Implementing an Audit Trail within a Clinical Reporting Tool Paul Gilbert, Troy A. Ruth, Gregory T. Weber DataCeutics, Inc.



Similar documents
Using SAS/IntrNet as a Web-Enabled Platform for Clinical Reporting

ABSTRACT INTRODUCTION WINDOWS SERVER VS WINDOWS WORKSTATION. Paper FC02

The Infrastructure Audit Trail and Part 11

How To Use Sas With A Computer System Knowledge Management (Sas)

Empower TM 2 Software

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

21 CFR Part 11 Compliance Using STATISTICA

Introduction. Editions

Manual 074 Electronic Records and Electronic Signatures 1. Purpose

SolidWorks Enterprise PDM and FDA 21CFR Part 11

FDA 21 CFR Part 11 Electronic records and signatures solutions for the Life Sciences Industry

21 CFR Part 11 Checklist

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures

21 CFR Part 11 Implementation Spectrum ES

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements

Oracle WebCenter Content

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM

Nova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1

The Impact of 21 CFR Part 11 on Product Development

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

rsdm and 21 CFR Part 11

Internal Control Deliverables. For. System Development Projects

Statistical Operations: The Other Half of Good Statistical Practice

Load testing with. WAPT Cloud. Quick Start Guide

Software. For the 21 CFR Part 11 Environment. The Science and Technology of Small Particles

InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures

REGULATIONS COMPLIANCE ASSESSMENT

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

TIBCO Spotfire and S+ Product Family

Managing Clinical Trials Data using SAS Software

Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.

Guidance for Industry. 21 CFR Part 11; Electronic. Records; Electronic Signatures. Time Stamps

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Electronic Copies of Electronic Records

PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise Agents

Audit/Logging Repudiation. Security Testing: Testing for What It s NOT supposed to do

Compliance Matrix for 21 CFR Part 11: Electronic Records

ScreenMaster RVG200 Paperless recorder FDA-approved record keeping. Measurement made easy

How To Write A Clinical Trial In Sas

M-Files QMS. Out-of-the-Box Solution for Daily Quality Management

21 CFR Part 11 White Paper

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES CFR Part 11 Compliance PLA 2.1

Team Collaboration, Version Management, Audit Trails

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

REx: An Automated System for Extracting Clinical Trial Data from Oracle to SAS

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

Full Compliance Contents

Sage ERP X3 I White Paper

Guidance for Industry Computerized Systems Used in Clinical Investigations

Improve your Clinical Data Management With Online Query Management System

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

DeltaV Capabilities for Electronic Records Management

Regulated Documents. A concept solution for SharePoint that enables FDA 21CFR part 11 compliance when working with digital documents

How To Control A Record System

NETWRIX EVENT LOG MANAGER

Secure Configuration Guide

AutoSave. Achieving Part 11 Compliance. A White Paper

Optimizing Data Quality and Patient Safety with EDC Integration

EzyScript User Manual

Product Life Cycle Management

Microsoft Dynamics GP. Audit Trails

Why Document Management. Fortis & Fortis SE

CDISC Journal. Using CDISC ODM to Migrate Data. By Alan Yeomans. Abstract. Setting the Scene

Clinical Data Management (Process and practical guide) Dr Nguyen Thi My Huong WHO/RHR/RCP/SIS

Using SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium

Auditing Chromatographic Electronic Data. Jennifer Bravo, M.S. QA Manager Agilux Laboratories

Implementation of 21CFR11 Features in Micromeritics Software Software ID

Intland s Medical Template

A ChemoMetec A/S White Paper September 2013

Microsoft Dynamics GP Audit Trails

How To Test Your Web Site On Wapt On A Pc Or Mac Or Mac (Or Mac) On A Mac Or Ipad Or Ipa (Or Ipa) On Pc Or Ipam (Or Pc Or Pc) On An Ip

DeltaV Capabilities for Electronic Records Management

Seamless Web Data Entry for SAS Applications D.J. Penix, Pinnacle Solutions, Indianapolis, IN

TARGETPROCESS HELP DESK PORTAL

The Importance of Good Clinical Data Management and Statistical Programming Practices to Reproducible Research

Countdown to Compliance

Change Management for Rational DOORS User s Guide

CatDV Pro Workgroup Serve r

Release 2.1 of SAS Add-In for Microsoft Office Bringing Microsoft PowerPoint into the Mix ABSTRACT INTRODUCTION Data Access

Electronic Document and Record Compliance for the Life Sciences

Release Notes for Patch Release #2614

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

Review and Approve Results in Empower Data, Meta Data and Audit Trails

AN INTRODUCTION TO THE PHARSIGHT KNOWLEDGEBASE SUITE

Life sciences solutions compliant with FDA 21 CFR Part 11

NETWRIX EVENT LOG MANAGER

StARScope: A Web-based SAS Prototype for Clinical Data Visualization

Crystal Server Upgrade Guide SAP Crystal Server 2013

Payment Card Industry Data Security Standard Payment Card Industry Data Security Standard (PCI / DSS)

