21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.

com/21-cfr-part-11-audit-trail/

21 CFR Part 11 Audit Trail

Requirements
[Explained]
by Allan Murphy Bruun | Apr 27, 2023 | 21 CFR Part 11

The 21 CFR Part 11 is a part of the regulation by the US

FDA that establishes the criteria for electronic records
and digital signatures. According to this regulation, all

1 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

electronically stored records must have an audit trail

ensuring traceability.

Audit Trails are a critical component of compliance with 21 CFR Part

11 requirements as they provide a record of all activities in a
computer system and allow for the reconstruction of events, should
an investigation be required.

In this article, we will take a look at the requirements for audit trails
in 21 CFR Part 11. We will also look into some of the main
components of an audit trail, and key audit trail system features, and
explain how SimplerQMS meets the requirements for audit trails
according to 21 CFR Part 11.

SimplerQMS o�ers a comprehensive eQMS software solution

tailored for the Life Sciences industry and fully compliant with
21 CFR Part 11.

Get a personalized demo of SimplerQMS to see how our

solution can help you achieve and maintain compliance with 21
CFR Part 11.

Learn about 21 CFR Part 11 compliant audit trails by exploring these

topics:

• Audit Trail De�nition as per FDA

• What are 21 CFR Part 11 Audit Trail Requirements?
• Components of an Audit Trail Entry
• Key Audit Trail System Features
• Bene�ts of Implementing the Recording of Audit Trails
• How SimplerQMS Meets 21 CFR Part 11 Audit Trail Requirements

Audit Trail Definition as per

2 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

FDA
According to the FDA’s guidance for industry on computerized
systems used in clinical trials, an audit trail is de�ned as:

“A secure, computer-generated, time-stamped electronic record that

allows reconstruction of the course of events relating to the creation,
modi�cation, and deletion of an electronic record.”

In other words, an audit trail is the history of all actions performed in

a document, including the responsible person for the action, when,
which action was taken, and any other relevant details.

Audit trails enable tracking the document time-sequence

development to ensure they have not been altered in any way that
would compromise accuracy or reliability.

What are 21 CFR Part 11

Audit Trail Requirements?
The FDA 21 CFR Part 11 regulation requires the system used to
manage electronic records to provide a secure, computer-generated,
and time-stamped audit trail.

Its purpose is to accurately record changes made to documents.

Below, we will cover the audit trail requirements outlined in 21 CFR

Part 11 section 11.10 and provide a few brief examples of how
solutions like SimplerQMS can help companies meet them.

NOTE

Please note that the information presented in this article is for

educational purposes only and is not intended to be used as
o�cial regulatory guidance. It is recommended that companies

3 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

seeking compliance with 21 CFR Part 11 refer to the regulation.

Ensure Audit Trail Security

Only authorized individuals must have access to the system and be
able to make changes and sign o� documents. This ensures that the
audit trail is a secure and trustworthy record of actions.

According to 21 CFR 11.10(e), audit trails must be secure.

To achieve security, the system should limit access to only authorized

individuals, as stated in 21 CFR 11.10(d).

Enabling access, the ability to make changes, and document sign-o�s

only by authorized individuals ensure a secure and trustworthy audit
trail of actions.

For example, SimplerQMS meets these security requirements using

Microsoft Entra ID (previously known as Microsoft Azure Active
Directory) for controlling user access within the system, ensuring
secure authentication and authorization.

List of users with read access and their e�ective permissions in the SimplerQMS.

Implement Computer-Generated Audit

4 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

Trail
As outlined in 21 CFR 11.10(e), an audit trail must be automatically
generated by the system and not manually created to eliminate
human errors.

For instance, solutions like SimplerQMS, by default, automatically

generate and store every version of a document, �le, and record.

Automate Time-Stamping
As per section 21 CFR 11.10(e), the audit trail must document the time
and date of actions performed in the electronic record, including:

• Creation events
• Modi�cation events
• Document approval events
• Retirement events
• Etc.

The system should also provide the ability to choose the system’s
standard time zone, including UTC, as the FDA recommends.

Verify User Identity

The audit trail must record the user’s identity who performed actions
inside the system.

According to 21 CFR 11.10(g), authority checks must be in place to

ensure that only authorized individuals can use the system.

To give an example, user identity is automatically recorded in

SimplerQMS keeping track of who created, reviewed, approved,
updated, and retired documents.

