SlideShare a Scribd company logo

Audit Trails

Download as PPT, PDF
Allan Arante
Allan Arante

Audit trails are the single largest cost component

Business
1 of 12
TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.Quinn Slide # 1 Comments on the Utility vs. Burden of Audit Trails “Audit trails are the single largest cost component of 21 CFR 11 compliance.” John Doe, presenting at CHPA / FDA 1999
TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 2 A Word From Our Sponsor Subpart B—Electronic Records § 11.10 Controls for closed systems. …Such procedures and controls shall include the following: (e) Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.
TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 3 Part 11’s Literal Meaning • The only transactions that need audit trails are ones performed by “operators” • The only data that is required to be in the audit trail itself is the date and time – This means we do not have to replicate data from the transaction in the audit trail – Technically, we do not we do not even need to record the operator’s ID • There are some very good reasons to take a minimalist approach to audit trails
TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 4 Audit Trails - Current Pharmaceutical Model • Audit trails are usually replications of a subset of a transaction record – “Source record” >>> “Audit record” • Audit records are usually stored in a similar (if not the same) data structure • Ubiquitously, audit records have the same or lower security level as source records • Hollis refers to this scheme as “Data-level Audit Records”
TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 5 Data-level Audit Records (Creating a New Record) SOURCE DATABASE AUDIT DATABASE
TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 6 Data-Level Audit Records (Correcting a Typographic Error) SOURCE DATABASE AUDIT DATABASE
TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 7 Audit Trails – Current Financial Model • The term “audit trails” is misleading; these are actually “audited transactions” – System A proposes transaction – System B proposes agreement – System X (the security system) examines • The data labelling • A’s and B’s privileges • The structure of the transaction – System X grants permission for the transaction • And keeps a log – All in real-time
TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 8 System-Level Audit Records (Any Type of Transaction) SOURCE DATABASE JOURNAL FILE Read:Cust_Rec:tquinn2270; *.*|| Writ>:Xact_prop:tquinn2270; Cur_Bal;310.65|| Read:ACF_2_Rcpt:Auth_cod: <result>|| Writ:tquinn2270:Cur_Bal; 310.65:Auth_cod;<result>||
TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 9 Comparing the Two • Data-level audit trails: – Are much easier to program and run – Tend to produce larger record sets – Keep the audit and source data in the format – A MUCH easier to compromise • System-level audit trails: – Are much more difficult to include in designs – Tend to produce smaller record sets – Keep the audit and source records separate – Are MUCH more difficult to compromise
TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 10 Risk Analysis • Data-level audit records and source data are (about) equally vulnerable to insider threats – Insiders are the most common threat • Replicating data-level audit records provides outsider adversaries with two attack vectors – It’s more effective to invest in other defenses • System-level audit records are only useful in prevention if they are used in real-time – In order to assist with detection, they must be periodically and meticulously reviewed
TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 11 Recommendations • Do NOT change the audit trail wording of 21 CFR § 11.10 (e) to require more information in the audit trail • Perform a Regulatory Flexibility Analysis to justify the requirement for audit trails, and include details of: – Financial burden of audit trails, particularly upon small and disadvantaged businesses – Raw and normalized statistics of when audit trails have been useful in protecting public health
TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 12 Questions? Thomas Quinn, President The Hollis Group, Inc 37 North Valley Rd. #105 Station Square II Paoli, PA 19301 tquinn@hollisgroup.com www.hollisgroup.com v: 610.889.7350 f: 610.296.2339

Recommended

CHANGE CONTROL
CHANGE CONTROLCHANGE CONTROL
CHANGE CONTROL
sonia nazir
 
MHRA Data Integrity Requirements
MHRA Data Integrity RequirementsMHRA Data Integrity Requirements
MHRA Data Integrity Requirements
GMP EDUCATION : Not for Profit Organization
 