Dell InTrust Preparing for Auditing Microsoft SQL Server

DocuShare User Guide

WHITE PAPER. CONVERTING SDTM DATA TO ADaM DATA AND CREATING SUBMISSION READY SAFETY TABLES AND LISTINGS. SUCCESSFUL TRIALS THROUGH PROVEN SOLUTIONS

Transcription:

Paper AD12 Implementing an Audit Trail within a Clinical Reporting Tool Paul Gilbert, Troy A. Ruth, Gregory T. Weber DataCeutics, Inc., Pottstown, PA ABSTRACT This paper is a follow-up to Overview of a Browser-Based Clinical Report Generation Tool, presented at PharmaSUG 2003. Improved control over the reporting environment was stated as one of the next steps, with the planned addition of a Move to Production facility and accompanying system audit trail. The discussion in this paper will focus on the implementation of the system audit trail. An audit trail is a useful tool for management to record and review the activities of staff responsible for development and maintenance within a Clinical Reporting Environment. A system audit trail is a vital component in a system intended to satisfy 21 CFR Part 11 and other regulatory requirements. DataCeutics has developed a system audit trail for the DataCeutics Report Portal TM (DRP), to further establish the DRP as a comprehensive Clinical Reporting Tool, suitable for use on clinical projects intended for submission. The system audit trail, like the DRP, was developed using the SAS system, SAS/IntrNet application, HTML, and JavaScript. This paper is an overview of the system audit trail component of the DRP application, focusing on the technical and functional design and compliance with 21 CFR Part 11. INTRODUCTION The objectives of a Clinical Reporting Tool are to increase reporting efficiency and quality while saving time, reducing costs and maintaining regulatory compliance. This is achieved through the introduction of automation and an environment where good programming practices are enforced. DataCeutics, Inc. has developed The Clinical Reporting Solution TM (CRS) to address these objectives. The CRS is comprised of the DataCeutics Report Portal TM (DRP) front-end user interface, a back-end report generator and customized report templates. The audit trail and Move to Production facility discussed in this paper are part of the DRP component. The design and implementation of a Clinical Reporting Tool, the DataCeutics Report Portal (DRP), was discussed in the paper Overview of a Browser-Based Clinical Report Generation Tool, presented at PharmaSUG 2003. The DRP met the objectives of automating clinical report generation, providing a server-based application requiring only a web browser on the client, and helping to enforce a 21 CFR Part 11 compliant programming environment. One of the next steps for the DRP was to implement an automated Move to Production facility, along with an accompanying system audit trail. The inclusion of a reliable, easy-to-follow audit trail is considered one indication of good internal control in a system. In the Pharmaceutical Industry, audit trails are most often associated with the collection, cleaning, and management of clinical data. All major Clinical Database Management Systems (CDBMS) include an audit trail. Less mature in the industry, however, is an audit trail to track activities within a clinical reporting environment. The audit trail presented here is a component of the DRP, tracking development and maintenance activities within the reporting environment. The DRP is a browser-based thin-client application for automating and controlling the production of SAS Clinical Reports. In the DRP, programs are created in the development environment and then promoted to production. The audit trail is defined as an electronic record of the development, promotion, execution and deletion of stored SAS program files. This paper will review the requirements of the DRP audit trail and Move to Production facility and demonstrate the functionality within the DRP that contributes to the audit trail. PROBLEM ADDRESSED The DRP facilitates enforcement of a 21 CFR Part 11 compliant SAS programming environment by allowing for creation and management of programs and output in a validated environment, with separate development and production areas. As programs are updated, previous versions and associated metadata (e.g. titles and footnotes) are archived. These archived programs and metadata can later be viewed or retrieved. Without a system audit trail, it is difficult to know who created, deleted or promoted programs. The ability to control the environment is compromised, if users are able to carry out these activities within the reporting environment without a record, even if the users are authorized to perform these functions.

