In a gmp computerized system, does the audit trail required to capture user logins? I’ve just encountered a system which comes equipped with an audit trail. While the audit trail captures records including time/date/user when the system start/stop/abort or when changes are made to setpoints, user roles, etc., however, it does not capture the login if the user does not perform any such executions. Is this acceptable as far as compliance to 21 CFR Part 11?
I’m used to seeing systems where anytime a user access the system, a record is created.
My sentiments are the same as boomer chemist. I guess for read only stuff (what you described above), you might not actually need to record who was looking at things. I am surprised that the log-in/log-out is not logged somewhere.
If a tree falls in the forest and there is no one to hear it does it make a sound?
Sorry… couldn’t resist. I would think it would probably be ok, but it is odd… and I don’t think I’ve seen it before, but I have seen systems that anyone could view information without logging in (fairly common for various monitoring programs). For example, you might have a facilities temp monitoring program that displays the temp…the user may even be able to click around and look back at older data without requiring a login. Sort of like and old school chart recorder.
I would expect logins to be recorded. Especially if you may need to confirm that someone has read something for example an SOP on a particular date. You need to ask do I need to track usage of the system to fulfil a regulatory requirement.
Dr David Trew
BSc (Hons), PhD, CChem MRSC
David Trew Consulting Ltd
Consultancy services for chemistry based businesses
and laboratory service sectors.