Gamp5 new
Gamp5 newGamp5 new
Gamp5 new
Kalpeshkumar Vaghela
 
Data Integrity Issues in Pharmaceutical Companies
Data Integrity Issues in Pharmaceutical CompaniesData Integrity Issues in Pharmaceutical Companies
Data Integrity Issues in Pharmaceutical Companies
Piyush Tripathi
 
Presentation on US FDA Data Integrity Guidance.
Presentation on US FDA Data Integrity Guidance.Presentation on US FDA Data Integrity Guidance.
Presentation on US FDA Data Integrity Guidance.
GMP EDUCATION : Not for Profit Organization
 
Pharma data integrity
Pharma data integrityPharma data integrity
Pharma data integrity
Girish Swami
 
USFDA guidelines on process validation a life cycle approach
USFDA guidelines on process validation a life cycle approachUSFDA guidelines on process validation a life cycle approach
USFDA guidelines on process validation a life cycle approach
Rx Ayush Sharma
 
Top 20 observation series 1 21 CFR 211.160
Top 20 observation series 1 21 CFR 211.160Top 20 observation series 1 21 CFR 211.160
Top 20 observation series 1 21 CFR 211.160
Sathish Vemula
 

Recommended

CHANGE CONTROL
CHANGE CONTROLCHANGE CONTROL
CHANGE CONTROL
sonia nazir
 
MHRA Data Integrity Requirements
MHRA Data Integrity RequirementsMHRA Data Integrity Requirements
MHRA Data Integrity Requirements
GMP EDUCATION : Not for Profit Organization
 
Gamp5 new
Gamp5 newGamp5 new
Gamp5 new
Kalpeshkumar Vaghela
 
Data Integrity Issues in Pharmaceutical Companies
Data Integrity Issues in Pharmaceutical CompaniesData Integrity Issues in Pharmaceutical Companies
Data Integrity Issues in Pharmaceutical Companies
Piyush Tripathi
 
Presentation on US FDA Data Integrity Guidance.
Presentation on US FDA Data Integrity Guidance.Presentation on US FDA Data Integrity Guidance.
Presentation on US FDA Data Integrity Guidance.
GMP EDUCATION : Not for Profit Organization
 
Pharma data integrity
Pharma data integrityPharma data integrity
Pharma data integrity
Girish Swami
 
USFDA guidelines on process validation a life cycle approach
USFDA guidelines on process validation a life cycle approachUSFDA guidelines on process validation a life cycle approach
USFDA guidelines on process validation a life cycle approach
Rx Ayush Sharma
 
Top 20 observation series 1 21 CFR 211.160
Top 20 observation series 1 21 CFR 211.160Top 20 observation series 1 21 CFR 211.160
Top 20 observation series 1 21 CFR 211.160
Sathish Vemula
 
Handling of OOS Dr.A. Amsavel
Handling of OOS Dr.A. AmsavelHandling of OOS Dr.A. Amsavel
Handling of OOS Dr.A. Amsavel
Dr. Amsavel A
 
Computer system validations
Computer system validationsComputer system validations
Computer system validations
Amruta Balekundri
 
Data integrity - Regulatory Perspective and Challenges:
Data integrity - Regulatory Perspective and Challenges: Data integrity - Regulatory Perspective and Challenges:
Data integrity - Regulatory Perspective and Challenges:
santoshnarla
 
Qa and qc seminar
Qa and qc seminarQa and qc seminar
Qa and qc seminar
srikrupa institute of pharmaceutical analysis
 
DATA INTEGRITY GMP COMPLIANCE
DATA INTEGRITY GMP COMPLIANCEDATA INTEGRITY GMP COMPLIANCE
DATA INTEGRITY GMP COMPLIANCE
Pharmaceutical
 
Change control oos oot
Change control oos ootChange control oos oot
Change control oos oot
AMOGH DANDEKAR
 
Validation of utility system (water system)
Validation of utility system (water system)Validation of utility system (water system)
Validation of utility system (water system)
ShameerAbid
 