BENEFITS Through the implementation of a system audit trail, internal control is established, allowing a traceable history of all of the significant events surrounding the development, maintenance, and promotion to production of programs that are vital to the submission of clinical data. A system audit trail can be beneficial in meeting the following objectives: Regulatory Compliance by recording time-sequenced development and maintenance activities by user ID, the audit trail provides the documentation required to ensure that the system is being maintained with suitable control. Management Control through the same components that satisfy regulatory compliance, management is able to review the activities of staff to ensure that clinical report development is occurring according to project goals and standard operating procedures and that production programs are protected against unexpected changes after validation has occurred. AUDIT TRAIL COMPONENTS Some considerations for implementing a system audit trail are storage and retrieval, security, integrity and extendibility. The design of the DRP audit trail is an attempt to address these considerations both directly and indirectly, with explicit features meeting these needs or a design that will allow for their future implementation as DRP requirements and functionality are expanded. Storage and Retrieval The audit trail is stored electronically. The DRP includes audit trail reports that can be viewed, printed and copied at any time. All users have access to the reports. Security The DRP uses host-based authentication as provided by the SAS/Intrnet product. Only users with sufficient permission are able to access the DRP and audit trail. The DRP is intended to be used as a closed system with all users under control of the company. Integrity - The audit trail entries are permanently associated with a specific study and user ID. The audit trail cannot be disabled. Extendibility For future requirements the DRP can easily capture new activities into the audit trail. DESIGN OVERVIEW Developed using the SAS system, SAS/IntrNet, HTML and JavaScript, the DRP is a thin-client, server-based application. It acts as a user interface to the report generation software stored on the SAS server. The interface allows the user to generate SAS programs, select patient subsets, execute SAS programs, generate SAS output files, view SAS source files, view output files, view SAS log files and re-generate output. The interface also includes a Manage function where users and administrators can perform basic file management activities including file deletion and promotion of SAS programs from development to production. The system supports two separate environments; a development environment and a production environment. The development environment is where users build and test the SAS report programs prior to moving the program into the production environment. The system maintains one audit trail for each environment and for each study. The audit trails are stored as SAS data sets. New audit trail records are appended to the data sets. There is no capability through the DRP interface to overwrite or modify entries once they are created. DRP AUDIT TRAIL REQUIREMENTS The DRP Audit Trail was developed to meet the following requirements: All entries will record the date, time, user, file name and event description. Users must be able to view the audit trail in development and production. For user-initiated events, the user will be able to insert a comment into the audit trail. There will be one audit trail per clinical study. Previous versions of programs will be archived and available if needed. The system will record the following events in the development environment: Creation of SAS programs Deletion of SAS programs The system will record the following events in the Production environment: Promotion of SAS programs to production Archival of SAS programs Deletion of SAS programs

FUNCTIONAL OVERVIEW The system requires users to login using a UNIX account, select a project and select a study within the project. The study selection box allows the user to work in a production or development mode. Once a study is selected, the user has access to the Build Report, Run Report, View Report and Manage functions. DEVELOPMENT AUDIT TRAIL The following image shows the Manage Files interface as it appears in development. There are three reports available that show different views of the audit trail. Selecting the first report link displays the audit trail sorted by Date and Time. The report shows the date, time, file name, user ID, system action and a user comment. The following screenshot shows a series of SAS programs created by user gilbertp. In development, programs can be saved as many times as needed, but each time a file is overwritten a new record is appended to the audit trail.

Returning to the main Manage Files screen and choosing the Delete function, displays the Delete Files interface. In development, all users can select files to delete. Each time a file is deleted, the action is recorded in the audit trail. A comment field is available for users to provide additional information. PRODUCTION AUDIT TRAIL The following image shows the Manage Files interface as it appears in production. In addition to the audit trail reports and delete function, a Move to Production function is available for promotion of SAS programs. The Move to Production (MTP) interface is shown below. A table displays all programs that are available to move to

production. The table is color coded to indicate the status of the file. No highlight indicates that there is no production version of the program Green highlight indicates that the development version has NOT been updated since the last MTP Red highlight indicates that the development version HAS been updated since the last MTP The user selects the files to move to production. If a file already exists in production, then it is archived with a date time stamp prior to being overwritten and two entries are placed in the audit trail. The first entry records the archival of the existing production version and the second entry records the move to production of the development version. The screenshot below shows a view of the production audit trail.

The delete function has the same functionality in production as in development, but is only available if a user has the DRP-defined role of Project Manager. When multiple files are selected for deletion or move to production, these files get individual entries in the audit trail, but are handled as a single batch and all receive the same date time stamp. CONCLUSION The addition of an audit trail and Move to Production facility within the DRP facilitates enforcement of a 21 CFR Part 11 compliant SAS programming environment. Management control is enhanced by the system s ability to record and report user activity, including the creation, deletion, and promotion of SAS programs. The design and functional overview demonstrated how the audit trail and Move to Production facility are integrated into the DRP. Audit trail events are automatically captured by the system and cannot be circumvented by a user. Read-only access to the audit trail information is provided through system audit trail reports. REFERENCES Overview of a Browser-Based Clinical Report Generation Tool, by Greg Weber, Paul Gilbert and Teofil Boata, presented at PharmaSUG 2003, May 2003. Code of Federal Regulations, 21CFR11-- PART 11--ELECTRONIC RECORDS; ELECTRONIC SIGNATURES CONTACT INFORMATION Your comments and questions are valued and encouraged. Contact the authors at: Gregory T. Weber DataCeutics Inc. Pottstown, PA 19464 610-970-2333 weberg@dataceutics.com DataCeutics, Inc. (http://www.dataceutics.com) is a SAS Alliance Partner and a CDISC member. CR Toolkit and DataCeutics Report Portal (DRP) are registered trademarks or trademarks of DataCeutics, Inc. SAS and all other SAS Institute, Inc. product or service names are registered trademarks or trademarks of SAS Institute, Inc. in the USA and other countries. indicates USA registration.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information