本文以实验室数据审核为例，结合相关法规和指南的要求，探讨审计追踪审核的最佳实践，不当之处请大家批准指正，在评论区一并探讨。

在展开这个问题前，首先分享一张色谱分析流程图，图片来自PDA TR80实验室数据完整性管理系统：

从流程图中可以看出数据审核是是数据分析完成后、对外发布（放行）前的关键环节，而审计追踪的审核又是数据审核中至关重要的一部分。

以色谱分析为例，让我们看一下色谱分析检测中有哪些审计追踪：

对于色谱分析来说，审计追踪主要分为以下几类：

1、系统审计追踪（PDA 80 中建议QA应定期审核系统的审计追踪）

2、文件夹审计追踪

3、方法、序列、结果审计追踪

这些审计追踪在数据发布前应都应进行审核，审计追踪的审核由谁来进行？是否必须由QA进行审核？是接下来要与大家探讨的点。

我们先看一下法规和指南中的规定：

1、FDA DI问答 Who should review audit trails?

Audit trail review is similar to assessing cross-outs on paper when reviewing data. Personnel responsible for record review under CGMP should review the audit trails that capture changes to data associated with the record as they review the rest of the record (e.g., §§ 211.22(a), 211.101(c) and (d), 211.103, 211.182, 211.186(a), 211.192, 211.194(a)(8), and 212.20(d)).

FDA数据完整性问答中对于该问题有明确的回复"按照CGMP相关条款，负责审核记录的人员应该审核审计追踪”，其中194实验室记录部分，具体的规定如下

21CFR PART 211.194 Lab Records

(a) Laboratory records shall include complete data derived from all tests necessary to assure compliance with established specifications and standards, including examinations and assays, as follows：

The initials or signature of a second person showing that the original records have been reviewed for accuracy, completeness, and compliance with established standards.

实验室记录应该包括完整数据的信息：原始记录的准确性、完整性、标准符合性第二人审核的签名。

2、EU GMP

The date and signature of a second person showing that the original records have been reviewed for accuracy, completeness, and compliance with established standards.

实验室记录应该包括完整数据的信息：原始记录的准确性、完整性、标准符合性第二人审核的签名。

3、WHO 良好文件数据规范：

Supervisors responsible for reviewing electronic data should learn which audit trails in the system track significant data changes and how these might be most efficiently accessed as part of their review.

负责审核电子数据的实验室主管应掌握审计追踪与关键数据修改的对应关系。

4、MHRA数据完整性指南

Reviewers should have sufficient knowledge and system access to review relevant audit trails, raw data and metadata (see also ‘data governance’).

审核员应具备足够的知识和系统权限来审核相关的审计追踪、原始数据和元数据（也参见“数据管理”）

5、PIC/S 数据完整性指南

Laboratory records for testing steps should also be reviewed by designated personnel (e.g.: second analysts) following completion of testing. Reviewers are expected to check all entries, critical calculations, and undertake appropriate assessment of the reliability of test results in accordance with data-integrity principles.

在完成检测后，还应由指定人员（例如：第二分析员）审核检测步骤的实验室记录。审核员应根据数据可靠性原则检查所有条目、关键计算，并对检验结果的可靠性进行适当的评估。

Companies should implement procedures that outline their policy and processes to determine the data that is required in audit trails, and the review of audit trails in accordance with risk management principles. Critical audit trails related to each operation should be independently reviewed with all other records related to the operation and prior to the review of the completion of the operation (e.g. prior to batch release) so as to ensure that critical data and changes to it are acceptable. This review should be performed by the originating department, and where necessary verified by the quality unit, e.g. during self-inspection or investigative activities.

公司应实施概述其政策和流程的规程，以确定审计追踪所需的数据，并根据风险管理原则审核审计追踪。每项操作相关的关键审计追踪应与该操作的所有其它记录一起独立核查，并在该操作的完成情况审核之前（例如，在批放行之前）进行，以确保关键数据及其更改是可接受的。审计追踪的审核应由数据产生部门进行，必要时由质量部门核实，例如：在自查或调查活动中。

综合以上法规和指南的要求，总结分析如下：

1 、审计追踪的审核应该与相关的记录一并进行审核，由数据产生部门进行审核。

2 、企业应基于风险的控制，对于关键性数据的审计追踪由质量部门（QA）定期核查。

3、以色谱分析为例：审计追踪应由实验室第二人审核相关记录时一并进行审核，同时对于系统层面的审计追踪，QA应定期进行检查。