ANNUAL PRODUCT REVIEW
ANNUAL PRODUCT REVIEWANNUAL PRODUCT REVIEW
ANNUAL PRODUCT REVIEW
Raghavendra institute of pharmaceutical education and research .
 
role of quality system and audit in pharmaceutical manufacturing environment....
role of quality system and audit in pharmaceutical manufacturing environment....role of quality system and audit in pharmaceutical manufacturing environment....
role of quality system and audit in pharmaceutical manufacturing environment....
MridulBindra2
 
Investigation of OOS and OOT results
Investigation of OOS and OOT resultsInvestigation of OOS and OOT results
Investigation of OOS and OOT results
Moshfiqur Rahaman
 
Case study on Out of Specification (OOS).
Case study on Out of Specification (OOS).Case study on Out of Specification (OOS).
Case study on Out of Specification (OOS).
Raghavendra institute of pharmaceutical education and research .
 
Good Automated Manufacturing Practices
Good Automated Manufacturing PracticesGood Automated Manufacturing Practices
Good Automated Manufacturing Practices
Prashant Tomar
 
Presentation on data integrity in Pharmaceutical Industry
Presentation on data integrity in Pharmaceutical IndustryPresentation on data integrity in Pharmaceutical Industry
Presentation on data integrity in Pharmaceutical Industry
Sathish Vemula
 
Computer system validation
Computer system validationComputer system validation
Computer system validation
Gaurav Kr
 
GMP Training: Handling of deviation
GMP Training: Handling of deviationGMP Training: Handling of deviation
GMP Training: Handling of deviation
Dr. Amsavel A
 
CASE STUDY ON CHANGE CONTROL
CASE STUDY ON CHANGE CONTROLCASE STUDY ON CHANGE CONTROL
CASE STUDY ON CHANGE CONTROL
JAYA PRAKASH VELUCHURI
 
Handling of Out of Specification Results
Handling of Out of Specification ResultsHandling of Out of Specification Results
Handling of Out of Specification Results
GMP EDUCATION : Not for Profit Organization
 
USDMF Preparation and Submissions
USDMF Preparation and SubmissionsUSDMF Preparation and Submissions
USDMF Preparation and Submissions
Gautam Halder
 
Cleaning validation
Cleaning validationCleaning validation
Cleaning validation
Vinay Jain
 
21 cfr part 210 and 211
21 cfr part 210 and 21121 cfr part 210 and 211
21 cfr part 210 and 211
Bhanu Chava
 
Standard Datasets in Information Retrieval
Standard Datasets in Information Retrieval Standard Datasets in Information Retrieval
Standard Datasets in Information Retrieval
Jean Brenda
 
Clireo eTMF Solution by arivis
Clireo eTMF Solution by arivisClireo eTMF Solution by arivis
Clireo eTMF Solution by arivis
Tricia Campbell - McQuarrie
 

More Related Content

What's hot

What's hot (20)

Handling of OOS Dr.A. Amsavel
Handling of OOS Dr.A. AmsavelHandling of OOS Dr.A. Amsavel
Handling of OOS Dr.A. Amsavel
 
Computer system validations
Computer system validationsComputer system validations
Computer system validations
 
Data integrity - Regulatory Perspective and Challenges:
Data integrity - Regulatory Perspective and Challenges: Data integrity - Regulatory Perspective and Challenges:
Data integrity - Regulatory Perspective and Challenges:
 
Qa and qc seminar
Qa and qc seminarQa and qc seminar
Qa and qc seminar
 
DATA INTEGRITY GMP COMPLIANCE
DATA INTEGRITY GMP COMPLIANCEDATA INTEGRITY GMP COMPLIANCE
DATA INTEGRITY GMP COMPLIANCE
 
Change control oos oot
Change control oos ootChange control oos oot
Change control oos oot
 
Validation of utility system (water system)
Validation of utility system (water system)Validation of utility system (water system)
Validation of utility system (water system)
 
ANNUAL PRODUCT REVIEW
ANNUAL PRODUCT REVIEWANNUAL PRODUCT REVIEW
ANNUAL PRODUCT REVIEW
 
role of quality system and audit in pharmaceutical manufacturing environment....
role of quality system and audit in pharmaceutical manufacturing environment....role of quality system and audit in pharmaceutical manufacturing environment....
role of quality system and audit in pharmaceutical manufacturing environment....
 