5 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

Document history showing the document name, version, status date and time, responsible user,

and state of the document.

Track Performed Actions

As outlined in 21 CFR 11.10(e), the audit trail must capture and record
all performed actions and changes made to the electronic records.

For example, in SimplerQMS, every time a document is edited,

reviewed, approved, or retired, the system automatically records and
stores all the relevant data. Including user identity (who performed
the action), date and time of changes, and type of change made to the
document.

The audit trail also lists all versions of documents and provides a
simple way to compare them as well as restore any of the previous
versions if needed.

Preserve Previously Recorded Information

As stated in 21 CFR 11.10(e), the audit trail must not hide or overwrite
previously recorded information.

6 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

In a solution such as SimplerQMS, all records have a complete version

history and it is not possible to delete electronic records. They can
only be archived or retired.

Retain Audit Trail Documentation

As per 21 CFR 11.10(e), the audit trail must be stored for a period that
is appropriate for the record based on its content and purpose.

In SimplerQMS, for example, audit trail data can be stored and

retained for as long as required by the user. All records are securely
stored in the cloud and can be accessed anytime with full control over
who has access to them.

Regular data backups and disaster recovery plans also ensure that no
data is lost in case of any unforeseen events.

Ensure Audit Trail Availability for FDA

Inspection
According to 21 CFR 11.10(e), the audit trail should be easily
accessible for review and copying by the FDA during an inspection.

For instance, SimplerQMS allows you to easily view the history of any
record, as well as copying or exporting of system records and data for
inspection purposes.

You can also create document collections with relevant records for
upcoming audits.

7 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

Document collection showing relevant documents for an FDA 510(k) submission grouped in a

Document Collection folder.

It is important to note that this article only covers the audit trail
requirements outlined in 21 CFR Part 11. However, there are many
other requirements outlined in this regulation that must be met to
ensure compliance.

If you are interested in learning more about 21 CFR Part 11, we

recommend checking out our full guide on 21 CFR Part 11 compliance.

Components of an Audit
Trail Entry
When it comes to audit trail entries, several components are
included.

Here is an example of what an audit trail entry in SimplerQMS looks

like when viewing document history:

• Name: The title or label that is used to identify the document.

• Version: Unique identi�er that is assigned to each saved version
of a document or �le within a system.

8 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

• User: The system records the identi�cation code or name that

identi�es the person who altered the document.
• State: A document’s state refers to its current status within a
speci�c work�ow.

An SOP document history in SimplerQMS showing audit trail entries, including the document

name, version, status date and time, user, and state.

Key Audit Trail System

Features
An e�ective audit trail system must capture accurate and
comprehensive data. It helps maintain a history of all actions and
changes made to their electronic records.

Some key features of audit trail systems include:

• User Access Control: The system should limit user access to only
authorized individuals. Companies must also perform periodic
authority checks to ensure access control.
• Electronic Signatures: The system should allow users to digitally
sign o� and approve documents, providing a secure and traceable

9 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

method of releasing documents.

• Time-Stamping: The system should record the exact time and
date of each event or change to the document in a time-stamped,
computer-generated audit trail.
• Version History and Traceability: The system should be able to
track changes to a document or �le over time, provide the ability
to restore previous versions if needed, and o�er traceability by
showing who made the changes, when, and why.
• Data Integrity: The system should ensure the integrity of the
data by using secure data storage, access controls, and encryption
to prevent unauthorized alteration.
• Retention and Archiving: The system should allow companies to
retain and archive audit trails for the same period required for
the related electronic record.
• Synchronized Clock System: The system should maintain
consistent time across multiple devices, ensuring that all events
are accurately time-stamped and logged.

Benefits of Implementing
the Recording of Audit Trails
Implementing the recording of an audit trail o�ers several bene�ts to
companies in regulated industries, such as pharmaceuticals, medical
devices, and biotechnology.

