Regulatory agencies are increasingly looking at the TMF audit trail to gain greater insight into data integrity. We review practical steps to help ensure that your TMF audit trail is ready for inspection, based on regulatory guidelines and lessons learned from actual inspections.
Data integrity is one of the biggest issues facing regulatory agencies today, leading to the audit trail for some documents coming under review more frequently during inspections. This added scrutiny is especially common when the inspector believes documents do not meet mandated requirements, or that there was a failure to follow proper procedure - bringing the information contained within those documents into question.
To better understand the reasons behind this increased scrutiny, it’s helpful to review key excerpts from relevant regulatory requirements:
MHRA
(MHRA Grey Guide chapter 10, p.345)
Audit trails are a required feature for managing electronic documents associated with a clinical trial. What should an audit trail contain - The system must have an audit trail in place to identify date/time/user details for creation, uploading, approval and changes to a document.
EMA
(EMA/CHMP/ICH/135/1995)
(EMA/15975/4.2.2)
(EMA/INS/GCP/856758/2018)
4.1.2. Sponsor/CRO Electronic Trial Master File
4.2. Quality of Trial Master File
Article 57 of the Regulation states “The clinical trial master file shall at all times contain the essential documents”. The sponsor and/or investigator/institution should implement risk-based quality checks (QC) or review processes to ensure the TMF is being maintained up-to-date and that all essential documents are appropriately filed in the TMF. Areas to consider during QC and review include the following:
This last point - review of the audit trail with the qualifier that it applies only to electronic Trial Master File (eTMF) systems - demonstrates the near-impossibility of conducting audit trail review with a paper TMF, or with a TMF managed through spreadsheets or generic systems such as SharePoint.
While eTMFs are not mandated (yet) by regulatory agencies, inspectors have told us quite frankly that it makes their jobs much easier and faster. At the same time, using an eTMF means that complying with TMF mandates requires far less effort on the part of your organization, while improving inspection-readiness.
What are some of the benefits of reviewing your audit trail with an eTMF? You ensure that your audit trail is logging activity and showing the steps outlined in your SOPs, which assists in validating your data. In addition, you support critical oversight activities such as tracking user activity as well as the permissions / functionality they have within the system.
What Should Be Included In Your Audit Trail Review
Audit trails from electronic systems automatically capture a tremendous amount of information valuable to regulatory compliance. For example, they will record every time the system moves or touches a document, and every instance where a human being interacts with the document - including when it is simply viewed but not acted on.
At a minimum, your audit trail review should consist of the following:
In addition, one of the most important – and often overlooked – activities is to review the audit trail for process. What we mean by that is the system should be logging the activities that were taken on a document, which allows you to verify and validate your documented process outlined in your SOP and provide evidence that it has been appropriately followed.
One of the keys is examining your process for user management in your system of record. Are user accounts being disabled or changed when roles change or people leave? Are permissions set up correctly; for example, does a particular document processor have the correct authorizations to act within the scope of their role, but cannot impact anything outside what is defined by the SOP? Are there safeguards in place to prevent access to unblinded data without the precise permissions and context?
Keep in mind, however, that your process does not have to consist of hundreds of pages of every detail – it simply has to cover the key steps so that an inspector can see that you have thought the process through and have the main components (see Figure 1).
Figure 1: Guidelines for documenting your audit trail review and processes.
Not All Audit Trails Are Created Equal
It is pretty much standard for any eTMF system today to include basic audit trail capability. From the perspectives of usability, compliance, and inspection support, however, there is a wide variance that you should be aware of.
Some of the critical capabilities that make audit trail review faster and easier for all concerned include:
In a recent Phlexglobal survey, 41% of respondents said that they are not currently reviewing their TMF audit trail, while 39% said they review it only as needed. As we have seen, however, regulatory agencies are increasingly including the audit trail in their inspections, leading to a greater likelihood of critical findings. With electronic systems automating the creation of the audit trail and making review a far more streamlined process, there is today no reason not to include audit trail review in your standard operating procedures.
Originally published in the January 2021 edition of HSRAA ONrecord.