Investigation of OOS and OOT results
Investigation of OOS and OOT resultsInvestigation of OOS and OOT results
Investigation of OOS and OOT results
 
Case study on Out of Specification (OOS).
Case study on Out of Specification (OOS).Case study on Out of Specification (OOS).
Case study on Out of Specification (OOS).
 
Good Automated Manufacturing Practices
Good Automated Manufacturing PracticesGood Automated Manufacturing Practices
Good Automated Manufacturing Practices
 
Presentation on data integrity in Pharmaceutical Industry
Presentation on data integrity in Pharmaceutical IndustryPresentation on data integrity in Pharmaceutical Industry
Presentation on data integrity in Pharmaceutical Industry
 
Computer system validation
Computer system validationComputer system validation
Computer system validation
 
GMP Training: Handling of deviation
GMP Training: Handling of deviationGMP Training: Handling of deviation
GMP Training: Handling of deviation
 
CASE STUDY ON CHANGE CONTROL
CASE STUDY ON CHANGE CONTROLCASE STUDY ON CHANGE CONTROL
CASE STUDY ON CHANGE CONTROL
 
Handling of Out of Specification Results
Handling of Out of Specification ResultsHandling of Out of Specification Results
Handling of Out of Specification Results
 
USDMF Preparation and Submissions
USDMF Preparation and SubmissionsUSDMF Preparation and Submissions
USDMF Preparation and Submissions
 
Cleaning validation
Cleaning validationCleaning validation
Cleaning validation
 
21 cfr part 210 and 211
21 cfr part 210 and 21121 cfr part 210 and 211
21 cfr part 210 and 211
 

Similar to Audit Trails

Clireo eTMF Solution by arivis
Clireo eTMF Solution by arivisClireo eTMF Solution by arivis
Clireo eTMF Solution by arivis
Tricia Campbell - McQuarrie
 
DOES15 - Bill Shinn - Prove it! The Last Mile for DevOps in Regulated Organiz...
DOES15 - Bill Shinn - Prove it! The Last Mile for DevOps in Regulated Organiz...DOES15 - Bill Shinn - Prove it! The Last Mile for DevOps in Regulated Organiz...
DOES15 - Bill Shinn - Prove it! The Last Mile for DevOps in Regulated Organiz...
Gene Kim
 
Analytical Instrument Qualification and System Validation
Analytical Instrument Qualification and System ValidationAnalytical Instrument Qualification and System Validation
Analytical Instrument Qualification and System Validation
ComplianceOnline
 
TDWI Checklist Report: Active Data Archiving
TDWI Checklist Report: Active Data ArchivingTDWI Checklist Report: Active Data Archiving
TDWI Checklist Report: Active Data Archiving
RainStor
 
eSource, DIA EuroMeeting, Lisbon, March 2005
eSource, DIA EuroMeeting, Lisbon, March 2005eSource, DIA EuroMeeting, Lisbon, March 2005
eSource, DIA EuroMeeting, Lisbon, March 2005
AsseroLtd
 
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesThe Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
Compuware
 

Similar to Audit Trails (20)

Standard Datasets in Information Retrieval
Standard Datasets in Information Retrieval Standard Datasets in Information Retrieval
Standard Datasets in Information Retrieval
 
Clireo eTMF Solution by arivis
Clireo eTMF Solution by arivisClireo eTMF Solution by arivis
Clireo eTMF Solution by arivis
 
The Top 5 CTMS Enhancements You Can Make
The Top 5 CTMS Enhancements You Can MakeThe Top 5 CTMS Enhancements You Can Make
The Top 5 CTMS Enhancements You Can Make
 
Government Contracting - DFARS Part 235 - Research And Development Contractin...
Government Contracting - DFARS Part 235 - Research And Development Contractin...Government Contracting - DFARS Part 235 - Research And Development Contractin...
Government Contracting - DFARS Part 235 - Research And Development Contractin...
 
understanding the validity and increased scrutiny of data used for compliance...
understanding the validity and increased scrutiny of data used for compliance...understanding the validity and increased scrutiny of data used for compliance...
understanding the validity and increased scrutiny of data used for compliance...
 
