Audit Trail Specification & Audit Trail Review

In 2016 a lot of questions were asked about the good old Audit Trail and about the new topic of the so called “Audit Trail Review”. CCS has published a concept paper for an Audit Trail Specification and some considerations for the Audit Trail Review approach.

  • What is an Audit Trail – in the GMP context of the PQS?
  • What is the difference of a log and a GMP Data Audit Trail?
  • What is an Audit Trail Review good for? How often? Why?
  • What should be reviewed – function or data? What are the results – knowledge management?
  • Detection of data manipulation? Data Audit Trail or Activity Trail required?
  • Which data should be audit trailed and which one should be reviewed?
  • What are CPPs, CQAs, system parameters and/or master data / meta data?
  • How should a specification look like for a real GMP Data Audit Trail?
  • Why is the reason for change so important for a real GMP Data Audit Trail?
  • User roles and concept: Different types for the role Administrator?
  • GMP documentation with instructions and records vs. electronic data?
  • What is GMP critical data and knowledge management – on product and process level?
  • Which roles should be audit trailed and when and if so, how?
  • Is the Audit Trail Review executed manually or automatically?

You may find some answers or at least ideas for that in the free download provided by CCS below:

Download (revision 1): CCS_ Audit Trail Specification and Review_ 2017_rev1

Find more free Downloads at our: Download Page

Link – New Article: Who will review the Audit Trail Review?

Contact us for more information:

CCS – 100 – business customers reached in 2016

comes compliance services (CCS), a leading GXP consulting service provider, for Pharmaceutical Quality Systems, Data Governance and Integrity, Computer System Validation and Inspection Readiness Programs, today announced that it has acquired more than 100 business customers since the launch of its services in 2009. Pharmaceutical and Medical Device customers rely on the compliance and consultancy services since many years provided by CCS. About 80 % of CCS projects are repeat-business and sales continue to ramp steadily. Continue reading “CCS – 100 – business customers reached in 2016”

Draft PIC/S Good Practices for Data Management and Integrity

PIC/S has published on a draft basis a guidance on Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (PI 041-1 (Draft 2)) developed by the PIC/S Working Group on Data Integrity. This draft guidance will be applied on a 6-month trial basis by PIC/S Participating Authorities. This draft document results from the need among Inspectorates to have access to harmonised data integrity guidance, considering the impact to public health. The purpose of the trial-period is to learn from implementation. It is acknowledged that the guidance requires expanding in some areas; however, the document has value in describing foundational principles which can be enhanced in future revisions. This draft document is not open for comments by industry. Formal adoption of the guidance will proceed in accordance with PIC/S procedures – including a stakeholders’ consultation – on a revised version after completion of the trial-period.

Download: PI_041_1_Draft_2_Guidance_on_Data_Integrity_2

Excellence Seminar am 14. Juli 2016 in Stuttgart

Sie sind Geschäftsführer, Führungskraft oder Entscheidungsträger und haben wenig Zeit sich mit vielen Details zu beschäftigen und müssen doch die richtigen Entscheidungen treffen. Dieses Seminar soll in jeweils 100 Minuten einen Überblick über die Themen US-FDA Inspektionen, Inspection Readiness (Data Governance, elektronische Daten) und OPEX bis Industrie 4.0 vermitteln. Wo sind bei Investitionen entsprechende Schwerpunkte sinnvoll oder unbedingt notwendig und gibt es heute dazu schon Erfahrungen aus der Praxis. Continue reading “Excellence Seminar am 14. Juli 2016 in Stuttgart”

What happens if you do not validate your ERP System?

If you are planning to replace your old ERP System by a new ERP System including data migration by a hopefully qualified third party, and:

you do not validate the system including functions, records, and processes


you do not define a roll-back strategy / disaster recovery strategy


you do not verify all data migrated between data source and new system


you do not execute full and complete acceptance testing based on system requirements


you do not track issues and problems


you do not define system development procedures


you decide a system go-live or even final payment without final acceptance and approvals

it might go well, or maybe not – find an example here: Read More