Audit Trail

What an audit trail is

An audit trail is a secure, computer-generated, time-stamped record of activity on a regulated record. It captures who did something, what changed, when it changed, and for material edits, why.

It's not a debug log. It's not a system access log. Those serve IT and security teams. The GxP audit trail is a quality record. It sits alongside the data it describes, gets retained for the same period as the underlying record, and gets produced on demand during an inspection.

Audit trails apply to electronic records that fall under predicate rules: manufacturing batch records, lab data, training history, deviations, CAPAs, change requests, audit findings, anywhere regulators expect a reconstructable history.

Why audit trails sit at the centre of every inspection

Inspectors use audit trails to answer one question: can you prove what actually happened? If a result was overwritten, a deviation was closed early, or a document was approved by someone who shouldn't have approved it, the audit trail is either the evidence or the place where its absence becomes the finding.

Audit trail weaknesses are among the most consistent themes in FDA Form 483s and EU GMP deficiencies. Patterns include trails disabled by default, trails that exist but nobody reviews, trails that can't be produced during the inspection window, and shared user accounts that destroy attribution.

Inspector perspective: on a chromatography system or LIMS, the first ask is usually the audit trail review SOP and the most recent review record. If the review cadence isn't documented, or the reviewer signed but the trail itself is empty, the rest of the conversation gets considerably harder for the firm.

Where audit trails are required and how regulators describe them

Audit trail expectations are explicit in modern data integrity guidance and implicit in the predicate rules they support. The references that show up in findings:

• 21 CFR §11.10(e): closed-system controls must use “secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records.”
• 21 CFR §11.10(k): appropriate controls over systems documentation, including revision and change control.
• 21 CFR §211.68(b): drug-manufacturing computerized systems must produce data according to established requirements with controls preventing unauthorized access or changes.
• 21 CFR §211.180(a): production, control, and distribution records retained for at least one year after batch expiration (or one year past distribution for non-expiration OTC products).
• EU GMP Annex 11 §9: “Consideration should be given... to the inclusion in the system of the creation of a record of all GMP-relevant changes and deletions (a system-generated ‘audit trail’).”
• EU GMP Chapter 4 §4.9: records must allow full traceability of activities.
• MHRA 'GxP' Data Integrity Guidance (March 2018, updated September 2021): defines audit trail expectations against ALCOA+ and describes review cadence.
• PIC/S PI 041-1 (July 2021): §9 covers audit trail design, review, and inspection expectations.
• WHO TRS 1033, Annex 4 (2019): audit trail principles aligned to PIC/S.
• ICH Q9(R1) Quality Risk Management (Step 4, January 2023; EU GMP adoption effective July 2023): risk principles drive audit-trail review frequency by criticality.
• ISO 13485 §4.2.5: control of records, including electronic records used as device QMS evidence.

What an inspection-ready audit trail captures

A complete entry captures the following at the same time as the action, bound to the record it describes:

• Who — the authenticated user (no shared accounts; system-generated entries attributed to the system actor)
• What action — created, modified, viewed, signed, approved, deleted, printed, exported, status-changed
• When — server-side UTC timestamp, not client time, to defeat clock manipulation
• What changed — for edits, both the original value and the new value, stored separately
• Why — for material edits to GxP records, a reason captured at the moment of the edit, not back-filled
• From where — IP / hostname / session ID for forensic reconstruction
• Linked record — the entry is bound to the GxP record by foreign key, not parked in an unrelated log file
• Generation: the system writes the entry automatically; the user can't disable or bypass
• Storage: immutable; no delete or overwrite through application logic or database access
• Review: periodic cadence defined by SOP, performed by an independent reviewer, signed off as a controlled record
• Retention: trail retained for at least the same period as the underlying record, available throughout
• Production: exportable in human-readable form during an inspection, on demand, without IT dependency

What strong audit trail programs share

Quality systems that hold up at inspection have controls that go beyond the technical capture of events:

• Can't be disabled — the system rejects any configuration that turns audit trail off; engineering controls block IT bypass
• Reason-for-change enforced — material edits to GxP records require a free-text reason, captured before the save, not optional
• Attribution is real — every user has a unique account; shared accounts and 'administrator' generics are out of GxP workflows
• Time source is controlled — server NTP-synchronized, not client clock; timezone normalized to UTC for storage with local display
• Review SOP exists and gets followed — review frequency tied to risk; reviewer independent of the record owner
• Review evidence is itself a controlled record — reviewer signature, date, scope, exceptions noted, follow-up actions linked
• Exception triggers — automated flags for high-risk edits, after-hours changes, repeated retries, deletion attempts
• Producible to an inspector — filterable by record, user, date range, action type; exportable in a readable format within minutes
• Survives system migration — when a system is decommissioned, the trail migrates with the records or gets exported and retained as required

How Complere captures and produces audit trails

An audit trail is only as useful as your team's ability to produce it under pressure. Complere is built so the trail captures itself in the background of every regulated workflow, stays intact for the life of the record, and lands in front of an inspector in a form your team can hand over directly.

Every regulated record on the platform — a document, a CAPA, a change request, an audit finding, a deviation, a training history, a risk assessment — carries its own history. Each entry shows who did what, when, and for material edits, why. The original and the changed values both stay in the history. The trail can't be edited or deleted through the application — no user, administrator, or workflow in Complere exposes a way to overwrite or remove audit trail entries.

Signed actions land in the history alongside ordinary actions, with the signer's identity, the meaning they applied to the signature, and the moment they signed. The signature travels with the record it was applied to; it can't be detached and reused on something else. Logins are individual, never shared, so attribution stays real and the trail you produce ties back to a specific person.

When your team needs to produce evidence — an unannounced inspection, an internal audit, a supplier query, a deviation investigation — the trail is filterable by record, user, action type, or date range and exportable in a human-readable form. The history for a CAPA closure, the signing trail for a document approval, the complete activity log for a single user across a date range: all on demand, no IT ticket, no overnight export job.

The audit trail program around the system stays with your team: defining the review cadence by risk, running periodic reviews with an independent reviewer, retaining the review evidence itself as a controlled record, and verifying retention scope matches the predicate rule that applies to each record type. Complere keeps the trail; your team keeps the program around it.

Related quality and data integrity terms

Audit trail connects to many other quality concepts. Explore related terms to build a complete picture.

• ALCOA+ — the framework that defines what an audit trail has to support
• Data Integrity — audit trail is one control; data integrity is the outcome
• 21 CFR Part 11 — §11.10(e) is the principal U.S. citation
• Document Control — controlled documents carry their own audit trail
• Internal Audit — examines audit trail review evidence
• Deviation — depends on audit trail to demonstrate investigation steps
• CAPA — closure evidence validated through the audit trail