Using Perforce Data in Development at Tableau
Using Perforce Data in Development at TableauUsing Perforce Data in Development at Tableau
Using Perforce Data in Development at Tableau
 
eTMF in the fast lane
eTMF in the fast laneeTMF in the fast lane
eTMF in the fast lane
 
DOES15 - Bill Shinn - Prove it! The Last Mile for DevOps in Regulated Organiz...
DOES15 - Bill Shinn - Prove it! The Last Mile for DevOps in Regulated Organiz...DOES15 - Bill Shinn - Prove it! The Last Mile for DevOps in Regulated Organiz...
DOES15 - Bill Shinn - Prove it! The Last Mile for DevOps in Regulated Organiz...
 
Analytical Instrument Qualification and System Validation
Analytical Instrument Qualification and System ValidationAnalytical Instrument Qualification and System Validation
Analytical Instrument Qualification and System Validation
 
A Pharma/CRO Partnership in the Design and Execution of Paperless Clinical Tr...
A Pharma/CRO Partnership in the Design and Execution of Paperless Clinical Tr...A Pharma/CRO Partnership in the Design and Execution of Paperless Clinical Tr...
A Pharma/CRO Partnership in the Design and Execution of Paperless Clinical Tr...
 
Etmf in the fast lane
Etmf in the fast laneEtmf in the fast lane
Etmf in the fast lane
 
The Fast Track to Fair Lab Data
The Fast Track to Fair Lab Data The Fast Track to Fair Lab Data
The Fast Track to Fair Lab Data
 
FHIR intro and background at HL7 Germany 2014
FHIR intro and background at HL7 Germany 2014FHIR intro and background at HL7 Germany 2014
FHIR intro and background at HL7 Germany 2014
 
TDWI Checklist Report: Active Data Archiving
TDWI Checklist Report: Active Data ArchivingTDWI Checklist Report: Active Data Archiving
TDWI Checklist Report: Active Data Archiving
 
An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178B
 
Production of mutimedia
Production of mutimediaProduction of mutimedia
Production of mutimedia
 
Reliability engineering chapter-3 failure data collection and analysis
Reliability engineering chapter-3 failure data collection and analysisReliability engineering chapter-3 failure data collection and analysis
Reliability engineering chapter-3 failure data collection and analysis
 
eSource, DIA EuroMeeting, Lisbon, March 2005
eSource, DIA EuroMeeting, Lisbon, March 2005eSource, DIA EuroMeeting, Lisbon, March 2005
eSource, DIA EuroMeeting, Lisbon, March 2005
 
IT and part 11
IT and part 11IT and part 11
IT and part 11
 
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesThe Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
 

Recently uploaded

obat aborsi jakarta wa 081336238223 jual obat aborsi cytotec asli di jakarta9...
obat aborsi jakarta wa 081336238223 jual obat aborsi cytotec asli di jakarta9...obat aborsi jakarta wa 081336238223 jual obat aborsi cytotec asli di jakarta9...
obat aborsi jakarta wa 081336238223 jual obat aborsi cytotec asli di jakarta9...
yulianti213969
 
WAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdfWAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdf
Western Alaska Minerals Corp.
 
