrity and regulatory compliance. FDA, EMA and PIC/S require that every modification to critical data be tracked, verified and understood, moving far beyond the old concept of simply checking the final reported result.

Every electronic GxP system—HPLC, LIMS, MES, SCADA, batch systems—generates audit trails that show how data were created, modified or approved.
According to the guide, the audit trail allows reconstruction of “who did what, when and why”, preventing unauthorised changes, errors or manipulations.

---

Key regulatory references

The regulations are clear:

• FDA 21 CFR Part 11 requires computer-generated audit trails for all operations on electronic data, retained for as long as the data themselves.
• EU GMP Annex 11 requires audit trails to be “secure, available and regularly reviewed.”
• PIC/S PI 041 and MHRA Data Integrity Guidance emphasise the need for risk-based review.

The guide explains that inspectors expect audit trail review to occur both before the release of results and batches, and periodically as a system-level review.

---

Types of audit trails

Not all audit trails are the same:

1. Data Audit Trail

Tracks changes to results, parameters, sequences and tests.
This is the most critical audit trail for GMP purposes.

2. System Audit Trail

Records changes to configurations, users, privileges and system settings.
Essential for data governance.

3. Critical vs non-critical audit trails

The guide clearly differentiates:

• those linked to batches or analyses → must be reviewed for each operation,
• non-critical audit trails → can be reviewed periodically.

---

Real examples of inspection findings

Recurrent issues highlighted in the guide include:

• multiple reprocessing of chromatographic data without justification
• changes to process parameters (temperature, stirring) without an opened deviation
• deletion of LIMS tests without documentation
• shared accounts or use of “admin” access → major violation of Attributable (ALCOA)

The Able Laboratories case, cited as a reference, showed how the absence of ATR allowed unfavourable test results to be deleted for years.

---

Operational benefits

• Prevention of non-compliant behaviours
• Improved data quality
• Stronger QC and manufacturing processes
• Faster and more secure passage through FDA/EMA inspections

---

Career impact

Professionals able to perform an effective Audit Trail Review are among the most sought-after in QA, QC, RA, Data Integrity and Manufacturing Compliance.
ATR skills increase autonomy, reduce errors and strengthen authority during inspections.

---

FAQ

1. Is Audit Trail Review mandatory?
Yes. FDA, EMA and PIC/S require regular, documented ATR.

2. Must it be done for every analysis?
For critical data: yes.
For non-critical data, periodic review is acceptable.

3. Is exporting the audit trail enough?
No. It requires interpretation, contextualisation, justification and signature.

4. Who should perform it?

• QC → for analytical tests
• Manufacturing → for batches
• QA → for final review and audit readiness

---

Conclusion

Audit Trail Review is an indispensable competency to ensure data integrity and to successfully pass regulatory inspections. Explore the full guide on GuideGxP.com