Hi All,
Does the audit trail need to contain the user’s role when they apply their electronic signature?
Is that a regulatory requirement?
Regards
Nothing in the reg I can see that would mandate it. We could get all wrapped around the axle with discussions on users having multiple roles and using the audit trail to verify the user was in the right role when performing the action but let’s not go there. 
If you can unambiguously identify who did what and when they did it, I think you’re in a very defensible position.
That makes sense…thanks Yodon!
[quote=yodon]
If you can unambiguously identify who did what and when they did it, I think you’re in a very defensible position.[/quote]
in the context of audit trail & user ids, “un-ambiguity” need to be addressed in two part,
- I agree with Yodon that, its tying the identify of person with the record/activity being performed;
and - other part is to do with the access controls authorization specific to the function and role.
i.e., my user id can have authorization to perform an activity for a given document at a location or unit. (considering the organization has multiple locations/units or teams)
however, i may not have same privilege at other locations.
this is required to meet the requirements of part 11 wrt
URL=“http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11&showFR=1” Limiting system access to authorized individuals.
(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.[/url]
Thank you v991