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di PasuruanObat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Jakarta Wa 085176963835 Apotek Jual Obat Cytotec Di Jakarta
 
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di DepokObat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
Obat Aborsi Jakarta Wa 085176963835 Apotek Jual Obat Cytotec Di Jakarta
 
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di MalangObat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
Obat Aborsi Jakarta Wa 085176963835 Apotek Jual Obat Cytotec Di Jakarta
 
Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312
LR1709MUSIC
 
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
prakheeshc
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
vineshkumarsajnani12
 
Mental Health Issues of Graduate Students
Mental Health Issues of Graduate StudentsMental Health Issues of Graduate Students
Mental Health Issues of Graduate Students
vineshkumarsajnani12
 

Recently uploaded (20)

First Time Home Buyer's Guide - KM Realty Group LLC
First Time Home Buyer's Guide - KM Realty Group LLCFirst Time Home Buyer's Guide - KM Realty Group LLC
First Time Home Buyer's Guide - KM Realty Group LLC
 
Chapter 2 Organization Structure of a Treasury
Chapter 2 Organization Structure of a TreasuryChapter 2 Organization Structure of a Treasury
Chapter 2 Organization Structure of a Treasury
 
obat aborsi jakarta wa 081336238223 jual obat aborsi cytotec asli di jakarta9...
obat aborsi jakarta wa 081336238223 jual obat aborsi cytotec asli di jakarta9...obat aborsi jakarta wa 081336238223 jual obat aborsi cytotec asli di jakarta9...
obat aborsi jakarta wa 081336238223 jual obat aborsi cytotec asli di jakarta9...
 
A DAY IN LIFE OF A NEGOTIATOR By Pondicherry University MBA Students.pptx
A DAY IN LIFE OF A NEGOTIATOR By Pondicherry University MBA Students.pptxA DAY IN LIFE OF A NEGOTIATOR By Pondicherry University MBA Students.pptx
A DAY IN LIFE OF A NEGOTIATOR By Pondicherry University MBA Students.pptx
 
Moradia Isolada com Logradouro; Detached house with patio in Penacova
Moradia Isolada com Logradouro; Detached house with patio in PenacovaMoradia Isolada com Logradouro; Detached house with patio in Penacova
Moradia Isolada com Logradouro; Detached house with patio in Penacova
 
SCI9-Q4-MOD9.pdfetiwtitw3i3uu45w5wtitwjt
SCI9-Q4-MOD9.pdfetiwtitw3i3uu45w5wtitwjtSCI9-Q4-MOD9.pdfetiwtitw3i3uu45w5wtitwjt
SCI9-Q4-MOD9.pdfetiwtitw3i3uu45w5wtitwjt
 
WAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdfWAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdf
 
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di PasuruanObat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
 
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di DepokObat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
 
Presentation on cross cultural negotiations.
Presentation on cross cultural negotiations.Presentation on cross cultural negotiations.
Presentation on cross cultural negotiations.
 
Thompson_Taylor_MBBS_PB1_2024-03 (1)- Project & Portfolio 2.pptx
Thompson_Taylor_MBBS_PB1_2024-03 (1)- Project & Portfolio 2.pptxThompson_Taylor_MBBS_PB1_2024-03 (1)- Project & Portfolio 2.pptx
Thompson_Taylor_MBBS_PB1_2024-03 (1)- Project & Portfolio 2.pptx
 
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di MalangObat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
 
Home Furnishings Ecommerce Platform Short Pitch 2024
Home Furnishings Ecommerce Platform Short Pitch 2024Home Furnishings Ecommerce Platform Short Pitch 2024
Home Furnishings Ecommerce Platform Short Pitch 2024
 
What are the differences between an international company, a global company, ...
What are the differences between an international company, a global company, ...What are the differences between an international company, a global company, ...
What are the differences between an international company, a global company, ...
 
Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312
 
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
 
WheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond InsightsWheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond Insights
 
Pay after result spell caster (,$+27834335081)@ bring back lost lover same da...
Pay after result spell caster (,$+27834335081)@ bring back lost lover same da...Pay after result spell caster (,$+27834335081)@ bring back lost lover same da...
Pay after result spell caster (,$+27834335081)@ bring back lost lover same da...
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
 
Mental Health Issues of Graduate Students
Mental Health Issues of Graduate StudentsMental Health Issues of Graduate Students
Mental Health Issues of Graduate Students
 

Audit Trails

  • 1. TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.Quinn Slide # 1 Comments on the Utility vs. Burden of Audit Trails “Audit trails are the single largest cost component of 21 CFR 11 compliance.” John Doe, presenting at CHPA / FDA 1999
  • 2. TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 2 A Word From Our Sponsor Subpart B—Electronic Records § 11.10 Controls for closed systems. …Such procedures and controls shall include the following: (e) Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.
  • 3. TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 3 Part 11’s Literal Meaning • The only transactions that need audit trails are ones performed by “operators” • The only data that is required to be in the audit trail itself is the date and time – This means we do not have to replicate data from the transaction in the audit trail – Technically, we do not we do not even need to record the operator’s ID • There are some very good reasons to take a minimalist approach to audit trails
  • 4. TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 4 Audit Trails - Current Pharmaceutical Model • Audit trails are usually replications of a subset of a transaction record – “Source record” >>> “Audit record” • Audit records are usually stored in a similar (if not the same) data structure • Ubiquitously, audit records have the same or lower security level as source records • Hollis refers to this scheme as “Data-level Audit Records”
  • 5. TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 5 Data-level Audit Records (Creating a New Record) SOURCE DATABASE AUDIT DATABASE
  • 6. TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 6 Data-Level Audit Records (Correcting a Typographic Error) SOURCE DATABASE AUDIT DATABASE
  • 7. TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 7 Audit Trails – Current Financial Model • The term “audit trails” is misleading; these are actually “audited transactions” – System A proposes transaction – System B proposes agreement – System X (the security system) examines • The data labelling • A’s and B’s privileges • The structure of the transaction – System X grants permission for the transaction • And keeps a log – All in real-time
  • 8. TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 8 System-Level Audit Records (Any Type of Transaction) SOURCE DATABASE JOURNAL FILE Read:Cust_Rec:tquinn2270; *.*|| Writ>:Xact_prop:tquinn2270; Cur_Bal;310.65|| Read:ACF_2_Rcpt:Auth_cod: <result>|| Writ:tquinn2270:Cur_Bal; 310.65:Auth_cod;<result>||
  • 9. TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 9 Comparing the Two • Data-level audit trails: – Are much easier to program and run – Tend to produce larger record sets – Keep the audit and source data in the format – A MUCH easier to compromise • System-level audit trails: – Are much more difficult to include in designs – Tend to produce smaller record sets – Keep the audit and source records separate – Are MUCH more difficult to compromise
  • 10. TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 10 Risk Analysis • Data-level audit records and source data are (about) equally vulnerable to insider threats – Insiders are the most common threat • Replicating data-level audit records provides outsider adversaries with two attack vectors – It’s more effective to invest in other defenses • System-level audit records are only useful in prevention if they are used in real-time – In order to assist with detection, they must be periodically and meticulously reviewed
  • 11. TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 11 Recommendations • Do NOT change the audit trail wording of 21 CFR § 11.10 (e) to require more information in the audit trail • Perform a Regulatory Flexibility Analysis to justify the requirement for audit trails, and include details of: – Financial burden of audit trails, particularly upon small and disadvantaged businesses – Raw and normalized statistics of when audit trails have been useful in protecting public health
  • 12. TM Subject: The Hollis Group, Inc. Dept. App. Reg. Aff. QA Manuf. Purch. R & D Eng. Infrastructure Assurance FDA -21 CFR 11 Public Meeting, 2004JUN11, T.QuinnSlide # 12 Questions? Thomas Quinn, President The Hollis Group, Inc 37 North Valley Rd. #105 Station Square II Paoli, PA 19301 tquinn@hollisgroup.com www.hollisgroup.com v: 610.889.7350 f: 610.296.2339