Query on what constitutes auditable data

We are facing a situation with a customer where we built a software
application to collect, analyze and report data from an instrument. The
application collects raw data from the instrument via a serial port.
Users enter several pieces of information through a set of data entry
screens. This “metadata” is then applied to the collected raw data for
analysis and reporting.

Is it necessary for the software application to provide a mechanism to
report pre-edit and post-edit values for all the user entered "metadata"
to ensure part 11 compliance? The application does provide System, User
and Assay level audit trails which indicate changes made to data along
with reason for change. However, the actual values pre and post change
are not captured by the audit trail. It is our interpretation that the
only primary record w.r.t the software application is the raw data
generated from the instrument and that all user entered metadata is
simply being “transcribed” from elsewhere and technically does not come
under the purview of part 11 compliance requirements with regards the
software. It is understood that the transcribed data would need to
comply with necessary requirements, however, those would apply to the
point of origin of such data.

Thoughts and comments are greatly welcome.

As a very quick off-the-cuff response, you would have to providemore info on what the system is doing and what the "metadata"actually is. Context is everything in this business.Metadata can be everything from the trivial to the vital, so I youcannot put it all in a box and treat the same way. i.e. the archivebit status for a file might be considered unimportant in many cases,but “data about data” could also be a recording of a qualitydetermination about a spectrum i.e. it is ‘good’ or it is aninorganic compound, etc. In such cases, the metadata would be veryimportant- possibly required by regulation.In general, if the data is important and user editable, you willwant some way of being sure that you can see all of the previousentries. This would apply whether the part 11 scope applies or not.How you get there is largely up to you- but if you can comply withthe spirit of this requirement, you will not far wrong.

If it is data that is required by a predicate rule, then it can never be legally destroyed (during its effective life time).
i.e. you can never over write it. In a compliant part 11 system, when you update data, the original data is lacked away, while your edited version is given a new issue number.
Both versions must be available for review throughout the life of the data.

Alex Kennedy