These bene�ts include:

• Ensuring data integrity and accuracy: Audit trails provide a

detailed record of all system actions, including when changes
were made, who made them, and why. This helps to maintain the
authenticity and integrity of electronic records.
• Facilitating traceability and accountability: Audit trails provide

10 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

a clear and complete history of document handling and system

usage, which can help identify errors or mistakes, pinpoint the
source of issues, and hold individuals accountable for their
actions.
• Supporting regulatory compliance: Audit trails are required by
21 CFR Part 11 to achieve compliance. They provide system and
data integrity evidence and help Life Science companies prepare
for regulatory inspections and audits.
• Reducing risks of data tampering, fraud, and unauthorized
access: Audit trails can help detect and prevent data tampering,
fraud, and unauthorized access by identifying suspicious activities
and unauthorized changes to documents.
• Improving inspection readiness: The audit trail provides
inspectors with a complete record of all actions taken on
electronic records, which can be quickly and easily reviewed
during audits and inspections.
• Improving operational e�ciency: By providing visibility into
dates and times of every activity completion, audit trails can help
identify ine�ciencies and areas for improvement in processes.

Overall, by maintaining a complete record of all system actions, audit

trails can help companies improve their data management and
maintain regulatory compliance.

How SimplerQMS Meets 21

CFR Part 11 Audit Trail
Requirements
SimplerQMS is a cloud-based QMS software designed to help Life
Science companies meet and exceed the 21 CFR Part 11 and EU GMP
Annex 11 requirements. As well as help companies comply with other

11 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

requirements related to the Life Science industry, such as ICH Q10,

ISO 13485:2016, MDR and IVDR, FDA 21 CFR Part 210, 211, 820, and
many others.

The following are some of the features of SimplerQMS that help meet
21 CFR Part 11 audit trail requirements speci�cally.

SimplerQMS uses Microsoft Entra ID (previously known as Microsoft

Azure Active Directory) for controlling user access within the system,
ensuring secure authentication and authorization.

Each user has only one user account to ensure a clear one-to-one
relationship between the authorized person and their login account.

In compliance with 21 CFR Part 11, our software automatically records

all audit trail data entry creating an independent record of:

• Date
• Time
• User name
• Actions performed on electronic records

The system ensures that new record changes do not overwrite past
recorded information in the audit trail. SimplerQMS tracks and
displays the changes made to a document or �le over time, as well as
provides the ability to restore previous versions if necessary.

12 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

Screenshot taken from the Document History view in SimplerQMS’ Document Control solution.

All documents are stored in a cloud-based system for as long as

required, having them readily available for inspections.

Inspectors can also view documents in the SimplerQMS system during

audits. This includes an overview of the entire version history of each
record, including approvals, signatures, comments, and metadata
changes.

SimplerQMS provides a comprehensive QMS software solution with

all Life Science QMS modules fully integrated. This includes change
control, document management, CAPA handling, employee training,
supplier management, and more.

If you are uncertain about the advantages of implementing an eQMS

solution in your company, we suggest downloading our eQMS
Business Case template.

This tool provides a structured approach for assessing the value of an

eQMS for your business.

By utilizing our template, you can ensure that you have considered all
the relevant factors, including cost savings, improved e�ciency, and
better compliance with regulations, such as 21 CFR Part 11. After that,

13 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

present a compelling case to your management or board.

Final Thoughts
The 21 CFR Part 11 is an FDA regulation that outlines the
requirements for electronic records and digital signatures.

This regulation includes audit trail requirements, which specify

systems should provide a history of actions taken on electronic
records, such as creation, changes, and approvals, as well as
information on who made the changes and when.

Audit trails are critical to achieving compliance with 21 CFR Part 11

requirements.

A growing number of Life Science companies are implementing 21

CFR Part 11 compliant eQMS solutions to improve their quality
process management e�ciency and ensure regulatory compliance.

SimplerQMS provides such a solution. You can e�ortlessly manage

your electronic records and sign documents using an electronic
signature while ensuring their authenticity, integrity, and reliability.

We o�er all QMS modules integrated to optimize work�ows and

streamline processes, such as document management, change
control, employee training, CAPA management, customer complaint
handling, and more.

14 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

Book your demo of SimplerQMS to see how our solution can help you
achieve and maintain compliance with 21 CFR Part 11.

eQMS Business Case Template

Download Now

Join Our Newsletter

Every week we’ll provide you with a few carefully selected

articles around various Life Science QA/RA topics.

Subscribe Now

Product Solutions

15 of 16 08-May-24, 7:38 PM
21 CFR Part 11 Audit Trail Requirements [Explained] https://www.simplerqms.com/21-cfr-part-11-audit-trail/

Company Resources

Copyright © 2024 SimplerQMS. All rights reserved.

Cookie Policy Privacy Policy

  

16 of 16 08-May-24, 7:38 PM