Empower 3 Audit Trails and Logs Explained
In the context of the computerized systems used in GxP environments, audit trails are a chronological record that captures all actions and events related to data. As a result, audit trails are a key area of functionality in most laboratory applications, including Empower 3. However, audit trails are also often misunderstood and/or used incorrectly. In some cases, they are not enabled or poorly configured.
This blog provides an overview of audit trails and why they are important. We also explain the different audit trail functionality that exists in Empower 3.
What Are Audit Trails?
The FDA provides the following definition of audit trails in its guidance Data Integrity and Compliance With Drug CGMP: Questions and Answers:
“A secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification or deletion of an electronic record.”
Another beneficial definition comes from the MHRA in the UK in its Guidance on GxP Data Integrity:
“The audit trail is a form of metadata containing information associated with actions that relate to the creation, modification or deletion of GxP records. An audit trail provides for secure recording of life-cycle details such as creation, additions, deletions or alterations of information in a record, either paper or electronic, without obscuring or overwriting the original record. An audit trail facilitates the reconstruction of the history of such events relating to the record regardless of its medium, including the “who, what, when and why” of the action.”
Our introduction and the definitions from regulators describe what an audit trail is, but why are they important? Audit trails perform four main functions:
- Protects data integrity, product quality, and the robustness of processes in laboratories and on manufacturing lines.
- Improves procedural compliance as users are less likely to circumvent processes or deviate from policies if they know their actions are being recorded in an audit trail.
- Helps managers detect inappropriate or incorrect user activity with the aim of changing user behavior.
- Facilitates regulators when checking the honesty and trustworthiness of data.
Audit Trails in Empower 3
Empower’s audit trail functionality is designed to capture and record all changes made to data within the Empower system. It logs the creation, modification, and deletion of data, including details such as:
- Who made the change
- When the change occurred (date and timestamp)
- What was changed (before and after values)
- Why the change was made (user-provided reason for the action)
Empower’s audit trails are essential for tracking both authorized and unauthorized data changes. They enable reviewers to evaluate user actions and decisions made during data processing within Empower, thereby supporting data integrity, traceability, and regulatory compliance.
Types of Audit Trails in Empower 3
Audit trails in Empower are categorized into two primary types:
- System Audit Trails
- Project Audit Trails
System Audit Trails
System audit trails pertain to system-level activities. Examples include:
- Software configuration
- System policies
- User management
- Project management
System audit trails provide a comprehensive view of changes that affect the overall Empower environment.
Project Audit Trails
Project audit trails exist within each project and can be accessed via a dedicated tab at the top of the project interface. They offer a summarized view of all changes made within the specific project, facilitating efficient review and oversight of project-level data activities.
High-Level Oversight and Day-to-Day Review
Both system audit trails and project audit trails are essential for ensuring laboratory workflows align with GxP guidelines and regulatory expectations. They serve as key tools in maintaining data integrity and ensuring traceability across all activities within the Empower environment.
While the system audit trail supports high-level oversight of Empower’s configuration and user management, project audit trails play a critical role in the day-to-day review of data within the laboratory. Project audit trails provide contextual audit information directly related to where and how data has been modified, making them especially valuable for routine data reviewers.
Contextual Review of Audit Trails
Within a project, audit trail data is embedded in specific areas where changes may occur. For example:
- Sample Set Table – changes are recorded if sample information (such as sample name or weight) is modified after data acquisition. Reviewers can examine the sample information history to identify where and when these changes occurred.
- Method Properties – if changes are made to method parameters (such as integration settings), the Method Differences feature within Method Properties allows reviewers to quickly compare versions and highlight what was altered.
It is considered best practice to review data changes in context, rather than relying solely on the project summary audit trail tab. Reviewing changes in context enables a more accurate and efficient evaluation of data integrity.
Indicators of Risk and Data Integrity Concerns
By closely reviewing audit trails in the context of the actual data, reviewers are better equipped to identify discrepancies, assess the appropriateness of changes, and ensure all actions comply with GxP requirements. For example:
- Multiple Result Versions – observing the number of results stored for a given data channel can indicate how many times a result has been modified and saved.
- Detailed Audit Trail Inspection – drilling into the audit trail associated with specific data points provides insight into potential areas of risk or non-compliance.
Audit Trails vs System Logs in Empower 3
According to the ISPE’s Records and Data Integrity Guide, there is a clear distinction between audit trails and technical system logs. Both serve critical but different purposes in regulated environments.
Audit Trails are designed to record the creation, modification, and deletion of data. They provide traceability for human actions directly impacting GxP-relevant records.
System Logs (also known as technical logs) typically record system configuration changes and operational events. They reflect system-level activity so are not equivalent to audit trails, but they remain an important source of information.
System Logs in Empower 3: The Message Center
In Empower, system logs are referred to as the Message Center (they are also described by Empower vendor Waters as Alert Logs). The Message Center feature collects messages from Empower-connected instruments and interface applications, providing a record of software and instrument-related events.
These logs are particularly useful for troubleshooting, offering insights into what happened and when it occurred.
Examples of logged events in the Message Center include:
- Instrument connection issues.
- Failed processing or reporting actions.
- Alerts related to data buffering.
Persistent or recurring messages in the Message Center should be thoroughly investigated. Current regulatory expectations require that laboratories not only review these logs but also demonstrate an understanding of their content and implications.
The Role of the Message Center in Analyst Activities and Investigations
The Message Centre also plays a valuable role in supporting analysts during day-to-day operations. For example, during a data review or investigation:
- System messages may correlate with the timing of data anomalies or invalidated results.
- Message logs can assist in root cause analysis, particularly when evaluating whether instrument or software issues may have contributed to questionable data.
By reviewing Message Center entries alongside audit trails and instrument data, analysts and reviewers can more accurately assess data integrity and system performance.
Expert Empower 3 Audit Trail Support
As outlined in this blog, audit trails are essential for product quality, data integrity, and regulatory compliance. It is left up to pharmaceutical organizations to decide how audit trails are implemented, configured, managed, and reviewed.
The audit trail functionality in Empower 3 is a great platform for compliance as it is comprehensive, highly adaptable, and regulatory compliant. However, it needs to be properly configured, effective procedures have to be developed, and users need to be trained and supported.
This is where we can help at Westbourne. We have engineers highly skilled in Empower 3, with extensive experience supporting clients in optimizing their use of the audit trail features. Contact us at Westbourne today to arrange a consultation.
Latest Insights
Continuous Oversight: a Key Principle for Implementing AI in Pharmaceutical Manufacturing and Quality Control
Artificial Intelligence (AI) is one of the hottest topics in business right now as executives try to take advantage of the potential benefits. In many respects, the pharmaceutical industry is no different, with the potential of AI in R&D looking particularly...
17 Features You Need in a Global Service Desk
In today's digitally connected world, a global service desk is more than just a support function. It’s the backbone of...
A Complete Guide to Computer System Validation
Computer System Validation, or CSV, is a modern, risk-based methodology that confirms software used in pharmaceutical...
How On-Site IT Engineers Become Enablers in Your Organisation
There are many technical issues and tasks that can be supported by remote teams. Others, however, require the physical...
The GxP Implications of Windows 10 End-of-Life for Pharma Labs
Windows 10, the commonly used operating system in pharmaceutical laboratories, is reaching its end-of-life (EOL). The...